Explore This Section

Legislative Update

First Quarter 2012

Consumer Financial Protection Bureau: Overview and Regulations to Date

The Consumer Financial Protection Bureau (CFPB) was established by Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act (H.R. 4173)External Link, which was passed on July 21, 2010. The CFPB was created by the Dodd-Frank Act as part of a larger effort to supervise financial markets and to enforce federal consumer financial law.1 The CFPB has the dual mandate to help consumers understand their financial options by increasing the transparency of financial markets and to regulate the providers of consumer financial products and services.


Section 1021 of the Dodd-Frank Act assigns six main functions to the CFPB. The first three functions relate to consumer financial education and advocacy. The remaining three functions relate to financial market supervision, rulemaking, and enforcement. To fulfill its mandate to help consumers navigate financial markets, the Dodd-Frank Act requires the CFPB to provide clarification and financial education programs to inform consumers of the benefits and risks of various financial options. One such preliminary program by the CFPB is the “Know Before You OweExternal Link campaign, which aims to help customers compare different mortgage and student loans. The CFPB must also collect, investigate, and respond to consumer complaints. To this end, the CFPB created a national consumer response center to take in consumer financial complaints and provide answers on common financial questions. In addition to addressing existing consumer complaints, the CFPB must also identify financial products and services that pose risks to consumers and prevent transparent market transactions.

To carry out its second mandate as regulator of consumer financial markets, the CFPB is required by the Dodd-Frank Act to act as the primary supervisor, rule maker, and enforcer of consumer protection laws governing depository and nondepository institutions with more than $10 billion in assets. Banks and nonbanks with less than $10 billion in assets must also comply with CFPB regulations, but their consumer financial products and services are supervised by prudential regulators, such as the Federal Reserve, the Federal Deposit Insurance Corporation (FDIC), or the National Credit Union Administration, rather than the CFPB directly.


The CFPB is funded by but is independent of the Federal Reserve. The director of the CFPB is appointed by the President and confirmed by the Senate and can hold office for five-year terms.2 The CFPB is split into six divisions: Consumer Education and Engagement; Supervision, Enforcement, Fair Lending, and Equal Opportunity; Research, Markets, and Regulations; General Counsel; External Affairs; and Chief Operating Officer. As the primary regulator of financial products and services, the CFPB has been transferred all the consumer protection powers of the seven federal agencies: the FDIC; the Federal Reserve; the Federal Trade Commission; HUD; the Office of the Comptroller of the Currency; the Office of Thrift Supervision; and the National Credit Union Administration.

Scope of Authority

The CFPB has broad rulemaking and enforcement authority over consumer financial products and services provided by certain bank and nonbank entities. Financial products and services that fall under the jurisdiction of the CFPB include, but are not limited to, the following credit, savings, and payment activities: extending credit and loans, such as student loans, credit card loans, payday loans, auto loans, and mortgages; brokering leases; real estate settlements; deposit-taking; issuing financial and payment instruments; checking transactions; financial data processing and tailored advisory services; debt collection; and foreclosures.

Although the CFPB has wide-ranging authority, it is constrained by existing state and federal regulators. While the CFPB is the primary regulator of these financial products and services, it must work with state and other federal prudential regulators to obtain examination reports whenever possible. The CFPB is required to coordinate information and enforcement activities with the Federal Trade Commission (FTC) by Section 1024 of the Dodd-Frank Act. The CFPB and the FTC released a joint memorandum of understanding PDF External Link on January 23, 2012, which explains that they will coordinate their actions and consult with each other by holding regular meetings regarding consumer complaints, rulemaking, investigations, and law enforcement activities. The CFPB and the FTC will also hold joint training sessions when possible and share computer databases to avoid duplicating each other’s actions.

Section 1027 of the Dodd-Frank Act details the limitations of the CFPB. The CFPB does not have authority over entities that are already regulated by the Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission, the Farm Credit Administration, a state securities commission, or a state insurance regulator. In addition, the Financial Stability Council can overturn CFPB rules if it believes them to be detrimental to the financial system. The CFPB also does not have authority over attorneys and insurance companies and cannot set usury limits.

Examination Process

On October 13, 2011, the CFPB released its “Supervision and Examination Manual,” External Link which details how it will examine bank and nonbank institutions to detect risks to consumers and assess adherence to federal consumer financial laws. The CFPB will examine a combination of quantitative and qualitative data, including, but not limited to, the amount of a company’s assets, the company’s risk profile, the volume of consumer financial transactions, customer complaints, and the extent of oversight by other state and federal regulators. The examination process can be split into the three phases outlined below:

  • Investigation: For the investigation, the CFPB will collect and review information from
    federal and state regulators and directly from the supervised entity. The CFPB requires supervised entities to comply with examinations by giving “full and unfettered access to information.”3 In addition to institution-specific investigations, the CFPB conducts “target reviews” of customer complaints and “horizontal reviews” across the financial industry to identify trends and risks that may require further attention.
  • Notification: The CFPB will notify all agencies it investigates. The examinee will then have 20 days to contest the investigation if it disagrees.
  • Conclusion: After investigation and analysis, the CFPB will write a conclusion based on the findings and send it to the regulated entity for review. If no violations are found, then the investigation is closed. However, if the investigation does find regulatory violations, then the conclusion will also include corrective actions that the institutions should take and any penalties that will be imposed.

