CFPB Announces Intent to Use Authority to Examine Nonbank Financial Companies

On April 25, the Consumer Financial Protection Bureau (CFPB) announced its intent to examine nonbank financial companies that it determines “pose risks to consumers” with regard to their offering of consumer financial products or services. The CFPB will base this determination on complaints collected through their system¹ as well as information from “other sources,” however it is currently unclear what those sources may be. The move to invoke the largely unutilized authority to examine such entities under Dodd-Frank is consistent with CFPB Director Rohit Chopra’s commitment to “anticipate emerging risks so we can act before a crisis, rather than acting after it is too late”.²

The CFPB is also seeking public comments on a procedural rule that amends its procedures for establishing supervisory authority based on a risk determination and its ability to make related decisions public. The rule would help shed light on what factors Director Chopra and the CFPB consider when determining that an institution poses risk to consumers. Comments must be received on or before May 31, 2022.

What's New?

With the Dodd-Frank Act in 2010, Congress designated three main categories of nonbank entities subject to the CFBP’s supervision, including:

• All nonbank businesses in the mortgage, private student loan, and payday loan industries, regardless of size
• “Larger Participants” in all other markets (such as debt collection, consumer reporting, auto financing, etc.)
• Nonbanks who the CFPB determines are engaged in activities that pose risks to consumers

While the CFPB issued a rule to establish procedures to implement this authority in 2013, it rarely applied its supervision to the third category of nonbank entities since creating the rule. The CFPB stated that it believes utilizing this authority will “help protect consumers and level the playing field between banks and nonbanks”³ and that it will give them agility to keep up with the quickly evolving consumer financial market to stop harm before it spreads.

The announcement also included a proposed procedural rule aimed at increasing transparency on its risk determination proceedings. Under the existing rule, any documents, records, or other items in connection with a proceeding to determine whether a nonbank entity engages in conduct that poses risks to consumers is deemed confidential supervisory information. The proposed changes would allow the Director to release information on determinations made in these cases, as well as establish a mechanism to determine when a decision should be publicly released. The entity that is the subject of such a decision would be notified and given the opportunity to respond prior to the release of any information to the public.

What Does This Mean for Your Organization?

Director Chopra is continuing to take action to ensure consumer protection across financial services, with an increased focus on fintech oversight. The CFPB did not specify any particular entities it seeks to target nor what regulatory areas it may focus on; however, it did make reference to fintechs when defining a nonbank entity. Companies that act as payment and data processors, money transmitters, digital financial advisors, or financial custodians, should all be prepared to respond to inquiries by the CFPB. While the move has the potential to broaden the scope of the CFPB’s jurisdiction, it remains to be seen whether it will focus on a select few entities or cast a wider net with future examinations. This CFPB action falls in line with the approach that the Director has been taking to ensure that all organizations that have any consumer facing financial product or service is fair game.

Additionally, the proposed procedural rule likely increases reputational risk for nonbanks if the CFPB publicly determines them to pose risks to consumers.

What Should Your Organization Start Doing?

Fintechs and other nonbank institutions that do not fall into one of the first two categories mentioned above should begin preparing for increased scrutiny from the CFPB by reviewing their existing business practices to identify potential areas for exposure. Strong compliance programs, documentation, and training materials will likely be key to demonstrating sound business practices that are not a risk to consumers. Companies should look to recent areas of CFPB focus such as discrimination, fair lending, payments, fees, and privacy, among others, as indicators of what practices the CFPB may target at their organization.

How Guidehouse Can Help

Guidehouse teams have decades of experience updating team structures, procedures, and documentation in response to regulatory changes across all consumer financial products. Our teams have also helped financial institutions, including fintechs, with establishing and enhancing compliance programs, risk assessments, and exam preparation and response. With our experts, we will partner with your teams to help understand and manage that regulatory risk.

This article was co-authored by Courtney Cox.