Civil Investigative Demands (CIDs) have long been a powerful tool in the government arsenal to investigate civil wrongdoing. The power to issue a CID is derived from statute. Both federal and state agencies with statutory authority to issue CIDs can and do use them to seek a broad array of information in furtherance of an investigation. Agencies have historically enjoyed wide ranging freedom in exercising their discovery power through CIDs, and courts have generally shown agencies broad deference in how they use this power. For example, agencies generally can use CIDs to investigate simple suspicions that the law is being violated, do not need concrete proof of a violation to issue a CID, and can use CIDs to seek information from third-parties who might have relevant information to the inquiry, even when their activities do not directly fall under the mandate of the agency. Two recent circuit cases demonstrate that this powerful tool does have limits, and provide instruction on how recipients of a CID can assess their options regarding compliance with the often broad requests contained in a CID.

On Sept. 6, 2018, the Fifth Circuit refused to enforce a CID in CFPB v. Source for Public Data, LP, 2018 WL 4258966 (5th Cir. 2018) (CFPB v. Public Data). The decision was in line with the D.C. Circuit's April 21, 2017 opinion which similarly refused to enforce a CID in CFPB v. Accrediting Council for Independent Colleges and Schools, 854 F.3d 683 (D.C. Circ. 2017) (CFPB v. ACICS). Both decisions illustrate that the government's failure strictly to follow the notification requirements contained in the statutory schemes authorizing the issuance of CIDs can provide a basis for successfully challenging a CID.

|

'CFPB v. Public Data'

The Fifth Circuit, in CFPB v. Public Data, reversed the findings of the Northern District of Texas upholding a CID issued by the CFPB to Public Data, a search engine company that makes public records available on the internet. The CFPB issued a CID to Public Data which required it to produce documents, provide answers to interrogatories, and submit a written report.

The statute that empowers and governs CIDs issued by the CFPB, 12 U.S.C. §5562(c)(2), states that “[e]ach civil investigative demand shall state the nature of the conduct constituting the alleged violation which is under investigation and the provision of law applicable to such violation.” This statutory provision is similar to the statutes that authorize the issuance of CIDs relating to False Claims Act and unfair competition investigations. 31 U.S.C. § 3733(2)(A) provides for False Claim Act cases that “[e]ach civil investigative demand … shall state the nature of the conduct constituting the alleged violation of a false claims law which is under investigation, and the applicable provision of law alleged to be violated.” 15 U.S.C. §57b-1(c)(2) states that for unfair competition cases, “[e]ach civil investigative demand shall state the nature of the conduct constituting the alleged violation which is under investigation and the provision of law applicable to such violation.”

These provisions are designed to ensure that the recipient of a CID is provided with fair notice as to the nature of the action. Adequate notice is given where it is clear from the face of the CID what conduct is being investigated and what provision of law it is being investigated under.

The CID issued to Public Data stated: “The purpose of this investigation is to determine whether consumer reporting agencies, persons using consumer reports, or other persons have engaged or are engaging in unlawful acts and practices in connection with the provision or use of public records information in violation of the Fair Credit Reporting Act, 15 U.S.C. §§1681, et. seq., Regulation V, 12 C.F.R. Part 1022, or any other federal consumer financial law. The purpose of this investigation is also to determine whether Bureau action to obtain legal or equitable relief would be in the public interest.” Public Data moved to modify or set aside the CID under 12 U.S.C. §5562(f). The CFPB denied the petition and ordered Public Data to comply with the CID. When Public Data declined to comply, the CFPB petitioned the Northern District of Texas to order Public Data to comply. The Northern District of Texas granted the CFPB's petition and Public Data appealed to the Fifth Circuit. The Fifth Circuit reversed.

In its opinion, the Fifth Circuit explained that enforcement of a CID was proper if it met a reasonable relevance standard, articulated as “(1) the subpoena is within the statutory authority of the agency; (2) the information sought is reasonably relevant to the inquiry; and (3) the demand is not unreasonably broad or burdensome.” The Fifth Circuit found it did not have to engage in that analysis, however, because, as a threshold matter, the court found that the CFPB had not complied with the notice requirements of 12 U.S.C. §5562(c)(2).

