‘Paper Tiger’ Finds Its Fangs: Repeat Offenders And The CFPB

This article was originally published in Law360. Reprinted with permission. Any opinions in this article are not those of Winston & Strawn or its clients. The opinions in this article are the authors’ opinions only.

The Consumer Financial Protection Bureau remains steadfast in its efforts to rein in large financial institutions.

CFPB Director Rohit Chopra has spearheaded the bureau’s efforts against repeat offenders, having publicly outlined what he sees as pervasive recidivism.^[1]

He has argued that press releases and large fines have little effect on deterring misconduct, especially in the absence of follow-up enforcement.

“Meaningful penalties become a paper tiger when regulators are not willing to enforce them, entrenching incentives for large companies to engage in repeated misconduct,” Chopra said in a speech last year at the University of Pennsylvania Carey Law School. 

It seems CFPB penalties may no longer be a “paper tiger.”

Aside from greater enforcement, Chopra previously proposed that structural remedies, such as growth caps, might be useful to prevent recidivism. But up until recently, the CFPB’s activities had not demonstrated meaningful movement toward Chopra’s stated goals.

Yet, with the bureau’s new action against Enova International Inc. for repeat offenses, it is apparent the CFPB is taking steps to put supposedly meaningful structural remedies in place to keep companies from “flouting the law.”^[2]

It remains to be seen whether the CFPB has fully accounted for the cost of targeting so-called repeat offenders and imposing outsized penalties on financial institutions.

In some instances, the CFPB’s aggressive position may be undermining the very goals it is trying to achieve.

Nevertheless, in the current environment, financial institutions, especially those that have previously been subject to consent orders, need to carefully consider their options when facing future enforcement proceedings with the CFPB.

Background

The CFPB’s repeat offender unit, announced in its fall 2022 Supervisory Highlights,^[3]is the CFPB’s response to Chopra’s concerns about recidivism and the need for greater enforcement.

The unit provides closer scrutiny over consent order compliance and will be responsible for coordinating with partner agencies.

The CFPB has also hinted that under its authorizing statute, “the CFPB may seek ‘limits on the activities or functions’ of a firm for violations of laws, regulations, and orders.”^[4]

In addition to growth caps, other potential examples include bans on certain types of business practices, divestitures of certain product lines, limitations on leverage or requirements to raise equity capital, revocation of government-granted privileges, and individual liability.

The CFPB is also continuing to escalate its rhetoric around repeat offenders.^[5]

A recent example is the October case CFPB v. Freedom Mortgage Corp. in the U.S. District Court for the Southern District of Florida. The CFPB sued “repeat offender” Freedom for, among other things, allegedly violating a 2019 consent order that required Freedom to “clean up its deficient data practices.”^[6]

Instead, the bureau alleged Freedom violated the consent order by submitting data to the CFPB that was filled with errors.

“Freedom did not have or use an effective system for sampling and validating loan files against the data reported to ensure that the 2020 [Home Mortgage Disclosure Act] data submission was accurate,” the CFPB argued.^[7]

The CFPB demanded that the court, along with granting costs and relief, enjoin Freedom from further violations of any provision of federal consumer financial law, order Freedom to take affirmative steps to prevent recurrence, grant injunctive relief, and provide a civil penalty under the Consumer Financial Protection Act of 2010.

These are the standard penalties the bureau seeks in most matters — nothing unique to repeat offenders.

What is unique to repeat offenders are structural remedies, such as those imposed against online lender Enova International Inc. in a recent CFPB consent order.

Last month, the CFPB published a press release announcing a consent order entered with “repeat offender” Enova.

After investigating Enova and its compliance with a 2019 order, the CFPB concluded the company was continuing to engage in conduct proscribed by both the law and the 2019 order.

Under the 2023 consent order, Enova must stop offering certain types of loans and reform its executive compensation, in addition to providing consumer redress and incurring typical penalties associated with enforcement actions and consent orders, including a $15 million fine.

Potential Implications and Considerations

Up until recently, the repeat offender designation did not, in itself, appear to bring with it any additional monetary or institutional consequences.

That doesn’t mean, however, that the repeat offender unit wasn’t catching financial institutions’ attention.

Broadly speaking, financial institutions do not want to be labeled repeat offenders. The designation brings with it negative publicity and the inconvenience of having to answer to the repeat offender unit.

But now that the CFPB is imposing structural remedies with the potential to change how repeat offenders operate, the consequences of being labeled a repeat offender are even greater.

Even so, taking aggressive action against “repeat offenders” may not bring about the results the CFPB is looking for.

