CFPB Director Rohit Chopra: A Year in Review
It’s been a little over a year since the Senate confirmed Rohit Chopra as the Director of the Consumer Financial Protection Bureau (CFPB).
Previously serving as the Commissioner of the Federal Trade Commission (FTC), Chopra has a proven track record of being an aggressive enforcer of consumer protection. In that role, Chopra pushed for aggressive remedies against lawbreaking companies, especially repeat offenders, and worked to reverse the FTC’s reliance on no-money, no-fault settlements—and is continuing the same strategy at the CFPB as Director.
In his first year as Director of the CFPB, Chopra has taken an aggressive approach to consumer protection through market monitoring inquiries, interpretive rules, circulars, advisory notices, and enforcement actions.
Below is a recap of the Bureau’s most impactful advancements toward consumer protection under Director Chopra.
Table of Contents
- Launched a new way for consumers to petition for agency action
- Expressed and exemplified intent to increase enforcement
- Expanded authority for regulatory oversight and enforcement
- Made fair lending a top priority
- Made advancements toward the regulation of the Buy Now, Pay Later industry
- Issued a series of orders to collect information on Big Tech companies using payment systems
- Focused on data privacy and protection
- Reminded mortgage servicers to protect military servicemembers
- Took several actions toward credit reporting complaints
- Looking ahead: What’s next for the CFPB under Director Chopra?
- Get out ahead of CFPB scrutiny with PerformLine
Launched a new way for consumers to petition for agency action
The CFPB under Director Chopra is taking a consumer-first approach to regulatory compliance oversight and has made it easier for consumers to engage with the Bureau and request regulatory changes. Consumers can now submit a petition for rulemaking via email or direct mail, which will then be posted on public dockets for review and comment.
The CFPB is “committed to transparency and listening to the concerns, suggestions, and ideas of the public it serves. The public’s petitions will help the CFPB identify consumer protection issues worthy of reform, rulemaking, or in need of further clarification.”
Americans should be able to easily exercise their Constitutional rights without hiring a high-priced lawyer or lobbyist. Our new program will broaden access to the agency’s rulemaking process.
—Director Chopra, CFPB
Expressed and exemplified intent to increase enforcement
CFPB Director Chopra has a reputation for being an aggressive enforcer of consumer protection laws when it comes to organizations that disobey them. Since being confirmed, Director Chopra has focused on repeat offenders, prioritized enforcement over consumer education, taken 20 enforcement actions against organizations, and bolstered enforcement by the states.
Reining in repeat offenders
In his testimonial to the Senate Committee on Banking, Housing, and Urban Affairs, Director Chopra spoke to his intent to increase enforcement and crack down on repeat offenders by saying:
I anticipate that the CFPB will sharpen its focus on repeat offenders, particularly those that violate agency or federal court orders. The agency has now entered into a substantial number of orders, largely by consent of the agency and the financial institution, and it will be critical that we closely monitor compliance with these orders. Repeat offenders that violate orders and cause ongoing harm to families and law-abiding businesses must be stopped.
—Director Chopra, CFPB
Fast forward a few months, in a lecture given to students at the University of Pennsylvania Law School, Director Chopra outlined his plans to rein in repeat offenders—or “recidivists” as he describes them—by pivoting to remedies that are more “structural” in nature instead of relying on monetary fines.
Prioritizing enforcement over consumer education
In a session at the Federal Reserve Bank of Philadelphia’s Sixth Annual Fintech Conference, Director Chopra spoke about how he plans to take a more robust approach to enforcement.
In some cases, financial education literacy has made people worse off because they become overconfident…. Financial products are often very challenging to understand…Disclosures are not going to be what fixes it. What is often going to fix it is to eradicate unlawful actors who prey on people.
—Director Chopra, CFPB
Increased enforcement actions
Since being sworn in last year, the CFPB under Director Chopra has already taken 20 enforcement actions—9 of which happened in just the last 4 months alone.
Not only has the number of enforcement actions increased but the penalties have too, with some penalties upwards of almost $200 million.
Bolstered enforcement by states
In May 2022, the CFPB issued an interpretive rule that describes States’ authority to pursue companies that violate provisions of federal consumer protection laws.
The CFPB’s interpretive rule on states’ authority to enforce consumer protection laws confirms that:
- States can enforce the Consumer Financial Protection Act, including the provision making it unlawful for covered persons or service providers to violate any provision of federal consumer financial protection law
- States can pursue claims and actions against a broad range of entities
- CFPB enforcement actions do not put a halt to state actions, and sometimes states bring enforcement actions in coordination with the CFPB
Expanded authority for regulatory oversight and enforcement
Led by Director Chopra, the CFPB took several steps to expand the Bureau’s authority for regulatory oversight and enforcement, including updates to the UDAAP examination manual and invoking a dormant authority to hold nonbank companies accountable for consumer protection.
