We found that the CFPB and prudential regulators were generally coordinating their regulatory oversight activities for Federal consumer financial laws, consistent with the Dodd‑Frank Act and the provisions of an MOU governing coordination activities. Nonetheless, we determined that there are opportunities for enhanced coordination. We did not identify regulatory duplication of oversight responsibilities. Officials from the CFPB and prudential regulators reported that they were generally satisfied with the level of communication and coordination occurring, which has continued to improve since the inception of the CFPB. These officials also identified challenges to coordinating certain supervisory activities and stated that they continue to discuss opportunities for improved coordination. None of the officials interviewed identified any instances where institutions received duplicative or conflicting supervisory guidance from the CFPB and a prudential regulator.
In accordance with the Dodd-Frank Act, the CFPB assumed exclusive responsibility for examining Very Large institutions for compliance with Federal consumer financial laws. Officials from the prudential regulators confirmed that their agencies were continuing to examine Very Large institutions for laws or areas of law for which they retained responsibility under the Dodd-Frank Act. The CFPB and prudential regulators entered into a MOU in May 2012 (herein referred to as the May 2012 MOU) which governs the CFPB and prudential regulators' coordination and information-sharing activities pertaining to Very Large institutions. The CFPB and prudential regulators shared examination schedules, conducted a limited number of simultaneous examinations,4 and shared draft examination reports for comment and other appropriate supervisory materials.
Based on our interviews, we concluded that the prudential regulators retained responsibility for examining Other institutions for compliance with Federal consumer financial laws, and the CFPB does not examine these institutions. Consistent with the framework established by the Dodd-Frank Act, the CFPB exercises limited oversight of these institutions.
We also found that the CFPB requested information from Very Large and Other institutions in support of its consumer protection and enforcement activities, as allowed by the Dodd-Frank Act. CFPB officials usually notified the prudential regulator in advance of such information requests. None of the officials interviewed were aware of any significant complaints from financial institutions pertaining to these requests. As an example of the feedback provided, officials at prudential regulators reported that some institutions questioned the CFPB's information requests because those institutions did not fully understand the CFPB's role and authority to collect such information. The OCC noted several examples where Other institutions received information requests from the CFPB and erroneously believed they would be examined by the CFPB.
We concluded that there are opportunities for improved coordination between the CFPB and prudential regulators. These opportunities include conducting additional simultaneous examinations, better communicating matters identified in draft supervisory letters among the regulators, establishing a framework to address the potential for conflicting supervisory determinations, developing a standard CFPB process for notifying the prudential regulators of Federal consumer financial law violations by Other institutions, and timely notifying the prudential regulators of CFPB information requests to their regulated institutions. The CFPB and prudential regulators meet periodically to discuss these and other matters.
The CFPB and prudential regulators hold periodic meetings to coordinate supervisory and other activities, consult on rulemakings, and participate in interagency task forces. Key coordination efforts are described below.
MOUs to Facilitate Coordination and Information-Sharing. The CFPB and prudential regulators entered into, or plan to enter into, several MOUs. The May 2012 MOU outlines how the CFPB and prudential regulators should coordinate their supervisory activities with respect to Very Large institutions. The May 2012 MOU seeks to minimize unnecessary regulatory burden, avoid unnecessary duplication of effort, and decrease the risk of conflicting supervisory directives. The CFPB and prudential regulators identified certain items in the MOU that needed to be updated or clarified and discussed these and other activities in bi-weekly conference calls to facilitate coordination and information sharing.5
The May 2012 MOU does not address coordination activities pertaining to Other institutions, as defined in section 1026 of the Dodd-Frank Act, but notes that the agencies are considering memorializing arrangements related to these institutions in another agreement. To date, the CFPB has not focused its efforts on Other institutions. Therefore, neither the CFPB nor the prudential regulators considered establishing an MOU covering Other institutions a top priority.
In addition to the May 2012 MOU, the CFPB established general information-sharing agreements with the FDIC, OCC, and NCUA. These agreements describe the scope of information-sharing between the agencies, how the data will be shared, the security provisions required to protect the data, and processes for requesting data or sharing data with additional parties. The CFPB and Board also have an MOU in place that governs the use, handling, and protection of shared information.6 The CFPB also has MOUs with the Board, OCC, and NCUA for sharing consumer complaints pertaining to their regulated institutions.7 The CFPB and OCC have an MOU for sharing credit card collections data.
