The Consumer Financial Protection Bureau has promulgated a final rule on non-waiver of attorney-client privilege and work product protection for information voluntarily or involuntarily submitted by a regulated entity to the CFPB in situations where it subsequently shares that information with another federal or state agency.
The rule, Confidential Treatment of Privileged Information, was adopted on June 28, 2012, exactly as originally proposed and previously described on our blog, CFPB Monitor. The final rule’s privilege preservation regime applies only to waivers for information finding its way into the hands of third parties—such as other federal or state agencies, including state attorneys general—and does not purport to preserve the privilege vis-à-vis the CFPB.
The final rule builds upon ground staked out by the agency early in January in its Bulletin 12-01, which figures prominently in the CFPB’s explanation of the final rule. Both claim unfettered access to the records of regulated entities and assert that the information so obtained would not be subject to waiver of attorney-client privilege (other than vis-à-vis the CFPB).
Whereas Bulletin 12-01 took more of a “carrot and stick” approach—hinting at enforcement action against recalcitrant banks while articulating a positive tone relating to preservation of privilege for their confidential documents—the discussion accompanying the final rule eschews saber-rattling in favor of matter-of-fact statements that the CFPB, like the bank regulators, has inherent power to gain access to privileged documents.
By its terms, Bulletin 12-01 applied only to depository institutions subject to the CFPB’s jurisdiction (those with more than $10 billion in assets). It asserted that, notwithstanding the regulated entity’s waiver of attorney-client privilege as regards the CFPB, banks should be comfortable turning over privileged information to CFPB examiners because the privilege would not be waived as to any other federal or state regulatory or law enforcement agency (including state attorneys general) with which the Bureau might share the privileged information.
The final rule applies more broadly and encompasses all nonbank entities subject to CFPB authority. In addition, the CFPB takes the position that, to the extent that depository institutions with less than $10 billion in assets submit privileged information (coerced or voluntarily) to the CFPB in the course of its supervisory or regulatory processes, the rule applies likewise to them and shields the information produced from privilege waiver.
According to the CFPB, the purpose of the rule is to “provide maximum assurances of confidentiality to the entities subject to its supervisory or regulatory authority” and to forestall “any claim, in Federal or State court, that a person has waived any applicable privilege, including the privilege for attorney work product, by providing such information to the Bureau in the exercise of its supervisory or regulatory processes.”
In the final rule, the CFPB also notes that compliance with federal consumer financial law is served by policies that “do not discourage those subject to its supervisory or regulatory authority from seeking the advice of counsel.” Thus the release underscores the CFPB’s policy of seeking privileged information “only when it determines that such information is material to its supervisory objectives and that it cannot practicably obtain the same information from non-privileged sources.”
Moreover, the CFPB will, as also noted in the Bulletin, “give due consideration to supervised institutions’ requests to limit the form and scope of any supervisory request for privileged information.”