Skip to Navigation
Skip to Main content
OIG Home
OIG Home

IN THIS SECTION

Skip SHARE THIS PAGE section Skip STAY CONNECTED section

CFPB Report: 2015-SR-X-009 June 1, 2015

Coordination of Responsibilities Among the Consumer Financial Protection Bureau and the Prudential RegulatorsóLimited Scope Review

available formats

  • Executive Summary:

    HTML
  • Full Report:

    PDF | HTML

Results of Review

We found that the CFPB and prudential regulators were generally coordinating their regulatory oversight activities for Federal consumer financial laws, consistent with the Dodd‑Frank Act and the provisions of an MOU governing coordination activities. Nonetheless, we determined that there are opportunities for enhanced coordination. We did not identify regulatory duplication of oversight responsibilities. Officials from the CFPB and prudential regulators reported that they were generally satisfied with the level of communication and coordination occurring, which has continued to improve since the inception of the CFPB. These officials also identified challenges to coordinating certain supervisory activities and stated that they continue to discuss opportunities for improved coordination. None of the officials interviewed identified any instances where institutions received duplicative or conflicting supervisory guidance from the CFPB and a prudential regulator.

In accordance with the Dodd-Frank Act, the CFPB assumed exclusive responsibility for examining Very Large institutions for compliance with Federal consumer financial laws. Officials from the prudential regulators confirmed that their agencies were continuing to examine Very Large institutions for laws or areas of law for which they retained responsibility under the Dodd-Frank Act. The CFPB and prudential regulators entered into a MOU in May 2012 (herein referred to as the May 2012 MOU) which governs the CFPB and prudential regulators' coordination and information-sharing activities pertaining to Very Large institutions. The CFPB and prudential regulators shared examination schedules, conducted a limited number of simultaneous examinations,4 and shared draft examination reports for comment and other appropriate supervisory materials.

Based on our interviews, we concluded that the prudential regulators retained responsibility for examining Other institutions for compliance with Federal consumer financial laws, and the CFPB does not examine these institutions. Consistent with the framework established by the Dodd-Frank Act, the CFPB exercises limited oversight of these institutions.

We also found that the CFPB requested information from Very Large and Other institutions in support of its consumer protection and enforcement activities, as allowed by the Dodd-Frank Act. CFPB officials usually notified the prudential regulator in advance of such information requests. None of the officials interviewed were aware of any significant complaints from financial institutions pertaining to these requests. As an example of the feedback provided, officials at prudential regulators reported that some institutions questioned the CFPB's information requests because those institutions did not fully understand the CFPB's role and authority to collect such information. The OCC noted several examples where Other institutions received information requests from the CFPB and erroneously believed they would be examined by the CFPB.

We concluded that there are opportunities for improved coordination between the CFPB and prudential regulators. These opportunities include conducting additional simultaneous examinations, better communicating matters identified in draft supervisory letters among the regulators, establishing a framework to address the potential for conflicting supervisory determinations, developing a standard CFPB process for notifying the prudential regulators of Federal consumer financial law violations by Other institutions, and timely notifying the prudential regulators of CFPB information requests to their regulated institutions. The CFPB and prudential regulators meet periodically to discuss these and other matters.

Coordination Activities for Very Large Institutions

The CFPB and prudential regulators hold periodic meetings to coordinate supervisory and other activities, consult on rulemakings, and participate in interagency task forces. Key coordination efforts are described below.

MOUs to Facilitate Coordination and Information-Sharing. The CFPB and prudential regulators entered into, or plan to enter into, several MOUs. The May 2012 MOU outlines how the CFPB and prudential regulators should coordinate their supervisory activities with respect to Very Large institutions. The May 2012 MOU seeks to minimize unnecessary regulatory burden, avoid unnecessary duplication of effort, and decrease the risk of conflicting supervisory directives. The CFPB and prudential regulators identified certain items in the MOU that needed to be updated or clarified and discussed these and other activities in bi-weekly conference calls to facilitate coordination and information sharing.5

The May 2012 MOU does not address coordination activities pertaining to Other institutions, as defined in section 1026 of the Dodd-Frank Act, but notes that the agencies are considering memorializing arrangements related to these institutions in another agreement. To date, the CFPB has not focused its efforts on Other institutions. Therefore, neither the CFPB nor the prudential regulators considered establishing an MOU covering Other institutions a top priority.

