A catastrophic end to consumer protection to some, and a long overdue attempt to reconcile law with technology to others, former CFPB Acting Director Mick Mulvaney's parting gift stirred up the financial services industry. The CFPB published its proposed Policy on No-Action Letters and the BCFP Product Sandbox (the "Policy") as amendments to its earlier 2016 policy in an effort to facilitate innovation in the consumer financial marketplace.1 In response, several state attorneys general, trade associations and consumer groups submitted comments on the Policy. Advocates praise the Policy as essential to the Bureau's mission of promoting innovation and consumer access. Opponents argue that the Policy not only exempts companies from consumer protection laws but also exceeds the Bureau's legal authority. In this Legal Update, we summarize the key comments.2
The New York AG submitted a letter on behalf of 22 Democratic state AGs, who challenged the CFPB's legal authority to grant the "sweeping and absolute immunity contemplated by" the Policy, particularly without going through a formal rulemaking process. The letter also questioned the wisdom of the proposed policy changes.3
The AGs argue that because no-action letters ("NALs") appear to be binding on the Bureau indefinitely,4 a formal rulemaking process would likely be required to issue them. Even if the Bureau has legal authority to issue binding NALs, the AGs "see no sound basis for the CFPB tying its hands in this way" given the sophisticated technologies increasingly used by consumer financial service providers. For example, marketplace lenders frequently rely on machine learning and artificial intelligence to make underwriting decisions, and, according to the AGs, lenders may be unable to understand why certain decisions were made and whether the decisions were based on prohibited factors, in which case "it would be irresponsible to give companies employing them what may effectively be a permanent get-out-of-jail-free card." The AGs find particularly problematic the Bureau's proposal not to bring a supervisory or enforcement action against an NAL recipient under its authority to prevent unfair, deceptive, or abusive acts or practices.
The AGs' concerns about NALs also apply to the Product Sandbox. According to the AGs, the Product Sandbox is even more troubling in one respect because it grants immunity from "enforcement actions by any federal or state authorities, as well as from lawsuits brought by private parties." The AGs argue that the CFPB does not have the authority to issue such sweeping immunity outside of the formal rulemaking process. The Policy proposes to grant relief in the form of approvals under statutory safe harbor provisions of TILA, ECOA and the EFTA, and the AGs argue that such provisions are narrow and "do not authorize the CFPB to grant the approval relief contemplated by the Proposed Sandbox Policy."
The AGs note in a footnote that they "do not believe the Proposed Sandbox Policy contemplates the preemption of state-law claims." But they also argue that, "to the extent it does, we would note the law is crystal clear that the CFPB lacks the authority to do so."
By contrast, the Arizona AG submitted a letter, signed by Republican AGs in six other states, that supports the CFPB's proposal, particularly the Product Sandbox. This group of AGs argues that "regulatory systems that fail to keep pace with market innovations unduly burden good-faith participants seeking to follow the law."5 The Arizona AG highlights the success of its own Fintech Sandbox, launched in August 2018,6 but points out that state-level sandboxes cannot provide regulatory certainty with respect to federal law. The Arizona AG is hopeful that the Bureau's proposed Product Sandbox will streamline the regulatory process and promote coordination between federal and state regulators.
National Consumer Law Center
The National Consumer Law Center opposes the CFPB's Policy for reasons similar to those stated in the New York letter but also cites the Arizona sandbox program as a reason to be wary of the Bureau's Policy. The consumer group argues that admission to the Arizona Fintech Sandbox relieves companies from regular supervision by the Arizona Department of Financial Institutions and essentially creates a "black box" giving complete authority to the attorney general to admit or deny applications with no public transparency on the process.
American Bankers Association,U.S. Chamber of Commerce, Consumer Bankers Association, and Housing PolicyCouncil
The Bureau also received several comments from banking and mortgage lending trade associations generally enthusiastic about the Policy. One group of trade associations collectively submitted a comment supporting the Policy but also encouraging the Bureau to align its Policy with the programs of other federal regulators, including the Securities and Exchange Commission and the Commodity Futures Trading Commission. Specifically, the associations recommend that the CFPB (i) strengthen liability protections for firms that comply in good faith with the terms of an NAL or sandbox approval, (ii) proactively coordinate with other regulators (rather than placing the burden on the applicant to identify applicable government authorities), (iii) provide greater assurances of data confidentiality by protecting it from public disclosure under exemptions to the Freedom of Information Act, (iv) formalize process controls to promote transparency and predictability of the NAL and sandbox processes and (v) commit to amending regulations when program experience demonstrates it is warranted.7 The associations seek stronger assurance from the Bureau that an NAL or participation in the Product Sandbox would shield a firm from private litigation and enforcement by other regulators, recommending that the Bureau emphasize deference to its interpretation of consumer financial law "to encourage courts, other regulators, and private litigants to defer to the NAL or Sandbox approval."
