Compliance with Consumer Finance Protection Bureau Guidelines (CFPB)

The CFPB has sweeping oversight and enforcement authority over the consumer finance industry. Above and beyond retail mortgage lending, their authority extends to all varieties of financial transactions. The Bureau also enforces companies’ federal consumer data protection obligations rather energetically.

Consumer Financial Protection Bureau’s (CFPB) was established in 2010 to oversee the consumer financial services industry.  Its scope of authority was expanded significantly over the last ten years. Although the CFPB’s original mandate was to enforce the responsibilities  of corporations under the Dodd-Frank Act in the aftermath of the 2008 financial crisis, at present, the CFPB enforces a range of federal laws and regulations governing nearly every aspect of consumer finance transactions.

In today’s world, this means that many different types of companies fall within the CFPB’s enforcement jurisdiction. More than ever, entities ranging from healthcare providers to retailers are being targeted with civil investigative demands (CIDs) and staring down the potential for substantial liability due to alleged Dodd-Frank Act, Truth in Lending Act, and other statutory violations. So as to avoid liability in the event of an investigation, every organization falling within the CFPB’s enforcement jurisdiction must commit adequate resources and attention to consumer finance compliance.

Industries and Transactions Coming Under CFPB Compliance

Are you aware whether your business or practice is subject to CFPB compliance? At the moment, the CFPB is focusing its supervision and examination efforts on these industries, transactions, and consumer finance practices:

• Consumer Reporting
• Automotive Finance
• Management of Credit Card Account
• Debt Collection
• Education Loans
• Prepaid Accounts
• Origination and Servicing of Mortgage 
• Remittance Transfers
• Short-Term, Small-Dollar Lending

When perusing this list, it is critical to bear in mind that the CFPB’s oversight is not limited to entities operating particularly within the consumer finance industry. For instance, with regard to debt collection, prepaid accounts, and remittance transfers, pretty much all types of service providers – from healthcare providers to real estate agencies – could possibly be subject to supervision and examination by the CFPB.

How You Should Develop and Maintain a Sound Compliance Management System (CMS)

In the event that your business or practice is subject to CFPB compliance, then what will it take to maintain compliance? The CFPB calls consumer finance compliance programs “Compliance Management Systems” (CMS).  The CFPB Examination Procedures for Compliance Management Reviews has a clause that  states:

“To maintain legal compliance, an institution must develop and maintain a sound compliance management system (CMS) that is integrated into the overall framework for product design, delivery, and administration across their entire product and service lifecycle. Ultimately, compliance should be part of the day-to-day responsibilities of management and the employees of a supervised entity; issues should be self-identified; and corrective action should be initiated by the entity.”

The Bureau’s procedures manual continues by stating that companies must “manage” relationships with third-party service providers to make certain that their compliance with all applicable federal laws and regulations.  Said differently, delegating responsibility for certain situations, such as data security, does not protect companies from liability. It then details five specific details of compliance that will be scrutinized during examinations of companies’ compliance management systems, and it states that an effective CMS must consist of “two interdependent control components.” The five foundational aspects of CFPB compliance are:

1. The company’s compliance obligations being identified ;
2. Effective communication of the company’s compliance obligations to its staff members;
3. Continuing the responsibility for meeting the company’s compliance obligations and keeping to its policies and procedures is adequately “incorporated into business processes;”
4. Consistently assessing operations to ensure compliance on a continual basis; and,
5. Taking corrective action as needed.

Two control components of an effective CMS that are interdependent are:

1. Oversight by the board and management; and,
2. A compliance program that includes policies and procedures,staff training, monitoring and/or auditing, and response to consumer complaints.

Pursuant to the CFPB, “[w]hen the two interdependent control components are strong and well-coordinated, an institution should be successful at managing its compliance responsibilities and risks.”

The Federal Statutes Included in the CFPB’s Enforcement Jurisdiction

For the purpose of developing an effective compliance program and adopting an overall CMS that has the ability to withstand CFPB scrutiny, a company needs to have a comprehensive understanding of their statutory and regulatory obligations. As noted above, the CFPB’s enforcement oversight now extends quite a way beyond the consumer fraud and abuse provisions of the Dodd-Frank Act. When weighing their consumer finance compliance obligations, businesses and practices also need to be assessed as to whether their financial transaction and electronic recordkeeping practices bear compliance implications under statutes including:

