Listen to this post

On February 23, the Consumer Financial Protection Bureau announced its first public decision designating a nonbank lender for supervision based on the institution’s potential risk to consumers. 

According to the Bureau, the installment lender, which operates in 16 states and has more than a thousand branches, has small dollar loans with an average term of 20 months and an average interest rate of 46%, though some of the loans’ APRs were much higher. In its Order, the Bureau found, among other things, that the company does not adequately explain certain optional add-on products to its customers, engages in excessive, harassing, and coercive collection practices, and furnishes inaccurate information to consumer reporting agencies or fails to adequately respond to consumer disputes regarding the accuracy of information it furnishes.

The Order is “not a finding that the entity is guilty of wrongdoing.” But it concludes that there is “reasonable cause” to find the installment lender’s conduct “poses risks to consumers” and accordingly, merits supervision. 

The CFPB’s Risk Based Supervision Program

Section 1024(a)(1)(C) of the Consumer Financial Protection Act gives the Bureau the authority to order supervisory oversight over nonbank covered persons when the Bureau has reasonable cause to determine that the entity is engaging, or has engaged, in conduct that “poses risk to consumers.” While the CFPB has had this authority since its inception, it was never used. In April 2022, Director Chopra announced that the Bureau would begin using this “dormant” authority to supervise nonbanks. How the Bureau would define “risks to consumers” was an open question. 

Unfortunately, the published Order provides little in the way of clarity. In the Order, the Director states that it does not need to determine that an entity has violated federal consumer protection laws or regulations to determine that it has reasonable cause to determine that the entity poses risks to consumers. The Director also notes that “Congress intended to grant the CFPB significant discretion in determining whether the character and magnitude of the risks posed by a particular covered person’s conduct merit supervision.” The Order also states that risk designation can be “based on complaints . . . or information from other sources,” and because Congress did not qualify “complaints” in the statute, the Bureau is not limited by the types of complaints that it can consider. 

Putting It Into Practice: In the CFPB’s 2023 Summer Supervisory Highlights, the CFPB noted that it issued several Notices of Reasonable Cause to supervise entities through its risk-based supervisory powers. Those entities voluntarily consented to the CFPB’s supervisory authority. The institution here did not. Under the Bureau’s procedural rules, the Director has the authority to publicize the final order even though the procedural process is considered confidential supervisory information and its publication could have reputational consequences for a company. This threat of a “public naming and shaming” is simply a way for the Bureau to force companies to voluntarily accept Bureau oversight, and should serve as a warning for companies thinking to challenge the Bureau’s determination of risk-based supervision.