Since the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act, (Dodd-Frank Act), Gibson Dunn has been monitoring regulatory developments that affect our clients, including developments at the Consumer Financial Protection Bureau (CFPB or the Bureau). In this alert, we provide an in-depth analysis of the CFPB's enforcement actions to date in order to offer insight into how companies should approach CFPB investigations and enforcement actions. To supply context for this discussion, we have provided a summary of the CFPB's establishment, its duties, and key regulations it has proposed thus far regarding its supervision and enforcement processes. We hope that this alert will offer companies a helpful overview of the CFPB's history and actions to date, as well as perspectives about how to respond to a CFPB investigation with an eye toward effective litigation strategies. For ease of reference, we have included hyperlinks to each Part of the alert in this Executive Summary.
Part I discusses the Bureau's creation and its expansive mission to "implement and . . . enforce Federal consumer financial law" to protect consumers from "unfair, deceptive, or abusive acts and practices and from discrimination"--terms that, notably, are not statutorily defined and that allow the CFPB to exercise tremendous discretion in bringing enforcement actions. Part I details the Bureau's functions, the entities over which it has oversight and enforcement authority, and the laws Congress has charged the Bureau with enforcing. It also provides the history of the ongoing controversy surrounding the recess appointment of the CFPB's first director, Richard Cordray, and an analysis of the legal issues his appointment has raised regarding the viability of the regulations the CFPB has issued over the last year.
Part II describes the CFPB's complaint and data collection authority and activities thus far. The Dodd-Frank Act requires the CFPB to offer means through which consumers can submit complaints about financial products. The CFPB has created an enormous downloadable, sortable database of consumer complaints regarding bank accounts and services, credit cards, mortgages, student loans, and other consumer loans. Although the consumer information published on the CFPB website is anonymous, the complaints name specific financial institutions. The CFPB has acknowledged in a policy statement that it "does not provide for across the board verification of claims made in complaints" and "does not validate the factual allegations of complaints"--although it does "maintain controls to authenticate claims." Although the complaints are not verified, the CFPB says that it "believes that the information has value to the public and that the marketplace of ideas will determine what the data show."
Part III discusses the CFPB's supervisory authority over insured depository institutions and credit unions with assets of more than $10 billion (large depository institutions) and non-depository consumer financial service companies. It describes the CFPB's examination process, which Congress intended to be coordinated with prudential and state regulators' examinations--but which involve additional areas of oversight, as well. It also details the appeals process companies may use should they be dissatisfied with the results of a CFPB examination.
Part IV details the Bureau's wide array of enforcement authorities, ranging from the use of investigations to administrative adjudications to cease-and-desist proceedings to civil lawsuits in federal court, as well as its ability to refer cases to other government agencies. The section on investigations discusses the CFPB's use of civil investigative demands (CIDs) thus far and analyzes the case studies of PHH Corporation and Next Generation Debt Settlement--case studies that demonstrate the heavy burdens that the CFPB's CID process can impose.
Finally, Part V reviews the CFPB's ongoing and upcoming investigations. Industries that already have faced or currently are facing CFPB scrutiny include: credit card companies, debt relief service providers, mortgage lenders and brokers, mortgage insurers, consumer credit reporting agencies, lenders and servicers of student loans, and debt collectors. We anticipate that the CFPB will continue to pursue an aggressive enforcement agenda in the second half of 2013 and that this list will expand quickly.
I. What is the Consumer Financial Protection Bureau?
A. General Functions
The CFPB was established as an independent bureau in the Federal Reserve System with a mandate to supervise consumer financial services companies and large depository institutions and their affiliates for consumer protection purposes. The Bureau's purpose is to "seek to implement and, where applicable, enforce Federal consumer financial law consistently for the purpose of ensuring that all consumers have access to markets for consumer financial products and services and that markets for consumer financial products and services are fair, transparent, and competitive." The CFPB assumed oversight of consumer compliance rules from seven different federal agencies, including: the Federal Reserve Board (the Board); the Office of the Comptroller of the Currency (OCC); the Federal Deposit Insurance Corporation (FDIC); the Office of Thrift Supervision (OTS); the National Credit Union Administration (NCUA); the Federal Trade Commission (FTC); and the Department of Housing and Urban Development (HUD).
The CFPB is mandated to exercise its authorities under federal consumer financial law for the purposes of ensuring that, with respect to consumer financial products and services: (1) consumers are provided with timely and understandable information to make responsible decisions about financial transactions; (2) consumers are protected from unfair, deceptive, or abusive acts and practices and from discrimination; (3) outdated, unnecessary, or unduly burdensome regulations are regularly identified and addressed in order to reduce unwarranted regulatory burdens; (4) federal consumer financial law is enforced consistently, without regard to the status of a person as a depository institution, in order to promote fair competition; and (5) markets for consumer financial products and services operate transparently and efficiently to facilitate access and innovation.
The primary functions of the CFPB are to: (1) conduct financial education programs; (2) collect, investigate, and respond to consumer complaints; (3) collect, research, monitor, and publish "information relevant to the functioning of markets for consumer financial products and services to identify risks to consumers and the proper functioning of such markets"; (4) supervise "covered persons for compliance with Federal consumer financial law" and take "appropriate enforcement action to address violations of Federal consumer financial law"; (5) issue rules, orders, and guidance "implementing Federal consumer financial law"; and (6) perform "such support activities as may be necessary or useful to facilitate the other functions of the Bureau."
B. Persons Subject to CFPB Regulation and Oversight
The CFPB has authority to regulate any "covered person," defined as anyone who engages in offering or providing a consumer financial product or service. A "consumer financial product or service" is a financial product or service offered or provided for use by consumers primarily for personal, family, or household purposes, or delivered, offered, or provided in connection with such a consumer financial product or service. Financial products and services include: extensions of credit and loan services; real estate settlement services and property appraisals; taking deposits, transmitting or exchanging funds, or acting as a custodian of funds or any financial instrument for use by or on behalf of a consumer; sale, provision, or issuance of a payment instrument or a stored value instrument over which the seller exercises substantial control; check cashing, collection, or guaranty services; financial data processing products or services; financial advisory services; and collection and provision of consumer report and credit history information.
The CFPB has exclusive supervisory authority over large depository institutions, their affiliates (including subsidiaries), and the service providers for such entities. The CFPB is the primary rulemaker and enforcer of consumer protection laws over those entities. By contrast, "prudential regulators"--the Board, the FDIC, the NCUA, and the OCC--have consumer compliance examination authority for smaller depository institutions--that is, those having $10 billion or less in total assets. However, the Bureau has supervisory authority over service providers to a substantial number of smaller depository institutions. Moreover, the Bureau may send its examiners "on a sampling basis" to examinations of smaller depositories performed by prudential regulators in order to "assess compliance with the requirements of Federal consumer financial law."
Under section 1024, the CFPB is also authorized to supervise certain other entities and individuals that offer or provide a consumer financial product or service and their service providers. Section 1024 applies to those entities and individuals that offer or provide mortgage-related products or services and payday and private student loans, as well as larger participants of other consumer financial service or product markets as defined by a CFPB rule, plus their service providers. Moreover, under rules promulgated by the CFPB, as of January 2, 2013, any party with greater than $10 million in annual receipts from consumer debt collection activities will be subject to the Bureau's supervisory authority. The consumer debt collection market covered by the rule includes three main types of debt collection: (1) firms that buy defaulted debt and collect the proceeds for themselves; (2) firms that collect defaulted debt owned by another company in return for a fee; and (3) debt collection attorneys that collect through litigation. The rule marks the first time that attorneys will be subject to direct federal supervision. As a result, the CFPB will begin to oversee approximately 175 debt collection agencies, representing over 60 percent of the debt collection industry's annual receipts.
C. Rulemaking Authority
The CFPB Director has the authority to prescribe rules and issue orders and guidance to enable the Bureau to administer federal consumer financial laws. The CFPB also has primary rulemaking and enforcement authority under numerous existing federal consumer protection laws, detailed in the sidebar. With this authority, the CFPB can prescribe rules applicable to a covered person or service provider identifying as unlawful any unfair, deceptive, or abusive acts or practices in connection with consumer financial products or services, as well as prescribe disclosure rules and mandate model disclosure forms.
In prescribing rules, the CFPB is required to consider the potential costs and benefits to consumers and covered persons, including any potential reduction of consumer access to financial products or services. The CFPB's rulemaking authority is limited by the requirement that it must consult with the prudential regulators and other appropriate federal agencies before proposing a rule and during the comment process. If a prudential regulator provides a written exception to the proposed rule, the CFPB must include the objection in its adopting release. The Financial Stability Oversight Council (Council or FSOC) can set aside final CFPB regulations if they would put the safety and soundness of the U.S. banking system or the stability of the U.S. financial system at risk.
