Specifically, the Proposed Rule would require that “covered nonbanks” register with the CFPB and provide information about and a copy of federal, state, and local “covered orders.”1 The scope of “covered nonbank” entities is broad and includes all “covered persons” — anyone that offers consumer financial products or services — unless otherwise exempt under the regulation.2 Covered nonbanks will also include affiliates that are servicer providers, and even unaffiliated service providers may be “covered nonbanks” when they offer financial products or services themselves — and here it is important to remember that some functions typically thought of as “servicing” are also within the scope of the definition of “consumer financial product or service.” Affiliates of an insured depository institution, credit union, or related person could be subject to the Proposed Rule if they are not themselves insured depository institutions, credit unions, or related persons.3
Each covered nonbank would be required to provide information about “covered orders” 90 days after the applicable system implementation or 90 days after the effective date of any applicable covered order and would be required to update such information 90 days after any amendment or change.4 The CFPB proposes to define “covered orders” to be those that are both public and final, including both agency and court-issued orders, issued at least in part in any action or proceeding brought by any federal, state, or local agency.5 The covered order must contain public provisions that impose obligations on the covered nonbank to take or refrain from taking certain actions, and impose such obligations based on alleged violation of a covered law, but do not need to include an admission of liability by the covered nonbank.6 Covered law is defined broadly to include laws regulating consumer financial products and services, including laws relating to unfair, deceptive, or abusive acts or practices.7
In addition, the Proposed Rule would require that “supervised registered entities” (i.e., covered nonbanks that are required to register and that are supervised by the CFPB, such as nonbank mortgage lenders, payday lenders, student lenders, and larger participants in designated markets such as auto lending and credit reporting),8 designate an attesting executive to provide to the CFPB annually a summary description of the executive’s efforts to review and oversee compliance with the applicable order and to attest regarding the entity’s compliance with the order.9 The Proposed Rule states that such attesting executive must be its highest-ranking duly appointed senior executive officer whose assigned duties include ensuring the supervised registered entity’s compliance with federal consumer financial law, who has knowledge of the entity’s systems and procedures for achieving compliance with the covered order, and who has control over the entity’s efforts to comply with the covered order.10 The attestation requirement appears designed to provide a hook for personal responsibility, and potential liability, in connection with the CFPB’s enforcement activity. This, too, is consistent with other recent actions by the CFPB in including individuals within the scope of its actions in addition to the covered entities.11
Throughout the Proposed Rule, the CFPB provides insight into the potential ways it and other regulators (both federal and state) might use the registration information in connection with monitoring markets generally, rulemaking, and in taking action specifically concerning the covered nonbanks that provide reports. The CFPB posits that it could use the information in furtherance of its goal to punish “repeat offenders,” to determine that an entity should be subject to its supervisory authority, to bring its own investigations or enforcement actions, and to assign what it believes to be the right level of civil penalties.
Because the database will be public, it would provide others — including private parties — with information that could serve as the basis for further litigation or investigations. Although the database would include only orders that are already public, it would provide a centralized source of readily available information that may otherwise be difficult to access.
Companies in the consumer financial product and service industry would be well served to consider the potential implications of compliance with the Proposed Rule, including the potential uses if information to be submitted to the CFPB if and when this Proposed Rule becomes final. In addition, once published in the Federal Register, there will be a 60-day comment period. To that end, Sidley has experience advising clients on all facets of consumer financial products and services and can help you identify solutions to these and other issues.
1 Proposed Rule, 12 C.F.R. § 1092.202.
2 The exemptions are for (1) insured depository institutions, insured credit unions, or related persons; (2) a state; (3) a natural person; (4) a motor vehicle dealer (unless otherwise applicable as described in the Proposed Rule); and (5) a person that qualifies as a covered person based solely on conduct that is the subject of, and that is not otherwise exempted from, an exclusion from the CFPB’s rulemaking authority under 12 U.S.C. 5517. Proposed Rule, 12 C.F.R. § 1092.201(d).
3 Proposed Rule, Sec. V (FN 139).
4 Proposed Rule, 12 C.F.R. § 1092.202(b).
5 Proposed Rule, 12 C.F.R. § 1092.201(e).
6 Proposed Rule, 12 C.F.R. § 1092.201(e); Proposed Rule, Sec. V.
7 Proposed Rule, 12 C.F.R. § 1092.201(c).
8 A supervised registered entity is defined as a registered entity subject to supervision and examination by the CFPB pursuant to 12 U.S.C. § 5514(a). Proposed Rule, 12 C.F.R. § 1092.201(o) (exceptions omitted). “Registered entity” is defined as any person registered or required to be registered under this subpart.” Proposed Rule, 12 C.F.R. § 1092.201(l). Covered nonbanks are required to register pursuant to Proposed Rule, 12 C.F.R. § 1092.202(b)(1).
9 Proposed Rule, 12 C.F.R. § 1092.203(d).
10 Proposed Rule, 12 C.F.R. § 1092.203(b).
11 Proposed Rule, Sec. V (“For example, where information obtained under proposed § 1092.203 indicates that a high-ranking executive has knowledge of (or has recklessly disregarded) violations of legal obligations falling within the scope of the Bureau’s jurisdiction, and has authority to control the violative conduct, the Bureau could use that information in assessing whether an enforcement action should be brought not only against the nonbank covered person, but also against the individual executive”).