By Heidi C. Salow and Micah R. Thorner, DLA Piper
This article originally appeared as a DLA Piper E-Commerce and Privacy Alert. It is reprinted here with permission
The Obama Administration's proposed sweeping changes to financial services regulation include the creation of a new consumer-protection bureau—The Consumer Financial Protection Agency. The plans have raised questions about the potential for new disclosure standards in the financial-services industry. In this article, Heidi Salow and Micah Thorner of DLA Piper provide a brief overview of the proposed CFPA and the privacy uncertainties the plans present.
Addressing the Obama Administration’s proposals to reform financial regulation in the U.S., Barney Frank (D-MA), Chairman of the House Financial Services Committee, promised to report legislation which would create a new Consumer Financial Protection Agency (CFPA) before the House adjourned for its August recess at the end of July.
This proposed new agency would be authorized to concentrate, in one agency, many of the consumer protection powers over mortgages and credit cards that now are spread across as many as 10 federal regulators. The Obama Administration proposal is set forth in a Department of the Treasury report, “Financial Regulatory Reform: A New Foundation” (Report).
The report reflects the Obama Administration’s view that a broad reorganization of the way the government regulates its financial system and protects consumers is necessary because consumer protection has allegedly taken a back seat to other aspects of bank regulation. This view follows the issuance, in the waning months of the Bush Administration, of strong credit card regulations by the Federal Reserve Board, compounded by the recent enactment of legislation that threatens to dramatically alter the existing business model that has historically governed the credit card industry.
The CFPA would be charged with ensuring that consumers have clear information about the financial products or services they purchase, as well as protecting them from any deception they might encounter when purchasing such products. The proposed legislation suggests that the agency could accomplish these objectives by requiring lenders to make safer, “plain vanilla” products clearly available to consumers, while stepping up scrutiny on alternative products. The agency would be empowered to issue new regulations requiring financial disclosure documents to “balance communication” of the relative merits of the products or services, “prominently disclose significant risks and costs,” and communicate those risks and costs in a “clear, concise, and timely” manner. In short, the Administration proposes a reform of financial services regulations that purport to integrate the consumer perspective, by rule, into the marketing and sale of financial services and products.
These reforms have many legislators and businesses very worried. Some of their key concerns about the proposal include:
1. Broad authority over financial products. Under the terms of President Barack Obama’s plan, the new agency would have sweeping authority over providers of financial products, including banks and credit card companies. The authorization language in the proposal is very broad and so the precise impact of any forthcoming regulations is difficult to gauge. Nonetheless, many in the financial services industry have expressed grave concerns about whether this proposal will add yet another layer of regulation and whether the federal government, in the form of CFPA, will soon be dictating the terms of the products the industry offers—for example, the rate and fees that can be charged to credit card customers—and whether rules that are virtually unreviewable could meaningfully alter their business models and threaten their economic viability. In addition, given the broad language used to define the concepts of financial services and products in this new proposed statute, and the extensive delegation of authority provided to this new agency by the contemplated legislative provisions, it is possible that jurisdiction may be asserted over products and services not traditionally seen to be within the scope of conventional financial services and products. One consequence of being subject to such jurisdiction would include the possibility of non-recognition of an agreement to arbitrate.
2. New regulator with less knowledge. The proposal removes responsibility for consumer protection from the existing federal banking agencies and Federal Trade Commission and sequesters it in a new federal agency with no other defined purpose other than to “promote transparency, simplicity, fairness, accountability, and access in the market for consumer products or services.” The CFPA would be charged with protecting consumers of credit, savings, payment, and other consumer financial products and services, except for investment products and services currently regulated by the SEC. The FTC would retain authority for dealing with fraud, remain the lead agency for data security, and have backup authority for the CFPA. The new agency, however, would become responsible for privacy protection related to financial products, services, and transactions.
Because the CFPA’s supervisory, examination, and enforcement authority would extend to all persons and entities covered by the statutes it implements, as well as by statutes with no or limited rule-writing authority (such as the Fair Credit Reporting Act [FCRA] or Gramm-Leach-Bliley Act [GLBA]), all federal and state-chartered depository institutions, bank affiliates, and other nonbanking institutions would fall within its jurisdiction despite the new agency’s limited knowledge of financial regulations issued across multiple federal agencies. In other words, critics contend, the new agency would have enforcement authority without the necessary technical and institutional expertise to successfully protect consumers. It should be added that enforcement authority for this new agency not only contemplates the ability to litigate free of the Justice Department in federal courts, but also to represent itself before the United States Supreme Court following notice to the U.S. Attorney General.
Because most, if not all, financial services products would be regulated by one agency, it is possible that such a structure would give the CFPA only some of the information it would need for effective regulation, making the whole system weak and inefficient.
3. New disclosure standard creates uncertainty for financial services companies. In March 2007, eight federal regulators (the Board of Governors of the Federal Reserve System, the Commodity Futures Trading Commission, the Federal Deposit Insurance Corporation, the Federal Trade Commission, the National Credit Union Administration, the Office of the Comptroller, the Office of Thrift Supervision and the Securities and Exchange Commission) requested comment on a model privacy form (Model Form) that financial institutions would be able to use for their privacy notices to consumers, as required by GLBA. The agencies made clear that use of the Model Form (expected to be finalized in August) would be entirely voluntary but would allow entities to qualify for a safe harbor. Achievement of safe harbor status would depend on vigorous adherence to the content and format requirements set forth in the proposed rule, however. The information contained in the proposed Model Form is highly standardized, permitting very little variation among entities’ disclosures about their information-sharing practices. The Administration’s proposal would potentially limit the ability of financial service providers to obtain this safe harbor by using the Model Form. The Administration’s Report proposes that the CFPA enact regulations:
* making all mandatory disclosure forms clear, simple, and concise;
* requiring that disclosures and communications with customers be clear and reasonable; and
* allowing the CFPA to use technology to make disclosures more dynamic and relevant.
The plan would require financial service providers to present disclosures that are “technically compliant, non-deceptive, and reasonable.” To satisfy this new standard, marketing materials, notices (including privacy notices), and other consumer communications would have to identify any significant product risks, and a provider that failed to meet this duty would be subject to action by the CFPA. When introducing a new product or service, a provider would risk liability—even for using a Model Form—unless the provider obtained a “no action letter” or waiver from the CFPA.
In light of these specific proposals for consumer notices and communications, it is unclear at this early juncture whether the proposed Model Form will become obsolete.
Given the role that abusive and overly complex exotic mortgage products played in sparking the financial crisis, at first glance an independent agency dedicated to consumer financial protection might not seem terribly radical. But the true impact of such a new federal bureaucracy, operating with a singular purpose yet in the absence of any true institutional context, lies in the many details to be unveiled as the legislative process evolves. Already, many serious questions have arisen, with answers yet to come.