• Consumer Leasing Act (CLA)
• Electronic Fund Transfer Act (EFTA)
• Equal Credit Opportunity Act (ECOA)
• Fair Credit Reporting Act (FCRA)
• Fair Debt Collection Practices Act (FDCPA)
• Home Mortgage Disclosure Act (HMDA)
• Homeowners Protection Act (HPA)
• Gramm-Leach-Bliley Act (GLBA)
• Real Estate Settlement Procedures Act (RESPA)
• Secure and Fair Enforcement for Mortgage Licensing (SAFE) Act
• Truth in Lending Act (TILA)
• Truth in Savings Act (TISA)
• Unfair, Deceptive or Abusive Acts or Practices (UDAAP) regulations

Employing CFPB Bring-to-Market Programs

An announcement in September 2019 by the CFPB publicized the adoption of three new policies designed to “promote innovation and facilitate compliance” in connection with bringing new consumer finance products and services to market. Critically, each of these policies – the No-Action Letter (NAL) Policy, Trial Disclosure Program (TDP) Policy, and Compliance Assistance Sandbox (CAS) Policy – necessitates proactive efforts for the purpose of securing protection from CFPB enforcement. When employed appropriately, nevertheless, these policies can insulate entities from liability for statutory and regulatory violations if it happens that a proposed product, service, or market strategy is not completely compliant. As detailed by the CFPB:

No-Action Letter (NAL) Policy – “NALs provide increased regulatory certainty through a statement that the Bureau will not bring a supervisory or enforcement action against a company for providing a product or service under certain facts and circumstances. The new NAL Policy improves on the Bureau’s 2016 NAL Policy by having, among other things, a more streamlined review process focusing on the consumer benefits and risks of the product or service in question.”

Trial Disclosure Program (TDP) Policy – “Under the new TDP Policy, entities seeking to improve consumer disclosures may conduct in-market testing of alternative disclosures for a limited time upon permission by the [CFPB].”

Compliance Assistance Sandbox (CAS) Policy – “The CAS Policy enables testing of a financial product or service where there is regulatory uncertainty. After the [CFPB] evaluates the product or service for compliance with relevant law, an approved applicant that complies in good faith with the terms of the approval will have a ‘safe harbor’ from liability for specified conduct during the testing period. Approvals under the CAS Policy will provide protection from liability under the Truth in Lending Act, the Electronic Fund Transfer Act, or the Equal Credit Opportunity Act.”

Comprehensive Legal Representation for All Aspects of Consumer Finance Compliance

At Spodek Law Group, the federal compliance attorneys on our team represent corporations, professional practices, and other organizations with respect to all parts of consumer finance compliance. From developing compliance programs and implementing effective compliance management systems to looking for protection for a particular initiative under the CFPB’s new NAL, TDP, or CAS policy, our attorneys can assist you in avoiding unwanted scrutiny from the CFPB. With a great deal of experience in compliance and in CFPB CID response, we are capable of offering strategic and proactive representation on the basis of deep insights and a deep comprehension of federal law enforcement policies, procedures, and priorities.

Our compliance counsel works closely with our clients’ executives, managers, in-house counsel, and other identified stakeholders to pinpoint their needs and come up with comprehensive and custom-tailored compliance schemes. We also connect with the CFPB on our clients’ behalf when needed, and our lawyers have extensive experience working with other federal authorities with regard to compliance and enforcement also. Regardless of the extent of your company’s needs, and the present status of your company’s consumer compliance efforts notwithstanding, we are able to ensure that your company is on point.  We will position you to avoid substantial penalties in the event of a whistleblower complaint or CFPB-initiated enforcement proceeding.

As consumer finance compliance attorneys, the services we provide our clients also cover:

• Identifying compliance obligations inside the realm of consumer finance, data privacy, and overall corporate compliance;
• Identification of further industry-specific compliance requirements;
• Staff discipline and related matters related to compliance breaches;
• Developing and implementing of comprehensive compliance policies and procedures, which includes compliance program dissemination and training;
• Compliance monitoring, auditing, and event response in internal operations;
• Requests for NALs, safe-harbor protection, and other CFPB policy protections;
• Guidance with regards to proposed products, services, and market initiatives with possible consumer finance compliance implications; and,
• Continuous advice and representation regarding CFPB compliance, including advice with regards to changes in CFPB policies and procedures, and federal consumer finance regulations.

To ask you questions about your business’s or practice’s consumer finance compliance needs, you are  encouraged to reach out to us.  Get in touch with us today to set up a complementary needs assessment with one of our expert federal compliance attorneys.