On June 3, 2024, the Consumer Financial Protection Bureau (CFPB) announced the adoption of its final rule establishing a registry to “detect and deter” corporate offenders that have broken consumer laws and are subject to regulatory or court orders. In December 2022, the CFPB had issued proposed rulemaking and invited comments concerning the creation of a nonbank registry. While RMAI and the broader industry submitted numerous comments containing detailed concerns, the final rule remains substantially similar to what was proposed.

The new rule will:

  1. Require the covered nonbank companies to register with the CFPB, if they are not already registered, when they have been found to violate a consumer law resulting in an administrative agency consent order, court orders, or judgments. [See, section 1092.202(b); page 463 of the rule and commentary.]
  2. Require the covered nonbank company to submit a copy of public orders and judgments to the CFPB. [See, section 1092.202(d); page 464 of the rule and commentary.]
  3. Require a senior executive from the company to provide an annual written statement that the company is complying with the relevant order and/or judgments. [See, section 1092.204; page 466 of the rule and commentary.]

What’s covered:

The rule applies to the extent that the violation of law found, or alleged, “arises out of conduct in connection with the offering or provision of a consumer financial product or service.” Laws that are included within the coverage of this rule include: (i) federal consumer financial laws, (ii) any law the CFPB may exercise enforcement authority, (iii) a prohibition on unfair or deceptive acts or practices (UDAP) under section 5 of the Federal Trade Commission Act, (iv) state UDAP laws, (v) state laws identified in Appendix A of the rule, or (6) a rule issued by a state agency related to (iv) and (v) above. [See, section 1092.201(c); page 458 of the rule and commentary.]

Effective dates:

While the rule is effective on September 16, 2024, it provides for the following phased-in registration submission periods:

  1. Larger Participant CFPB-Supervised Covered Nonbanks register October 16, 2024 through January 14, 2025
  2. Other CFPB-Supervised Nonbanks register January 14, 2025 through April 14, 2025
  3. All Other Covered Nonbanks (i.e., generally covered nonbanks that are not supervised by the CFPB) register April 14, 2025 through July 14, 2025

During each implementation submission period, the applicable covered nonbanks must register all covered orders that have an effective date from January 1, 2017 through the start of the covered nonbank’s submission period AND remain effective as of September 16, 2024.

CFPB’s Statement:

The CFPB indicated in their press statement that it believes:

  • The rule will facilitate better understanding of bad actors that seek to restart a scam, fraudulent scheme, or other illegal conduct that harms the public.
  • The registry will be used by state attorneys general, state regulators, and a range of other law enforcement agencies.
  • The registry will assist investors, creditors, business partners, and members of the public that are conducting due diligence or research on financial firms bound by law enforcement orders.

RMAI’s Position:

RMAI will continue our dialogue with the CFPB as the rule is operationalized to mitigate unintended consequences. RMAI remains concerned that the rule may drive participants within the financial services industry to more aggressively challenge regulatory claims of malfeasance, especially over administrative errors, lack of demonstrable consumer harm, or when regulatory agencies have minimal findings that do not rise to the level of an enforcement action. In the past, these types of actions often resulted in business decisions to enter a consent order to avoid costly and/or time-consuming challenges. However, the cost/benefit analysis of challenging a regulator’s assessment may change due to consent orders being characterized as negative, punitive actions taken by a state or federal agency against a company whose conduct violated the law.

RMAI strongly recommends that its members share this Member Alert with those in their organization who are responsible for their operations, compliance, and legal matters.

This Member Alert is intended for members of the Receivables Management Association International, is for informational purposes only, and is in no way intended to provide legal advice. Members are encouraged to consult with an attorney of their choice for legal advice concerning this matter.