The CFPB's funding derives from the Federal Reserve System rather than congressional appropriations. From the combined earnings of the Federal Reserve System, the Board of Governors gives the Bureau an amount "determined by the Director to be reasonably necessary to carry out the authorities of the Bureau" under federal consumer financial law. However, annual funding transferred to the CFPB from the Federal Reserve System is capped at a fixed percentage of the total 2009 operating expenses of the Federal Reserve System, equal to 12% of these expenses (or approximately $597.6 million) in fiscal year 2013 and each year thereafter, subject to annual adjustments. As of December 31, 2012, the CFPB had requested transfers from the Federal Reserve totaling $136.2 million to fund CFPB operations and activities for the first quarter of fiscal year 2013.
The President's appointment of CFPB Director Richard Cordray has embroiled the Bureau in a major political and legal controversy for the last year. The Dodd-Frank Act provides that the President must nominate a CFPB Director, with the advice and consent of the U.S. Senate, for a term of five years. The Director may serve after the expiration of that term until a successor has been appointed and qualified. The President may remove the Director only for cause--that is, "for inefficiency, neglect of duty, or malfeasance in office." Although the Dodd-Frank Act gave the Secretary of the Treasury interim authority to perform certain Bureau functions before a Director was confirmed, the Act provides that the Bureau could not write new rules or supervise financial companies other than banks without a director.
On January 4, 2012, President Obama appointed Richard Cordray as the first CFPB Director, and the Bureau began to move forward with its regulatory and rule-writing agenda, focusing primarily on nonbank financial companies, such as money transfer agencies, credit bureaus, and private mortgage lenders. The process by which President Obama appointed Mr. Cordray, however, drew immediate criticism. In what is known as the "Recess Appointments Clause," the U.S. Constitution provides that "[t]he President shall have Power to fill up all Vacancies that may happen during the Recess of the Senate, by granting Commissions which shall expire at the End of their next Session." President Obama initially installed Mr. Cordray through a purported recess appointment when the Senate was on a 20-day holiday, but holding pro forma sessions every three days to block presidential action. The President's appointment of Mr. Cordray during this time allowed the President to bypass Republican opposition to Mr. Cordray's nomination and install Mr. Cordray as the CFPB Director until the end of 2013.
On January 25, 2013, however, the U.S. Court of Appeals for the District of Columbia Circuit held that President Obama's appointments of three members of the National Labor Relations Board (NLRB)--whom he appointed the same day as Mr. Cordray--were "constitutionally invalid." The court interpreted the Recess Appointments Clause to mean that the President only may use his recess appointments authority during the recess that occurs between sessions of Congress, not during intrasession adjournments. Because the invalidation of the appointments meant that the Board did not have a quorum for votes in which the three members participated, the court held that the challenged enforcement action at issue in the case must be vacated. The NLRB has filed a petition for a writ of certiorari to the U.S. Supreme Court .
Although the this decision does not affect Mr. Cordray's initial appointment directly, his appointment has been challenged on the same grounds in a case pending before the federal district court for the District of Columbia. The defendants in that case have moved to dismiss the case on procedural grounds, but if the court reaches the merits, the D.C. Circuit's decision will bind it unless the Supreme Court overturns the decision. Such a scenario would call into question many of the actions Mr. Cordray and the CFPB have taken thus far--particularly the promulgation and implementation of rules because, by statute, only a lawfully-appointed director "may prescribe rules and issue orders and guidance, as may be necessary or appropriate to enable the Bureau to administer and carry out the purposes and objectives of the Federal consumer financial laws, and . . . prevent evasions thereof."
In the meantime, President Obama has re-nominated Mr. Cordray to a full five-year term at the CFPB. The Senate Committee on Banking, Housing, and Urban Development approved the nomination on a 12-10 party-line vote. Senate Majority Leader Harry Reid (D-NV) recently announced that he would push a full Senate vote on Mr. Cordray to July. To bring the nomination to a vote, a sixty-senator majority will have to vote to invoke cloture, but 43 Republican senators already have sent a letter to President Obama promising to oppose the nomination.
House Financial Services Committee Chairman Jeb Hensarling (R-TX) sent a letter to Meredith Fuchs, the CFPB Associate Director and General Counsel, stating that he would not allow Mr. Cordray to give the CFPB's mandatory semi-annual report to the Committee because he "does not meet the statutory requirements of a validly-serving Director of the CFPB, and cannot be recognized as such." Chairman Hensarling also said, however, that the Committee "intends to continue to conduct rigorous oversight of the CFPB's activities, and will expect the CFPB's cooperation in those efforts."
Gibson Dunn will be monitoring developments with regard to Mr. Cordray's appointment closely and plans to provide timely updates regarding the nomination process as events unfold.
II. CFPB Complaint and Data Collection
In its first year of operations, the CFPB has established itself as a massive clearinghouse of consumer financial data and complaints. Several sections of the Dodd-Frank Act require the CFPB to collect data and help consumers. For instance, the Act directs the CFPB to establish a "community affairs" unit to provide information, guidance, and technical assistance regarding the offering and provision of consumer financial products to "traditionally underserved consumers and communities." It also requires the CFPB to establish a consumer complaint unit to collect consumer complaints and direct them to the appropriate federal or state agencies for action.
The CFPB has acted on these requirements quickly--and on a scale that has caught many by surprise. The CFPB has begun collecting complaint data through a Consumer Complaint Database that lists customer complaints about specific, named companies. The database can be downloaded, sorted, and graphed. The CFPB has explained: "We don't verify all the facts alleged in these complaints but we do take steps to confirm a commercial relationship between the consumer and company. Complaints are listed here after the company responds or after they have had the complaint for 15 calendar days, whichever comes first. We remove complaints if they don't meet all of the publication criteria." The publication criteria are contained in a policy statement issued March 25, 2013. The statement explains that the database will include complaints about credit cards, mortgages, bank accounts and services, private student loans, and other consumer loans. Although the CFPB does not validate the facts of the complaints, it has asserted that it believes that the data are useful and that the "marketplace of ideas will determine what the data show."
Between July 21, 2011 and February 28, 2013, the CFPB received approximately 131,300 consumer complaints. The complaints included approximately 30,000 credit card complaints, 63,700 mortgage complaints, 19,800 bank account and service complaints, 4,600 student loan complaints, 4,100 consumer loan complaints, and 6,700 credit reporting complaints.
In addition to its collection of consumer complaints, the CFPB also has undertaken a tremendous data collection effort. Bloomberg News reported on April 18, 2013, that the CFPB will spend $20 million to purchase anonymous consumer data regarding 10 million consumers from national service providers. The CFPB also is ordering banks and mortgage companies to provide consumer records. The CFPB may share these data and individual complaints with state and federal law enforcement agencies, and it reports to Congress each year about the complaints it receives. In an oversight hearing before the Senate Banking Committee on April 23, 2013, several senators, including Ranking Member Mike Crapo (R-ID) and Senator Mike Johanns (R-NE), expressed concern about the level and detail of the CFPB's data collection.
In addition to its enormous database, the CFPB has created other resources for consumers to share their experiences with consumer financial products. For instance, on its website, the CFPB has established a page for consumers to tell both positive and negative stories about their experiences with consumer financial products to "help inform how [the CFPB] work[s] to protect consumers and create a fairer market place." The page asks for a narrative account and for the consumer's contact information, although it also allows consumers to submit their stories anonymously. The page includes a checkbox for consumers to mark if they are reporting something they saw while working for a financial company.
The CFPB website also includes pages directed toward traditionally underserved communities, including students, the elderly, service members, and veterans under its "Get Assistance" link. On each of those pages, the CFPB addresses topics relevant to the specific community, such as repaying student debt or how to handle scam artists targeting the elderly.
The CFPB complaint unit has established a toll-free consumer help hotline, as well as an extensive online tool for submitting complaints about financial companies. Once a consumer submits a complaint, the CFPB either forwards the complaint to the company or sends the complaint to a more appropriate federal agency. The company must review the complaint and report back to the consumer and to the CFPB. In addition to its main complaint website, the CFPB also has established webpages for specific types of complaints, such as complaints about student loans and credit reporting. The CFPB has taken to Twitter and Facebook to advertise these specific complaint websites and encourage people to report their problems. It also has been updating followers on Twitter about the number of complaints it has received and provides links to published consumer complaints and their resolution, omitting the names of the companies involved.
