Accept All Cookies
On April 25, 2022, the Consumer Financial Protection Bureau (CFPB) announced plans to revitalize its authority to examine “nonbank” financial companies that pose risks to consumers. Though the CFPB has held this authority since its creation in 2010, the agency has rarely invoked it, leaving it largely “dormant.” The CFPB’s announcement marks a possible reversal of that trend.
In addition to large depository institutions, the CFPB’s supervisory authority extends to certain “nonbanks”—nondepository financial institutions that do not have a bank charter. Many “fintechs” are nonbanks. In general, fintechs use technology to deliver consumer financial products and services to consumers on a nationwide scale.
Three categories of nonbanks currently fall under the CFPB’s nonbank supervision program:
It is the third category in which CFPB supervision has been largely dormant. The CFPB noted that, while a 2013 procedural rule sets forth procedures for the CFPB to determine whether the conduct of a nonbank poses risks to consumers, the CFPB has not utilized that rule and has just “now begun to invoke this authority.” CFPB Director Rohit Chopra noted that “the CFPB is now utilizing a dormant authority to hold nonbanks to the same standards that banks are held to,” which will provide the CFPB with “critical agility to move as quickly as the market, allowing [the CFPB] to conduct examinations of financial companies posing risks to consumers and stop harm before it spreads.” Director Chopra’s words thus signal the CFPB’s intention to use the full measure of its supervisory authorities to regulate nonbank providers of consumer financial products and services—including companies that would not qualify for supervision under the CFPB’s “larger participants” rule.
With its new invocation of authority to regulate risks posed by nonbanks, the CFPB issued a new procedural rule to shed light on the process it uses to determine risks.
The CFPB utilizes various sources to identify risks, including CFPB complaints, whistleblower complaints, judicial and administrative decisions, information obtained from state or federal partners, and news reports. When faced with a potential CFPB determination that their activities pose risks to consumers, nonbanks are afforded notice and an opportunity to respond.4 Existing CFPB rules deem all documents, records, and communications connected with these risk-determination proceedings “confidential,” shielding them from public disclosure.
The CFPB’s new procedural rule creates an exception to the confidentiality rule for a final “decision or order” by the Director that determines that the respondent is subject to CFPB supervisory authority due to the risks that its conduct poses to consumers.5 Within seven days of service of the Director’s decision or order, the respondent may file a submission regarding its confidentiality. The Director will then determine whether the decision or order will be deemed confidential or released to the public, in whole or in part, on the CFPB’s website. The proposed rule notes that this exception is grounded in “a public interest in transparency when it comes to these potentially significant rulings by the Director as head of the agency.” The rule also opens the door for decisions or orders being used as “precedent in future proceedings.”
The CFPB indicated that its new procedural rule is exempt from the Administrative Procedure Act’s notice-and-comment requirements, as it is “a rule of agency organization, procedure, or practice.” Nonetheless, the CFPB is welcoming public comments and may amend the procedural rule based on comments. Comments are due by May 31, 2022.
* * *
The CFPB’s move comes amid increasing pressure from some lawmakers in Congress who have called for more stringent regulation of fintechs and other emerging bank alternatives. Director Chopra has already signaled concerns about the risks of consumers going to less-heavily-regulated nonbanks for an ever-increasing slate of financial services. Just last October, the CFPB issued orders to collect information on the business practices of large technology companies operating payment systems in the United States—including, for example, Apple, Facebook, and Google. That was followed by an inquiry opened last December into companies offering increasingly-popular “buy now, pay later” (BNPL) credit—Affirm, Afterpay, Klarna, PayPal, and Zip.
It is too early to tell whether the CFPB’s announcement signals the start of an era of increased examinations for nonbanks, or whether it was a symbolic gesture to mollify the concerns of fintech critics. In addition to some in Congress, such critics include traditional banks, which have accused fintechs of playing on unequal footing given their less stringent regulatory environment.
The CFPB’s new transparency rule leaves significant open questions regarding its application, at least in its present form. The proposed rule does not codify any standard governing the Director’s determination of when to publicly release a decision or order, though the CFPB “welcomes” comment regarding whether such a standard would be appropriate in the final rule. The rule also does not address how soon a decision or order will be published after the Director determines that publication is appropriate. There is also no administrative mechanism to appeal the Director’s determination. That means that a nonbank wishing to challenge the agency’s assertion of supervisory authority under the rule must pursue other avenues for relief, including possibly seeking judicial review under the Administrative Procedures Act.
1 12 U.S.C. § 5514(a)(1)(A), (D), & (E).
2 Id. § 5514(a)(1)(B) (covering “a larger participant of a market for other consumer financial products or services, as defined by” CFPB rules). See 12 CFR Part 1090 (containing the CFPB’s rules defining larger participants of certain consumer financial product and service markets).
3 Id. § 5514(a)(1)(C).
4 Id. § 5514(a)(1)(C).
5 See 12 CFR §§ 1091.103(b)(2), .109(a), & .113(e).