Sharing Examination Schedules and Conducting Simultaneous Examinations. Section 1025(e) of the Dodd-Frank Act requires the CFPB and prudential regulators to share examination schedules and conduct simultaneous examinations when possible for Very Large institutions. While the CFPB and prudential regulators share examination schedules, they conducted a limited number of simultaneous examinations.
The CFPB and prudential regulators have implemented processes to share examination schedules. CFPB officials stated that the CFPB shared its 2015 examination schedules with each respective prudential regulator on September 30, 2014.8 The schedules included CFPB contact information, the entity under examination (and its parent), the planned examination dates, the market to be examined, and notes about each examination. Officials from the prudential regulators stated that they generally send their annual examination schedules to the CFPB, from October through December of the preceding year.9 CFPB officials noted variances in the level of detail in these schedules, and stated that the CFPB requested more detailed and consistent schedules from the prudential regulators in September 2014.
The CFPB has conducted simultaneous examinations with the prudential regulators at a limited number of institutions. For example, as of October 2014, the prudential regulators and the CFPB reported that the CFPB conducted simultaneous examinations at five FDIC-supervised institutions, thirteen Board-supervised institutions, and one NCUA-supervised institution.10 The CFPB and prudential regulators exercise continuous supervision at certain Very Large institutions, which would regularly result in ongoing simultaneous examination activity.
Board and OCC officials reported that the Board and OCC strived to conduct simultaneous examinations with the CFPB when their staff examined areas that were related to the CFPB's oversight responsibilities (e.g., when the Board conducted a Community Reinvestment Act examination while the CFPB conducted a Home Mortgage Disclosure Act examination at the same institution).
CFPB officials stated that the CFPB's regional managers maintained ongoing dialogues with the prudential regulators about opportunities for simultaneous examinations, which assisted CFPB's efforts to plan a future year's examination schedule. Nevertheless, officials from the CFPB and prudential regulators noted several reasons why conducting simultaneous examinations could be challenging, such as:
Sharing Draft Examination Reports. Section 1025(e) of the Dodd-Frank Act requires the CFPB and prudential regulators to share draft examination reports for Very Large institutions and permits the receiving agency a reasonable opportunity (at least 30 days) to comment on the draft report before it is finalized by the sending agency. The May 2012 MOU reiterates this requirement. Officials from the CFPB and prudential regulators reported that they were receiving draft examination reports for comment.
Reviewing regulators have had few or no comments on draft examination reports. Board and OCC officials stated that the CFPB's efforts to ensure consistent supervisory decision-making across geographic regions delayed its issuance of examination reports and supervisory letters11 but noted that the CFPB had recently been timelier in sharing examination results. An FDIC official reported similar concerns about the time that it takes the CFPB to finish examination reports, but also noted that timeliness was improving.
Sharing Supervisory Letters. The Dodd-Frank Act does not address supervisory letters. However, the May 2012 MOU requires the CFPB and prudential regulators to share final supervisory letters that convey the results of covered supervisory activities. CFPB and prudential regulator officials reported that they complied with this MOU requirement.
Supervisory letters may identify compliance issues, and are less formal than examination reports. Supervisory letters, unlike examination reports, typically do not communicate a rating to the supervised institution. According to CFPB officials, the CFPB and prudential regulators mutually decided to exclude the sharing of draft supervisory letters in the May 2012 MOU due to the large number of supervisory letters generated by the prudential regulators. The CFPB and prudential regulators informally discuss matters addressed in draft supervisory letters with each other as appropriate, and the CFPB provides final supervisory letters to the prudential regulators and subject financial institutions at the same time.
The CFPB performs targeted reviews, which frequently result in supervisory letters instead of examination reports. Officials from the FDIC, Board, and OCC were satisfied with the current practice of not sharing draft supervisory letters. Officials from the NCUA indicated that they should have the opportunity to review draft supervisory letters, particularly if they contain consumer compliance issues. CFPB officials noted they were amenable to additional information sharing.
