CFPBs Fintech Power Grab
Federal and state bank regulators have been fighting for years over who has the right to regulate financial technology providers (fintechs). The focus of this fight has been a series of lawsuits against the Office of the Comptroller of the Currency (OCC) by various state bank regulators, including the New York Department of Financial Services. These actions were taken to prevent the OCC from issuing special-purpose national bank charters to non-deposit fintech companies and to unsecured deposit-taking fintech companies, which will enable the OCC to supervise these fintechs.
After sitting on the sidelines in silence and watching this fight for five years, the Consumer Financial Protection Bureau (CFPB) announced in April that it intends to start using a “sleeping” authority to conduct regulatory investigations of non-bank-financed companies when they pose a risk to consumers. This has created further confusion among fintechs about who should monitor them.
CFPB’s previous exercise of supervisory authority
Before Congress passed the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act, in response to the 2008 financial crisis, only banks and credit unions were subject to federal supervision. The Dodd-Frank Act changed this by giving the CFPB permission to supervise major non-banking market participants for certain financial products and services for consumers, such as consumer reporting, debt collection, student loan services, international money transfers and car loan services. It also authorized the CFPB to supervise all non-banking entities in mortgages, private student loans and payday loans, regardless of size.
The CFPB implemented regulations and began supervising these non-banks in the decade following the adoption of Dodd-Frank. This audit included investigations, but CFPB’s audit activity was limited to the products and services identified in the Dodd-Frank Act.
CFPB’s announcement from April 2022
In April this year, more than a decade after Dodd-Frank’s adoption, the CFPB announced that it would use a “dormant” power given to the CFPB by the Dodd-Frank Act to begin conducting non-bank investigations without regard to specific financial product or service offered. As described by the CFPB, this power is limited only by whether the CFPB has reasonable cause to determine whether the non-bank “poses a risk to consumers.”
The CFPB justified its decision to start using this power by noting that it would allow the CFPB to “be agile and supervise entities that may be growing rapidly or are in markets outside the existing non-bank oversight program.” The CFPB did not explain how the use of this force would make it more flexible. However, there is one way the CFPB’s position seems to be able to move quickly: by supervising a number of non-banking financial services companies without obtaining any additional authorization from Congress to do so.
CFPB’s broad claim to power
What makes the CFPB’s announcement particularly striking is that many of the products and services that appear to fall within this new exercise of power did not exist, or existed in a completely different form, when Congress passed the Dodd-Frank Act. An obvious example is cryptocurrency products, which Congress clearly did not consider when it voted on the Dodd-Frank Act. The CFPB’s announcement came a month after President Biden issued an executive order requiring the entire government’s efforts to develop a framework for digital assets, and it could be a precautionary measure to designate the CFPB’s role in this framework. Other examples of products and services that could lead companies to be swept into CFPB’s new claim to power include “buy now, pay later” (BNPL), peer-to-peer payments and earned payroll access.
Restrictions on the power of the CFPB?
CFPB’s ability to investigate fintech is limited to companies that CFPB has reasonable cause to determine did or will engage in behaviors that pose a risk to consumers with respect to the provision or delivery of financial products or services to consumers. However, there are four main reasons to believe that these vague provisions may be a limited limitation on CFPB’s power:
1. The CFPB receives a huge number of consumer complaints which it can use as a basis for claiming that there are “reasonable grounds” to establish that a company targeted in a complaint is putting consumers at risk. According to the CFPB, in 2021 alone, it referred over 750,000 complaints it received from consumers to approximately 3,400 companies for review and response. Many of the complaints sent to CFPB appear to be related to fintechs. For example, the CFPB received approximately 20,900 complaints about money transfers, money services and virtual currencies in 2021, of which 67 percent were sent to companies for review and response, 24 percent referred to other regulatory agencies, and only 8 percent proved ineffective.
2. The CFPB has deliberately avoided limiting the potential scope of its authority by providing definitions of “consumer risk” or “reasonable cause”, as these phrases are used in the rule it announced. During the drafting of the rule in 2013, several commentators pointed out that not defining these sentences would make the rule ambiguous, and they asked the CFPB to provide clarification. The CFPB refused to do so. This may make it difficult for fintechs to refute a claim by the CFPB that the conduct described in a consumer complaint filed with the CFPB does not endanger consumers or is insufficient to meet the “reasonable cause” standard.
3. CFPB makes the decision. A non-banking company is given notice and an opportunity to dispute CFPB’s claim of a right to investigate the company. This can be a meaningful process, and only time will tell how the CFPB handles such disputes. However, as an external limitation on the CFPB’s power, this process is of limited value, given that the disputes are settled by the CFPB itself.
4. The CFPB refused to do the process of contesting a decision of the CFPB’s authority to investigate a non-bank in accordance with the rules of a formal decision under the Administrative Procedure Act. In response to the comment that a “reasonable opportunity to respond” should include a hearing on the minutes, the CFPB claimed that it used its discretion not to do so.
Despite these obstacles, fintechs are expected to challenge the agency’s determination, authority and constitutionality itself. Although fintechs may attempt to “short-circuit” the CFPB’s planned administrative process by seeking a court declaration that the agency is unconstitutional, they should also be aware that the Administrative Procedure Act normally requires that an agency’s administrative process be exhausted and that a “final” instance application be obtained. before an aggrieved party goes to court.
CFPB’s long games
At this point, it is difficult to know how aggressively the CFPB will use its power to investigate non-bank fintechs such as cryptocurrencies and BNPL service and product providers. Just because the CFPB’s power appears to have limited external constraints does not mean that the CFPB will exercise its discretion to maximize its supervisory authority. However, there are two main reasons to suspect that the CFPB will seek to expand its regulatory area:
1. CFPB Director Rohit Chopra stated after the announcement in April that CFPB believes that it has other “sleeping” forces that it is considering using. In a blog post on June 17, 2022, he gave as an example the unused “authority to register certain non-bank financing companies to identify potential fraudsters and others who repeatedly break the law.” Requiring such registrations will further expand the scope of CFPB’s regulatory authority over fintechs.
2. The CFPB has a practical ability to increase its supervisory activities, which is unusual for a federal agency. As U.S. District Judge Edith H. Jones observed in a decision earlier this year, the CFPB’s funding structure is removed from the congressional assessment by allowing the CFPB to withdraw money from the Federal Reserve to fund itself outside the congressional grant process. Judge Jones – along with District Judges Jennifer Walker Elrod, Stuart Kyle Duncan, Kurt D. Engelhardt and Andrew S. Oldham – said in that decision that this funding mechanism was unconstitutional. This view was a simultaneity in Fifth Circuits a banc decision and does not definitively resolve the question of whether CFPB is unconstitutional. However, it underscores the power this unique funding mechanism gives the CFPB to strengthen its own authority.
Regardless of CFPB’s intentions, it is still too early to know how CFPB’s efforts to investigate non-bank fintech will unfold. After all, the OCC clearly announced its intentions to start issuing special-purpose national bank charters to non-depository fintechs six years ago, and it remains unclear whether this will happen. One thing that is clear, however, is that the ongoing ambiguity and regulatory conflicts are inflicting unnecessary costs on US fintechs and their customers. When fintechs do not know who will regulate them or how the regulations will be used, it makes it difficult to move forward with the development of innovative new products that consumers want. For this reason, power struggles among American regulators often harm the consumers in whose name they are fighting.
Jeffrey Alberts is a partner in Pryor Cashman, where he works in the defense and investigation group, the financial institution group and the fintech group. Dustin N. Nofziger is a lawyer in the firm.
From: New York Law Journal