On December 16th, the Office of Inspector General issued a report critical of the CFPB’s policy of regularly sending enforcement attorneys to participate in meetings with the entities under their oversight. The OIG report cited several concerns. The report is available here.
The OIG urged the CFPB to set a specific and detailed policy for the integration of enforcement attorneys into their oversight procedures. Though the CFPB previously issued a policy discussing the general principles of attorney involvement, the OIG reported that the policy “did not sufficiently detail how the approach should be implemented.” The OIG acknowledged certain benefits of the practice, but warned that the potential risks had not been fully considered. The OIG felt that the presence of enforcement attorneys even in initial meeting could have the effect of inhibiting free and open communications between the CFPB and supervised entities.
In addition to an insufficient policy, the OIG noted that the policy in place “was not uniformly distributed to CFPB supervision and enforcement staff.” As a result, the understanding and execution of the policy by CFPB personnel varied considerably. The involvement of attorneys in the many phases of an examination was inconsistent, and the messages delivered to supervised entities about the role of those attorneys were unclear. Also, enforcement attorneys did not receive any formal training on the CFPB’s examination process.
The OIG report also found that the CFPB did not have a set policy regarding enforcement attorneys’ access to supervised entity’s files and systems during examinations. The OIG learned that some CFPB attorneys had obtained direct access to confidential materials, which contained personally identifiable customer information. The report urges the CFPB to establish safeguards for such situations. The first step will be to set specific parameters for when access is necessary. Next, controls or limitations will be needed for such access. These will need to include a way to ensure that access is commensurate with the scope of any examination, that information obtained from such access is handled safely and disseminated only to relevant staff, and that adequate penalties for inappropriate access or use are established.
The CFPB issued a statement in November, just prior to release of the OIG report, indicating that it was discontinuing the practice of regularly sending enforcement attorneys to meetings. It further stated that it is “addressing the concerns raised in this recommendation through its new policy on enforcement attorney integration into examinations.” The OIG responded that it would “follow up on the CFPB’s actions to ensure that the recommendations are fully addressed.”