In March 2014, the Board-CFPB OIG completed an evaluation of the CFPB's supervisory activities, which recommended that the CFPB pursue negotiations with the prudential regulators with the goal of formally sharing all supervisory materials that result in supervisory actions prior to their issuance. The Board-CFPB OIG found that the CFPB took a significant number of supervisory actions resulting from issues identified in supervisory letters that were not subject to the coordination requirements of the May 2012 MOU, and therefore were not shared with prudential regulators prior to issuance. The Board-CFPB OIG believed the agencies collective decision to exclude additional supervisory outputs, such as supervisory letters, from the requirements outlined in the MOU prevented specific institutions' regulators from receiving prior notice and having the opportunity to comment on certain supervisory actions. The Board-CFPB OIG concluded that an opportunity existed to broaden the scope of the May 2012 MOU to include the sharing of draft supervisory letters, which relate to covered activities, to foster enhanced and timelier coordination. The CFPB and prudential regulators continued to discuss this and other matters during the interagency bi-weekly meetings. CFPB officials noted that any changes to the MOU would require approval by all parties to the agreement and that at this time, no changes to the MOU are planned.
Conflicting Supervisory Determinations. Section 1025(e)(3) of the Dodd-Frank Act allows Very Large institutions to request the CFPB and prudential regulators to coordinate with each other in the event they issue proposed supervisory determinations that conflict. Section 1025(e)(4) allows a Very Large institution to enter into an appeals process if the CFPB and prudential regulator cannot reach a consensus. None of the regulators were aware of any such conflicting supervisory determinations.12
Currently, there is no framework to address conflicting supervisory determinations. The CFPB and prudential regulators have discussed whether additional guidance is necessary to handle conflicting supervisory determinations but have not reached a consensus on the matter. CFPB officials reported that the regulators work together to avoid any conflicting supervisory determinations and public disagreement. Further, officials from the CFPB and prudential regulators stated that the agencies resolve potential disagreements through regular interagency coordination and the examination report comment process.
Enforcement Proceedings. Section 1025(c)(1) of the Dodd-Frank Act provides the CFPB with primary enforcement authority to enforce Federal consumer financial laws, with respect to Very Large institutions. Section 1025(c)(2) allows the prudential regulators to recommend in writing that the CFPB initiate an enforcement proceeding against a Very Large financial institution in connection with Federal consumer financial laws. Section 1025(c)(3) allows the prudential regulators to exercise back-up enforcement authority if the CFPB does not act within 120 days of receiving such a recommendation. None of the prudential regulators had requested the CFPB to initiate an enforcement action of a Very Large institution as of October 2014.
CFPB officials stated that while there is no formal coordination policy, the CFPB's Enforcement unit informally coordinates with the prudential regulators. CFPB officials stated that CFPB staff notified the appropriate prudential regulators about investigations and enforcement actions that it was pursuing.
Coordination efforts pertaining to enforcement actions are not addressed in the May 2012 MOU, nor do the CFPB and prudential regulators believe this MOU should be amended to address this matter. The CFPB and prudential regulators agreed to limit the May 2012 MOU to supervisory coordination matters and handle enforcement issues, which often present different risks and legal considerations, on a case-by-case basis.
The CFPB has made limited use of its oversight authority of Other institutions. CFPB officials noted that the agency prioritized the examination of activities at Very Large institutions based upon risk to consumers, and that under the Dodd-Frank Act, the prudential regulators retained examination and enforcement authority of Federal consumer financial laws for Other institutions. The following sections describe the CFPB's oversight authority and activities pertaining to Other institutions.
Participating in Examinations. Section 1061(c) of the Dodd-Frank Act grants the prudential regulators exclusive authority to examine Other institutions for compliance with Federal consumer financial laws, except as provided in sections 1026(b) and (c). These two sections allow the CFPB to require reports from Other institutions and include examiners on a sampling basis of the examinations performed by the prudential regulators to assess compliance with Federal consumer financial laws.
Officials from the CFPB and prudential regulators confirmed that the CFPB was not involved in examining Other institutions. The CFPB has not requested to include any examiners on a sampling basis as part of examinations performed by the prudential regulators, nor did the agency envision doing so at this time unless consumer compliance concerns arise. Accordingly, the CFPB and prudential regulators currently do not plan to implement procedures to include CFPB examiners in examinations conducted by the prudential regulators.
Sharing Reports. Section 1026(b) of the Dodd-Frank Act allows the CFPB Director to require institutions with assets of $10 billion or less to furnish the CFPB with reports (including examination reports) to carry out its functions specified in section 1026(b). Section 1026(b)(1) requires the CFPB to use existing and publicly available reports to the fullest extent possible.
