CFPB's nonbank registry of repeat offenders goes live

Bloomberg News

The Consumer Financial Protection Bureau's nonbank registry to address repeat corporate offenders goes live this week, raising concerns that companies will be more inclined to fight enforcement actions to avoid being publicly shamed. 

The Conference of State Bank Supervisors opposed the creation of the registry since its conception, claiming that the CFPB exceeded its authority and did not need to identify nonbanks that are subject to public orders because the Nationwide Multistate Licensing System already does so. CSBS is concerned about redundant reporting and costs to nonbanks associated with maintaining compliance with two registries, which could cause confusion. 

The CFPB's registry requires nonbanks that provide financial services to consumers and have violated local, state and federal consumer protection laws plus court orders to register all public actions with the bureau. It requires that companies provide copies of public orders and up-to-date information annually and to verify their compliance — a provision that some experts say could become a sticking point in settlement agreements. 

"I expect targets of state regulator enforcement investigations, especially ones where the regulator is taking an expansive or aggressive legal position, to be substantially less willing to settle just to make the regulator's concern go away," said Jeff Naimon, a partner at Orrick, Herrington & Sutcliffe LLP. 

Jonathan Pompan, a partner at Venable, called the registry "an online treasure trove of information that will be available for all to see," and "a move that's sure to make nonbank financial institutions even more uncomfortable." 

CFPB Director Rohit Chopra has said the registry is necessary to ensure the bureau can identify repeat offenders who are failing to adhere to the terms of existing orders or are engaging in additional violations of consumer protection laws. The CFPB issued a final rule in June, after proposing in 2022 to create a database on nonbank offenders that it said would address a lack of comprehensive information about orders issued against nonbanks. 

Brandon Milhorn, president and CEO of CSBS, said the CFPB has not proven there was a recidivism problem with nonbanks to necessitate the creation of the registry. 

"We are disappointed that the CFPB is proceeding with its public orders registry and stand by the concerns expressed by state regulators during the consultation process," Milhorn said. 

Regulation and compliance

CFPB's Chopra pans so-called 'Chopra doctrine' of expanding authority

October 16, 2024 11:53 AM

State regulators supervise for compliance with both state and federal consumer financial laws, a purview that CSBS claims is significantly broader than the CFPB's authority. The CFPB has primary authority to supervise and examine banks with over $10 billion in assets. It also supervises nonbanks of any size in certain markets such as mortgage companies, payday lenders and student lenders, and can also supervise larger participants in other nonbank markets, and ensure compliance with consumer protection laws. 

CSBS is trying to ensure there is alignment between the CFPB's registry and the NMLS to prevent industry confusion and redundant reporting, Milhorn said.

The NMLS tracks more than 350,000 entities and individuals in a wide range of industries including money services providers, check cashing firms, earned wage access and payday lenders, as well as third-party debt collectors and credit repair companies. Nonbanks that primarily provide financial services directly to consumers are state licensed. Whereas both state and federal regulators may charter banks, only state regulators have the authority to license consumer-facing nonbanks.

CSBS launched the NMLS in 2008 to manage and monitor mortgage lenders, brokers and individual loan originators after the financial crisis. Congress mandated a nationwide licensing and registration system through the Secure and Fair Enforcement for Mortgage Licensing Act of 2008, known as the SAFE Act. In 2010, state regulators launched NMLS Consumer Access, a searchable database that allows the public to check whether a regulatory action has been taken against by a licensed company or individual. 

"Requiring attestations of compliance with state actions could position the Bureau to ostensibly exercise supervisory and enforcement authority over laws for which the CFPB has not been granted such authority, and it could pose serious challenges to state supervision and enforcement efforts," CSBS said in a comment letter last year.  

Some critics of the registry suggest that nonbank mortgage lenders and other companies may not want to settle state actions if they are made public with annual certification requirements. As a result, the registry may have the unintended effect of pushing more enforcement matters into confidential supervisory resolutions. Moreover, consent orders typically have covenants stating that a company cannot violate the law, which includes state prohibitions on "unfair or deceptive acts and practices," known as UDAP, or must maintain compliance management programs to address compliance. Such provisions are difficult to certify and may have to be renegotiated, some lawyers said. 

"I expect all targets of investigations to more closely negotiate injunctive relief with an eye towards the new registry's annual certification requirements," Naimon said. 

Clay Coon, special counsel for supervision examinations at the CFPB, said that companies do not have to register in advance of an order.

"Please do not just sign up in advance because you think at some point you might need to register," Coon said in September on a call to address technical questions. The registry excludes banks and credit unions.

The CFPB has tiered compliance deadlines. Larger participants subject to CFPB supervision have until January 14, 2025, to register, while other covered CFPB-supervised nonbanks have until April 14, 2025. Other nonbanks have until July 14, 2025, to register.