III. Supervisory Authority
The CFPB has a broad supervisory and enforcement mandate. The CFPB is tasked with assessing compliance with federal consumer financial laws, obtaining information about activities and compliance systems or procedures, and detecting and assessing risks to consumers and to markets for consumer financial products and services. The CFPB supervises large depository institutions that offer a wide variety of consumer financial products and services, such as banks and credit unions, as well as non-depository consumer financial services companies that offer one or more such products, such as schools offering private student loans.
The Dodd-Frank Act established parallel frameworks to govern the CFPB's supervisory authority over large depository institutions and their affiliates and over non-depository consumer financial services companies. The frameworks state that the purpose of CFPB supervision, including examination, is to assess supervised entities' compliance with Federal consumer financial laws, obtain information about supervised entities' activities and compliance systems or procedures, and detect and assess risks to consumers and to markets for consumer financial products and services. The frameworks also require the CFPB to coordinate with other federal and state regulators and the requirement to use, where possible, publicly available information and existing reports to federal or state regulators pertaining to supervised entities.
A. Examination Process
The CFPB targets non-depository consumer financial services companies for examination based on the potential risk the companies pose to consumers, including consideration of a company's asset size, volume of consumer financial transactions, extent of other federal and state oversight, and any other factor the CFPB deems relevant. The CFPB is required to coordinate examinations of non-depository consumer financial services companies with state and prudential regulators.
The CFPB sets regular examination schedules for large depository institutions and their affiliates depending on two considerations: (1) an assessment of potential risks to consumers, and (2) statutory requirements that the Bureau and prudential regulators coordinate their examination scheduling and conduct "simultaneous" examinations of depository institutions, as well as coordinate such examinations with state regulators.
The Bureau's specific examination procedures are similar to those of prudential and many state regulators. During the course of an examination, CFPB examiners collect and review information available from within the CFPB, from other federal and state agencies, and from public sources. To the extent possible, the Bureau is required to use reports that the supervised entity has provided to federal or state regulators and information that the entity has publicly reported. However, the Bureau's examiners also are authorized to request and review supplementary documents and information from the supervised entity. After completing an examination, CFPB examiners develop and obtain internal approval for a preliminary risk focus and scope for the onsite portion of the examination.
During the examination process, CFPB examiners go onsite to observe employees, conduct interviews, and review additional documents and information. Firms should note that CFPB enforcement attorneys have been attending examinations, which has raised concerns for a number of supervised entities regarding the attorney-client privilege and whether information discovered during examinations could be used in later enforcement proceedings. The CFPB's 2012 Ombudsman Report recommended that the CFPB review implementation of that policy and clarify the role of enforcement attorneys at examinations. The Federal Reserve Board's Office of Inspector General has announced that it will evaluate the integration of enforcement attorneys into examinations to assess the risks associated with this approach and the effectiveness of safeguards the CFPB has established to mitigate those risks.
After the examination concludes, the CFPB examiners consult internally if the examination indicates potential unfair, deceptive, or abusive acts or practices, discrimination, or other violations of law. The CFPB examiners also draw preliminary conclusions about the entity's compliance management and its statutory and regulatory compliance, and, if warranted, will consider imposing corrective actions on the institution, whether through informal agreement or a formal enforcement action. At the close of the examination, the CFPB examiners draft an examination report and share the draft report with the prudential regulators. The CFPB examiners may consider any comments the prudential regulators offer regarding the draft report. After final internal clearance, the CFPB examiners finalize and transmit the report to the supervised entity.
During the examination, the Examiner in Charge communicates with appropriate supervised entity personnel about preliminary findings and conclusions. The CFPB seeks cooperation from the supervised entity to correct any problems identified. The CFPB states that it considers all supervisory information, including examination reports and ratings, to be highly confidential, although regulated entities have been concerned about the CFPB's ability to share such information with state regulators.
The CFPB addresses negative examination findings based on the individual facts and circumstances at issue in each examination. If the examination process results in negative findings, the type of problems found and the severity of harm to consumers dictate whether informal supervisory measures or formal enforcement action is taken. According to the Supervision and Examination Manual, the CFPB encourages self-correction, but some circumstances may nevertheless be sufficiently serious to warrant a public enforcement action. For large depository institutions and their affiliates, the CFPB shares draft examination reports and consults with prudential regulators regarding whether supervisory or enforcement action should be taken.
B. Target and Horizontal Reviews
In addition to regularly scheduled examinations, the CFPB is authorized to conduct target and horizontal reviews. Target reviews focus on a single problem at a single entity, such as a significant volume of customer complaints or a specific concern that has come to the Bureau's attention. Horizontal reviews look across multiple entities to examine issues arising from particular products or practices to determine whether supervisory measures or enforcement actions are needed.
C. Supervision Process
The CFPB takes different approaches to supervising depository institutions versus non-depository consumer financial services companies. The Nonbank Supervision Risk Analytics and Monitoring team (RAM) provides risk-based analysis of consumer financial markets and market participants to support the examination program surrounding non-depository consumer financial services companies. This team is authorized to acquire and analyze qualitative and quantitative information and data pertaining to consumer financial product and service markets to determine what industries and institutions pose the greatest risk to consumers. These data are then used to schedule individual examinations based on a risk ranking of entities. Once a particular examination is scheduled, the examination team is to follow the same general examination process used for all supervised entities. Conversely, each large depository institution is assigned a lead examiner who regularly monitors information about the entity and its affiliates. That information is collected in an institution profile and used as the basis for a risk assessment and supervision plan, which determines the frequency and depth of monitoring.
D. Supervisory Appeals Process
On October 31, 2012, the CFPB announced its appeals policy for supervised entities. Financial service providers under the CFPB's jurisdiction, including depository institutions, may request a review of a less than satisfactory compliance rating (a rating of 3, 4, or 5) or any underlying adverse finding set forth in the relevant examination report, or adverse findings conveyed in a supervisory letter. The reviewing committee includes the CFPB Associate Director for Supervision, Enforcement, and Fair Lending who chairs the committee; one or more representatives from CFPB Headquarters Supervision management in Washington, D.C.; and at least two representatives of regional offices who were not involved in the matter under review. The committee initially will review the supervised entity's written appeal, the examination report or supervisory letter at issue, and supporting documentation for both. If applicable, the committee will send a copy of the appeal to the prudential regulator of the appealing entity and solicit its views. The committee also will solicit input from other CFPB personnel, such as examination staff and CFPB Headquarters staff, including those involved in the specific matter under appeal. If requested, the committee will hear a presentation from the appealing entity. Upon conclusion of the review, the committee will summarize its findings in a written decision, which is then reviewed by the Associate Director. The decision of the Associate Director is final; the Bureau will not accept any further attempts to appeal the matter.
IV. Enforcement Powers
The Dodd-Frank Act authorizes the CFPB to conduct investigations to determine whether any person has violated federal consumer financial law (such as those listed earlier in a sidebar) before initiating any judicial or administrative adjudicatory proceedings. Investigations may be initiated by the Assistant Director and the Deputy Assistant Directors of the Office of Enforcement. The CFPB may conduct these investigations jointly with other regulators.
The Dodd-Frank Act provides that the CFPB, or, "where appropriate," its investigators, may issue subpoenas for witness testimony and documentary evidence in relation to any CFPB hearing. Should a witness fail to comply with a subpoena, the CFPB or its investigator can petition the federal district court where the witness is found, resides, or conducts business to issue an order requiring the witness to appear to give testimony or to produce documents. Should the witness violate that order, the court may hold the witness in contempt.
2. Civil Investigative Demands
The Dodd-Frank Act also grants the CFPB broad authority to issue civil investigative demands "[w]henever the Bureau has reason to believe that any person may be in possession, custody, or control of any documentary material or tangible things, or may have any information, relevant to a violation . . . ." The CFPB Director, the Assistant Director of the Office of Enforcement, and the Deputy Assistant Directors of the Office of Enforcement are authorized to issue CIDs. Should an investigation lead the CFPB to conclude that an enforcement action is warranted, the CFPB may institute proceedings in federal or state court or pursuant to the Bureau's administrative adjudicatory process. It also may refer investigations to appropriate federal, state, or foreign governmental agencies.
a. Civil Investigative Demand Procedures
The CFPB's civil investigative demand procedures place a CID recipient under extraordinarily tight deadlines to review the CID, develop a response, meet with CFPB staff, and comply with or challenge the CID's terms. It is imperative for CID recipients to respond to a CID promptly according to a well-reasoned strategy.
