The Dodd-Frank Act vested the CFPB with extremely broad authority, particularly the power to regulate unfair, deceptive, or abusive acts or practices (UDAAP). The CFPB has wielded this power broadly and arguably strayed into areas beyond what Congress intended in passing Dodd-Frank. Although courts have allowed the CFPB broad discretion, a recent decision from the Court of Appeals for the DC Circuit suggests that the CFPB’s authority is not limitless. In CFPB v. Accrediting Council for Independent Colleges and Schools (ACICS), the DC court rejected the CFPB’s civil investigative demand (CID) for information relating to the accreditation of for-profit colleges, concluding that the CFPB failed to comply with statutory requirements in issuing the CID.
With the new presidential administration and Republican majorities in both houses of Congress, major changes to the Dodd-Frank Act are widely expected. There has been extensive coverage of what these impending changes mean for consumers and for the banking industry in general. This post examines potential changes from the perspective of community banks.
Last month, the Department of Justice (DOJ) filed a civil rights lawsuit accusing KleinBank, a Minnesota-based community bank, of violating fair lending laws by engaging in the practice of “redlining” by denying mortgage loans to predominantly minority neighborhoods. The DOJ’s complaint alleges that KleinBank “engaged in a pattern or practice of unlawful redlining by structuring its residential mortgage lending business so as to avoid serving the credit needs of neighborhoods where a majority of residents are individuals of racial and ethnic minorities, in violation of the Equal Credit Opportunity Act (ECOA) and the Fair Housing Act (FHA).”
With major changes coming in Washington and important cases making their way through the court system, 2017 looks to be a busy year for bank litigation and regulation. This includes litigation and legislative challenges to the CFPB’s authority, enforcement actions involving allegations of unsafe and unsound banking practices, lawsuits over the validity of credit union regulations, and litigation surrounding the Wells Fargo fake account scandal.
Cybersecurity remains a top concern for banks and regulators, as data breaches pose substantial regulatory risk and high costs. As I have written in recent posts, banks must develop comprehensive cybersecurity policies to protect against data breaches and avoid adverse action from the regulators. Recent guidance and statements from the regulators provide additional insight into best practices in data security.
The D.C. Court of Appeals ruled today that the CFPB’s unchecked leadership by a single director is unconstitutional. The long-awaited decision in the case of PHH Corp. v. CFPB involved a $109 million fine for alleged violations of the Real Estate Settlement Procedures Act (RESPA). In addition to the constitutionality ruling, the court also struck down the fine assessed by CFPB Director Richard Cordray, ruling that he was not permitted to ignore the statute of limitations or retroactively apply a reinterpretation of policy.
Earlier this month, Wells Fargo entered into a consent order with the CFPB and OCC after regulators discovered that bank employees had opened more than 1.5 million fake deposit and credit card accounts. The scandal involved more than 5,000 employees who opened the fake accounts in order to pad sales numbers and meet quotas the bank used as part of an incentive compensation plan. In the aftermath of the scandal, Congress and the regulators have begun to scrutinize what went wrong and what steps can be taken to prevent these problems going forward. Although big banks are the focus of this scrutiny, it is important for community banks to pay attention to possible regulatory changes that may impact banks of all sizes.