Added discrimination under the “unfair” prong of UDAAP
In March of 2022, the CFPB updated its supervisory operations to include discriminatory practices as unfair under UDAAP in an attempt to further protect consumers from illegal discrimination in instances where existing fair lending laws may not apply.
According to the CFPB, “discrimination may meet the criteria for ‘unfairness’ by causing substantial harm to consumers that they cannot reasonably avoid, where that harm is not outweighed by countervailing benefits to consumers or competition.”
When a person is denied access to a bank account because of their religion or race, this is unambiguously unfair. We will be expanding our anti-discrimination efforts to combat discriminatory practices across the board in consumer finance.
—Director Chopra, CFPB
Invoked a dormant authority to examine nonbank companies posing risks to consumers
The CFPB invoked a largely unused authority in April 2022 that expands the Bureau’s supervision to nonbank companies that pose risks to consumers (such as fintechs).
There are three types of entities subject to the CFPB’s examination of nonbank companies:
- All nonbank entities in the mortgage, private student loan, and payday loan industries—regardless of size
- “Larger participants” in other nonbank markets for consumer financial products and services, including consumer reporting, debt collection, student loan servicing, international remittances, and auto loan servicing
- Nonbanks whose activities the CFPB has reasonable cause to determine that they pose risks to consumers, regardless of product or service
Given the rapid growth of consumer offerings by nonbanks, the CFPB is now utilizing a dormant authority to hold nonbanks to the same standards that banks are held to. This authority gives us critical agility to move as quickly as the market, allowing us to conduct examinations of financial companies posing risks to consumers and stop harm before it spreads.
—Director Chopra, CFPB
This “new” authority is timely with the growth of bank-fintech partnerships and the banking-as-a-service industry.
Made fair lending a top priority
Chopra has made fair lending a top priority since being confirmed as CFPB Director through new guidelines, advisory opinions, and enforcement actions.
Outlined options to prevent algorithmic bias
In a circular published in May 2022, the CFPB confirmed that federal anti-discrimination law requires companies to explain to applicants the specific reasons for denying an application for credit or taking other adverse actions, even if the creditor is relying on credit models using complex algorithms.
Companies are not absolved of their legal responsibilities when they let a black-box model make lending decisions. The law gives every applicant the right to a specific explanation if their application for credit was denied, and that right is not diminished simply because a company uses a complex algorithm that it doesn’t understand.
—Director Chopra, CFPB
The circular reminds organizations that those who use complex algorithms, including artificial intelligence or machine learning in any aspect of their credit decisions, must still provide a notice that discloses the specific principal reasons for taking adverse action.
Issued an advisory opinion on coverage of fair lending laws
Also in May 2022, the CFPB published an advisory opinion to affirm that the Equal Credit Opportunity Act (ECOA) bars lenders from discriminating against consumers after they received a loan, not just before.
The CFPB’s advisory opinion on ECOA confirms:
- ECOA protects people from discrimination in all aspects of a credit arrangement
- Continues to protect borrowers after they have applied for and received credit
- Requires lenders to provide “adverse action notices” to borrowers with existing credit
Took two enforcement actions against lenders for deliberate discrimination
The first enforcement action, filed in October 2021 in joint with the DOJ and Office of the Comptroller of Currency (OCC), was taken against a mortgage company for redlining and deliberately not marketing, offering, or originating home loans to consumers in minority neighborhoods.
The company was ordered to pay a $5 million penalty and $3.85 million via a loan subsidiary program to increase credit access across neighborhoods impacted by redlining.
The second enforcement action, filed in July 2022 in joint with the DOJ, was against another mortgage company for the same things—redlining and deliberate discrimination against minority neighborhoods.
The company was ordered to pay over $22 million towards civil penalties, into a loan subsidiary program, and to fund advertising in areas impacted by redlining.
Made advancements toward the regulation of the Buy Now, Pay Later industry
Director Chopra joined the Bureau amidst the rapid growth of the Buy Now, Pay Later (BNPL) industry.
In December 2021, the CFPB opened an inquiry into BNPL credit and issued a series of orders to five BNPL companies to collect information on the risks and benefits of these fast-growing loans. When issuing the inquiry, the Bureau stated that it was specifically concerned about accumulating debt, regulatory arbitrage, and data harvesting.
In September 2022, the CFPB published its findings from the inquiry and detailed three main areas of consumer protection risks, including discrete consumer harms, data harvesting, and overextension.
To address consumer harms, the CFPB plans to issue interpretive guidance or rules with the goal of ensuring that BNPL lenders adhere to many of the baseline protections that Congress has already established for credit cards. As part of this review, the agency will also ensure that these lenders, just like credit card companies, are subject to appropriate supervisory examinations.