The CFPB may issue a CID "before the institution of any proceedings under the Federal consumer financial law." The CID can require a person to produce documents, submit tangible items, file written reports or answers to questions, and give oral testimony, but it must give the recipient a "reasonable period of time" to collect documents and make them available for inspection. It is the Bureau's policy to keep the issuance of a CID confidential, although a company may have to disclose the investigation in other public regulatory filings. Significantly, although the Dodd-Frank Act requires the CFPB to treat produced documents and tangible items confidentially, the materials always are subject to disclosure to Congress or congressional committees. A CID recipient must assert all claims of privilege no later than the date set for the production of material, and, if directed by the CID, must produce a privilege log detailing the specific grounds for claiming privilege with regard to each item. If a person fails to comply with a CID, the Bureau may file a petition for an enforcement order in federal district court.
Once a party is served with a CID, the party must meet either in person or over the telephone with a Bureau investigator within ten calendar days to resolve any issues regarding compliance with the CID. During that meeting, a party can negotiate the terms of the CID with the Assistant Director or Deputy Assistant Directors of the Office of Enforcement. The CFPB's final Rules Relating to Investigations provides that "[t]he Assistant Director of the Office of Enforcement and the Deputy Assistant Directors of the Office of Enforcement are authorized to negotiate and approve the terms of satisfactory compliance with civil investigative demands, and, for good cause shown, may extend the time prescribed for compliance."
After that mandatory meeting, a party served with a CID has three options: First, the recipient can comply with the CID within the time prescribed by the demand. Second, a party may petition the CFPB for an order to modify or set aside the demand. If a party chooses this option, it must file its petition by the shorter of 20 days after service of the CID or before the return date specified by the demand. The CFPB only will consider such a petition if the party has "meaningfully engaged" in the meet-and-confer process, and it only will consider issues raised during that process. A timely petition to modify or set aside the demand stays the time permitted for compliance with regard to the portion of the CID that the recipient is challenging. If the CFPB denies the petition, the ruling will specify a new return date. Unless a party can show good cause why it should not, the CFPB will make both the petition and its ruling public.
Third, a party may request an extension of time to file a petition to modify or set aside the CID--but such requests are "disfavored" under the CFPB's regulations.
b. Oral Testimony and Investigational Hearings Pursuant to CIDs
The CFPB may conduct investigational hearings-- distinguished from adjudicative hearings--pursuant to a CID for oral testimony. Such hearings may be employed in the course of any investigation, "including inquiries initiated for the purpose of determining whether or not a respondent is complying with an order of the Bureau." Civil investigative demands requiring the recipient to give oral testimony must prescribe a date, time, and place for the testimony and identify the Bureau investigator who will conduct the investigation. They also must "describe with reasonable particularity the matters for examination." Any party required to give oral testimony may be represented by counsel, but counsel only may raise objections related to issues of privilege.
c. CFPB Use of Civil Investigative Demands Thus Far
Thus far, the CFPB only has issued two public orders in response to petitions to set aside or modify CIDs, one to PHH Corporation and one to Next Generation Debt Settlement. Both orders, discussed below, suggest that the meet-and-confer process will be key to negotiating the terms of a CID.
i. PHH Corporation
The most informative case study is that of PHH Corporation, a mortgage lender. Because the Order represented the Bureau's first determination regarding a petition to modify or set aside a CID, the Bureau provided a more extensive discussion than it expects to be typical of such orders. PHH's petition also includes an exchange of letters with the CFPB that provides insight into the negotiation process with the CFPB.
The Bureau's enforcement team sent a letter to PHH on January 3, 2012 to announce that it had opened an investigation "to determine whether the practice of ceding premiums from private mortgage insurance companies to captive reinsurance subsidiaries of certain mortgage lenders has violated Section 8 of the Real Estate Settlement Procedures Act (RESPA)." The Bureau's Order states that the initial letter requested "limited data" from the company. PHH and the CFPB engaged in discussions, which resulted in a written agreement executed on January 25, 2012 tolling any applicable statutes of limitations.
On May 22, 2012, the Bureau issued a CID to PHH consisting of 21 interrogatories and 33 document requests--many with multiple subparts--relating to the investigation. PHH's counsel and the CFPB initially engaged in a series of telephone calls and letters to address PHH's concerns regarding the demand. In a letter dated June 4, 2012, PHH asserted that it believed that the specifications were overbroad. In particular, it noted that the requests dated back to 2001 in some instances, and to 1995 in others, but that the statute of limitations for any RESPA action was three years, making the only relevant time period January 25, 2009 to the present. PHH proposed specific modifications to almost every interrogatory and request for documents.
On June 7, 2012, Kent Markus, the CFPB Chief of Enforcement, sent PHH a letter stating that it had received the company's request for a limited extension of the deadline to produce documents responsive to the CID. The letter granted an extension for an initial production to be made on June 29, 2012, and all other documents to be produced on July 15, 2012, as well as stated terms that PHH and the CFPB apparently had previously negotiated for compliance with the CID. The letter also denied PHH's request to toll the deadline for filing a petition to modify or set aside the CID.
On June 8, 2012, the CFPB sent PHH another letter stating that it was "willing to work with the list of custodians that [PHH] provided as a starting point to narrow the scope of electronic mail searches," and requested additional information to develop a more complete list of custodians. In the June 8 letter, the CFPB also responded to what it characterized as PHH's "general rote objections" that the CID's requests were overly broad and burdensome--and, in that process, signaled its expansive view of its investigative authority. The letter states: "As you are no doubt aware, the Bureau has extensive authority to request information, data, and documents from [PHH] . . . particularly with respect to the enforcement of RESPA." It cites Supreme Court precedent for the proposition that an administrative procedure "is sufficient if the inquiry is within the authority of the agency, the demand is not too indefinite, and the information is reasonably relevant." The letter characterizes the CID as "narrowly tailored to a particular practice and potential violation of law," but then immediately asserts that "[t]he Bureau has 'no obligation to establish precisely the relevance of the material it seeks' or to reveal the internal deliberations of our investigation.'" The letter explains: "[w]ith respect to an administrative CID, 'it is essentially the respondent's burden to show that the information is irrelevant.' . . . We do not believe that any of your objections meet this threshold."
Specifically addressing PHH's concern about the time period of the requests, the CFPB stated that PHH "[had] not offered any legally cognizable basis to challenge the relevance of the requests set forth in the CID." The letter asserts that "the law is clear that a possible statute of limitations defense does not limit an agency's authority to investigate and cannot be used as a defense to a demand for documents. . . . To the extent older information is unavailable or not reasonably accessible, we will consider those issues as a matter of burden, not relevance." But, the letter continues, PHH did not cite any specific factual basis to explain why the requests would impose an undue burden on the company.
On June 12, 2012, PHH filed its 36-page petition to modify or set aside the CID asserting that the CID failed to "state the nature of the conduct constituting the violation which is under investigation," as it must under Section 1052(c)(2) of the Dodd-Frank Act; the document requests were overbroad because documents dating back 11 or 17 years could not be relevant to claims with a statute of limitation dating back only three years; and that the requests sought documents that were not relevant to any asserted violation, thus making the requests unreasonable. PHH also argued that compliance would be unduly burdensome to the company because it would take months of attorney efforts to review all the documents requested. Further, PHH noted that the CFPB had not yet provided search terms to use in connection with the e-mail production, but still expected PHH to meet the production deadlines.
On September 20, 2012, the CFPB issued its Order denying PHH's petition. It cited many of the same reasons it discussed in its June 8 letter, and, in the process, made clear several important points--
First, the CFPB views its investigative authority broadly. It analogized its power to the investigative authority of the FTC, which the Supreme Court in the Morton Salt case likened to that of a grand jury which "'can investigate merely on suspicion that the law is being violated, or even just because it wants assurance that it is not.'" The CFPB again cited Morton Salt for the proposition that an administrative subpoena "'is sufficient if the inquiry is within the authority of the agency, the demand is not too indefinite and the information sought is reasonably relevant.'"
Second, the meet-and-confer process will be essential to limiting the Bureau's demands. The Bureau responded to PHH's argument that the CID amounted to a "fishing expedition" by explaining that at the outset, the enforcement team presents a "thorough and comprehensive" request for information, and that "[t]he meet-and-confer session is intended as an opportunity to narrow the scope of the requests . . . ." Although PHH participated in a telephonic meet-and-confer, PHH did not make its information technology personnel available as the CFPB had requested. The CFPB also asserted that PHH did not cite specific burdens the requests would impose on the company. It will be imperative for any CID recipient who wishes to negotiate the terms of the demand with the CFPB to present detailed information regarding the costs of and time required to produce the documents the CFPB demands.
