The Consumer Financial Protection Bureau (CFPB) has been busy since it began enforcing the federal consumer financial laws on July 21, 2011. It has issued new rules, published examination and investigation procedures, commenced its supervision process and brought public enforcement actions, among other things. Its focus on protecting consumers is demonstrated by its own blog, its consumer testing of mortgage disclosure forms and its creation of a consumer complaint database that has already received approximately 79,200 complaints.

The CFPB recently announced its first round of supervisory highlights covering the period from July 2011 to the end of September 2012. This article provides a brief summary of the statutory authorities provided to the CFPB and its supervisory highlights and rulemakings to date, which signal areas upon which institutions and their counsel should focus their compliance efforts.

I. Statutory Authority

The Dodd-Frank Wall Street Reform and Consumer Protection Act established the CFPB and provided it with the authority to implement and enforce “federal consumer financial laws” with respect to insured depository institutions and insured credit unions with total assets of more than $10 billion (“large institutions”). The Dodd-Frank Act also provided the CFPB with supervisory authority over:

• Certain nonbank lenders of any size (i.e., mortgage lenders, student lenders and payday lenders)
• Larger participants in other consumer financial markets
• Other nonbanks engaging in “conduct that poses risks to consumers with regard to the offering or provision of consumer financial products or services”
• Service providers of large institutions or that serve a substantial number of smaller institutions.
• The CFPB has defined the term “larger participants” through its rulemakings to include larger debt collectors and consumer reporting agencies, but that definition may be expanded.

II. Supervisory Highlights

The CFPB recently issued supervisory highlights to apprise the public and the financial services industry about its supervisory goals and accomplishments. The CFPB has identified institutions with deficient compliance management systems (CMS), including fair lending compliance programs and regulatory violations related to credit cards, credit reporting and mortgage lending. The highlights discuss the CFPB's three public enforcement actions to date, some of which addressed deceptive practices by credit card issuers to market credit card add-on products. It also discusses the CFPB's non-public supervisory actions, some of which addressed violations of the “ability to pay” provisions of the CARD Act.

Institutions should ensure that their CMSes are appropriate for their nature, size and complexity. In evaluating a CMS, CFPB examiners consider “whether financial institutions have effectively addressed internal controls and oversight, training, internal monitoring, consumer complaint response, independent testing and audit, third-party service provider oversight, recordkeeping, product development and business acquisition, and marketing practices.”

A theme in the highlights and the CFPB's public enforcement actions is the importance of third-party service provider (TPSP) oversight. The CFPB has made it clear that institutions may be held responsible for the actions of their TPSPs.

Institutions should also comply with the fair lending laws and adhere to best practices. As discussed in the highlights, CFPB examiners have found that well-developed fair lending compliance programs contain the following:

• An up-to-date fair lending policy statement

• Regular fair lending training for all employees, officers and board members

• Ongoing monitoring for compliance with fair lending policies and procedures

• Regular statistical analysis of loan data for potential disparities on a prohibited basis in pricing, underwriting, or other aspects of the credit transaction, including both mortgage and non-mortgage products, such as credit cards, auto lending and student lending

• Regular assessment of marketing

• Meaningful oversight by management and the board.

Institutions should also make sure their products and services comply with consumer rules over their entire life cycle, including through development, marketing, sale and management. Title X of the Dodd-Frank Act prohibits unfair, deceptive and abusive acts and practices (UDAAP) in connection with consumer financial products and services. If the CFPB's initial enforcement actions are any guide, UDAAP will play a major role in the CFPB's enforcement efforts. While the financial services industry remains highly interested in how the CFPB will interpret and enforce the new “abusive” standard, it is unlikely the CFPB will issue regulations interpreting that standard or bring enforcement actions based upon it in the near future.

III. Rulemakings

The CFPB is working on several mortgage-related rules required by the Dodd-Frank Act. Significantly, it published a proposed rule to combine the mortgage disclosure forms required under the Real Estate Settlement Procedures Act and the Truth in Lending Act. The rule would create new Loan Estimate and Closing Disclosure forms that highlight important information for consumers and provide clear warnings about features that consumers might want to avoid, such as prepayment penalties and negative amortization. Another rule that has peeked the industry's interest would require creditors to determine whether a borrower has the ability to repay a mortgage loan and would establish a “qualified mortgage” standard for compliance. The CFPB also proposed rules related to mortgage servicing, homeownership counseling, high cost mortgages and appraisals for “higher-risk mortgages.”

Significantly, if the CFPB does not issue final rules to implement Title XIV of the Dodd-Frank Act by Jan. 21, 2013, sections of that title for which regulations have not been issued will become immediately effective. Thus, the CFPB will likely issue a flurry of final rules before the Jan. 21 deadline.

Entities that are potentially subject to the CFPB's jurisdiction should continue to follow the CFPB's pronouncements, rulemaking and enforcement proceedings closely to ensure compliance in the constantly changing regulatory environment.