R. Andrew Arculin, R. Colgate Selden, Scott E. Wortman, Paula M. Vigo Marques, and Daniel V. Funaro
The Consumer Financial Protection Bureau (“CFPB” or “Bureau”) released two new proposals that aim to expand the Bureau’s authority over nonbank financial institutions:
- A “repeat offender” registry of consent orders or settlements with an array of state and federal regulators relating to compliance with consumer protection laws (“Repeat Offender Proposal”); and
- A public registry of the terms and conditions nonbanks use in “form contracts” that consumers typically are not able to negotiate (“Terms and Conditions Proposal”).
Assuming these registries are created as proposed and survive any ensuing legal challenges, complying with the reporting obligations should be relatively easy. The larger challenge will be managing the increased regulatory and litigation risk imposed by the registries.
Repeat Offender Proposal
On December 12, 2022, the CFPB issued a proposal to establish a “repeat offender” registry requiring certain nonbank covered entities to report all final public written orders and judgments (including any settlements, consent decrees, or stipulated orders and judgments) obtained or issued by any federal, state, or local government agency for violation of a number of enumerated consumer protection laws, including those related to unfair, deceptive, or abusive acts or practices (“UDAAPs”).
After receiving these written orders and judgments, the CFPB intends to create a database of enforcement actions that would be available online for use by the public and other regulators. The database will be limited to final settlement or consent orders, so injunctions, preliminary orders, temporary cease-and-desist, and other tentative or temporary orders would not be reportable.
In addition, the proposal would require supervised nonbanks to submit annual written statements regarding compliance with an attestation for each underlying order by an executive with “knowledge of the entity’s relevant systems and procedures for achieving compliance and control over the entity’s compliance efforts.” These entities would also be required to identify a central point of contact related to an entity’s compliance with reportable enforcement actions.
The proposed rule would only apply to certain nonbank covered entities subject to CFPB’s authority. At present, insured depository institutions and credit unions, related persons, states, natural persons, and certain other entities are excluded from registry participation requirements. However, the CFPB stated in the press release for the proposal that it “might later consider collecting or publishing the information described in the proposal from insured banks and credit unions.”
Read the full client alert on our website.