Right after one of the debates I found myself knee deep in a debate about Dodd-Frank.  A close personal friend of mine, a very bright bulb who I’ve never found a reason to disagree with brought up Dodd-Frank as an example of horrible legislation that’s crippling banks and contributing to our horrible economic conditions.  Whoa, whoa, whoa…. rail against taxes, complain about government spending, assail the current administration for the dramatic escalation of our national debt.  But leave Dodd-Frank out of it because that’s not one of our bigger problems.  I can offer a five thousand word defense of the best parts of Dodd-Frank without even pausing to organize my thoughts but I don’t need to go that far.  I can sell it’s virtues in a single, simple sentence:  Any legislation that created the Consumer Financial Protection Bureau is instantly more effective than anything that’s come before it in my lifetime.

No, seriously… in my lifetime.

I’ve already screamed from the rooftops about how much I like the CFPB.  In my own geeky, nerdy way I’m proud to admit that I look forward to getting their regular updates and announcements because they always seem either ridiculously relevent or illuminate how they’re hot on the heels of yet another predatory business practice.  In barely a years time they’ve pushed deeper into the heart of the issues that crashed Wall Street in 2008 than anyone could have hoped (that’s my opinion but one I’m willing to defend).  And their examiners appear to be freaky efficient.  I’ve been hearing from our banking clients that they’re drilling in on details and covering more territory than was expected and that they’re discussing issues much closer to protecting customers (and members).   Our practice recently issued a bulletin to our clients alerting them to the fact that CFPB examiners are expecting related oversight to be pushed down to external business parters and vendors.  This is not a new consideration, it’s exactly the same as what’s supposed to happen with regards to GLBA (and one of the reasons we developed our related software and services for same) but still, we anticipated this would take several exam cycles to surface.  CFPB cut right to that chase in a heartbeat, which is stunning for such things.  It’s almost like someone told them where to look and what to look for which to a certain extent is true.

The CFPB didn’t start as most new agencies do.  They didn’t recruit green examiners and place them under the management of a few practiced hands.  What they apparently have done is to hire well seasoned examiners from related regulatory agencies (e.g. FDIC, FRB, OCC) have them contribute to creating the necessary procedures and then send them out to bring it all to life.  So on Day One they already know where the bodies are likely to be buried and what to do about it.  It’s brilliant, it’s efficient and it’s the very best example of  your government doing its job.

Here are some snippets from my in-box:

• Regarding the three main credit reporting agencies, the CFPB released a report that said “Among the key takeaways in the report, which is one of the most comprehensive studies of credit reporting to date, are that credit card history dominates the information in credit reports and that debt collection items  generate the highest rate of disputes”.  This becomes important for consumers who are trying to either establish or repair respectable credit ratings.  The news release further explained about the report that it “will help educate regulators and consumers about how this important industry works,” said CFPB Director Richard Cordray. “If consumers know how these companies handle their credit histories, they can make better decisions on how to handle their financial lives.”
• This was another headline “CONSUMER FINANCIAL PROTECTION BUREAU HALTS ALLEGED NATIONWIDE MORTGAGE LOAN MODIFICATION SCAMS”.  The news release explained that the CFPB is  “taking on schemes that prey on consumers who are struggling to pay their mortgages or facing foreclosure,” said CFPB Director Richard Cordray. “We are especially concerned with those who misrepresent government programs or websites to divert distressed homeowners from needed assistance.”
• And even still, another headline “CONSUMER FINANCIAL PROTECTION BUREAU PROPOSES ALLOWING COMPANIES TO RUN TRIAL DISCLOSURE PROGRAMS”.  And while this may seem dry to so many not close to the related issue this is signficant because right now most of us ignore all the small print.  The CFPB is trying to figure out better ways to present disclousre information so that us consumers both think to read it and, more importantly, understand what it’s telling us.  Rather than try and stuff a once-sized-fits-all solution down the industries throat they’re opening it up and authorizing institutions and lenders to explore different approaches.