Third, the CFPB likely will not be receptive to requests to limit the time periods covered by demands based on statute of limitations arguments. PHH reasserted its argument that the CID requested information that could not be relevant because it sought information beyond the applicable three-year statute of limitations established in Title X, going back as far as 1995 for some requests. As it did in its June 8 letter, the CFPB rejected that argument, again citing EEOC v. American Express Centurion Bank, 758 F. Supp. 217, 222 (D. Del. 1991), for the proposition that a possible statute of limitations defense does not limit an agency's authority to investigate and cannot be used as a defense to a demand for documents.
It appears that the CFPB's demands for information may extend over many years, and based on the CFPB's Order and June 8 letter in this case, that the CFPB only will consider those undue burden arguments that assert very specific burdens a document production could impose on the respondent.
ii. Next Generation Debt Settlement
On August 3, 2012, the Bureau issued a CID to Next Generation "in connection with an investigation regarding . . . whether certain companies engaged in unlawful acts or practices in the advertising, marketing or sale of debt settlement services." According to the Bureau's Order, CFPB attorneys spoke with a Next Generation employee on August 20 to confirm the company's attendance at the investigational hearing, and, nine days later, also sent a letter to the company to confirm its attendance and notify the company that it had failed to meet and confer with Bureau staff. On September 4, 2012, the company's chief executive officer sent a brief e-mail to the CFPB asking the Bureau to set aside the CID for eight reasons, all of which the CFPB characterized as "focused on potential defenses to claims the Bureau might bring against Next Generation."
The CFPB denied Next Generation's e-mail petition "because it was not filed within the time permitted under the Bureau's rules regarding investigations, and because Next Generation failed to meet and confer with Bureau staff before filing the petition."  The Order notes that the Bureau may waive the timing and meet-and-confer requirements "in appropriate circumstances," but Next Generation did not request a waiver.
The Order adds that "even if the petition comported with the Bureau's rules, it has no merit," explaining that "facts relating to whether Next Generation is covered by or has violated a federal consumer financial law are not defenses to the enforcement of a CID, even if they might eventually be defenses to legal claims contemplated in the CID." The Bureau emphasized that it has authority to "conduct an investigation 'to discover and procure evidence, not to prove a pending charge or complaint, but upon which to make one if, in the [Bureau's] judgment, the facts thus discovered should justify doing so.'"
Although much more abbreviated than its response to PHH, the Bureau's response to Next Generation's petition again indicates that it will take the timing and meet-and-confer requirements seriously.
B. Hearings and Adjudications
The CFPB can conduct hearings and adjudication proceedings, including cease-and-desist proceedings, to enforce compliance with Title X, regulations the CFPB issues, and the other federal laws the CFPB is authorized to enforce (set forth in the earlier sidebar). In an administrative proceeding or in a civil action brought under federal consumer financial law, the court or the CFPB "shall have jurisdiction to grant any appropriate legal or equitable relief," which "may include, without limitation: rescission or reformation of contracts; refund of money or return of real property; restitution; disgorgement or compensation for unjust enrichment; payment of damages or other monetary relief; public notification regarding the violation; and limits on the activities or functions of the person against whom the action is brought. The Dodd-Frank Act, however, does not authorize the imposition of exemplary or punitive damages, but it does allow state or federal regulators to recover their costs if they prevail in the action.
The Dodd-Frank Act also provides that "[a]ny person that violates, through any act or omission, any provision of Federal consumer financial law shall forfeit and pay a civil penalty." The statute provides for three tiers of penalties. The first tier applies to "any violation of a law, rule, or final order or condition imposed in writing by the Bureau" and sets a penalty of not more than $5,000 per day that the violation occurred or the party continues to fail to pay the penalty. The second tier provides that "for any person that recklessly engages in a violation of a Federal consumer financial law, a civil penalty may not exceed $25,000 for each day during which such violation continues." And the third tier provides that "for any person that knowingly violates a Federal consumer financial law, a civil penalty may not exceed $1,000,000 for each day during which such violation continues." The statute requires, however, that the CFPB or court consider "the appropriateness of the penalty" in light of mitigating factors, including "the size of financial resources and good faith of the person charged"; "the gravity of the violation or failure to pay"; "the severity of the risks to or losses of the consumer, which may take into account the number of products or services sold or provided"; "the history of previous violations"; and "such other matters as justice may require." The funds collected by the CFPB may be used either for consumer victims or for financial education.
The CFPB already has proven that it will pursue these awards aggressively: In its recent Semi-Annual Report to Congress, the Bureau announced that it has obtained $425 million in refunds for credit card company customers.
1. Hearing and Adjudication Procedures
Section 1053 of the Dodd-Frank Act authorizes the CFPB to conduct administrative adjudications following the standard course for such proceedings set out in the Administrative Procedure Act to "ensure or enforce compliance with" Title X of the Dodd-Frank Act, including rules prescribed by the Bureau under Title X, and any other Federal law the Bureau is authorized to enforce, unless a law specifically limits the Board from conducting such a proceeding. The CFPB issued a final rule on June 29, 2012, establishing the rules of practice for adjudication proceedings. The rule explains that initial proceedings will take place before a hearing officer. Typically, the CFPB will commence the proceeding by filing a notice of charges, but the parties can agree to a settlement prior to that filing, in which case, the proceeding will be commenced by filing a stipulation and a consent order. The rule also provides that a respondent may propose a settlement offer at any time during the proceedings. Unless the parties enter a consent order, however, the respondent must file an answer within 14 days of service of the notice of charges specifically addressing each allegation of fact in the notice of charges. Throughout the proceeding, the hearing officer may certify any matter upon his own motion or motion by a respondent for review by the CFPB Director. If a hearing officer denies a respondent's motion for certification, the respondent may petition the Director directly for review--but such review is disfavored. The Director has discretion whether to consider any matter, whether it comes to him by certification or petition.
Under the rule, the hearing officer must file a recommended decision no later than 90 days after the deadline for filing post-hearing responsive briefs, and no later than 300 days after the CFPB files the notice of charges, unless the Director grants an extension. Unless the respondent timely files and perfects a notice of appeal of the recommended decision, the Director may adopt it as the final decision and order of the Bureau, or he may order further briefing. To appeal a recommended decision, a party must file a notice of appeal with the Office of Administrative Adjudication within ten days after service of the recommended decision and then perfect the appeal by filing its opening appeal brief within thirty days of service of the recommended decision. A party must perfect an appeal to the Director before seeking judicial review of a final decision and order.
2. Judicial Review
Except for review of cease-and-desist orders, judicial review is conducted pursuant to the Administrative Procedure Act (APA). Parties may seek review of final agency actions in a "court of competent jurisdiction"--typically a federal district court. The APA mandates that reviewing courts give agencies a significant amount of deference, providing for agency decisions to be set aside only if the decisions are "arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law," contrary to a party's constitutional rights, in excess of the agency's statutory jurisdiction or limitations, or without observance of required legal procedures, or unwarranted by the facts.
3. Cease-and-Desist Order Procedures
The Dodd-Frank Act establishes a special set of procedures for cease-and-desist proceedings brought by the CFPB. In its notice of charges, the Bureau must set a time and place to hold a hearing to determine whether a cease-and-desist order should be issued against the covered person between thirty and sixty days after the notice of charges has been served. All administrative hearings regarding cease-and-desist orders are required to take place in the federal district court where the covered person has its principal place of business, unless the person consents to another location, and are to be conducted according to the APA. If a party consents by failing to appear at the hearing or the Bureau finds on the record that a violation has been established, the Bureau may issue an order to cease and desist from the violating practice, which will become effective thirty days after service. A party may petition for judicial review in the U.S. Court of Appeals of its principal place of business or the U.S. Court of Appeals for the D.C. Circuit within thirty days after the date the CFPB serves the order.
C. Civil Actions
In addition to its adjudication proceedings, the CFPB can bring a civil action in federal district court or seek civil penalties and equitable relief for violations of Title X, related regulations, or other consumer financial protection laws. When commencing a civil action, the Bureau must notify the Attorney General. The CFPB announced last year that in some cases, it would send an early warning--called a Notice and Opportunity to Respond and Advise (NORA)--to a party before commencing enforcement proceedings. A party that receives such a notice then has the chance to send a NORA letter to the CFPB presenting legal and policy arguments relevant to the potential enforcement proceedings. A NORA letter can be supported by facts verified in a sworn written statement. The CFPB emphasized, however, that it will not send early warnings in all cases, especially in instances when it suspects ongoing fraud.
