Looking at the numbers, it is undeniable that the number of enforcement actions from the Consumer Financial Protection Bureau (CFPB) have dropped over the last two years.
A report from Bloomberg BNA in October 2018 shows that enforcement actions went from 56 in 2015 to 6 in the first three quarters of 2018. Additionally, USA Today reported on March 13, 2019, that the CFPB issued no enforcement actions from November 2017, when previous director Richard Cordray stepped down, through April of 2018. It also said average monetary relief fell by 96%.
All of this may lull the financial services industry into a false sense of security. The regulators seem to be lightening up, and so does that mean that compliance is less of a concern?
The answer is ‘no.’ It means that when the regulators decide its time to enforce the rules, they are going to make sure they have good reasons to do so.
Rather than breathing a sigh of relief, financial services providers should be double checking that they are doing more than just checking the compliance boxes. They need to ensure that their compliance regimes are substantively working to protect customers.
While the regulators may be showing less enforcement zeal, they have not stopped doing their jobs. In a speech at the Bipartisan Policy Center on April 17, 2019, CFPB Director Kathleen Kraninger made it clear that enforcement remained an important part of the Bureau’s toolkit.
“Let me state emphatically my view that enforcement is an essential tool Congress gave the Bureau – particularly because education, rulemaking, and supervision will not prevent every violation,” Director Kraninger said. “There will always be bad actors who don’t comply with the law.”
This enforcement likely will look a little different than companies expect. It will be more like a traffic stop than a raid – meaning one enforcement issue will likely lead to others.
Instead of pulling someone over, writing them a ticket with a small fine, and sending them on their way, the “cops” of the CFPB probably will use the first violation as a starting point.
So, it will start with a stop for speeding, and, oh look, the taillight is broken. Are you wearing your seat belt? Is that a handgun poking out of the glovebox?
Except in the case of financial services it will start with a consumer complaint, and, oh look, your product is actually a prepaid account. Did you provide the proper disclosures? Is that a credit feature poking out of the terms and conditions?
Providers should not look at the numbers on enforcement and conclude that compliance has become a formality or easily completed checklist. They should look at the purposes underlying the regulations and ensure that they are working with their operations teams, inside and outside counsel, and, where appropriate, the regulators to make sure that they have a substantive, effective compliance program.
It's either that or be prepared for a simple traffic stop to turn into a cascade of violations.
Write something about yourself. No need to be fancy, just an overview.