Possible penalties that the CFPB may enforce include, but are not limited to, rescinding contracts, restitution, return of property, public notification of the violation, and monetary penalties. In regard to monetary penalties, the CFPB can impose penalties up to $1 million per day for purposely violating consumer financial law. Furthermore, depending on the nature of the violation, the CFPB may also pass the findings on to the appropriate regulatory agencies (e.g., the Internal Revenue Service) or the courts (e.g., the Department of Justice).

Regulations: Proposed and Enacted

The CFPB amendment to Regulation E of the Electronic Fund Transfer Act (77; Federal Register; pp. 6194-6200)PDF External Link became effective February 7, 2012. The amendment protects consumers when sending funds — such as remittance transfers — abroad by requiring the transferring agency to fully disclose the cost of the transfer, the amount delivered to the recipient, and the date it is available. Consumers will also have 30 minutes after payment to cancel a transfer.

On February 15, 2012, the CFPB finalized the amendment to Regulation C of the Home Mortgage Disclosure Act (HMDA) (77; Federal Register; pp. 8721-22).PDF External Link Prior to the change, HMDA regulations required mortgage lenders with over $40 million in assets to provide regulators and the public with annual reports on their mortgage activities. The CFPB has increased the exception threshold to $41 million in order to reflect the increase in the consumer price index.

In addition to already enacted regulation, the CFPB has proposed numerous other regulatory efforts. On February 16, 2012, the CFPB published a proposal on how to define large nonbank financial participants (77, Federal Register pp. 9592-9608).PDF External Link The CFPB proposed this rule because of its regulatory duty under the Dodd-Frank Act to regulate “larger participants” in the nonbank financial market.4 The proposal focuses specifically on defining larger participants in the consumer debt collection and credit reporting markets. The proposal states that a consumer debt collection agency will be considered a large participant if it has annual receipts of more than $10 million and a consumer reporting agency if it has annual receipts of more than $7 million. Within nonbank financial markets, the Dodd-Frank Act authorizes the CFPB to regulate nonbanks of all sizes in the mortgage, payday lending, and private student loan markets. However, the CFPB’s authority is restricted to “larger participants” in other consumer financial markets. The CFPB will release the initial rule no later than July 21, 2012.

On April 10, 2012, the CFPB released mortgage lending rules PDF External Link that it is considering for proposal. The rules aim to improve mortgage providers’ transparency and accountability. To facilitate transparency, the proposal would require mortgage companies to provide consumers with clear monthly statements that show the account balance; allocation of payments to principal, interest, and escrow; the due date and amount of the next payment; recent transactions; and late fee warnings. Mortgage providers are also required to notify borrowers before changing the interest rate, imposing additional fees, or enrolling the borrower in expensive “force-placed” property insurance. The providers must explain how the changes affect the borrower’s account and provide a list of alternatives if the borrower is unable to afford the new monthly payments. The provider is also required to communicate with delinquent borrowers and inform them about their options for avoiding foreclosure. To increase mortgage providers’ accountability, the proposal requires providers to immediately credit the consumer account on the day the payment is made, keep records current and accessible to the borrower, address consumer concerns about errors within five days, conclude investigations into errors within 30 days, and provide access to foreclosure prevention help. The CFPB expects to release the notice of proposed rulemaking this summer and finalize it by January 2013.

Federal Regulation

Federal Deposit Insurance Corporation

Resolution Plans for Insured Depository Institutions

On January 17, 2012, the FDIC adopted a final rule PDF External Link that requires insured depository institutions with $50 billion or more in total assets to submit an annual resolution plan to the FDIC. In the event of the institution’s failure, the resolution plan will act as a living will and help the FDIC to ensure that depositors receive access to their deposits within one business day of the institution’s failure, maximize the value of the sale or disposition of the institution’s assets, and minimize the amount of loss to the institution’s creditors.

The rule became effective April 1, 2012, and applies to both U.S. banks and non-U.S. banks in the U.S. with over $50 billion in assets. The largest institutions, defined as those with more than $250 billion in assets, must submit plans by July 1, 2012. Institutions with $100 billion or more in assets must submit plans by July 1, 2013. The remaining institutions must develop plans by the end of 2013.

Securities and Exchange Commission

Proposal to Help Prevent Identity Theft

On February 28, 2012, the SEC and the Commodities Futures Trading Commission (CFTC) jointly proposed new policies and procedures PDF External Link to help protect investors from identity theft. Under the proposal, SEC- and CFTC-regulated entities must adopt a written program to identify, detect, and respond appropriately to red flags associated with identity theft.

  • 1 For additional information and clarification on the term “federal financial consumer law,” see the CFPB’s overview on the supervision and examination process. External Link
  • 2 The current head of the CFPB, Richard Cordray, was recess appointed by President Obama on January 4, 2012. Since Cordray was recess appointed, he can serve only through the end of 2013.
  • 3 In response to fears that privileged information handed to the CFPB could be released to outside parties, the CFPB proposed and the House of Representatives passed H.R. 4014, PDF External Link which states that privileged information given to the CFPB will not be subject to third-party waivers and will receive the same statutory protection applied to information given to prudential regulators. Although this proposal has passed the House, it is still pending in the Senate and is not yet law.
  • 4 Nonbank consumer financial institutions include, but are not limited to, consumer debt collectors, consumer credit reporting agencies, money transmitters, and check-cashing and prepaid card providers. The proposed rule covers the consumer debt collection and consumer reporting market.