By: Dan Frechtling, SVP Marketing and Chief Product Officer
The creation of the CFPB by the Dodd-Frank Act of 2010 not only added another financial regulator, it has changed the dynamics of existing regulators. Like an athletic team that has drafted a new player, the incumbents have found themselves sometimes competing, sometimes collaborating.
Or as one bank panelist at the ETA Transact 15 conference in San Francisco put it last week, “we now have the regulatory Olympics.”
The US regulatory structure for banks is patchy and overlapping compared to other countries. The Federal Reserve (FRB) supervises state-chartered member banks as well as bank, financial, S&L and thrift holding companies. The OCC is the prudential regulator for national banks and federally-chartered thrifts. The FDIC is the prudential regulator for state-chartered member banks and thrifts (see figure 1).
Figure 1: Primary Regulators of US Financial Institutions
|Type of Financial Institutions
|Primary Federal Supervisor
|Bank Holding Companies
|Financial Holding Companies
|S&L/Thrift Holding Companies
|Federally Chartered Thrifts
|State-Chartered Member Banks
of the Federal Reserve System
|Federal Credit Unions
|Fannie Mae, Freddie Mac,
& Federal Home Loan Banks
If only it remained that simple. In addition to the above, the NCUA regulates credit unions. The CFPB has jurisdiction over financial institutions with $10B or more in assets. Its occasional collaborator, the FTC, has enforcement jurisdiction over non-banks. There are more regulators at the state level, but we won’t discuss those here.
Often, the organizations work together. In one example, the CFPB and the prudential regulators will divvy up Civil Investigative Demands (aka CIDs, or administrative subpoenas). Some have facetiously observed a Massachusetts connection among the leadership if the CFPB and OCC.
In a more prominent example, there is a memorandum of understanding (MOU) between the FTC and CFPB. They will work together on industry sweeps to determine if prosecution will occur. This very recently occurred when the two agencies took combined action against mortgage companies.
What happens if this team effort appears in other forms, say the March injunction against Cardflex? In this case, the FTC held a processing company, its owners, and a merchant liable. But the FTC stayed clear of the banks because they lack jurisdiction. The CFPB does have authority over banks, and has a greater willingness to take action against banks when consumers are harmed, as in this case.
As a chief risk officer at one bank observed in research sponsored by G2, “The CFPB has ramped up as fast as any federal agency I’ve seen. They’ve hired 4000 attorneys. Do you think they’ll get more involved in banks? I think so.”
The FTC considers its consent orders to be as guidance for an entire industry, in this case the use of “trial memberships.” This means they have the force of law. If the CFPB prosecutes banks because the FTC cannot, FTC consent orders can become a new set of regulatory guidelines for banks to follow.
Beyond the FTC-CFPB affiliation, the actions of the CFPB are causing cultural changes in other agencies. The agencies in many cases were quite harmonious in the past. As a Transact 15 panelist noted, the OCC has traditionally been bank friendly. The preemption powers under National Bank Act formed a highly desirable charter for banks under the OCC. As evidence to this, joint guidance from the OCC and FRB was not uncommon, such as the 2005 guidance on overdrafts.
But now there’s more disparity today in concerns and values. As a panelist mentioned, “the OCC and Fed reflect different periods in the regulatory regime.” For Thomas Hoenig, vice chairman of the FDIC, this heterogeneity is healthy because it creates a system of checks and balances that allow regulators to confer and even second-guess each other.
Like athletes, bank regulators find themselves competing both together and against each other for influence even as they strive to hold positions. But no matter how much clout and authority shifts, banks need to ensure they’re following best practices like BSA, AML and KYC.