CFPB Invokes ‘Dormant Authority’ to Examine Nonbank Companies Posing Risks to Consumers

In a highly unusual move, the Consumer Financial Protection Bureau on Monday announced it would invoke a largely unused legal provision to examine nonbank financial companies that pose risks to consumers.

Under the Dodd-Frank Act, the CFPB has authority to use traditional law enforcement to stop companies from engaging in conduct that pose risk to consumers; this can involve adversarial litigation. However, CFPB Director Rohit Copra said the law also gives the Bureau authority to “conduct supervisory examinations to review the books and records of regulated entities.”

Chopra said the CFPB believes using this dormant authority will “help protect consumers and level the playing field between banks and nonbanks.”

“Given the rapid growth of consumer offerings by nonbanks…this authority gives us critical agility to move as quickly as the market, allowing us to conduct examinations of financial companies posing risks to consumers and stop harm before it spreads,” Chopra said.

Chopra cited the Bureau’s authority through Dodd-Frank, which Congress passed in 2010 in the wake of the Great Recession. Congress tasked the CFPB with supervising certain nonbanks, in addition to large depository institutions with more than $10 billion in assets, and their service providers. (Nonbanks do not have a bank thrift, or credit union charter; many today operate nationally and brand themselves as fintechs.)

Congress authorized several categories of entities subject to CFPB’s nonbank supervision program: all nonbank entities in the mortgage, private student loan and payday loan industries, regardless of size; “larger participants” in other nonbank markets for consumer financial products and service; and nonbanks whose activities the CFPB “has reasonable cause to determine pose risks to consumers.”

This authority is not specific to any particular consumer financial product or service. “Such risky conduct may involve, for example, potentially unfair, deceptive, or abusive acts or practices or other acts or practices that potentially violate federal consumer financial law,” the Bureau said. “The CFPB may base such reasonable cause determinations on complaints collected by the CFPB, or on information from other sources, such as judicial opinions and administrative decisions. The CFPB may also learn of such risks through whistleblower complaints, state partners, federal partners or news reports.

While the CFPB did implement the provision through a procedural rule in 2013,  the agency only now said it would invoke this authority. “This will allow the CFPB to be agile and supervise entities that may be fast-growing or are in markets outside the existing nonbank supervision program,” the Bureau said.

The CFPB also issued a procedural rule Monday intended to increase transparency of the risk-determination process. The Bureau said unlike other provisions of law regarding nonbank supervision, entities subject to supervision based on risk are given notice and an opportunity to respond. In order to provide greater guidance to the marketplace on how the CFPB will make determinations, the CFPB is updating an aspect of its procedures for risk determinations to authorize the release of certain information about any final determinations made.  The company involved will have an opportunity to provide input to the CFPB on what information is released to the public.