Delete the CFPB? Be Careful What You Wish For

David Silberman is currently a professional dilettante serving as a Lecturer in Law at Yale Law School, a Senior Fellow at the Center for Responsible Lending, a Senior Advisor for the Financial Health Network, and an informal advisor to other non-profits and start-ups. From 2011-2020, he served as the Associated Director for Research, Markets, and Regulations at the CFPB. Before joining the CFPB, David worked for the better part of twenty years in and around financial services, first for the AFL-CIO and then for Kessler Financial Services.

The CFPB is once again under attack, and this time real damage may be done–to the financial services industry as well as to consumers.. 

Last Friday, on the same day that representatives of DOGE were reported to have arrived at the CFPB, Elon Musk – who in November tweeted "delete the CFPB" – posted "CFPB RIP" on X with a picture of a gravestone. Friday night, newly-confirmed OMB Director Russell Vought – who has said that “We want the bureaucrats to be traumatically affected” so that they will “not want to go to work because they are increasingly viewed as the villain” – was appointed CFPB’s Acting Director. Within hours, the home page of the CFPB website went dark and one day later CFPB employees were directed to suspend all supervision, enforcement, and stakeholder engagement activities. This is tantamount to shutting down the agency and placing substantially all CFPB employees on administrative leave–albeit without using those terms. Indeed, as of February 10th, CFPB employees have been instructed not to report to work at CFPB headquarters.

Controversy has surrounded the CFPB since its inception. That controversy has largely focused on what the CFPB has done and how it has gone about doing its work. As a former leader of the CFPB, I obviously am in the camp that believes the CFPB has been a force for good in the lives of consumers and also in the working of consumer finance markets. Although I would not attempt to justify every single rule the Bureau has promulgated or every single enforcement action it has initiated – no agency is perfect – I believe its accomplishments are legion and far outweigh what I would view as an occasional misstep.

The point of this piece, however, is not to defend the CFPB’s record or even to argue for the importance of its mission – a point acknowledged by even some of the CFPB’s most vociferous critics, such as the Consumer Bankers Association. Nor do I want to explore here the multiple legal impediments that would stand in the way of any attempt to “delete” the CFPB through administrative – as distinguished from legislative – action.^[1] Rather, I want to explain why the demise of the CFPB would lead to a regulatory vacuum – one that would favor large depository institutions and non-depository financial institutions over community banks and credit unions. Ultimately, that vacuum would destabilize the financial system.

Abhorring a Vacuum

To understand this risk, let’s review how the regulatory system was structured before the enactment of the Dodd-Frank Act and the changes the law made in that system. 

Between the enactment of the Truth in Lending Act in 1968 and the CARD Act in 2009, Congress adopted a myriad of federal consumer financial protection laws. Virtually all of those laws authorized an administrative agency to issue implementing regulations to carry out the law’s purposes. For the most part, the Federal Reserve Board was the designated rule writer, although the Federal Trade Commission (FTC) and the Department of Housing and Urban Development (HUD) each had rulemaking authority under certain statutes and a few laws divided rulemaking authority across multiple agencies, with each empowered to issue rules applicable to financial institutions within its jurisdiction.^[2]

Legislative rules issued by these agencies had the force of law, defining with particularity the legal obligations of financial institutions. Compliance with such rules also operated effectively as a safe harbor from private liability under many of the laws, as Congress often – and sensibly – blocked liability for any actions taken by a financial institution in a good faith effort to comply with the rules or interpretations issued by the agency with rulemaking authority.^[3]

In addition to providing for private rights of action, to assure compliance with these various laws and regulations, prudential regulators were responsible for conducting compliance examinations of the depository institutions within their respective jurisdictions and bringing enforcement actions where appropriate. Non-depositories were not subject to any federal supervision, although the FTC and HUD were authorized to enforce certain laws with respect to non-depositories. 

Title X of the Dodd-Frank Act – denominated the “Consumer Financial Protection Act of 2010” (CFPA) sought to create a more coherent and consistent regulatory framework. It did this in two ways. First, of course, it created the CFPB and vested it with certain authorities. These include (a) rulemaking authority with respect to substantially all the federal consumer financial protection laws;^[4] (b) supervisory and enforcement authority over large depository institutions, i.e., those with assets above $10 billion;^[5] (c) supervisory authority with respect to non-depository financial institutions if those institutions operate in certain markets delineated by statute or are larger participants in other markets as defined by rule by the CFPB;^[6] and (d) enforcement authority with respect to all non-depository financial institutions.^[7]

Second, the CFPA amended 27 separate statutes, largely divesting authority from agencies that had been responsible for rulemaking, supervision, or enforcement so that, with few exceptions, the CFPB would have the exclusive authority to issue regulations, supervise, and enforce federal consumer financial protection laws. 