In addition to the May 2012 MOU, the CFPB established general information-sharing agreements with the FDIC, OCC, and NCUA. These agreements describe the scope of information-sharing between the agencies, how the data will be shared, the security provisions required to protect the data, and processes for requesting data or sharing data with additional parties. The CFPB and Board also have an MOU in place that governs the use, handling, and protection of shared information.6 The CFPB also has MOUs with the Board, OCC, and NCUA for sharing consumer complaints pertaining to their regulated institutions.7 The CFPB and OCC have an MOU for sharing credit card collections data.

Sharing Examination Schedules and Conducting Simultaneous Examinations. Section 1025(e) of the Dodd-Frank Act requires the CFPB and prudential regulators to share examination schedules and conduct simultaneous examinations when possible for Very Large institutions. While the CFPB and prudential regulators share examination schedules, they conducted a limited number of simultaneous examinations.

The CFPB and prudential regulators have implemented processes to share examination schedules. CFPB officials stated that the CFPB shared its 2015 examination schedules with each respective prudential regulator on September 30, 2014.8 The schedules included CFPB contact information, the entity under examination (and its parent), the planned examination dates, the market to be examined, and notes about each examination. Officials from the prudential regulators stated that they generally send their annual examination schedules to the CFPB, from October through December of the preceding year.9 CFPB officials noted variances in the level of detail in these schedules, and stated that the CFPB requested more detailed and consistent schedules from the prudential regulators in September 2014.

The CFPB has conducted simultaneous examinations with the prudential regulators at a limited number of institutions. For example, as of October 2014, the prudential regulators and the CFPB reported that the CFPB conducted simultaneous examinations at five FDIC-supervised institutions, thirteen Board-supervised institutions, and one NCUA-supervised institution.10 The CFPB and prudential regulators exercise continuous supervision at certain Very Large institutions, which would regularly result in ongoing simultaneous examination activity.

Board and OCC officials reported that the Board and OCC strived to conduct simultaneous examinations with the CFPB when their staff examined areas that were related to the CFPB's oversight responsibilities (e.g., when the Board conducted a Community Reinvestment Act examination while the CFPB conducted a Home Mortgage Disclosure Act examination at the same institution).

CFPB officials stated that the CFPB's regional managers maintained ongoing dialogues with the prudential regulators about opportunities for simultaneous examinations, which assisted CFPB's efforts to plan a future year's examination schedule. Nevertheless, officials from the CFPB and prudential regulators noted several reasons why conducting simultaneous examinations could be challenging, such as:

  • The CFPB's role and interagency coordination activities were still evolving.
  • Given the distinct statutory responsibilities of the CFPB and prudential regulators, simultaneous examinations may not be beneficial in instances when each regulator examines specific activities under its own jurisdiction. In such instances, there would be limited overlap.
  • Examination scheduling by the CFPB may be driven by risk-based consumer compliance issues, resulting in narrowly-focused exams, while examination scheduling by the prudential regulators may be driven by a broad number of compliance-related issues. 
  • The CFPB may not examine a given institution at all in a given year unless a consumer compliance issue exists. The prudential regulators may be required to examine certain financial institutions at different intervals for consumer compliance.
  • One prudential regulator reported that the CFPB has limited flexibility to adjust its examination dates, which makes it more difficult to coordinate simultaneous examinations. When possible, the prudential regulator noted that it had changed its scheduled examination dates, enabling it to perform simultaneous examinations with the CFPB
  • The CFPB noted that some institutions requested that a simultaneous examination not be performed because of resource constraints at the supervised institution. 
  • The CFPB and NCUA had concurrent oversight of only two Very Large federal credit unions.

Sharing Draft Examination Reports. Section 1025(e) of the Dodd-Frank Act requires the CFPB and prudential regulators to share draft examination reports for Very Large institutions and permits the receiving agency a reasonable opportunity (at least 30 days) to comment on the draft report before it is finalized by the sending agency. The May 2012 MOU reiterates this requirement. Officials from the CFPB and prudential regulators reported that they were receiving draft examination reports for comment.

Reviewing regulators have had few or no comments on draft examination reports. Board and OCC officials stated that the CFPB's efforts to ensure consistent supervisory decision-making across geographic regions delayed its issuance of examination reports and supervisory letters11 but noted that the CFPB had recently been timelier in sharing examination results. An FDIC official reported similar concerns about the time that it takes the CFPB to finish examination reports, but also noted that timeliness was improving.