D. Referrals to Other Federal Agencies
Although the CFPB does not have criminal enforcement authority, it is required to refer findings of federal criminal violations to the Department of Justice (DOJ) for further review and action. Director Cordray announced on May 7, 2013, that the CFPB had made its first criminal referral of several debt relief service providers to the U.S. Attorney for the Southern District of New York. After investigating Mission Settlement Agency and Premier Consultant Group, the Law Office of Michael Levitis, and the Law Office of Michael Lupolover for a year, the CFPB determined that the companies provided little or no debt relief to their customers and charged unlawful advance fees to their customers. Director Cordray concluded his remarks by noting that the CFPB and the U.S. Attorney's Office "will be looking for more such occasions to coordinate and collaborate."
The CFPB also is required to refer information identifying possible tax law noncompliance to the Internal Revenue Service (IRS). Additionally, the Equal Credit Opportunity Act (ECOA) requires the CFPB to refer matters to DOJ whenever the CFPB "has reason to believe that one or more creditors has engaged in a pattern or practice of discouraging or denying applications for credit in violation of Section 1691(a)" of ECOA, which states ECOA's basic prohibitions against discrimination. In matters that do not involve a pattern or practice of discouragement or denial, the CFPB may refer the matter to the DOJ whenever the agency has reason to believe that one or more creditors has violated Section 1691(a). Furthermore, when examiners find information that may indicate violations of law that are not within the CFPB's authority, the information will be passed on to the appropriate federal or state regulator.
V. Ongoing and Upcoming Investigations
During its first year of operation, the Bureau's Office of Enforcement has launched several high profile investigations which have resulted in companies paying hefty fines and customer refunds. Many more such investigations are ongoing or are likely to be commenced in 2013.
A. Credit Card Companies
Credit card companies have been one of the Bureau's first enforcement targets. The CFPB announced its first public enforcement action on July 18, 2012, against Capital One Bank (U.S.A.), N.A. The CFPB ordered Capital One to "cease and desist . . . from engaging in violations of law or regulation in the marketing" of certain financial products, develop a detailed compliance plan, and submit a remediation plan to the CFPB that "[p]rovide[s] for Remediation to Eligible Cardmembers that shall consist of Restitution or Monetary Relief, whichever component is greater." The allegations included in the consent order focused primarily on marketing conducted by third-party call centers. According to the consent order, the customer refund totaled $140 million to two million customers. The consent order also required Capital One to pay a $25 million civil penalty to the Consumer Financial Civil Penalty Fund. The Bureau's action against Capital One was taken in coordination with the OCC, which separately ordered restitution of approximately $150 million from Capital One, including the aforementioned $140 million customer refund.
After Capital One entered the consent agreements with the OCC and CFPB, shareholders filed derivative actions against Capital One and its directors and officers. The plaintiffs' allegations draw heavily from the OCC and CFPB consent orders. Capital One has moved to dismiss the case on the grounds that the plaintiffs have failed to plead facts that would support their claims against Capital One.
The Bureau followed its Capital One action with similar enforcement actions against Discover Bank on September 24 and against American Express on October 1. The FDIC and CFPB pursued a joint enforcement action against Discover. In a consent order, the FDIC and CFPB announced that they had "determined that Discover has engaged in deceptive acts and practices in or affecting commerce, in violation of section 5 of the Federal Trade Commission Act . . . 15 U.S.C. § 45(a)(1), and in deceptive acts and practices in violation of sections 1031 and 1036 of the CFP Act . . . 12 U.S.C. §§ 5531, 5536, in connection with the marketing, sales, and operation of Discover's Payment Protection, Identity Theft Protection, Wallet Protection and Credit Score Tracker products . . . ." Further, the FDIC "determined that Discover has engaged in unsafe or unsound banking practices." The FDIC and CFPB ordered Discover to refund approximately $200 million to more than 3.5 million customers and to pay a $14 million civil monetary penalty. 
Similarly, the CFPB took over an investigation of American Express begun by the FDIC and the Utah Department of Financial Institutions that resulted in three consent orders in which the CFPB ordered three American Express subsidiaries to refund approximately $85 million to 250,000 customers. The CFPB also required the subsidiaries to pay a civil monetary penalty of $27.5 million to several federal government agencies.
B. Debt Relief Service Providers
In conjunction with Attorneys General from New Mexico, North Carolina, North Dakota, and Wisconsin, and the Hawaii Office of Consumer Protection, the CFPB sued a Miami-based debt relief service provider, Payday Loan Debt Solution, Inc., and its principal, Sanjeet Parvani, in the federal district court for the Southern District of Florida. The complaint alleged that the defendants charged customers advance fees before they actually provided the debt-relief services in violation of the Telemarketing Sales Rule, 16 C.F.R. § 310, the Consumer Financial Protection Act of 2010, 12 U.S.C. §§ 5481, and various state laws. Mr. Parvani cooperated with the investigation and agreed to the entry of the Stipulated Final Order and Judgment enjoining him from committing future violations and ordering him to pay $100,000 in restitution to affected consumers.
In its press release, the CFPB noted that "[t]his action is part of the CFPB's comprehensive effort to prevent consumer harm in the debt-relief industry." It seems likely, then, that future actions against debt relief service providers might be in store for 2013. The action also sets a strong precedent for the CFPB's coordinated action with state regulators and attorneys general.
In addition to the criminal charges brought by the U.S. Attorney's Office working with the CFPB discussed above, the CFPB also filed a civil complaint against Mission Settlement Agency, Premier Consulting Group, the Law Office of Michael Levitis, and the Law Office of Michael Lupolover based on allegations similar to those made against Payday Loan Debt Solution.
C. Mortgage Lenders and Brokers
The CFPB also is focusing on the mortgage industry. On December 11, 2012, the CFPB announced that it had initiated two actions against companies it alleges have engaged in loan modification scams. Two federal district court judges in California have ordered the Gordon Law Firm and the National Legal Help Center to suspend their operations and have frozen their assets. The Special Inspector General for the Troubled Asset Relief Program (SIGTARP) referred the National Legal Help Center case to the CFPB, and the two entities plan to continue working closely on similar cases. In both cases, the CFPB has alleged that the firms charged illegal fees, attempted to deceive consumers by claiming to be affiliated with government agencies, misrepresented that they would secure the consumers' loan modifications, and instructed the consumers to stop paying their mortgages and contacting their lenders.
The CFPB also has launched an investigation of mortgage lenders and brokers regarding allegations of misleading advertisements targeting the elderly and veterans, as well as other advertising violations. The Bureau has targeted companies it identified through a review of Internet, newspaper, and mail advertisements, as well as through consumer complaints. The Bureau appears particularly concerned with misrepresentations regarding a company's affiliation with the government, interest rates, the cost of mortgages and reverse mortgages, and the amount of cash or credit available to consumers. The Federal Trade Commission also is participating in the investigation, focusing on home builders, realtors, and lead generators.
D. Mortgage Insurers
In the reshuffling of duties under the Dodd-Frank Act, the CFPB took over enforcement of the Real Estate Settlement Procedures Act, 12 U.S.C. § 2601 et seq., and, along with it, HUD’s investigation into mortgage insurers’ compliance with the statute. In addition to PHH Corp., discussed above, the CFPB issued civil investigation demands to several other mortgage insurers. The CFPB announced in April that it had entered into Consent Orders with Genworth Mortgage Insurance Corporation, Mortgage Guaranty Insurance Corporation, Radian Guaranty, Inc., and United Guaranty Corporation. The companies agreed to pay more than $15 million in penalties to the CFPB to settle the enforcement actions.
E. Consumer Credit Reporting Agencies
On November 29, 2012, the CFPB released a bulletin to nationwide specialty consumer reporting agencies emphasizing their legal requirement to provide a streamlined process for consumers to obtain a free credit report under the Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq. (FCRA). The CFPB also issued warning letters to specialty consumer reporting agencies that the Bureau believed could be in violation of the requirements of FCRA, such as by failing to provide a toll-free phone number or by making it difficult for consumers to obtain a credit report. The CFPB has warned that companies in violation of these requirements could be subject to enforcement actions and that it will continue to monitor the companies to ensure compliance. The Bureau has announced that it has started accepting consumer complaints regarding specialty reporting agencies.
