CFPB Issues Supervisory Compliance Bulletin
By Anna DeSimone
Bulletin Reminds Companies of Existing Legal Responsibilities Regarding Treatment of Confidential Supervisory Information
January 27, 2015 the Consumer Financial Protection Bureau (CFPB) issued a bulletin to remind supervised financial institutions, including nonbank companies that may be unfamiliar with federal supervision, of existing regulatory requirements regarding confidential supervisory information. The CFPB supervises companies to determine their compliance with federal consumer financial laws, to assess risks to consumers, and to help ensure a fair and transparent marketplace for consumers.
The CFPB has supervisory authority over banks and credit unions with assets over $10 billion, and their affiliates. The Bureau is also the first federal agency with supervisory authority over certain nonbank financial companies such as mortgage lenders and servicers, payday lenders, and private student lenders, as well certain large debt collectors, consumer reporting agencies, student loan servicers, and international remittance providers.
The bulletin provides guidance on what types of information constitute confidential supervisory information. The bulletin also explains that disclosure of confidential supervisory information is not allowed, with limited exceptions.
The CFPB is aware that some supervised financial institutions may have entered into non-disclosure agreements that purport to restrict the institution from sharing information with a regulator, or to require the institution to notify a third party when it shares information. However, the bulletin explains that provisions in non-disclosure agreements do not alter or limit the Bureau’s existing supervisory authority or the supervised financial institution’s obligations relating to confidential supervisory information.
Key Points
The bulletin was issued as a reminder that, with limited exceptions, persons in possession of confidential information, including confidential supervisory information (CSI), may not disclose such information to third parties. More particularly, this bulletin:
• Sets forth the definition of CSI;
• Provides examples of CSI;
• Highlights certain legal restrictions on the disclosure of CSI; and
• Explains that private confidentiality and non-disclosure agreements (NDAs) neither alter the legal restrictions on the disclosure of CSI nor impact the CFPB’s authority to obtain information from covered persons and service providers in the exercise of its supervisory authority.
Definition of CSI
Under the CFPB’s regulations, “confidential supervisory information” means:
• Reports of examination, inspection and visitation, non-public operating, condition, and compliance reports, and any information contained in, derived from, or related to such reports;
• Any documents, including reports of examination, prepared by, or on behalf of, or for the use of the CFPB or any other Federal, State, or foreign government agency in the exercise of supervisory authority over a financial institution, and any supervision information derived from such documents;
• Any communications between the CFPB and a supervised financial institution or a Federal, State, or foreign government agency related to the CFPB’s supervision of the institution;
• Any information provided to the CFPB by a financial institution to enable the CFPB to monitor for risks to consumers in the offering or provision of consumer financial products or services, or to assess whether an institution should be considered a covered person, as that term is defined by 12 § U.S.C. 5481, or is subject to the CFPB’s supervisory authority; and/or
• Information that is exempt from disclosure pursuant to 5 U.S.C. § 552(b)(8).
CSI does not include documents prepared by a financial institution for its own business purposes and that the CFPB does not possess.
Examples of CSI
Supervised financial institutions and other persons that may come into possession of CSI should understand what constitutes CSI in order to comply with the applicable rules. Examples of CSI include, but are not limited to:
• CFPB examination reports and supervisory letters;
• All information contained in, derived from, or related to those documents, including an institution’s supervisory Compliance rating;
• Communications between the CFPB and the supervised financial institution related to the CFPB’s examination of the institution or other supervisory activities; and
• Other information created by the CFPB in the exercise of its supervisory authority.
Thus, CSI includes any workpapers or other documentation that CFPB examiners have prepared in the course of an examination. CSI also includes supervisory information requests from the CFPB to a supervised financial institution, along with the institution’s responses. In addition, any CFPB supervisory actions, such as memoranda of understanding between the CFPB and an institution, and related submissions and correspondence, are CSI.
Disclosure of Confidential Information Generally Prohibited
Subject to limited exceptions, supervised financial institutions and other persons in possession of CSI of the CFPB may not disclose such information.
Exceptions to General Prohibition on Disclosure of CSI
There are certain exceptions to the general prohibition against disclosing CSI to third parties. A supervised financial institution may disclose CSI of the CFPB lawfully in its possession to:
• Its affiliates;
• Its directors, officers, trustees, members, general partners, or employees, to the extent that the disclosure of such CSI is relevant to the performance of such individuals’ assigned duties;
• The directors, officers, trustees, members, general partners, or employees of its affiliates, to the extent that the disclosure of such CSI is relevant to the performance of such individuals’ assigned duties;
• Its certified public accountant, legal counsel, contractor, consultant, or service provider.
Supervised financial institutions may also in certain instances disclose CSI to others with the prior written approval of the Associate Director for Supervision, Enforcement, and Fair Lending, or his or her delegee (Associate Director). The recipient of CSI shall not, without the prior written approval of the Associate Director, utilize, make, or retain copies of, or disclose CSI for any purpose, except as is necessary to provide advice or services to the supervised financial institution or its affiliate. Moreover, any supervised financial institution or affiliate disclosing CSI shall take reasonable steps as specified in the regulations to ensure that the recipient complies with the rules governing CSI.
Please refer to the CFPB Bulletin for additional information
About the Author:
Anna DeSimone is President and Founder of Bankers Advisory and Principal of CliftonLarsonAllen LLP.
Anna DeSimone founded Bankers Advisory in 1986 and is a nationally recognized authority in residential mortgage lending. She has received numerous industry awards and has authored more than 40 best practices guides and hundreds of articles.
Comments are closed.