Sharing Supervisory Letters. The Dodd-Frank Act does not address supervisory letters. However, the May 2012 MOU requires the CFPB and prudential regulators to share final supervisory letters that convey the results of covered supervisory activities. CFPB and prudential regulator officials reported that they complied with this MOU requirement.

Supervisory letters may identify compliance issues, and are less formal than examination reports. Supervisory letters, unlike examination reports, typically do not communicate a rating to the supervised institution. According to CFPB officials, the CFPB and prudential regulators mutually decided to exclude the sharing of draft supervisory letters in the May 2012 MOU due to the large number of supervisory letters generated by the prudential regulators. The CFPB and prudential regulators informally discuss matters addressed in draft supervisory letters with each other as appropriate, and the CFPB provides final supervisory letters to the prudential regulators and subject financial institutions at the same time.

The CFPB performs targeted reviews, which frequently result in supervisory letters instead of examination reports. Officials from the FDIC, Board, and OCC were satisfied with the current practice of not sharing draft supervisory letters. Officials from the NCUA indicated that they should have the opportunity to review draft supervisory letters, particularly if they contain consumer compliance issues. CFPB officials noted they were amenable to additional information sharing.

In March 2014, the Board-CFPB OIG completed an evaluation of the CFPB's supervisory activities, which recommended that the CFPB pursue negotiations with the prudential regulators with the goal of formally sharing all supervisory materials that result in supervisory actions prior to their issuance. The Board-CFPB OIG found that the CFPB took a significant number of supervisory actions resulting from issues identified in supervisory letters that were not subject to the coordination requirements of the May 2012 MOU, and therefore were not shared with prudential regulators prior to issuance. The Board-CFPB OIG believed the agencies collective decision to exclude additional supervisory outputs, such as supervisory letters, from the requirements outlined in the MOU prevented specific institutions' regulators from receiving prior notice and having the opportunity to comment on certain supervisory actions. The Board-CFPB OIG concluded that an opportunity existed to broaden the scope of the May 2012 MOU to include the sharing of draft supervisory letters, which relate to covered activities, to foster enhanced and timelier coordination. The CFPB and prudential regulators continued to discuss this and other matters during the interagency bi-weekly meetings. CFPB officials noted that any changes to the MOU would require approval by all parties to the agreement and that at this time, no changes to the MOU are planned.

Conflicting Supervisory Determinations. Section 1025(e)(3) of the Dodd-Frank Act allows Very Large institutions to request the CFPB and prudential regulators to coordinate with each other in the event they issue proposed supervisory determinations that conflict. Section 1025(e)(4) allows a Very Large institution to enter into an appeals process if the CFPB and prudential regulator cannot reach a consensus. None of the regulators were aware of any such conflicting supervisory determinations.12

Currently, there is no framework to address conflicting supervisory determinations. The CFPB and prudential regulators have discussed whether additional guidance is necessary to handle conflicting supervisory determinations but have not reached a consensus on the matter. CFPB officials reported that the regulators work together to avoid any conflicting supervisory determinations and public disagreement. Further, officials from the CFPB and prudential regulators stated that the agencies resolve potential disagreements through regular interagency coordination and the examination report comment process.

Enforcement Proceedings. Section 1025(c)(1) of the Dodd-Frank Act provides the CFPB with primary enforcement authority to enforce Federal consumer financial laws, with respect to Very Large institutions. Section 1025(c)(2) allows the prudential regulators to recommend in writing that the CFPB initiate an enforcement proceeding against a Very Large financial institution in connection with Federal consumer financial laws. Section 1025(c)(3) allows the prudential regulators to exercise back-up enforcement authority if the CFPB does not act within 120 days of receiving such a recommendation. None of the prudential regulators had requested the CFPB to initiate an enforcement action of a Very Large institution as of October 2014.

CFPB officials stated that while there is no formal coordination policy, the CFPB's Enforcement unit informally coordinates with the prudential regulators. CFPB officials stated that CFPB staff notified the appropriate prudential regulators about investigations and enforcement actions that it was pursuing.

Coordination efforts pertaining to enforcement actions are not addressed in the May 2012 MOU, nor do the CFPB and prudential regulators believe this MOU should be amended to address this matter. The CFPB and prudential regulators agreed to limit the May 2012 MOU to supervisory coordination matters and handle enforcement issues, which often present different risks and legal considerations, on a case-by-case basis.

