On October 7, attorneys general (all Democrats) from New York, Connecticut, the District of Columbia, Maryland, Massachusetts, New Hampshire, Pennsylvania, and Vermont filed a comment letter (Comment Letter) with the Consumer Financial Protection Bureau (CFPB) supporting proposed rules concerning Payday, Vehicle Title, and Certain High-Cost Installment Loans (Proposed Rule), to be codified at 12 C.F.R. §1041.

The Comment Letter focuses primarily on the importance of state attorneys general’s independent authority as separate sovereigns to enforce state laws that may be more stringent than federal law. The Comment Letter points to the preamble of the Proposed Rule as evidence of the CFPB’s intent to treat its proposal as a floor, not a ceiling:

In a significant decision, on August 31, the US District Court for the Central District of California held that a tribal bank originating loans for a non-bank lender was not the “true lender”—making the loans subject to state usury limits.


In December 2013, the Consumer Financial Protection Bureau (CFPB) commenced litigation against CashCall (a payday lender in a partnership with a tribal bank) and other defendants, claiming that they had violated the federal law prohibition on unfair, deceptive, or abusive acts or practices (UDAAP) for financial services providers by servicing and collecting on loans that were wholly or partially void or uncollectible under state law.

On August 12, the US Drug Enforcement Administration (DEA) announced its rejection of two petitions seeking to reclassify marijuana as a less-regulated Schedule II substance under the federal Controlled Substances Act (CSA). This means that the drug’s federal classification as an illegal Schedule I substance with a “high potential for abuse” and “no currently accepted medical use” will be left in place (read our August 15 LawFlash for more detail on the DEA’s decision).

Starting August 1, violations of financial regulations will come with higher civil money penalties (CMPs). The CMP increases are in response to the Federal Civil Penalties Inflation Adjustment Improvements Act of 2015 (the Act). The Act requires Executive Branch and independent agencies (Agencies) to make annual adjustments for inflation to CMP dollar amounts, as well as an initial “catch-up” adjustment based on a formula set forth in the Act. Although the Act was part of the contentious budget bill that was passed on October 30, 2015 (and that avoided a government shutdown), the Act did not receive much independent coverage, and the increases may be unexpected to businesses that are potentially subject to the increased penalties.

The Financial Crimes Enforcement Network (FinCEN), the bureau of the US Department of the Treasury responsible for oversight and enforcement of the Bank Secrecy Act (BSA), has issued an interim final rule (Rule) that significantly increases the statutory penalties for various violations of the BSA and its applicable regulations. Prior to the Rule, FinCEN had not increased its civil money penalty (CMP) amounts for more than a decade, and in some cases, for several decades.

The increases are being issued in response to the Federal Civil Penalties Inflation Adjustment Improvements Act of 2015 (the Act). The Act requires Executive Branch and independent agencies to make annual adjustments for inflation to CMP dollar amounts, as well as an initial “catch-up” adjustment based on a formula set forth in the Act. Although the Act was part of the contentious budget bill that was passed in the early morning of October 30, 2015, and avoided a government shutdown, the Act did not receive much independent coverage, and the increases may be unexpected to some businesses subject to the BSA.

In a clear and concise decision, the US District Court for the District of Columbia has ruled that the Consumer Financial Protection Bureau (CFPB) lacked the statutory authority to issue a Civil Investigative Demand (CID) to the Accrediting Council for Independent Colleges and Schools (ACICS), an accreditor of for-profit colleges. In Judge Richard Leon’s opinion in Consumer Financial Protection Bureau vs. Accrediting Council for Independent Colleges and Schools, he termed the CFPB’s action “a bridge too far.”

In August 2015, the CFPB issued a CID to ACICS with the stated purpose of determining whether ACICS had engaged in “unfair, deceptive or abusive acts and practices” (UDAAP). However, the CFPB’s supervisory and enforcement authority with respect to UDAAP is limited by statute to a “covered person or service provider” and only in connection with a transaction with a consumer for “consumer financial products or services.”

Because ACICS does not meet the definition of a “covered person,” the CFPB argued that the CFPB’s authority to investigate the consumer lending practices of schools accredited by ACICS grants it the necessarily authority to investigate whether ACICS has engaged in violations of the law in accrediting those schools.

This, the district court held, was “a bridge too far.” In addition, Judge Leon looked to the demands made in the CID and noted that the information sought far exceeded what could reasonably be required for the CFPB to determine whether ACICS’s conduct furthered or otherwise assisted and facilitated the schools’ conduct. Accordingly, he denied the CFPB’s motion to enforce its CID and dismissed the action.

