If your organization might have violated a consumer financial protection law, should it disclose that potential violation to the Consumer Financial Protection Bureau? It seems that at least one CFPB insider believes that the potential violation should be self-reported.
At today’s meeting of the Consumer Financial Services Committee in San Francisco, Peggy Twohig, CFPB Assistant Director, Office of Supervision Policy, offered a few remarks on whether a covered entity should self-report conduct where the law is not clear on whether the conduct violates consumer financial protection law. In concluding that an entity should self-report even these “grey issues,” Twohig noted that covered entities should consider that the CFPB may discover the issue in a exam. If the covered entity first self-reported the issue, it would allow for “a dialog” and engagement on what the appropriate result should be.
Twohig noted that self-reporting by US Bank weighed heavily in the CFPB’s decision to forgo imposing civil penalties against the institution for violating consumer financial services laws.
Twohig’s analysis offers a peek into the CFPB’s goals for self-reporting first laid out in its Bulletin 2013-06 titled Responsible Business Conduct: Self-Policing, Self-Reporting, Remediation and Cooperation. Clearly, if there is any question whether your entity should self-report, the CFPB believes it should err on the side of self-reporting.
Early this summer, Joann Needleman provided her analysis of the Bulletin, noting several “grey” areas within the Fair Debt Collection Practices Act and the challenges the Bulletin poses when deciding when to self-report. As Joann wrote, these grey areas are created by differing court rulings — what may be compliant in Jersey City, NJ, for example, would be non-compliant two miles away in Manhattan.
When building and executing a Compliance Management System, entities subject to the FDCPA should consider whether self-reporting should include its decision to adopt an operational model compliant with one set of case law, but non-compliant under another line of cases. Self-reporting may avoid, in the worst case, civil penalties, should the CFPB determine the conduct does violate a consumer financial protection law, despite court decisions finding the conduct compliant.
What do you think?