Congress also has turned its attention to consumer credit reports. On December 19, 2012, the Financial Institutions and Consumer Protection Subcommittee of the Senate Banking Committee held a hearing entitled "Making Sense of Consumer Credit Reports," at which Corey Stone, the CFPB's Assistant Director for Deposits, Cash, Collections, and Reporting Markets testified. At the hearing, Mr. Stone emphasized that its oversight of consumer reporting companies and the banks that provide the companies with consumers' credit information is a priority for the CFPB. He noted that more than half of the information given to the credit bureaus comes from the credit card industry, which means that consumers' use of credit cards is accorded considerable weight when determining a consumer's credit score. During questioning from Senator Corker, Mr. Stone commented that one area of CFPB focus is whether consumer financial products such as loans that are more difficult to repay create bad "repayers," which then lead to negative credit reports for those consumers.
F. Lenders and Services of Student Loans
Lenders and servicers of student loans are another likely target of CFPB enforcement. The agency has issued press releases, as well as a report to Congress, critical of student loan servicing practices. The CFPB has identified members of the military and their families as particularly vulnerable populations. Its criticisms are wide-ranging, alleging that, on the front end, lenders have employed misleading marketing practices to draw students into debt, and that once students have taken out a loan, servicers have used aggressive debt collection practices and have failed to provide flexibility with regard to loan modifications. The CFPB has established a system for receiving complaints regarding student loans.
G. Debt Collectors
Last year, the CFPB issued a rule regarding supervision of consumer debt collectors that have more than $10 million in annual receipts from consumer debt collection. Starting on January 2, 2013, the agency began overseeing debt collectors who purchase debts and collect the proceeds for themselves, firms that collect debts on behalf of others for a fee, and firms that collect debts through litigation. The agency primarily will focus on the completeness and accuracy of debt collectors' disclosures to consumers, their complaint and dispute resolution processes, and the tone of communications with consumers. The CFPB has yet to open its complaint database to include consumer debt collectors, so the agency pulls from the complaint database at the FTC. This marks the first time many nonbank debt collectors will undergo regular examinations.
The CFPB is no longer an agency working through its formative stage; it has quickly become one of the most active oversight and enforcement agencies in the Federal government. The Bureau has established many of its procedural rules and is pursuing its supervisory and enforcement mandates, and it is widely anticipated that the CFPB will launch numerous and broad-reaching investigations this year and in years to come. These investigations place regulated firms under intense scrutiny and require a prompt and careful response that takes into account the potential for civil litigation as well as the firm's long-term strategies and goals.
We will continue to monitor the Bureau as it develops and enforces its regulations and to update our clients on issues important to them. Gibson Dunn lawyers are prepared to help clients comply with CFPB regulations and defend against enforcement actions. Should you have questions regarding such activity, please contact our team at the information listed below.
 Dodd-Frank Act §§ 1021(a), (b)(2).
 Dodd-Frank Act § 1021(a) (codified at 12 U.S.C. § 5511).
 Dodd-Frank Act § 1021(b) (codified at 12 U.S.C. § 5511).
 Dodd-Frank Act § 1021(c) (codified at 12 U.S.C. § 5511).
 Dodd-Frank Act § 1002(6) (codified at 12 U.S.C. § 5481(6)).
 Dodd-Frank Act § 1002(5) (codified at 12 U.S.C. § 5481(5)).
 Dodd-Frank Act § 1002(15) (codified at 12 U.S.C. § 5481(15)).
 Dodd-Frank Act § 1025 (codified at 12 U.S.C. § 5515).
 Dodd-Frank Act § 1025 (codified at 12 U.S.C. § 5515).
 CFPB Supervision and Examination Manual, Overview 5 n.13.
 Dodd-Frank Act § 1026 (codified 12 U.S.C. § 5516).
 Dodd-Frank Act § 1026 (codified at 12 U.S.C. § 5516). A service provider is defined as “any person that provides a material service to a covered person in connection with the offering or provision by such covered person of a consumer financial product or service.” Dodd-Frank Act § 1002(26)(A) (codified at 12 U.S.C. § 5481). This includes a person that “(i) participates in designing, operating, or maintaining the consumer financial product or service; or (ii) processes transactions relating to the consumer financial product or service.” Id.
 Dodd-Frank Act § 1026 (codified at 12 U.S.C. § 5516).
 Dodd-Frank Act § 1024 (codified at 12 U.S.C. § 5514).
 Defining Larger Participants of the Consumer Debt Collection Market, 12 C.F.R. pt. 1090 (Oct. 24, 2012).
 The Bureau does not have authority to regulate how attorneys practice law, but it does have authority over attorneys when they offer or provide a consumer financial product or service that is “not offered or provided as part of, or incidental to, the practice of law, occurring exclusively within the scope of the attorney-client relationship,” or that is “otherwise offered or provided by the attorney in question with respect to any consumer who is not receiving legal advice or services from the attorney in connection with such financial product or service.” Dodd-Frank Act §§ 1027(e)(1)–(2) (codified at 12 U.S.C. § 5517).
 Dodd-Frank Act § 1022(b) (codified at 12 U.S.C. § 5512).
 Dodd-Frank Act § 1061 (codified at 12 U.S.C. § 5581).
 Dodd-Frank Act§ 1031 (codified at 12 U.S.C. § 5531).
 Dodd-Frank Act § 1022(b)(2) (codified at 12 U.S.C. § 5512).
 Dodd-Frank Act § 1023(a) (codified at 12 U.S.C. § 5513).
 Dodd-Frank Act § 1017(a)(1) (codified at 12 U.S.C. § 5497).
 Dodd-Frank Act § 1011(b)-(c) (codified at 12 U.S.C. § 5491(b)-(c)).
 Dodd-Frank Act §§ 1011(c)(1)–(2) (codified at 12 U.S.C. § 5491).
 Dodd-Frank Act § 1011(c)(3) (codified at 12 U.S.C. § 5491(c)(3)).
 See Dodd-Frank Act § 1066(a) (codified at 12 U.S.C. § 5586); cf. Dodd-Frank Act §§ 1022, 1024, Subtitle C (codified at 12 U.S.C.§§ 5512, 5514, 5531 et seq.).
 U.S. Constitution, Art. II, Section 2.
 Noel Canning v. NLRB, No. 12-115, Slip Op. at 15 (D.C. Circuit Jan. 25, 2013).
 State National Bank of Big Spring v. Wolin, Case No. 1:12-cv-01032 (D.D.C.).
 Dodd-Frank Act § 1022 (codified at 12 U.S.C. § 5512).
 Dodd-Frank Act § 1013(b)(2) (codified at 12 U.S.C. § 5493(b)(2)).
 Dodd-Frank Act § 1013(b)(3) (codified at 12 U.S.C. § 5493(b)(3)).
 See, e.g., CFPB Twitter feed October 22, 2012 (consumer credit report complaint site established), October 24, 2012 (seeking stories regarding debt collection); https://www.facebook.com/#!/CFPB?fref=ts.
 Dodd-Frank Act §§ 1024(b), 1025(b) (codified at 12 U.S.C. §§ 5514, 5515).
 Dodd-Frank Act §§ 1025, 1026 (codified at 12 U.S.C. §§ 5515, 5516).
 Dodd-Frank Act § 1024 (codified at 12 U.S.C. § 5514).
 CFPB Supervision and Examination Manual, Overview 3.
 Dodd-Frank Act §§ 1024(b)(1), 1025(b)(1) (codified at 12 U.S.C. §§ 5514, 5515).
 Dodd-Frank Act §§ 1024(b)(3)–(4), 1025(b)(2)–(3) (codified at 12(U.S.C. §§ 5514, 5515).
 On October 31, 2012, the CFPB released the second version of the CFPB Supervision and Examination Manual, which provides guidance to examiners in their oversight of companies that provide consumer financial products and services. The manual details how the CFPB supervises and examines providers of consumer financial products and services, and directs CFPB examiners on how to determine if companies are complying with consumer financial protection laws. For more information, see Consumer Fin. Prot. Bureau, Supervision and Examination Manual – Version 2 (Oct. 31, 2012) (CFPB Supervision and Examination Manual), available at http://www.consumerfinance.gov/guidance/supervision/manual/.
 Dodd-Frank Act § 1024(b)(2) (codified at 12 U.S.C. § 5514).
 Dodd-Frank Act § 1024(b)(3) (codified at 12 U.S.C. § 5514).
 Dodd-Frank Act § 1025(e).
 CFPB Supervision and Examination Manual, Overview 5.
 Dodd-Frank Act §§ 1024(b)(4), 1025(b)(3) (codified at 12 U.S.C. §§ 5514, 5515).
 CFPB Supervision and Examination Manual, Overview 5.
