How to Successfully Resolve a CFPB Investigation: Strategies Derived from Recent Victories

How to Successfully Resolve a CFPB Investigation:
Strategies Derived from Recent Victories
Anthony E. DiResta
Partner, Washington, D.C.
(202) 282-5782
adiresta@winston.com
Brought to you by Winston & Strawn’s CFPB Response Team
March 5, 2014

© 2014 Winston & Strawn LLP 2
• Recent CFPB investigations with successful outcome (closure; no
action)
– What was faced
• Almost two-year process
• CID and Warning Letter
• Review and production of hundreds of thousands of
documents
• Complying with CFPB e-discovery production protocol
• Review of emails from employees, including senior company
officials
• Responding to interrogatories
• Creating reports containing sensitive business information
• Depositions or “investigational hearings”
• Submissions of legal positions and a formal “white paper”
• Meetings and negotiations with CFPB staff
Overview

• Recent involvement in CFPB supervisory examinations (concluding
in solid ratings)
– What was faced
• Information Request (comprehensive and resource intensive)
• Meetings with CFPB lawyers and auditors
• On-site visits by CFPB, including interviews with senior
company officials
• Producing documents and information in an expedited fashion
• Providing legal submissions
• Meetings with CFPB staff concerning vulnerabilities
discovered and risks presented
Overview

• To determine what worked to obtain these successful
outcomes
• To discuss the lessons learned from successful CFPB
investigations, examinations, and audits
• To outline effective strategies and “best practices” in dealing
with CFPB inquiries
Goals for this presentation

• This presentation is intended to be practical, “in the trenches,”
“nuts and bolts.”
• Focus: Investigations
• But, consider supervisory examinations or audits by the CFPB
as “investigations.” The game is the same.
Goals for this presentation

• Anatomy of a CFPB investigation
• Anatomy of a CFPB supervisory examination
• Effectively negotiating with CFPB at the outset
• Appropriately and effectively producing documents and information to
the CFPB
• Strategically dealing with CFPB investigational hearings
• Effectively communicating with CFPB staff and authoring compelling
submissions after compliance with the CID or inquiry
• Effectively and appropriately communicating with CFPB staff during
NORA process
• Critical Points (or key takeaways)
– Advocacy before the CFPB
– Risk management
AGENDA

Anatomy of a CFPB investigation

CFPB has almost identical procedures
to those used by FTC:
CFPB “drew most heavily from the FTC’s nonadjudicative
procedures in constructing the” RULES RELATING TO
INVESTIGATIONS BY THE CFPB.
Note: Former FTC staff now in senior positions at CFPB, and
current relationship between FTC’s Division of Financial
Practices and CFPB Enforcement Division. E.g., Peggy Twohig,
Office of Supervision Policy, Assistant Director; Lucy Morris,
Deputy Enforcement Director.

• See generally 12 C.F.R. Part 1080
• Receive a Civil Investigative Demand (“CID”)
– Notification of Purpose (identifies laws/regulations at issue)
– Definitions (e.g., “Company;” ESI)
– Instructions
• Meet and confer
• Applicable period for responsive materials
– Requests
• Interrogatories
• Documents
– Certificate of Compliance
– Document Submission Standards
• Petition to modify or set aside the CID

• Negotiate CID and meet with CFPB staff
• Produce documents and information
• Submit “position papers” or “cover letters”
• Participate in “investigational hearings”
• Be aware of:
– Sharing of confidential information with federal or state
agencies (E.g., Memorandum of Understanding between
FTC and CFPB)
– Interviews with former employees: “Bureau investigators
may disclose the existence of an investigation to potential
witnesses or third parties to the extent necessary to
advance the investigation.”

• Seek to close the investigation
• If staff is considering an enforcement action, CFPB may submit
a Notice and Opportunity to Respond and Advise (“NORA”)
• Attempt to persuade and convince staff that no enforcement
action is necessary

Anatomy of a CFPB Supervisory Examination

• CFPB’s “goal is to maximize [its] coverage of consumer risk in
the market.”
• In contrast to investigations, which focus on a particular entity
or target, in an examination, the CFPB focuses on
product/service lines.
• Exams constitute a “risk base analysis.” “CFPB examinations
focus on risks of harm to consumers, including the risk a
supervised entity will not comply with Federal consumer
financial law.” CFPB SUPERVISION AND EXAMINATION MANUAL.
CFPB Supervisory Examination

Receive an Information Request, which may request information
concerning:
• The company’s business model
• The Board of Directors and senior management oversight
• Compliance program
• Policies, practices, and procedures
• Industry practices
• Training of employees
• Monitoring and internal evaluations
• Consumer complaints and responses
• Third-party service providers and vendor management
• Recordkeeping
• Product development and business acquisitions

• Produce documents and information
• On-site visits
• Interviews with employees, including senior staff
• Preliminary conclusions are drawn
• Suggestions for corrective actions are made
• Conclusions and proposed actions are shared
• An examination report is drafted, finalized, and formally
approved
• A final report is delivered, containing a confidential rating

Structurally and strategically, examinations are
identical to investigations.