Coordination Activities for Other Institutions

The CFPB has made limited use of its oversight authority of Other institutions. CFPB officials noted that the agency prioritized the examination of activities at Very Large institutions based upon risk to consumers, and that under the Dodd-Frank Act, the prudential regulators retained examination and enforcement authority of Federal consumer financial laws for Other institutions. The following sections describe the CFPB's oversight authority and activities pertaining to Other institutions.

Participating in Examinations. Section 1061(c) of the Dodd-Frank Act grants the prudential regulators exclusive authority to examine Other institutions for compliance with Federal consumer financial laws, except as provided in sections 1026(b) and (c). These two sections allow the CFPB to require reports from Other institutions and include examiners on a sampling basis of the examinations performed by the prudential regulators to assess compliance with Federal consumer financial laws.

Officials from the CFPB and prudential regulators confirmed that the CFPB was not involved in examining Other institutions. The CFPB has not requested to include any examiners on a sampling basis as part of examinations performed by the prudential regulators, nor did the agency envision doing so at this time unless consumer compliance concerns arise. Accordingly, the CFPB and prudential regulators currently do not plan to implement procedures to include CFPB examiners in examinations conducted by the prudential regulators.

Sharing Reports. Section 1026(b) of the Dodd-Frank Act allows the CFPB Director to require institutions with assets of $10 billion or less to furnish the CFPB with reports (including examination reports) to carry out its functions specified in section 1026(b). Section 1026(b)(1) requires the CFPB to use existing and publicly available reports to the fullest extent possible.

Officials from the prudential regulators stated that they share draft and final examination reports with the CFPB upon request. The CFPB requested a limited number of examination reports pertaining to Other institutions and the CFPB received those reports. CFPB officials stated that the CFPB uses pre-existing and publicly available reports when possible, but the information the CFPB requires is not always available in such reports.

Enforcement Proceedings. With limited exceptions, section 1026(d) of the Dodd-Frank Act provides that the prudential regulators retain exclusive enforcement authority with respect to Other institutions' compliance with Federal consumer financial laws. If the CFPB has reason to believe that such institutions engaged in a material violation of a Federal consumer financial law, the CFPB is required to notify the prudential regulator in writing and recommend appropriate action to respond. This section of the Dodd-Frank Act also requires the relevant prudential regulator to respond in writing to the CFPB's recommendation within 60 days.

We found that while the CFPB stated that it provided notifications to prudential regulators in some cases, the CFPB did not track or have a standard process for providing notifications or recommendations to the prudential regulators.13 The CFPB stated that it was in the process of developing such a policy. We understand the policy will define the circumstances when the CFPB should send a written notification and recommendation to a prudential regulator, and establish a mechanism for tracking these communications.

CFPB Information Requests Pertaining to Very Large and Other Institutions

In addition to sections 1025 and 1026 of the Dodd-Frank Act, sections 1022 (rulemaking), 1024 (non-depository institutions), and 1052 (enforcement investigations) allow the CFPB to request information from Very Large and Other institutions, to fulfill its mandate.

CFPB staff contact selected financial institutions when seeking information about consumer product lines or services (e.g., mortgage or student loans) to compare product features or pricing. CFPB officials also followed up with financial institutions that commented on rulemakings, requested feedback on market monitoring activities, and surveyed institutions about their compliance with consumer protection regulations. As of March 2015, the CFPB indicated that it issued six horizontal review requests (two mandatory and four voluntary), to Very Large and Other institutions.14

At the time of our review, communication and coordination activities were informal. The CFPB is not required to contact the prudential regulators prior to reaching out to financial institutions. Nevertheless, CFPB officials stated that the CFPB notified the relevant prudential regulator prior to requesting information from financial institutions, except when issuing third-party Civil Investigative Demands (CID).15 The CFPB may issue a CID to Other institutions to obtain information about a third-party institution under investigation. The CFPB noted that third-party CIDs do not involve safety and soundness issues and, unless there is a need for the prudential regulator to know or the matter involves a joint investigation, the costs of notification may outweigh the benefits. Board officials noted that it was not a common practice for the CFPB or the Board to share information about CIDs due to the sensitive nature of the information involved in such matters. Recently, however, the CFPB and Board have begun sharing some details about CIDs.