 CFPB Supervision and Examination Manual, Overview 6.
 Id. The CFPB has established procedures for protecting the confidentiality of information it receives and generates in a rulemaking, Disclosure of Records and Information, 12 C.F.R. Part 1070 (76 F.R. 45372) (July 28, 2011).
 Dodd-Frank Act § 1025(e) (codified at 12 U.S.C. § 5515); CFPB Supervision and Examination Manual, Overview 6.
 CFPB Supervision and Examination Manual, Overview 7.
 An entity may not appeal the following through this supervisory appeals process: preliminary supervisory matters (including preliminary findings); CFPB decisions to initiate supervisory measures, such as requiring memoranda of understanding; enforcement actions, such as cease-and-desist orders; or referrals of information to other regulatory agencies. CFPB Bulletin 2012-07, Appeals of Supervisory Matters, Oct. 31, 2012, at 3, available at http://files.consumerfinance.gov/f/201210_cfpb_bulletin_supervisory-appeals-process.pdf.
 Dodd-Frank Act § 1052(a) (codified at 12 U.S.C. § 5562).
 See 77 Fed. Reg. 39101, 39102 (June 29, 2012).
 77 Fed. Reg. 39101, 39108 (June 29, 2012).
 Dodd-Frank Act § 1052(b) (codified at 12 U.S.C. § 5562); see also Rules Relating to Investigations, 77 Fed. Reg. 39101, 39111 (June 29, 2012).
 Dodd-Frank Act § 1052(c)(codified at 12 U.S.C. § 5562).
 77 Fed. Reg. 39101, 39109 (June 29, 2012).
 Rules Relating to Investigations, 77 Fed. Reg. 39101, 39111 (June 29, 2012).
 Dodd-Frank Act § 1052(c)(codified at 12 U.S.C. § 5562).
 77 Fed. Reg. 39101, 39109 (June 29, 2012).
 Rules Relating to Investigations, 77 Fed. Reg. 39101, 39112 (June 29, 2012).
 Dodd-Frank Act § 1052(d) (codified at 12 U.S.C. § 5562).
 Rules Relating to Investigations, 77 Fed. Reg. 39101, 39110 (June 29, 2012).
 Dodd-Frank Act § 1052(e)(codified at 12 U.S.C. § 5562).
 Rules Relating to Investigations, 77 Fed. Reg. 39101, 39109–39110 (June 29, 2012).
 Dodd-Frank Act § 1052(f) (codified at 12 U.S.C. § 5562).
 Dodd-Frank Act § 1052(f)(1) (codified at 12 U.S.C. § 5562).
 Rules Relating to Investigations, 77 Fed. Reg. 39101, 39109 (June 29, 2012).
 Rules Relating to Investigations, 77 Fed. Reg. 39101, 39110 (June 29, 2012).
 Dodd-Frank Act § 1052(c)(13)(D) (codified at 12 U.S.C. § 5562).
 Rules Relating to Investigations, 77 Fed. Reg. 39101, 39111 (June 29, 2012).
 Id. at 1 (citing 12 U.S.C. § 2607).
 Id. (Attachment A).
 Id. (Attachment B).
 Id. (Attachment C).
 Id. (Attachment C) (citing United States v. Morton Salt Co., 338 U.S. 632, 652 (1950)).
 Id. (Attachment C) (quoting FTC v. Invention Submission Corp., 965 F.2d 1086, 1090 (D.C. Cir. 1992)).
 Id. (Attachment C) (quoting FTC v. Invention Submission Corp., 965 F.2d 1086, 1090 (D.C. Cir. 1992)).
 Id. (citing EEOC v. Am. Express Centurion Bank, 758 F. Supp. 217, 222 (D. Del. 1991)).
 Id. at 6-7 (citing inter alia, United States v. Morton Salt Co., 338 U.S. 632 (1950); SEC v. Arthur Young & Co., 584 F.2d at 1030 (“The gist of the protection is in the requirement . . . that the disclosure sought shall not be unreasonable.”)).
 Id. at 5 (quoting Morton Salt Co., 338 U.S. at 652).
 Id. (citing 12 C.F.R. § 1080.6(c)).
 Id. (quoting Oklahoma Press Publishing Co. v. Walling, 327 U.S. 186, 201 (1946)).
 Dodd-Frank Act § 1053 (codified at 12 U.S.C. § 5563).
 Dodd-Frank Act § 1055(a).
 Dodd-Frank Act § 1055(a)(3), (b).
 Dodd-Frank Act § 1055(c)(1)-(2).
 CFPB Supervision and Examination Manual, Overview 7
 Dodd-Frank Act § 1053(a).
 77 Fed. Reg. 39058 (June 29, 2012).
 Id. at 39095-39096.
 Id. at 39099-39100.
 Id. at 39100 (citing 5 U.S.C. § 704).
 Under 5 U.S.C. § 703, “[a] person suffering legal wrong because of agency action, or adversely affected or aggrieved by agency action within the meaning of a relevant statute, is entitled to judicial review thereof.” Chapter 7 of Title V of the U.S. Code applies to agency actions unless statutes preclude judicial review or agency action is committed to agency discretion by law. 5 U.S.C. § 701.
 Dodd-Frank Act § 1053(c) (codified at 12 U.S.C. § 5563). The CFPB has noted that its Rules of Practice for Adjudication Proceedings do not govern the issuance of temporary cease-and-desist orders based on Dodd-Frank Act Section 1053(c), but the Bureau plans to address those procedures in a separate rulemaking. 77 Fed. Reg. 39058 (June 29, 2012).
 Dodd-Frank Act § 1054 (codified at 12 U.S.C. § 5564).
 CFPB Supervision and Examination Manual, Overview 7.
 Dodd-Frank Act § 1056 (codified at 12 U.S.C. § 5566).
 Dodd-Frank Act §§ 1024(b)(6), 1025(b)(5) (codified at 12 U.S.C. §§ 5514, 5515).
 15 U.S.C. § 1691(a).
 Capital One Consent Order at 20-21.
 See In re Capital One Derivative Shareholder Litig., No. 1:12-cv-01100, 2012 WL 6725613, at *1-2 (E.D. Va. Dec. 21, 2012) (memorandum opinion declining to remand the case to state court).
 See Nominal Defendant Capital One Financial Corporation’s Memorandum of Points and Authorities In Support of Motion to Dismiss Plaintiff’s Shareholder Derivative Complaint, Iron Workers Mid-South Pension Fund v. Fairbank, No. 1:12-cv-01100-TSE-TCB (E.D. Va. filed Nov. 5, 2012).
 CFPB and FDIC Joint Consent Order, Order for Restitution, and Order to Pay Civil Monetary Penalty, In the Matter of American Express Centurion Bank (Oct. 1, 2012), available at http://files.consumerfinance.gov/f/201210_cfpb_001_Amex_Consent_Order.pdf; CFPB Consent Order, Order for Restitution, and Order to Pay Civil Monetary Penalty, In the Matter of American Express Bank, FSB (Oct. 1, 2012), available at http://files.consumerfinance.gov/f/201210_cfpb_001_Amex_Express_Bank_Consent_Order.pdf; CFPB Consent Order, Order for Restitution, and Order to Pay Civil Monetary Penalty, In the Matter of American Express Travel Related Services Company, Inc. (Oct. 1, 2012), available at http://files.consumerfinance.gov/f/201210_cfpb_001_Amex_Express_Travel_Consent_Order.pdf.
 Rachel Witkowski, How CFPB Exams Will Alter Debt Collection, American Banker, Apr. 3, 2013, at 4.
 Id. at 1.
Gibson, Dunn & Crutcher's lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you work or the following lawyers:
Michael D. Bopp - Washington, D.C. (202-955-8256, firstname.lastname@example.org)
Douglas Cox - Washington, D.C. (202-887-3531, email@example.com)
Timothy Hatch - Los Angeles (213-229-7368, firstname.lastname@example.org)
Arthur Long - New York (212-351-2426, email@example.com)
Jason J. Mendro - Washington, D.C. (202-887-3726, firstname.lastname@example.org)
John C. Millian - Washington, D.C. (202-955-8213, email@example.com)
Chuck Muckenfuss - Washington, D.C. (202-955-8514, firstname.lastname@example.org)
Amy G. Rudnick - Washington, D.C. (202-955-8210, email@example.com)
John H. Sturc - Washington, D.C. (202-955-8243, firstname.lastname@example.org)
F. Joseph Warin - Washington, D.C. (202-887-3609, email@example.com)
© 2013 Gibson, Dunn & Crutcher LLP
Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.