Don’t approach a CFPB investigation
(or examination) as a litigator.
• A fundamentally different form of advocacy is involved.
• There’s a “touch” in dealing with the CFPB staff and
management.
• Consider the culture, psychology, and philosophy of the CFPB,
or the “institutional ego:” the CFPB staff see themselves as
law enforcers, not as regulators.
Critical Point No. 1

The staff is
the judge
and
the jury
and
the prosecutor.

• Governmental investigations and examinations are
“relationship-intensive.”
• Oral and written communications with the CFPB staff must be:
– effective,
– strategic, and
– respectful.

Effectively Negotiating with the CFPB

• Negotiate terms of the CID (specifications, definitions,
instructions)
• The “meet and confer”
– “If the [CID] seeks ESI, the recipient shall ensure that a
person familiar with its ESI systems and methods of
retrieval participates in the meeting.” (Emphasis added).
• Negotiate terms and production cycle (staged)
• Obtain extension of time
Effectively negotiating with the CFPB at the beginning of the process

During this initial stage, it is key to advocate.
• “Humanize” the company.
• Describe the company’s “culture of compliance” and “culture of
commitment.”
AND
Effectively communicate with the goal of developing a
meaningful working relationship with the staff.

• This requires that the company and its counsel
comprehensively analyze the CID (or inquiry) for compliance
obligations.
– Evaluate the implications of the burden, scope, and
breadth of the requests for both documents and
information.
• Scrutinize “all documents relating to” requests.
• Evaluate the time period involved.
• Evaluate how “document” is defined.
• Evaluate the requirements to create reports.

– Evaluate the costs and timing involved for locating,
reviewing, and producing hard copy and electronic
documents – as well as the task of responding to
interrogatories and other requests for information.
– Determine the custodians of documents and information.
– Identify the team which will locate and review documents
as well as who will draft responses and create reports.

During this initial phase, when communicating with the CFPB
staff:
• Determine why the requests were sent, and where the
inquiry/investigation is headed.
• Request assurance of confidentiality.
• Determine whether other federal agency (e.g., FTC) or state
attorneys general may become involved.

During this initial phase, determine your story (i.e., the
company’s “closing argument” at the outset.)

There’s much more to a CFPB investigation or
inquiry than just complying with its requests
for information and documents.
Be a strategic and effective advocate in responding to the
documents and information requested, while using the
appropriate communications “touch” with the staff.

Successfully – and Effectively – Producing
Documents and Information

Initial Observations
• The CFPB wants full, complete, and comprehensive compliance with
the CID or inquiry. It must “feel” that the company is being totally
transparent and responsive.
• The CFPB wants full cooperation and compliance with the DOCUMENT
SUBMISSION STANDARDS, or the ESI protocol.
• Be strategic: On the offense, not defense.
• Don’t engage in a “document dump.”
Successfully – and Effectively – Producing Documents and Information

For documents:
• Adopt procedures for evaluating what is responsive, privileged, and
highly sensitive.
• For electronic documents, develop a strategy for the collection and
review of ESI.
• Determine beneficial and useful documents for use in “cover letters.”

For information:
• Draft interrogatory responses and create reports accurately and fully
– but strategically. Be sure the responses are consistent with:
– the documents being produced,
– the legal theories and themes, and
– the risk management strategy.

For production and submission:
• Draft persuasive “cover letters” or memoranda for each stage of
production that include an appropriate narrative “spin” on the
contents being produced.
• Again, no “document or information dump.”
• Again, consider the ESI production requirements. DOCUMENT
SUBMISSION STANDARDS are integral to compliance.

Strategically Dealing with CFPB
“Investigational Hearings”

Process is very different from a deposition in litigation:
• Objections are limited.
– Must be grounded in a witness’s constitutional or other
legal right
– Neither the witness nor counsel shall otherwise object or
refuse to answer any question
• Hearing attendance is limited to witness and counsel
Successfully dealing with depositions or “investigational hearings”

Effective preparation
• Review sensitive documents, especially those showing
compliance vulnerabilities.
• Review submissions (cover letters during production and
memoranda)
• Focus on compliance policies, practices, and procedures:
– Three key issues:
• Whether a policy exists.
• Whether the policy was implemented.
• Whether the policy is effective.
– If the government believes that any one of these
components are lacking, it will conclude that the
policy/practice is not “reasonable.”

Process considerations
• Contrary to what is taught about depositions in litigation, be on
the offense, and not defense. If a question is asked where a
witness can volunteer positive or favorable information, go for
it.
• Although the role of counsel is substantially limited and
different from traditional depositions in litigation, the witness
can still be proactive, and have the opportunity to say to the
questioner, for example, “I don’t understand the question,” or
“You mischaracterized what I said previously.”
• Don’t guess about the contents of a document. If a question is
asked that refers to a document, have the witness ask to see
the document first. This is particularly important in government
investigations.

