When it comes to the Consumer Financial Protection Bureau's
("CFPB" or the "Bureau") compliance
expectations, it is important to separate myth from fact.
These days, the CFPB is moving full-steam ahead on examining
non-banks and banks, dozens at a time, and is not leaving any stone
unturned for potential unfair, deceptive or abusive acts or
practices in violation of the Consumer Financial Protection Act or
other consumer financial laws that fall under its
Myth #1: Only large financial institutions are subject to CFPB supervision and examination.
No provider of consumer financial products and services, or their service providers, should assume they are beyond the reach of the CFPB. The CFPB can examine any entity, regardless of size, based on regulatory authority to supervise "risky" financial products and services that it believes are causing harm to consumers. This authority is in addition to the CFPB's ability to supervise larger market participants in the debt collection, credit reporting, and student loan servicing markets, as well non-bank businesses in the private student loan, mortgage, and small dollar loan markets. (The CFPB also supervises banks with over $10 billion in assets).
Myth #2: An audit program is sufficient to catch non-compliance.
The CFPB expects a proactive approach to compliance. This means not only having a detailed audit program, but also a system for proactively preventing and detecting potential non-compliance with the law before a consumer harm occurs.
The CFPB examines: Board of Director and management oversight; compliance programs; consumer complaint responses; and compliance audits. In addition, the CFPB reviews such areas as operations, marketing and lead generation, third party relationships, internal controls, consumer interaction, information sharing and privacy, and payment processing.
Myth #3: The CFPB only cares about policies and procedures.
Wrong. The CFPB expects written policies and procedures that institutions will design and offer consumer financial products in accordance with federal consumer financial laws and maintain effective systems and controls to manage compliance responsibilities. This means the CFPB will focus both on policies and procedures and actual acts and practices, including consumer level transactions. The CFPB has released a comprehensive Supervision and Examination Manual, and several additional guidance documents and bulletins that shed light on all of the different ways their examiners oversee companies.
Myth #4: Companies are not responsible for the actions of their service providers.
As the CFPB stated in its Bulletin 2012-03, the CFPB expects non-banks and banks to "oversee their business relationships with their service providers in a manner that ensures compliance with Federal consumer financial law." The CFPB considers a "service provider" to be "any person that provides a material service to a covered person in connection with the offering or provision by such covered person of a consumer financial product or service." For more information about the CFPB expectations for effective vendor management, see " CFPB Warns of Service Provider Scrutiny."
Myth #5: The CFPB will give companies that are supervised and licensed by other regulators a pass.
Wrong. All of the CFPB administrative proceedings brought about by the CFPB to date have been against entities that were already regulated on the Federal or state level prior to the creation the Bureau. For example, the CFPB has entered into consent orders with several banks regulated by the OCC, and mortgage related providers regulated by states. In addition, the CFPB has brought lawsuits against licensed attorneys, debt relief providers, mortgage assistance relief service providers, and others. The Bureau also has stated it is in the process of investigating companies and service providers in virtually all consumer product and service markets.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.