Moreover, the trade associations urge the CFPB to clarify some aspects of the proposed Policy. For example, the trade associations suggest that the Bureau illustrate when an applicant should pursue no-action relief as opposed to admission into the Product Sandbox. Relatedly, the Bureau could also clarify whether an applicant seeking approval or exemption relief under ECOA or TILA should also submit a separate application for no-action relief under UDAAP. The trade associations support the Bureau's intent to consider applications from trade associations, service providers and other third parties but request that the CFPB describe the specific steps that a group should take to apply for approval of an NAL or Product Sandbox application and what steps members should take before relying on approval.
Mortgage Bankers Association
A mortgage banking group supporting the Bureau's Policy comments that the CFPB should extend relief to similarly situated companies with those granted relief under an NAL or admitted into the Product Sandbox without the similarly situated companies having to file separate applications. By permitting trade associations to apply on behalf of third parties, the CFPB appears to acknowledge that qualifying for an NAL or sandbox approval depends on the risk associated with a product or service rather than that associated with the individual applicant. Allowing third-party entities to rely on a public NAL or sandbox approval of an entity offering substantially the same product or service would allow additional companies to benefit from the NAL or sandbox determination.
Coalition of HUD Intermediaries
A network of HUD-approved nonprofit housing and community counseling organizations indicates conditional support for the Bureau's Policy. The group believes that the proposed Policy would permit important innovations but that the Policy should only be used to clarify ambiguities in existing regulations. The group envisions the Policy as permitting companies to develop and test innovative programs that do not align within the existing regulatory framework; however, once the new programs are launched and the consumer impacts are evaluated, the group believes that the CFPB should codify its policies through updated regulations.
American Financial ServicesAssociation
A national trade association for the consumer credit industry approves the Bureau's Policy as one with "proper checks and balances."8 The group notes that the CFPB appropriately reserves authority to obtain information regarding the subject of an NAL and may revoke an NAL under certain circumstances. The group also praises the CFPB Product Sandbox, noting that without the specified immunity from enforcement actions, "it is highly unlikely that any financial institutions would even apply."9
Consumer Reporting Agency
A consumer reporting agency anticipates that the CFPB will receive applications from institutions seeking regulatory relief in connection with the use of artificial intelligence and machine learning. The agency encourages the Bureau to watch for specific issues related to artificial intelligence and machine learning: (1) credit scoring systems should be explainable and transparent by generating accurate "reason codes" to allow consumers to understand the factors impacting their scores; (2) alternative data used in connection with scoring systems should be accurate and complete, and consumers should have an opportunity to review and dispute the information; and (3) the credit scoring industry should have an opportunity to demonstrate that specific alternative data will not cause disparate impact before releasing a credit scoring system into the marketplace. The agency proposes that the Bureau create, in addition to the proposed Product Sandbox, an "analytical sandbox" to study the impact of alternative data on protected classes.
1 We discuss the proposed policy at https://www.mayerbrown.com/Bureau-Proposes-Improvements-to-Its-No-Action-Letter-Process-and-a-New-Product-Sandbox-12-21-2018/#_edn1.
3 The letter is available at https://ag.ny.gov/sites/default/files/cfpb_nal_and_sandbox_comment_final.pdf.
Visit us at mayerbrown.com
Mayer Brown is a global legal services provider comprising legal practices that are separate entities (the "Mayer Brown Practices"). The Mayer Brown Practices are: Mayer Brown LLP and Mayer Brown Europe – Brussels LLP, both limited liability partnerships established in Illinois USA; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales number OC 303359); Mayer Brown, a SELAS established in France; Mayer Brown JSM, a Hong Kong partnership and its associated entities in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. "Mayer Brown" and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions.
© Copyright 2019. The Mayer Brown Practices. All rights reserved.
This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.