Of the four prudential regulators, officials from the FDIC and Board reported that CFPB officials typically notified them prior to contacting their regulated institutions. Board officials noted that the CFPB has improved in timely notifying the Board when it reached out to the Board's regulated institutions. OCC officials were unsure of the frequency of CFPB information requests but were aware of several institutions with assets of $10 billion or less that the CFPB contacted directly, without contacting the OCC. NCUA officials told us they were unaware of any CFPB information requests.

Officials from the prudential regulators were not aware of any complaints from the financial institutions regarding CFPB information requests. CFPB officials noted that they were not aware of any significant complaints. For example, officials from three prudential regulators stated that some institutions questioned CFPB's information requests because the institutions did not fully understand the CFPB's role or believed they would be examined by the CFPB. Neither officials from the CFPB nor the prudential regulators were aware of any feedback from institutions that CFPB's information requests overlapped those of the prudential regulators.

***

In conclusion, we found that the CFPB and prudential regulators were generally coordinating their supervisory efforts, and we did not identify instances of regulatory overlap. Nevertheless, there were opportunities for improved coordination, as noted in this memorandum. Because this was a limited-scope review, we made the determination that formal recommendations will not be made in this memorandum.

We appreciate the cooperation and assistance from agency staff during this review.

Sincerely,

/Signed/
Fred W. Gibson, Jr.
Acting Inspector General
Federal Deposit Insurance Corporation

/Signed/
Mark Bialek
Inspector General
Board of Governors of the Federal Reserve System and Consumer Financial Protection Bureau

/Signed/
Eric M. Thorson
Inspector General
Department of the Treasury

/Signed/
James W. Hagen
Inspector General
National Credit Union Administration

 

  • 4. A simultaneous examination generally is one where material portions of the examinations by the prudential regulator and CFPB are conducted during a concurrent time period to facilitate coordination and information-sharing. Examination activities may be carried out on- or off-site by either regulator. Return to text 
  • 5. The bi-weekly meetings were initially conducted to identify any potential changes to the MOU governing coordination activities and have been discontinued as of August 18, 2014. No updates to the MOU are currently planned. The CFPB now holds separate meetings with each prudential regulator to coordinate supervisory and other activities. Return to text
  •  6. These MOUs and agreements may also apply to information-sharing by the regulators pertaining to Other institutions. Return to text
  •  7. Credit unions may be regulated by NCUA or a state supervisory authority. Coordination requirements discussed in this memorandum cover NCUA-regulated credit unions. Credit unions regulated by a state supervisory authority have separate MOUs with the CFPB. Return to text
  •  8. The CFPB shares information about its full-scope examinations with the prudential regulators. The CFPB is not required to, nor does the CFPB, share examination schedules with the NCUA pertaining to its targeted reviews. Return to text
  •  9. OCC reported that before sharing a consolidated examination schedule for all relevant institutions, examination staff at Very Large institutions share the examination schedule for each institution with their CFPB staff counterparts when the examination strategies for the following year are finalized, which occurs typically by June. Return to text 
  • 10. NCUA officials noted that while one credit union was examined by the CFPB and NCUA at the same time, the regulators did not coordinate with one another and questioned whether this occurrence met the intent of a simultaneous examination as described in the May 2012 MOU. Return to text 
  • 11. The CFPB established examination reporting timeliness requirements, which included a timeliness milestone for sharing approved draft examination reports with the prudential regulators. However, a Board-CFPB OIG report found that the CFPB did not consistently meet its timeliness requirements. For further details, see The CFPB Can Improve the Efficiency and Effectiveness of Its Supervisory Activities, 2014-AE-C-005, March 27, 2014. Return to text 
  • 12. The Board and CFPB noted an instance in which different supervisory ratings were issued to the same financial institution; however, the two agencies and the bank agreed that the ratings were not in conflict because the scope and timing of the examinations differed. Return to text 
  • 13. The Board-CFPB OIG intends to issue a management letter to the CFPB that will address the issue of written notifications and recommendations to the prudential regulators. Return to text
  •  14. Horizontal reviews look across multiple entities to examine issues arising from particular products or practices and determine whether supervisory measures or enforcement actions are needed. Return to text 
  • 15. Pursuant to section 1052(c)(1) of the Dodd-Frank Act, the CFPB is authorized to issue a CID requiring information "whenever the Bureau has reason to believe that any person may be in possession, custody, or control of any documentary material or tangible things, or may have any information, relevant to a violation." Return to text