Invocation of personal responsibility signals that the CFPB’s bite matches its bark

ByDavid M. Conte

Apr 14, 2022

The following is a guest post from Lauren Sartwell and Paul Marker, Directors of Klaros Group.

Just over two weeks after a March 28 speech in which Consumer Financial Protection Bureau (CFPB) Director Rohit Chopra made it clear that repeat offenders of consumer protection laws will face stiffer penalties than ever before. , the CFPB filed a lawsuit against TransUnion and two of its subsidiaries for “deceptive marketing practices” and failure to comply with a 2017 consent order.

Notably, the lawsuit against this major credit reporting agency also seeks to hold TransUnion executive John Danaher jointly and severally liable for damages, restitution, restitution for unjust enrichment and civil monetary penalties. .

In a statement announcing the new action, Chopra made clear its disposition toward repeat offenders: “TransUnion is an out-of-control repeat offender who believes it is above the law.”

The 2017 consent order required TransUnion to warn consumers that lenders are unlikely to use identical scores they provide directly to consumers; required that they obtain express, informed consumer consent for recurring payments for subscription products or services; and that TransUnion offers consumers an easy way to cancel their subscriptions.

Subsequent reviews in 2018, 2019 and 2020 found continued non-compliance with the order, leading to the CFPB’s recent complaint to Federal Court.

The Office’s Renewed Focus on Repeat Offenders

In the March 28 speech, Chopra doubled down on his commitment to take an aggressive enforcement stance, saying banks and other high-profile market players who repeatedly violate the same law(s) could be barred from certain strategic activities, such as mergers and acquisitions, and may face other restrictions such as growth caps or prohibitions on certain types of products or business practices.

The worst offenders could have their operating licenses and special privileges revoked.

While many of the potential actions Chopra cited fall outside the CFPB’s authority, he made it clear that the Bureau plans to take decisive action to hold repeat offenders more accountable.

The CFPB intends to set up dedicated units in its oversight and enforcement divisions to improve its ability to identify repeat offenders and repeat business and ensure better coordination and more consistent enforcement by and between partner agencies.

The Bureau has enforcement authority to grant “any appropriate legal or equitable remedy” (including limits on activities or duties) for violations of federal consumer finance laws, which could stretch quite far .

To achieve many milestones, Chopra has defined. However, other regulators — including the Federal Reserve, the Federal Deposit Insurance Corporation, and the Securities and Exchange Commission — should be willing to adopt Chopra’s approach and use their respective authorities to impose tougher penalties, including by taking the rare steps of revoking licenses. or impose new restrictions on repeat offenders.

Although Chopra didn’t expressly invoke the potential use of FIRREA (Financial Institutions Reform, Recovery, and Enforcement Act) authority in his recent speech, one can’t help but wonder if it’s one tools which he envisions more liberal use in the future. .

These more aggressive tactics have rarely been applied in banking supervision. They will undoubtedly attract the attention of any regulated entity that may have taken a wait-and-see approach to the current regulatory environment.

So what does all of this mean for the industry? What can we learn from the TransUnion lawsuit and other past actions? Which entities are truly at risk, and how should entities of all types and sizes think about their risk and compliance functions in light of these developments?

Passed as prologue

TransUnion is not the first example of the CFPB’s focus on repeat offenders. In at least two other recent cases, the CFPB has provided some insight into what this new, more aggressive stance toward repeat offenders might look like:

On March 9, 2020, the CFPB filed a complaint against Fifth Third Bank alleging compliance failures based on evidence suggesting bank employees opened accounts without customers’ knowledge to achieve aggressive cross-selling goals .

On June 16, 2021, the CFPB amended its complaint to allege that Fifth Third’s failure to quickly identify and repair consumer harm was itself abusive conduct under the UDAAP. “Abusive” acts materially interfere with a consumer’s ability to understand a term or condition of a consumer financial product or service.

The Amended Complaint alleges that “Fifth Third took insufficient steps to identify and remedy affected consumers”…and “focused on its own financial interests to the detriment of consumers.”

Another example is the actions of the CFPB against LendUp, which essentially put the startup out of business.

The CFPB first became aware of LendUp loans in 2016. LendUp offered single payment and installment loans to consumers, positioning itself as an alternative to payday lenders.

The Bureau alleged that LendUp failed to deliver on its promise to cut interest rates, boost credit scores and offer larger loan amounts if customers continued to borrow from the company.

CFPB enforcement action ordered LendUp to stop misrepresenting the benefits of borrowing from the company. The CFPB also sued the company in 2020 for allegedly violating the Military Loans Act and again in September 2021, alleging LendUp was still engaging in the same deceptive practices that led to the 2016 action.

Chopra had harsh words for these recurrences: “LendUp was backed by some of the biggest names in venture capital. We are shutting down this fintech’s lending operations for repeatedly lying (emphasis added) and illegally deceiving its customers.

This example demonstrates the depth and conviction of the CFPB’s enforcement action against repeat offenders under Chopra’s leadership.

Prepare now for your next exam

Everything Chopra says and does makes clear that we’re entering uncharted regulatory territory, and at this point, it seems like just about anything is possible.

The FTC and the Illinois State Attorney General recently took joint action against a multi-state auto dealership for charging an “illegal junk fee” that discriminates against black consumers.

Not only does this demonstrate the agencies’ willingness to take joint enforcement action, but FTC Chairwoman Lina Khan also appears to embrace Chopra’s extensive use of UDAAP’s authority to fight discrimination, as the CFPB reported in its revised UDAAP exam manual. which was just released last month.

That means Chopra will likely have no trouble winning over at least some of her agency peers to her approach to supervision and enforcement. It’s already the case.

So while Chopra’s recent comments focused on some of the larger institutions, institutions of all sizes should be prepared to focus on recurring issues and regulatory violations.

In light of this new focus on repeat offenders, financial institutions should review all observations, findings, matters needing attention (ARMs), and self-identified issues (including those that you have successfully resolved) and ensure :

  • For open issues, you fully address all identified deficiencies and proactively update regulators on the status of these improvements.
  • The cited issue has not reoccurred for closed cases, and controls are in place to proactively identify this or other issues in this area.
  • If additional issues have arisen that you identify and resolve promptly, including remedying any consumer harm, be prepared to discuss and show the rationale for your resolution through analysis and documentation appropriate.