Negotiating the Enforcement Maze: A CFPB Civil Investigative Demand

04 April 2013 Consumer Class Defense Counsel Blog

The Consumer Financial Protection Bureau (CFPB or Bureau), through its Office of Enforcement, may conduct inquiries of institutions or persons to investigate compliance with the federal consumer financial laws for which it is responsible. The CFPB currently has many such investigations underway. The CFPB’s basic investigative tool is a Civil Investigative Demand (CID), or a demand for documents and written answers to questions. A CID also may seek tangible things, reports, or oral testimony in an investigational hearing. The CID will specify the enforcement staff involved, instructions for dealing with the dreaded electronically stored information (ESI), and the deadline for response (which is typically fairly short). 

The CFPB’s Rules Relating to Investigations (Rules) describe the CFPB’s investigative processes, including the CID. While the Rules provide an important framework — and it is critical to be mindful of CFPB deadlines and procedural requirements — there are also important practical considerations beyond the Rules themselves.

Addressing a Problematic CID

Consideration should be given to assessing compliance concerns and engaging in active negotiations with the CFPB right away. A CID can be expansive, requesting “all documents” on a broadly worded subject. Compliance can be burdensome, particularly regarding ESI. If you are facing a problematic CID, you have two basic options: negotiate the terms of compliance with the Bureau or petition the Director to set aside or modify the CID. This can be a difficult decision, but must be made quickly.  The Bureau will not consider a petition to set aside or modify a CID unless you have engaged in the meet and confer process — set forth in the Rules and described below — and then will only consider issues raised in the meet and confer. Yet a CID recipient generally has only 20 calendar days in which to challenge a CID by petition. The Bureau disfavors extensions of this deadline, which it specifically intends to prompt recipients to make a quick decision on whether they intend to comply with the CID. 

The Meet and Confer Process

The Rules provides for a meet and confer between the parties within 10 calendar days of serving a CID (or before the petition deadline, whichever is earlier) to discuss and attempt to resolve all compliance issues. 

The Director and Assistant Director of the Office of Enforcement have the authority to negotiate and approve the terms of compliance with CIDs and grant extensions for good cause. They are not required to (and typically will not) attend the meet and confer itself, but must approve any request for modification or extension.

Be prepared to be specific about your concerns. The more detail you can provide to substantiate the burden you have identified, the better. The Bureau staff may not take you at face value about the burden of accessing records or generating reports but instead expect a full and coherent description of the relevant business units, organization structure, electronic systems, etc., to assess your concerns.  In some circumstances, it may be appropriate for personnel with the relevant knowledge, such as someone who is familiar with your ESI systems, to participate in the meet and confer. Consider offering specific alternatives rather than simply identifying overbroad requests. Likewise, be prepared to identify areas of the CID where you can and will comply.

Some investigators will dialogue with you about their specific concerns, whereas others will hold their cards much closer to the vest.

There are numerous possible areas to explore in the meet and confer, and no one size fits all. Consideration should be given to the scope, burden, and timing of compliance. Dodd-Frank does not provide the right to recover the costs of defending against an investigation, but you may be able to do at least some damage control through the negotiation process. Possible issues to raise at the meet and confer include:  rewording CID definitions or requests to focus more effectively on relevant information; whether the CID requires the production of ESI and, if so, for which requests or custodians; a “rolling” document production schedule; and a reasonable extension of time for compliance.

At the conclusion of the meet and confer, the CFPB staff must seek approval for your requests from the Director or Assistant Director of the Office of Enforcement. Typically, the staff will have you put your requests in writing. You will receive a written decision. Review it carefully — even if you are granted some relief, it is not unusual for the details to deviate somewhat from what was discussed at the meet and confer. The Director may even substitute an old request for a new element entirely.

Reassess your ability to comply with the CID. In some circumstances, it may be appropriate to re-engage the CFPB in the meet and confer process. This is more likely to be successful if you have already collected and produced at least some information and documents, preferably a strong showing, to the CFPB. 

Petitioning the Director

The other option is to petition the Director to modify or set aside the CID. There is tension in this regard. The CFPB unquestionably weighs its investigative process toward resolution by negotiation and agreement, and the Director has proven unlikely to grant a petition. On the other hand, there is no other mechanism for objecting to a CID if the meet and confer process is unfruitful; the CID instructions provide that the only basis for withholding information responsive to the CID is that of privilege. Thus, there is some risk that failing to file a petition may result in the waiver of any objections to the CID.

A petition to modify or set aside a CID must include all factual and legal objections to the CID, including all appropriate arguments, affidavits, and other supporting documentation. An attorney objecting to a demand must sign any objections. You must also provide a signed statement providing detail regarding your good-faith efforts to resolve the issues raised by the petition and identifying the unresolved issues. The timely filing of a petition will stay the time permitted for compliance with the portion challenged.

In response, the Director may affirm the CID, modify it, or set it aside. If the petition is denied in whole or in part, the ruling will specify a new return date.

There is no provision for additional independent review of a Director’s decision on a petition. If the CFPB wants to enforce the CID, it must move for a court order. Typically, there will be an opportunity to negotiate further with the CFPB before it moves in this direction. If a resolution is still not possible, the controversy will be decided by a more neutral party — a federal district court judge — but most judges will be expecting a defending CID recipient to have a persuasive and well-documented reason for non-compliance. Indeed, the Bureau is authorized to seek civil contempt or other relief in cases where a court order enforcing a CID has been violated.

Conclusion

If you receive a CID, get on top of it right away and evaluate the feasibility, burdens, and risks of compliance. Develop a strategy and timetable for trying to resolve the concern that led the Bureau to issue the CID in the first place. While a CID can be frustrating and a lot of work, it also may present an opportunity to iron out a compliance wrinkle, and even allow you to begin to establish a good long-term relationship with this regulatory body.

Foley & Lardner’s Consumer Financial Services Litigation Practice

Foley & Lardner LLP has a full-service litigation practice that includes a dedicated group of trial and regulatory lawyers with in-depth experience negotiating and defending enforcement actions in the consumer financial services arena.

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.

Related Services

Insights

A Review of Recent Whistleblower Developments
19 July 2019
Legal News: Whistleblower Developments
Cloud security inadequate for Cyber threats, are you surprised?
19 July 2019
Internet, IT & e-Discovery Blog
Blockchain: A Tool With a Future in Healthcare
18 July 2019
Health Care Law Today
Do You Know What IMMEX Stands For?
16 July 2019
Dashboard Insights
Review of 2020 Medicare Changes for Telehealth
11 December 2019
Member Call
2019 NDI Executive Exchange
14-15 November 2019
Chicago, IL
MAGI’s Clinical Research Conference
29 October 2019
Las Vegas, NV
Association for Corporate Counsel Annual Meeting 2019
27-30 October 2019
Phoenix, AZ