In a spirited oral argument on April 12, a panel of the US Court of Appeals for the DC Circuit questioned the constitutionality of the Consumer Financial Protection Bureau’s (CFPB’s) governance structure. Specifically, the court is examining the decision by the US Congress to concentrate the power of this independent federal agency in a single director—and then largely insulate that director not only from the checks and balances of Congress and the courts, but also in large part from review and control by the President.

The oral argument was made in a case brought by mortgage lender PHH Corp., appealing a CFPB administrative order that charged it with alleged illegal kickbacks under the Real Estate Settlement Procedures Act (RESPA). An administrative law judge appointed by CFPB Director Richard Cordray had initially imposed a penalty of $6.4 million. When both PHH and the CFPB staff appealed, Director Cordray sat as the appellate officer and increased the penalty by over 1,600% to $109 million.

PHH then filed an appeal of Director Cordray’s order with the US Court of Appeals, as was its right under the Dodd-Frank Act. It marked the first challenge to a CFPB administrative action since the agency’s creation in 2011.

In a wide-ranging speech yesterday before the Consumer Bankers Association, Consumer Financial Protection Bureau (CFPB) Director Richard Cordray forcefully defended his agency’s approach to consumer financial regulation and supervision against critics who call it “regulation by enforcement.” Saying that criticism of this practice (and even the term) is “badly misplaced,” he argued for the need to work “toward a pattern of actions that conveys an intelligible direction to the marketplace, so as to create deterrence that can be readily understood and implemented.”

Director Cordray noted that the “vast majority” of CFPB enforcement actions involve some sort of deception or fraud and commented on the difficulty of creating specific rules to address fraud or untruth. In turn, he said, the CFPB has sought

to present specific enforcement orders that meticulously catalogue the facts we have found in our very thorough investigations and set out the legal conclusions that follow from those facts. These specific orders are also intended as guides to all participants in the marketplace to avoid similar violations and make an immediate effort to correct any such improper practices.

In this regard, the Director’s speech included an unambiguous warning to financial institution compliance officers and executives about the need to pay attention to CFPB enforcement actions:

These orders provide detailed guidance for compliance officers across the marketplace about how they should regard similar practices at their own institutions. If the same problems exist in their day-to-day operations, they should look closely at their processes and clean up whatever is not being handled appropriately. Indeed, it would be “compliance malpractice” for executives not to take careful bearings from the contents of these orders about how to comply with the law and treat consumers fairly.

Are you a consumer financial services provider? Do you tell your customers that your data security practices are “best in class”? If so, it had better be true, or Richard Cordray and his colleagues at the Consumer Financial Protection Bureau (CFPB) may want to talk with you.

On March 2, the CFPB initiated and settled by consent an administrative action against an online consumer payments provider (Respondent) for what the CFPB charged were deceptive acts and practices arising out of representations that the Respondent made about its data security practices.

In the Consent Order, the CFPB charged that Respondent (which offers funds transfer services to consumers) made numerous representations about its data security practices that were not true, including statements that

  • its network and transactions were safe and secure,
  • its transactions were safer than credit cards,
  • its data security practices “exceeded industry standards,”
  • customer information was safely encrypted, and
  • its data security measures were Payment Card Industry (PCI) compliant.

On February 26, the Office of the Comptroller of the Currency (OCC) released its revised Policies and Procedures Manual policy for assessing civil money penalties (CMP Policies). The CMP Policies are used as a reference tool for examiners in assessing the severity of any identified unsafe and unsound banking practices, violations of laws, regulations, orders, conditions imposed in writing, and formal agreements (“violations”) by institutions and persons subject to OCC’s supervision (national banks, federal savings associations, federal branches and agencies, and bank service companies and service providers). The CMP Policies replace the prior OCC policies and procedures regarding civil money penalties (CMP Matrix) that were issued in 1993 and prior Office of Thrift Supervision policies for federal savings associations that were issued in 2009.


The CMP Policies—like the predecessor CMP Matrix used by the OCC—assigns a positive numerical score and a factor weight to each of 11 factors that are taken into account in determining whether to assess a CMP and the amount of the CMP (e.g., intent, concealment, financial gain, loss to the bank, or loss/harm to consumers or the public). In addition, the CMP Policies assign what is in effect a negative risk weighting to 3 specified mitigating factors—good faith, cooperation, and restitution. For each factor, the numerical score is multiplied by the factor weight to arrive at a component factor score, and the component scores are then summed to arrive at a composite CMP matrix score upon which the OCC relies in making its final CMP decision.