Like many government agencies before it, the CFPB has relied on the use of civil investigative demands (CIDs) in investigations. CIDs are one of the many tools in the CFPB’s toolbox to gather information from the subject of an investigation or third-parties who are in possession of information believed to be relevant to the investigation. While the CFPB drew from other government entities, including the FTC , in drafting its rules related to investigations, the CFPB’s execution of its investigatory procedures, particularly with respect to CIDs, is quite different than the approach taken by the FTC – creating a new playbook for enforcement lawyers and the institutions they represent.
The CFPB’s Final Rule Relating to Investigations sets forth the procedures that apply to CIDs, including certain meet and confer obligations and requirements regarding potential challenges to CIDs. Late last year, we reported on the Bureau’s first decision denying a petition to modify or set aside a CID. To date, the CFPB has issued three decisions, all denying such petitions.
From experience, we have discovered many practical takeaways in handling CFPB CIDs:
- Don’t wait to seek clarification on the CID.
- It is imperative to involve the company’s IT personnel early and often.
- You must move fast – the meet and confer must occur within 10 days and any petitions to modify a CID must be filed within 20 days.
- If you decide to file a petition to modify a CID, consider the practical consequences of doing so..