Issued a series of orders to collect information on Big Tech companies using payment systems
One of Chopra’s first initiatives as Director came off the heels of the FTC’s efforts to “shed light on the business practices of the largest technology companies in the world.”
In October 2021, Director Chopra and the CFPB sought to better understand how Big Tech is using and managing consumer data. by issuing a series of orders to collect information from six companies—Google, Apple, Facebook, Amazon, Square, and PayPal—specifically focused on data harvesting and monetization, access restrictions and user choice, and other consumer protection concerns.
How will these payment platforms ensure that key consumer protections are adhered to? How effectively do they manage complaints, disputes and errors? Are they sufficiently staffed to ensure adequate steps are taken to address consumer protection and provide responsive customer service when things go wrong?
—Director Chopra, CFPB
A few weeks later, the CFPB published a request for comment regarding the inquiry. Then, a few weeks after that, the Bureau published a blog post calling on tech workers to blow the whistle on companies violating the law.
Interpretive rule for digital marketers and consumer protection laws
Most recently, the CFPB issued an interpretive rule in August of 2022 that lays out the grounds for when digital marketing providers for financial firms must comply with consumer protection laws.
According to the press release, “digital marketers acting as service providers can be held liable by the CFPB or other law enforcers for committing unfair, deceptive, or abusive acts or practices as well as other consumer financial protection violations.” This includes any digital marketers who are involved in the identification and selection of prospective consumers or the selection or placement of content to affect a customer’s behavior.
When Big Tech firms use sophisticated behavioral targeting techniques to market financial products, they must adhere to federal consumer financial protection laws. Federal and state law enforcers can and should hold these firms accountable if they break the law.
—Director Chopra, CFPB
The CFPB’s interpretive rule for digital marketers explains that:
- Digital marketers materially involved in the development of the content strategy can be held liable: Financial firms rely on the expertise and tools of digital marketing providers that offer sophisticated analytic techniques, aided by machine learning and advanced algorithms, to process large amounts of personal data and deliver highly targeted ads. Financial firms use behavioral analytics to connect with potential customers. Depending on how sophisticated analytic techniques are designed and implemented, behavioral marketing and advertising could subject firms to legal liability.
- Digital marketers provide material services to financial firms: A material service is one that is significant or important. Digital marketing providers are typically materially involved in the development of content strategy when they identify or select prospective customers or select or place content in order to encourage consumer engagement with advertising. Digital marketers engaged in this type of ad targeting and delivery are not merely providing ad space and time, and they do not qualify under the “time or space” exception.
- The CFPB, states, and other consumer protection enforcers can sue digital marketers to stop violations of consumer financial protection law: Service providers are liable for unfair, deceptive, or abusive acts or practices under the Consumer Financial Protection Act. When digital marketers act as service providers, they are liable for consumer protection law violations.
Focused on data privacy and protection
Data privacy and protection was a top concern for a lot of compliance teams in 2022—turns out, it was a top concern for Director Chopra and the CFPB too.
In August of 2022, the CFPB published a circular that reminds financial institutions that failing to safeguard personal data may count as violating federal consumer financial protection laws. Specifically, financial companies are at risk of violating the Consumer Financial Protection Act if they fail to have adequate measures to protect against data security incidents, says the CFPB.
Financial firms that cut corners on data security put their customers at risk of identity theft, fraud, and abuse. While many nonbank companies and financial technology providers have not been subject to careful oversight over their data security, they risk legal liability when they fail to take commonsense steps to protect personal financial data.
—Director Chopra, CFPB
According to the CFPB’s circular, some examples of failing to provide sufficient data security measures include:
- Not requiring multi-factor authentication or implementing a reasonably secure equivalent
- Inadequate password management policies and practices
- Failure to execute routine system, software, and/or code updates
- Failure to update consumers when notified of a critical vulnerability
The circular explains that the above examples would result in a violation of the Consumer Financial Protection Act because they “are likely to cause substantial injury to consumers that is not reasonably avoidable by consumers, and financial institutions are unlikely to successfully justify weak data security practices based on countervailing benefits to consumers or competition. Inadequate data security can be an unfair practice in the absence of a breach or intrusion.”
Reminded mortgage servicers to protect military servicemembers
In joint with the Department of Justice (DOJ), the CFPB reminded mortgage servicers that they must adhere to the CARES Act and additional legal requirements under the Servicemembers Civil Relief Act.
For the first time since 2016, consumer complaints submitted by military servicemembers increased in 2021—up 64% from 2021, according to our analysis in the Complaint Risk Signal Report.
The letter, sent in December 2021, came in response to this influx of consumer complaints submitted by military servicemembers, families, and veterans on a wide range of mortgage servicing violations, including inaccurate credit reporting, misleading communications to borrowers, and required lump sum payments for reinstating their mortgage loans.
