The Consumer Financial Protection Bureau (CFPB) recently advised that it has significantly changed its Civil Investigative Demand (CID) process to increase transparency and to better permit targets and subjects to understand the nature of an investigation. The changes will bring the CFPB into compliance with opinions rendered by two Federal Circuit courts as well as policy changes implemented by the Federal Trade Commission (FTC). The change may well have some persuasive impact on other enforcement agencies, such as state attorneys general, who enforce many of the same laws as the CFPB and generally have CID authority as well.
The CFPB has typically issued CIDs, especially under its core consumer protection authority, to enforce against allegedly unfair, deceptive, and abusive acts and practices (UDAAP). These CIDs must contain a notification of purpose that “states the nature of the conduct constituting the alleged violation which is under investigation,” 12 U.S.C. § 5562(c)(2); 12 C.F.R. § 1080.5. This notification has typically contained very general and expansive self-serving language advising only that the CFPB is investigating whether violations of one or more of its operative statutes have been violated. Two US courts of appeals have now held that these vague assertions give insufficient legal notice of the conduct being investigated. See CFPB v. Source for Public Data, L.P., ___ F.3d ___, No. 17-10732 (5th Cir. 2018); CFPB v. Accrediting Council for Indep. Colls. & Schs., 854 F.3d 683, 690 (D.C. Cir. 2017). Although the FTC operates under a different statute, as we reported, it also implemented a set of practices aimed at providing greater disclosure in CID notifications of purpose just under two years ago.
Although the CFPB policy itself has not yet been published and thus complete details remain to be seen, more comprehensive notifications of purpose serve multiple interests and provide important strategic benefits for recipients.
First, when an operating business receives a CID, it will now better understand what is being investigated. In turn, that knowledge may not only assist in CID compliance, but in any internal or other investigations it may conduct. Because a business almost always understands its own conduct and certainly its own documents better than an outsider—notably including government investigators—understanding what is being investigated may well reduce the burden of production and permit a more sensible discussion with investigators.
Second, while a CID notification can be amended over time, such an amendment also provides the subject business some notice of, and perhaps insight into, the evolution of the investigation.
Third, as CFPB CIDs routinely call for sworn testimony in the form of an investigational hearing or interrogatories, a more specific statement of the scope of the investigation may help to circumscribe what CFPB investigators may seek without themselves having to return to senior officials for expanded authority.
Going forward, it will be important to carefully review the notification of purpose and to be prepared to discuss it from the first “meet and confer” discussions and thereafter. Subjects of CFPB inquiries also should consider seeking greater clarity than has been provided by the CFPB and, if necessary, modifications to the CID through formal CFPB process.
While the CFPB’s announcement affects only the CFPB’s activities, all state and territorial attorneys general have roughly the same enforcement and investigative authority. Indeed, state attorneys general may directly enforce the CFPB’s UDAAP statute in federal court. Because this new policy, much like the FTC’s, is framed in terms of transparency and better notice, those two objectives may find favor with some attorneys general.