The most important exception to this regime of exclusive CFPB authority involves small depositories – banks and credit unions with under $10 billion in assets. Those institutions were expressly excluded from the CFPB’s supervisory and enforcement authority.^[8] Instead, the prudential regulators continue to enjoy the authority, and the responsibility, to monitor compliance through supervisory examinations and to bring enforcement actions where appropriate with respect to those institutions. This includes authority under the preexisting laws and the Dodd-Frank Act including, most notably, § 1031 of the CFPA, the section that prohibits “unfair, deceptive, and abusive acts and practices.”

The Consequences of Deletion 

Against this background, if the CFPB were somehow to be “deleted” or defunded, two consequences would immediately and necessarily follow.

First, the existing body of regulations – included everything the CFPB recodified when it was created and every new rule issued over the past 13+ years – would be frozen in place. No agency would have the authority to amend those rules or promulgate new ones. This regulatory vacuum would have multiple ramifications,some large and some small. 

• The most immediate and concrete consequence would be to bring to a halt the process of adopting annual inflation adjustments for the various thresholds that exist to define coverage under multiple rules – a function that the CFPB is tasked with performing. As a result, more and more small financial institutions – community banks, credit unions, and fintech start-ups, would lose their exemption from regulatory coverage each year. 

• More importantly, creating this regulatory vacuum would mean that no agency would have the authority to adjust existing rules, or adopt new rules, to respond to new products and new marketing and delivery methods that are emerging in the digital age. To the extent those products fall outside existing laws and regulations, traditional financial institutions would be increasingly disadvantaged vis-a-vis non-banks and tech companies. To the extent those products fall within the literal terms of existing laws and regulations, innovation would be stymied by the application to digital products of requirements written for the analog world. Indeed, in the past two years the CFPB has received 50 petitions urging the Bureau either to amend existing regulations or to adopt new ones, including petitions from the Community Home Lenders Association,^[9] Mortgage Bankers Association,^[10] American Bankers Association,[^11] and Consumers Bankers Association.^[12] Were the CFPB to be “deleted,” no agency could consider the merits of those petitions.

• Finally, absent an authorized rulewriter, no agency would have the authority to respond should a macroeconomic event arise that stresses the financial system. As the financial crisis was unfolding, the Board stepped in – albeit quite belatedly in the eyes of many – to adopt rules to stem some of the problematic practices fueling the crisis.^[13] More recently, at the onset of the pandemic, the CFPB moved swiftly to modify rules and regulatory expectations to accommodate the massive dislocation in the economy that was taking place.^[14] Deleting the CFPB thus would impose a straitjacket on the regulatory system at times when flexibility was most needed.

Second, “deleting” the CFPB would tilt the regulatory playing field decidedly in favor of large depository institutions and non-depositories and against community banks and credit unions. The large banks – including trillion-dollar organizations like JP Morgan Chase, Bank of America, and Wells Fargo – would no longer be subject to supervision for compliance with consumer protection laws, nor would they be subject to public enforcement actions for non-compliance. because the CFPA transferred those authorities to the CFPB. Without the CFPB, there would be no one policing these banks. The non-depository financial institutions that compete directly with banks, including, the large independent mortgage banks, auto finance company lenders, and money transmitters, also would no longer be subject to supervision at the federal level. 

In contrast, community banks and credit unions would continue to be subject to compliance examinations and enforcement actions by their prudential regulators, who would continue to have the legal duty to monitor the compliance of the institutions within their jurisdiction, Indeed, community banks and credit unions would be the only financial institutions effectively prohibited from engaging in UDAAPs, since that prohibition would be enforceable only against them.