Effective advocacy before the CFPB requires
knowledge of the culture, psychology, and
philosophy of the Bureau.
The goal is to persuade and convince the staff. Consider what
will – and will not – resonate.
The staff must believe and “feel” that the company is credible
and is committed to a “culture of compliance.”

Effective Communications and Submissions
after Compliance with CID

Submit a “White Paper” containing:
1. Legal arguments showing that (a) the company has complied
with the laws and regulations at issue; and (b) the policies,
practices, and procedures of the company (i) exist, (ii) have been
implemented, and (iii) are effective; and
2. Mitigating circumstances showing that the facts and equities
should prevent the CFPB from exercising its prosecutorial
discretion to present an enforcement action against the
company.
Effective communications and submissions after compliance with CID

• Seek a meeting with the staff to discuss the contents of the
White Paper.
• Have company executives at the meeting – and have non-
lawyers attend. Consider having the Director of Compliance
attend the meeting.
• Be prepared to discuss options other than closing of the
investigation, if the staff appears reluctant to recommend
closing. Consider narrowing of allegations, limiting of potential
injunctive relief, and limitations to monetary remedies.

Key considerations
• The messages and themes in the White Paper and meeting
with the staff must be consistent with previous submissions.
– Remember that you should have outlined the “closing
argument” before submitting a single document to the
CFPB.
• Dispositive argument: The company has, and is committed to
having, a “culture of compliance.”

NORA Process and Effective Advocacy Strategy

See generally CFPB Bulletin 2011-04 (Enforcement)
“Before the Office of Enforcement recommends that the Bureau
commence enforcement proceedings, the Office of Enforcement
may give the subject of such recommendation notice of the
nature of the subject’s potential violations and may offer the
subject the opportunity to submit a written statement in
response. The decision whether to give such notice is
discretionary. . . . The objective of the notice is to ensure that
potential subjects of enforcement actions have the opportunity to
present their positions to the Bureau before an enforcement
action is recommended or commenced.”
Notice and Opportunity to Respond and Advise (NORA Letter)

• NORA letter sent to company.
• Company responds to NORA letter.
• Meeting can take place between company and staff concerning
allegations presented in NORA letter or verbally by staff.
• Staff makes determination whether to move forward with
enforcement action, and sends memo to managers with their
recommendation.
• If investigation is not closed, staff sends counsel proposed complaint
and consent decree for negotiation.
• During negotiations, an “appellate” process occurs. If impasse
results in negotiating with staff, Enforcement Director may be brought
in.
• If matter is not settled, staff will recommend litigation administratively
or in federal district court.
Process involved if NORA letter is submitted to company

• The tone and style (“touch”) is critical. The staff is attempting
to determine whether to recommend an enforcement action.
• Don’t tell the staff what the CFPB can’t do or how the Bureau is
limited. Avoid “legal” arguments.
• Rather, stress facts and equities. Articulate reasons why the
CFPB shouldn’t exercise its prosecutorial discretion.
See CFPB Bulletin 2013-06, dated June 25, 2013: Responsible
Business Conduct
Effectively communicating with CFPB staff during the NORA process

Focus on the following arguments:
1. The company has policies, practices, and procedures that
have been implemented and that are effective.
• Training
• Disciplining
• Monitoring
2. The company engages in effective compliance self-policing,
and therefore does not need to be under the governmental
microscope.
3. The company is pro-consumer, and committed to appropriate
remediation when problems occur.

4. The company has “heard” the concerns expressed by the
staff during the investigation, and is responsive to what the
CFPB has said.
5. The company does not deserve to be punished. It is not an
appropriate poster child.
6. The company has been cooperative during the entire
investigation.

Create effective risk management strategies – which you
can commence immediately – to provide the most
compelling story to the CFPB during an investigation or
examination.
• Establish policies, practices, and procedures to demonstrate a
committed “culture of compliance.”
• Have a Compliance Management System in writing with key
personnel responsible for reviewing, implementing, and
monitoring the infrastructure.
• Create a compliance team that includes members from
different departments.

• Have the C-suite executives involved in the compliance
aspects. The “tone” of the company needs to be set from the
top.
• Document the compliance activities – create a paper trail.

Questions?
Anthony E. DiResta
Partner, Washington, D.C.
(202) 282-5782
adiresta@winston.com

How to Successfully Resolve a CFPB Investigation: Strategies Derived from Recent Victories

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (12)

Similar to How to Successfully Resolve a CFPB Investigation: Strategies Derived from Recent Victories

Similar to How to Successfully Resolve a CFPB Investigation: Strategies Derived from Recent Victories (20)

More from Winston & Strawn LLP

More from Winston & Strawn LLP (20)

Recently uploaded

Recently uploaded (20)

How to Successfully Resolve a CFPB Investigation: Strategies Derived from Recent Victories