And the kicker about these three items?  This was all issued this month (December 2012) and we’re not even quite halfway through it.

Things are looking up a bit because I have a new favorite regulatory agency to follow, the Consumer Financial Protection Bureau (CFPB).  And here’s why:  They focus on things that impact my day-to-day life (and yours as well).

I started tracking what the CFPB was doing about five months ago by accident.  Someone I know who used to be an examiner for the FRB switched over to the newer agency right at its infancy and I noticed this courtesy of a LinkedIn update.  Because I consider the Fed to be the Big Kahuna of the regulatory agencies I was surprised (you don’t leave the Yankees to sign with an expansion team unless you have to, or so I thought).  Compelled a bit by the update I started poking around the CFPB website.  For the first few months of this year it seemed to have potential but was little more than brochure-ware.  But last month that all changed.

The first CFPB update that caught my attention was labeled 12 CFR Part 1070 and it was all about the protection of consumer data, only with a slight twist.  Basically it was all about how any information they received as part of their field work would be protected exactly the same way that any third party vendor would be required to.  Despite their being a Federal agency they weren’t going to hide behind that as a means to simplify their lives.  They spearheaded an update to the underlying regulation that frames their charter so that consumers and their institutions can be assured that all PII and NPPI would be protected.  For me it was a rare win-win topic; protection of PII and NPPI combined with a reference to vendor management (these are a few of my favorite things).  And really for me it was that much more significant because I’ve known of a few situations where representatives of Federal and State regulatory agencies were responsible for the outright loss of confidential and/or restricted data.  Beyond a slap on the wrist there wasn’t much else done to the offending examiner or their agency.  And the affected institution couldn’t really complain too loudly because it’s always a bad idea to challenge your regulators, even when you’re in the right.  So I thought this was all at once a compelling and remarkably sensible update by a regulator, not something I’d expect to see.  That was the first points on the board for the CFPB.

The second set of points were scored almost on the same day.  I wanted to check one of the details related to the aforementioned update and noticed this one “Consumer Financial Protection Bureau report finds confusion in reverse mortgage market“.  Because I have a parent who is a senior citizen and who I think might one day soon be open to at least exploring a reverse mortgage I read with great interest.  The report was in plain English, was oriented in such a way that I could share it with my family and have them understand the issues and concerns detailed within and most importantly it made sense.  Reverse mortgages are growing in popularity and its main audience is the senior citizens segment of society.  Seniors tend to be  more easily misled, they’re under greater pressures to find new money sources (courtesy of our recession) at a time in their lives where going back to work is often not an option.  And because a parent would do almost anything rather than turn to their children for financial assistance they see a reverse mortgage as a way out of their predicament.  So for me having this content available was quite the relief.  I can caution and advise all day and night but the risks presented by a reverse mortgage are much more credible coming from an authorized source.  And so I celebrated July 4th this year by declaring the CFPB my new FDIC (the Sheila Bair inspired version, not the current blah one).

Here’s my really bizarro advice to any of you with even the slightest interest in regulatory oversight; if you haven’t already done so visit www.cfpb.gov and take a look around.  It’s oriented towards lay people, not just lawyers and regulators (and practitioners like me) and addresses topics and concerns that affect the majority of our population.  Basically it’s what I would expect from a regulator that still has that new agency smell but nothing like I’ve come to know from those that preceded it.  To those who have had a hand in defining its charter and organizing its content, great job!   Now repay my kind words by going out and getting me some juicy enforcement stories to write about.

So with the ratifying of the most recent bit of the legislation by the FDIC last month I’m all the more curious to see how the industry reacts.  For those of you who don’t know what it is I’m referring to it’s Section 165(d) – the new law that requires banks with non-banking assets in excess of $50B to draft a plan that would in effect put its sponsoring institution out of business in a neat and orderly fashion.  Or rather, as I’ve come to think of it, it’s a Business Continuity Plan of a whole ‘nother color (or perhaps it’s simply a Business Discontinuity Plan – BDP).