The illegal foreclosures of military families in the last crisis was one of the financial industry’s worst failures. The CFPB will be closely watching mortgage servicers and will hold them accountable for illegal tactics perpetrated against military families.
—Director Chopra, CFPB
Took several actions toward credit reporting complaints
Credit reporting complaints have topped the charts as the most complained about financial products in the CFPB’s complaint database for several years. In 2021, credit reporting accounted for 64% of all complaints submitted by consumers, and currently accounts for 74% of all complaints in 2022 as of September 1st.
To dig into this data, the CFPB released a report detailing consumer complaint responses from the big three credit bureaus and found that although credit bureaus are closing consumer complaints faster, they’re doing so with fewer instances of relief.
America’s credit reporting oligopoly has little incentive to treat consumers fairly when their credit reports have errors. Today’s report is further evidence of the serious harms stemming from their faulty financial surveillance business model.
—Director Chopra, CFPB
Published a list of all credit reporting companies so consumers can keep them accountable
In addition to the big three credit bureaus, the CFPB is making an effort to hold smaller credit reporting companies accountable as well.
In January 2022, the CFPB released its list of credit reporting companies so that consumers can use the information to see what personal information these firms have, dispute inaccuracies, and file lawsuits if the firms are violating the FCRA.
Many companies assemble and sell detailed dossiers about us that can determine whether we can get a loan, job, or an apartment. Americans have limited legal rights they can use to keep tabs on these surveillance companies and hold them accountable when they violate the law.
—Director Chopra, CFPB
Affirmed the ability of states to police credit reporting markets
In June 2022, the CFPB issued another interpretive rule that affirms states’ ability to protect consumers through their own credit reporting laws (this comes after the Bureau expanded the states’ authority to enforce consumer protection laws as mentioned above).
Given the intrusive surveillance that Americans face every day, it is critical that states can protect their citizens from abuse and misuse of data. The legal interpretation issued today makes clear that federal law does not automatically hit delete on state data protections.
—Director Chopra, CFPB
Issued a $19 million enforcement action for credit reporting failures
The Bureau isn’t holding just credit reporting companies accountable but is also holding organizations who furnish data to them accountable, too.
The CFPB took action against Hyundai for repeatedly providing inaccurate information to nationwide credit reporting companies and failing to take proper measures to address inaccurate information once it was identified between 2016 and 2020.
Hyundai was ordered to pay $13.2 million in consumer relief and another $6 million civil penalty fine to the CFPB, totaling a hefty $19 million. Additionally, the company must take the steps to correct all inaccurate information and address procedures to promptly identify and correct inaccurate information.
Looking ahead: What’s next for the CFPB under Director Chopra?
More consumer complaints
Consumers are increasingly aware of their rights and complaints are at an all-time high—there are already over 570k complaints in the CFPB’s database from this year and we still have a few months left in 2022 (for reference, there were 496,019 complaints submitted in 2021).
According to the CFPB, complaint data and analyses are readily available to CFPB staff to support their supervisory, enforcement, and market monitoring activities. By paying close attention to what consumers are saying, you can best position your team to get out ahead and avoid unnecessary scrutiny from regulators at both the state and federal levels.
Increased enforcement actions
Director Chopra is not shy when it comes to using enforcement actions as a means to protect consumers. The Bureau has already taken several large actions this year, and we can likely expect this momentum to continue in 2023.
Focus on BNPL
In the next 12 months, it is likely that the CFPB will continue to focus on its regulation of the BNPL industry as more consumers are raising concerns over the product.
As they noted in their September 2022 report, the CFPB admits that the report is limited to the pay-in-four products which they refer to as “pure players.” The data provided was aggregated and does not provide in-depth individual loan level detail so they could not assess the credit performance from the data collected.
It is possible that they may likely want to go a bit deeper as they consider regulating this product as they do the credit card industry.
Continued regulatory scrutiny around mortgages
With interest rates on the rise, the mortgage industry has had a difficult year and has been working to “right fit” itself while staying relevant for the future. With market conditions in flux, it’s critical that mortgage companies tighten up their compliance programs as the potential risks are high and regulators are still paying attention.
The Bureau will likely continue to keep a close eye on mortgage companies to ensure that there are no claims of deception in advertisements, and that advertised rates are accurate, up-to-date, and have the proper disclosures.
Get out ahead of CFPB scrutiny with PerformLine
As regulatory scrutiny continues to increase under CFPB Director Chopra, having a strong compliance program in place to protect consumers is critical.
With PerformLine’s omni-channel compliance solutions, organizations like yours can proactively monitor all of its marketing materials for regulatory compliance at scale, mitigate risk, and protect your brand.
Learn how you can get out ahead of CFPB regulatory scrutiny and enforcement actions with PerformLine.