The CFPB defines recidivism quite broadly, including not only violation of a court or agency order, but also violations across different lines of business that stem from a common cause.

As Chopra said in the Pennsylvania speech last year, “For example, I have found that violations across business lines often relate to problematic sales practice incentives or a failure to properly integrate IT systems after a large merger. In other words, the company may have dealt with some symptoms but didn’t do anything about the disease.”^[8]

In doing so, the CFPB creates a real risk of disincentivizing institutions from entering into consent orders.

Institutions are rightly sensitive to any reputational harm that could put them at a competitive disadvantage.

In addition to the negative publicity that comes with a CFPB press release labeling an institution a repeat offender, the inconvenience of the repeat offender unit's insertion into the normal course supervisory process is a real deterrent.

Financial institutions’ normal course supervision teams are familiar with the institutions’ teams and processes, and they typically have a good working relationship.

The addition of the repeat offender unit changes that dynamic. It also creates actual substantive issues financial institutions need to consider, such as the sharing of privileged information, given that the repeat offender unit appears to cross supervision and enforcement lines.

Finally, it goes without saying that financial institutions bristle at the thought of the CFPB imposing structural remedies that affect how they run their businesses; financial institutions do not want to be designated repeat offenders.

Financial institutions will need to tread carefully, maintaining a positive and cooperative posture with the CFPB, while also avoiding inadvertently signing up for years of sitting in the repeat offender penalty box.

These nuances ensure there is no one-size-fits-all approach that will work for all financial institutions, but there are several issues that need to be considered, including the timing and breadth of self-disclosure, the language of the consent order and clarity of compliance. 

Timing and Breadth of Self-Disclosure

While the typical position that early and full disclosure is the best approach may still hold true, institutions may want to consider whether there is an advantage to spending a bit more time with an issue before bringing it to the bureau.

Such an approach would allow the institution to fully flesh out the issue, including understanding the full extent of any consumer impact and the root cause, as well as implementing any necessary fixes.

Language of Consent Order

When entering into a consent order, the institution may consider whether there are ways the breadth of the order could be narrowed, either in terms of applicable time or in the way that the misconduct is described.

The bureau defines recidivism broadly, so any ability to narrow what could be considered relevant conduct is key.

Clarity of Compliance Plan

Once a consent order is entered, institutions may want to pay special attention to the clarity of the related compliance plan.

There may be ways to clarify the scope of the consent order in the way the required conduct is addressed, leaving less room for the bureau to later assert that new misconduct is related.

Conclusion

With its recent imposition of structural remedies on Enova, the CFPB has the rapt attention of U.S. financial institutions.

What was once a threat is now a reality, and financial institutions should adjust their approach to CFPB compliance accordingly.

That said, through taking preventative measures and paying careful attention to any obligations under existing consent orders, financial institutions can navigate this new reality that includes repeat offenders.

Indeed, with an open posture, and a positive relationship with the CFPB, the tiger can be tamed.

Winston & Strawn associate Alyssa Tyler contributed to this article.

---

^{[1] In March 2022, Chopra gave a lecture at UPenn Law School, titled "Reining in Repeat Offenders," https://protect-us.mimecast.com/s/rTmpCW6X9WIl4MN2s6PT4z?domain=urldefense.com.}

^{[2] https://www.consumerfinance.gov/about-us/newsroom/cfpb-fines-repeat-offender-enova-15-million-for-violating-order-deceiving-customers-and-withdrawing-funds-without-consent/.}

^{[3] https://www.consumerfinance.gov/data-research/research-reports/supervisory-highlights-issue-28-fall-2022/.}

^{[4] https://www.consumerfinance.gov/about-us/newsroom/reining-in-repeat-offenders-2022-distinguished-lecture-on-regulation-university-of-pennsylvania-law-school/.}

^{[5] Michelle Rogers and Katherine Halliday, 2 Suits Demonstrating Escalating Rhetoric at CFPB, LAW360 (April 25, 2022).}  

^{[6] https://www.consumerfinance.gov/about-us/newsroom/cfpb-sues-repeat-offender-freedom-mortgage-corporation-for-providing-false-information-to-federal-regulators/.}

^{[7] CFPB v. Freedom Mortg. Corp., 9:23-cv-81373-XXXX (S.D. Fla. Oct. 10, 2023).}

^{[8] "Reining in Repeat Offenders,"https://www.consumerfinance.gov/about-us/newsroom/reining-in-repeat-offenders-2022-distinguished-lecture-on-regulation-university-of-pennsylvania-law-school/.}