Specifically, the Fifth Circuit found that the notification was insufficient because “[p]roviding and using public records are not violations of federal law” and the CFPB failed to articulate how such activity violated federal consumer law. The Fifth Circuit was unpersuaded by the CFPB's general citation to the Fair Credit Reporting Act and “any other federal consumer financial law.” The court stated that the cite to the Fair Credit Report Act was nothing more than a “reference to a broad provision of law that the CFPB has authority to enforce[,]” which did not clarify what type of conduct it was investigating. The CFPB's inclusion of unnamed laws was also not viewed favorably. The court characterized the reference as an “uninformative catch-all phrase.”

The Fifth Circuit explained that because the CID “fail[ed] to identify the conduct under investigation or the provision of law at issue,” the court could not exercise meaningful judicial review to evaluate whether the information sought was reasonably relevant to the inquiry or whether the demand was unreasonably broad or burdensome. The court also found the broad generic language used in the CID notice provision to be inadequate because it lacked sufficient detail about the actual investigation the CFPB was conducting. In reversing, the Fifth Circuit concluded by noting that the CFPB does not have “unfettered authority to cast about for potential wrongdoing,” an interesting remark given how broadly CIDs have been used in the past to explore little more than suspicions of misconduct.

|

'CFPB v. ACICS'

The Public Data case cited and drew upon the 2017 decision by the D.C. Circuit in CFPB v. ACICS. In ACICS, the CFPB issued a CID to ACICS, a non-profit organization that accredits for-profit colleges. The CID's notification of purpose stated: “The purpose of this investigation is to determine whether any entity or person has engaged or is engaging in unlawful acts and practices in connection with accrediting for-profit colleges, in violation of sections 1031 and 1036 of the Consumer Financial Protection Act of 2010, 12 U.S.C. §§5531, 5536, or any other federal consumer financial protection law. The purpose of this investigation is also to determine whether Bureau action to obtain legal or equitable relief would be in the public interest.” The CID requested that ACICS “designate a company representative to appear and give oral testimony regarding ACICS's policies, procedures, and practices relating to the accreditation of seven particular schools, and to respond to two interrogatories.”

When the CFPB and ACICS were unable to resolve their disagreements about the CID through the administrative process, the CFPB sought to enforce it in court. The District of Columbia concluded that the CFPB did not have the statutory authority to investigate the accreditation of colleges, and therefore refused to enforce the CID. The D.C. Circuit declined to reach the substantive question of whether the CFPB's statutory authority could reach into the area of the accreditation of colleges, finding that the particular CID received by ACICS was defective because it provided inadequate notice of the “the unlawful conduct under investigation or the applicable law.” The D.C. Circuit explained that the assertion in the CID that the conduct being investigated was “unlawful acts and practices in connection with accrediting for-profit colleges” was too broad for ACICS to understand what the CFPB was actually investigating. The court held that the CID was invalid because it “never explain[ed] what the broad and nonspecific term unlawful acts and practices” meant in relation to the CFPB's investigation. The D.C. Circuit also found that the CID's description of the applicable law was insufficient. The CID only identified sections 5531 and 5536 of the Consumer Financial Protection Act and generally referred to “any other Federal consumer financial protection law,” without specifically tying these provisions to the conduct under investigation.

|

Conclusion

The rulings in Public Data and ACICS may have germinated from concerns over the scope of the statutory authority of the CFPB, but they demonstrate that a boilerplate CID recitation that it is being issued to investigate potential violations of law, without specific details about the nature of that investigation, may present a basis to challenge the enforcement of that CID. The language in a CID listing its notification of purpose should always be carefully reviewed to assess whether there is a basis to challenge a CID under the relevant statutory scheme, especially given that civil prosecutors are often mindful of not wanting to share much information about their case and that prosecutors often rely on boilerplate forms when it comes to the issuance of subpoenas.

Richard Strassberg and William Harrington are partners at Goodwin Procter. Lauren Bowman is an associate at the firm.