There is one further factor that would add to this regulatory imbalance. Under the CFPA, state attorneys general are authorized to bring enforcement actions to enforce both the Act itself and also regulations issued thereunder.^[15] However, there is an important limitation on this authority: with respect to national banks, state attorney generals can enforce only “a regulation prescribed by the Bureau” under the CFPA and not the statute itself.^[16] This means, for example, that attorney generals can pursue a state-chartered organization – and the vast majority of community banks and credit unions are state-chartered – for committing a UDAAP whereas national banks – again including the largest institutions – face no such risk as there are no CFPB rules prescribing UDAAPs.

Haste Makes Waste

If Congress for some reason wanted to recreate the hodgepodge of regulatory authorities that existed prior to the enactment of the CFPA or, worse yet, wanted to dilute consumer protections and create a less intense regulatory regime, it could do so by amending the CFPA and the various consumer protection laws as it deemed appropriate. But “deleting” the CFPB – as Acting Director Voght seems to be attempting to do–would create both regulatory vacuums and vast distortions in the market. Thus, even the most zealous opponents of financial regulation should be careful what they wish for when they call for, or take steps towards, deleting the CFPB.

The opinions shared in this article are the author’s own and do not reflect the views of any organization they are affiliated with.

^[1] Suffice it to note that the Dodd-Frank Act imposes on the Director of the CFPB a wide set of mandatory duties, including the duty to submit annual reports to Congress with respect to its fair lending, financial literacy, complaint handling, and market monitoring activities. See 12 U.S.C. §§ 5493 (b)(1)(research); 5493(b)(2) (assistance to “traditionally underserved consumers”); 5493(b)(3) (complaint handling);5493(c) (fair lending); 5493(d) (financial education); 5493(e)(initiatives for service members); 5493(f)(protection of seniors); 5512(c)(3) (market monitoring); 5514 (examination of non-depositories). Most of the other grants of authority to the Director are, in terms, permissive, but a Director’s blanket decision to refrain from exercising all of these authorities would also flout Congress’ intent, especially given the Director’s obligation to report semi-annually to Congress on, e.g., significant rules adopted and plans for future rulemaking and on the Bureau’s public enforcement actions. 12 U.S.C. § 5496(b). 

^[2] The problem with this regime, in which companies offering essentially the same services were potentially subject to vastly different requirements, were highlighted in 2009 when the Board, the Office of Thrift Supervision, and the National Credit Union Administration issued a rule declaring certain common practices in the credit card market to be unfair or deceptive at least when engaged in by card issuers within the jurisdiction of those agencies, while leaving the same practices unregulated when engaged in by issuers regulated exclusively by the OCC or the FDIC.

^[3] E.g., 15 U.S.C. § 1640(f) (Truth in Lending Act); 15 U.S.C. § 1693m(d) (Electronic Fund Transfer Act); 15 U.S.C. § 1691e(e) (Equal Credit Opportunity Act)

^[4] 12 U.S.C. § 5512(b).

^[5] 12 U.S.C. § 5515.

^[6] 12 U.S.C. § 5514(a),(b) . The CFPB also can examine a non-depository if it determines that the entity has engaged in conduct that poses risks to consumers.

^[7] 12 U.S.C. § 5514(c).

^[8] 12 U.S.C. § 5516.

^[9] See Petition for Rulemaking Requesting a Rule to Clarify Mortgage Trigger Lead Provisions 

^[10] See Request to Conduct Rulemaking on Regulation X Early Intervention Requirements and Loss Mitigation Procedures

^[11] See Petition for Rulemaking - American Bankers Association, et al. - Larger Participant Rule (Section 1033 of Dodd-Frank Act)

^[12] See Petition for Rulemaking - CRL/CBA - Larger Participant Rulemaking. The CBA petition was submitted jointly with the Center for Responsible Lending and the author of this article participated in drafting that petition.

^[13] 73 Fed. Reg. 44522 (July 30, 2008).

^[14] 85 Fed. Reg. 39055 (June 20, 2020); (COVID 19-related loss mitigation options); 85 Fed. Reg. 23619 (May 4, 2020) (rescission rights during the pandemic); 85 Fed. Reg, 23217 (April 27, 2020) (treatment of pandemic payments).

^[15] 12 U.S.C. § 1042(a).

^[16] 12 U.S.C. § 1042(b).

Open Banker curates and shares policy perspectives in the evolving landscape of financial services for free.

If an idea matters, you’ll find it here. If you find an idea here, it matters. 

Interested in contributing to Open Banker? Send us an email at [email protected].