Think about what this law requires.  Banks that are in-scope for this now have to draft a plan that would allow regulators to step in and break off the various spokes of the wheel and either sell things off or shut them down in a way that is as minimally disruptive to the financial system as is possible.  What I don’t understand about this is how would that even be possible?

You’d have to make an awful lot of assumptions to even draft such a plan.  In 2007 when the banks started spiraling out of control you would have thought the very first thing to do was to divest themselves of the root cause of the problem, their consumer loan portfolio and primarily their mortgage business.  But who was buying that pile of rotting paper for anything other than pretend money (how’d Countrywide make out playing that market)?  So documenting in a plan that you’d sell off your various units assumes that there’s a market looking to buy them and you can’t really count on that, can you?  The truth of the matter is all you can really lay down on paper is a very high-level approach that specifies how each segment of the business needs to be evaluated to determine what if any value it possesses and than shop it to the market and see if there’s a buyer.   But how is that any different then how a business is dissolved in bankruptcy?  And we already have all sorts of laws on the books to guide that process.

How do you even test such a plan?  In order for this legislation to deliver on its promise the regulators would need to know that the plan would work somewhere close to as it’s designed to if ever it was needed.  How can you possibly step through it and know for sure?  Wouldn’t the various markets need to participate as well and how reliable would that be?  Wouldn’t everyone need to pretend that it was real?  Say Citi, would you be willing to buy BoA’s commercial loan portfolio and if so, how much would you be willing to pay for it?  If I’m Citi I’m thinking make the pretend offer high because it’s not binding and if a once in a lifetime disaster occurs again we can totally low-ball on the real offer if it ever comes to that.  So how reliable is that test?

But here’s the thing that keeps tap-tap-tapping away at the back of my mind – those who have to comply are the same institutions who can’t successfully design, implement and support a viable business continuity plan and that’s something they’ve had years to perfect and still haven’t even come close to doing.  And they’ve actually had disruptions where they needed to rely on these plans and still haven’t quite gotten them done right.  If they can’t successfully design a viable BCP when that’s something they’ve often enough desperately needed how are they supposed to design a viable plan to dissolve their business relying entirely on speculation and imagination?  Seriously, was the lack of such a plan one of the the primary reasons that the banking behemoths weren’t allowed to fail or was it simply our leadership being fearful that if a Citi or Chase went belly-up the economy might never recover?

Lewis Black loves to poke fun at the whole banking mess and about how banks were instructed by Capital Hill shortly after things got ugly to make sure that before making a loan they needed to be certain the person has the financial wherewithal to repay it.  He suggested that the next piece of direction should have been to remind the banking leaders to breath occasionally because it was about as simplistic and obvious.  Well perhaps the lawmakers should have kept things simple here as well.  Rather than require a BDP, let the FDIC oversee things as they have for many, many years and shepherd a failing institution through the various stages of liquidation finding suitable buyers for the pieces that are worth selling off or that need to be absorbed.  Sure the bigger institutions would present some issues and complexities that would require a certain degree of creative thinking but isn’t that better than trying to rely on a plan that was conceived of pure speculation and whimsy?

The real problem wasn’t that any of the monster banks couldn’t fail, it was that they weren’t allowed to.  Even if any of them had something drafted that specified how they should be dismantled the government wouldn’t have let it happen.  Much like a financial institution tends to look at their BCP well after the disruption occurred (happens all the time) I suspect a BDP would serve in much the same capacity.  And if I was an examiner and was going to hold the feet of one of my institutions to the fire for something I’d rather they focus on having an actual, honest-to-goodness BCP that would help them navigate the next hurricane, earthquake, blizzard, blackout, etcetera rather than preparing for something that may never happen again.