Officials from the prudential regulators stated that they share draft and final examination reports with the CFPB upon request. The CFPB requested a limited number of examination reports pertaining to Other institutions and the CFPB received those reports. CFPB officials stated that the CFPB uses pre-existing and publicly available reports when possible, but the information the CFPB requires is not always available in such reports.
Enforcement Proceedings. With limited exceptions, section 1026(d) of the Dodd-Frank Act provides that the prudential regulators retain exclusive enforcement authority with respect to Other institutions' compliance with Federal consumer financial laws. If the CFPB has reason to believe that such institutions engaged in a material violation of a Federal consumer financial law, the CFPB is required to notify the prudential regulator in writing and recommend appropriate action to respond. This section of the Dodd-Frank Act also requires the relevant prudential regulator to respond in writing to the CFPB's recommendation within 60 days.
We found that while the CFPB stated that it provided notifications to prudential regulators in some cases, the CFPB did not track or have a standard process for providing notifications or recommendations to the prudential regulators.13 The CFPB stated that it was in the process of developing such a policy. We understand the policy will define the circumstances when the CFPB should send a written notification and recommendation to a prudential regulator, and establish a mechanism for tracking these communications.
In addition to sections 1025 and 1026 of the Dodd-Frank Act, sections 1022 (rulemaking), 1024 (non-depository institutions), and 1052 (enforcement investigations) allow the CFPB to request information from Very Large and Other institutions, to fulfill its mandate.
CFPB staff contact selected financial institutions when seeking information about consumer product lines or services (e.g., mortgage or student loans) to compare product features or pricing. CFPB officials also followed up with financial institutions that commented on rulemakings, requested feedback on market monitoring activities, and surveyed institutions about their compliance with consumer protection regulations. As of March 2015, the CFPB indicated that it issued six horizontal review requests (two mandatory and four voluntary), to Very Large and Other institutions.14
At the time of our review, communication and coordination activities were informal. The CFPB is not required to contact the prudential regulators prior to reaching out to financial institutions. Nevertheless, CFPB officials stated that the CFPB notified the relevant prudential regulator prior to requesting information from financial institutions, except when issuing third-party Civil Investigative Demands (CID).15 The CFPB may issue a CID to Other institutions to obtain information about a third-party institution under investigation. The CFPB noted that third-party CIDs do not involve safety and soundness issues and, unless there is a need for the prudential regulator to know or the matter involves a joint investigation, the costs of notification may outweigh the benefits. Board officials noted that it was not a common practice for the CFPB or the Board to share information about CIDs due to the sensitive nature of the information involved in such matters. Recently, however, the CFPB and Board have begun sharing some details about CIDs.
Of the four prudential regulators, officials from the FDIC and Board reported that CFPB officials typically notified them prior to contacting their regulated institutions. Board officials noted that the CFPB has improved in timely notifying the Board when it reached out to the Board's regulated institutions. OCC officials were unsure of the frequency of CFPB information requests but were aware of several institutions with assets of $10 billion or less that the CFPB contacted directly, without contacting the OCC. NCUA officials told us they were unaware of any CFPB information requests.
Officials from the prudential regulators were not aware of any complaints from the financial institutions regarding CFPB information requests. CFPB officials noted that they were not aware of any significant complaints. For example, officials from three prudential regulators stated that some institutions questioned CFPB's information requests because the institutions did not fully understand the CFPB's role or believed they would be examined by the CFPB. Neither officials from the CFPB nor the prudential regulators were aware of any feedback from institutions that CFPB's information requests overlapped those of the prudential regulators.
***
In conclusion, we found that the CFPB and prudential regulators were generally coordinating their supervisory efforts, and we did not identify instances of regulatory overlap. Nevertheless, there were opportunities for improved coordination, as noted in this memorandum. Because this was a limited-scope review, we made the determination that formal recommendations will not be made in this memorandum.
We appreciate the cooperation and assistance from agency staff during this review.
Sincerely,
/Signed/
Fred W. Gibson, Jr.
Acting Inspector General
Federal Deposit Insurance Corporation
/Signed/
Mark Bialek
Inspector General
Board of Governors of the Federal Reserve System and Consumer Financial Protection Bureau
/Signed/
Eric M. Thorson
Inspector General
Department of the Treasury
/Signed/
James W. Hagen
Inspector General
National Credit Union Administration
