On Wednesday, the Consumer Financial Protection Bureau (“CFPB”) entered into a consent order with South Carolina-based installment lender Security Group, Inc. (“Security Group”), imposing penalties for Security Group’s alleged misconduct in collecting debts. These penalties include payment of a $5 million fine, as well as a requirement that Security Group take corrective action to cease the conduct alleged throughout the consent order and comply with applicable laws and regulations it allegedly violated. The consent order alleged Security Group’s violation of the Consumer Financial Protection Act (“CFPA”), the Fair Credit Reporting Act (“FCRA”), and Regulation V. Despite agreeing to the consent order, Security Group CEO Susan Bridges disputes CFPB’s allegations and said that Security Group “agree[d] to this settlement to close the matter and move forward . . . .” in a statement published by The Washington Post.

The consent order alleged egregious conduct, including that Security Group representatives physically prevented a consumer from exiting private property, shoved consumers, gave field cards to consumers’ young children or other third parties for delivery to the consumers, and threatened consumers with jail. The CFPB also alleged that Security Group representatives visited consumers’ places of employment or homes multiple times without the consumers’ permission, carrying themselves in a manner that would likely reveal they visited to collect debts, including visiting consumers ten or more times per month. The consent order also commented on Security Group’s poor credit reporting practices at length, including alleging Security Group’s failure to institute reasonable policies regarding the consumer information furnished to credit reporting agencies, continued furnishing of inaccurate information, as well as its failure to update and correct information known to be incomplete or inaccurate.

The consent order between Security Group and the CFPB is the first enforcement action originated by the CFPB under Mick Mulvaney, who the Trump Administration appointed as Acting Director of the CFPB upon former director Richard Cordray’s resignation on November 25, 2017. Under the guidance of Mulvaney, the CFPB also resolved an enforcement action originally brought prior to Cordray’s resignation through a consent order, which assessed a $1 billion penalty against Wells Fargo Bank, N.A. ($500 million of which was credited from a previous OCC penalty) for alleged mortgage and auto lending violations. To put Mulvaney’s hands-off approach in perspective, the CFPB has brought one enforcement action in six months under his guidance, while the CFPB averaged approximately 16 enforcement actions every six months while run by former director Richard Cordray. This drop in enforcement actions is consistent with the CFPB’s apparent objective during Mulvaney’s tenure: protecting consumers without overreaching beyond the agency’s authority. However, some states, such as New Jersey, look to the CFPB’s dramatic shift in enforcement unfavorably, and have created state-level versions of the CFPB to protect consumers in their states.

While it is tempting for financial services companies to breathe a sigh of relief about the CFPB’s apparent relaxation in enforcement, they should remain vigilant and use this time to shore up their practices and brace themselves for increased enforcement from state regulatory agencies.