The Consumer Financial Protection Bureau’s civil investigative demand (“CID”) authority has recently presented significant compliance difficulties for companies that have received requests for information relating to an investigation commenced by the CFPB. Among other things, this Alert points out procedural hurdles that CIDs present to targeted companies, and provides suggestions for companies and persons when responding to a CID.1
Except for those few instances in which civil investigative demands have been issued by the Federal Trade Commission to investigate violations of federal law under its jurisdiction, financial service companies have very infrequently encountered CIDs. Among other things, this was because the predominant form of direct federal oversight was exercised by the federal banking agencies that possessed direct examination and supervision authority over FDIC-insured institutions and affiliated companies, which permitted the banking agencies to examine practically all books and records of a company without the need to issue a CID.2
With the creation of the CFPB, however, the landscape for aggressive consumer-related investigations by the federal government changed dramatically, with the announced intention by the enforcement staff at the CFPB to investigate alleged violations of federal consumer laws by consumer financial service companies. In several recent instances companies receiving CIDs have objected to the scope, timing and relevance of an issued CID. The CFPB rejected those objections, and indicated to the industry at large its intention to enforce CIDs, as well as to insist upon very strict compliance with administrative appeal procedures by companies when objecting to the same.
What follows is a discussion that includes: (a) an overview of the CFPB’s investigative authority; (b) a review of procedural requirements when a CID is received; (c) a summary of the hearing process should a testimonial hearing be included as part of an investigation that commences with the issuance of a CID; (d) a short discussion of the legal standards likely to be utilized by courts when a company elects to appeal to the courts; and (e) recommendations for responding to a CID within the time periods required by the CFPB’s investigative regulations.
Overview of the CFPB’s Investigative and CID Authority
Section 1052 of the Dodd-Frank Act provides the CFPB with the authority—acting either alone or with other state and federal agencies—to investigate alleged violations of consumer protection laws for which it holds or shares enforcement jurisdiction.3 This authority to issue “civil investigation demands” or “CIDs” requires a targeted company or individual to prepare and to submit:
- documents for inspection and copying;
- tangible things (other than records);
- written reports;
- answers to interrogatories; and
- deposition testimony regarding the document production or other matters relating to the investigation.
The CFPB’s Procedural Rules for Investigations and CIDs
As adopted by the CFPB in June of 2012, its rules relating to investigations (the “CID Rules”) expand on the statutory authority contained in the Dodd-Frank Act—and by the CFPB’s own admission borrow heavily from similar procedural rules of the FTC for CIDs issued by that agency.4
As a general matter, an investigation may only be commenced by the Assistant Director or any Deputy Director of the CFPB’s Office of Enforcement. As required by the CID Rules, a CID must contain several items to assist a recipient of a CID to prepare an adequate response and production:
- a reasonably identifiable description of the materials to be provided;
- a return date for producing the documents and other materials; and
- the identification of the CFPB custodian to whom the materials will be made available.
In addition, the CID Rules also provide that a CID contain information regarding sworn certificates regarding the adequacy of the production, as well as procedures to be followed when providing: (a) tangible things; (b) reports and deposition testimony; and (c) “electronically stored information” or “ESI.”5
There are several procedural obstacles that are presented to a company seeking to object to a CID in its entirety or to request modifying the scope and categories of deliverables.
First, Section 1080.6(c) of the CID Rules obligates a targeted company to “meet and confer” with representatives of the CFPB within 10 days of receipt of a CID. In that regard, the CID Rules state that:
The Bureau will not consider petitions to set aside or modify a civil investigative demand unless the recipient has meaningfully engaged in the meet and confer process described in this subsection and will consider only issues raised during the meet and confer process.
As described below, the CFPB has indicated that it views delaying tactics that exceed the 10-day meet and confer requirement as waiving a company’s right to modify a CID.
Second, the time frame for preparing a petition for amending or setting aside a CID must be filed within 20 days of the receipt of the CID by the targeted company. Among other things, the petition must include “all factual and legal objections to the civil investigative demand, including all appropriate arguments, affidavits, and other supporting documentation.” As a practical matter, when compared to time periods when complying with typical discovery subpoenas in civil litigation, these time limitations are barely sufficient for large companies to begin to identify locations of systems of records and files within systems of records that might be responsive. More importantly, as discussed below, the employment of delaying tactics carries with it far more onerous procedural penalties than experienced in the civil litigation context.
Third, and perhaps most distressing, the CID Rules take the position that the existence of an investigation and the issuance of a related CID is not generally discloseable by the CFPB prior to the filing of a petition to modify or set aside a CID. However, once a petition is filed, the CFPB takes the position that the investigation and the related CID become part of the public record.6 Assuming there is no collateral obligation to disclose the existence of the CID (such as the obligation to issue a disclosure based upon applicable federal or state securities laws), a targeted company is faced with significant reputation loss exposure by electing to contest a CID. Should a company wish to avoid public awareness of an investigation and a CID, a company must base its ability to narrow an overly broad (or otherwise objectionable) CID on the good faith of CFPB enforcement attorneys participating in the meet and confer process discussed above.
Deposition Testimony as Part of an Investigation and a CID
It may come somewhat as a shock to civil litigators who have never practiced in the administrative arena that deposition testimony by a witness identified in a CID provides for little in the way of leeway by a lawyer to interpose objections during a deposition. Besides objections entered into the record relating to privilege or self-incrimination, a lawyer defending a deposition is limited in regard to both raising objections or interrupting the questioning by the CFPB investigator. (Although at the completion of a deposition an attorney may request permission to clarify the record by asking additional questions, granting permission to clarify the record is not a matter of right.) In fact, the CID Rules state that for any serious obstructionist behavior the CFPB may bar an attorney from further practice before the CFPB.7
While the rights of deponents appear somewhat limited, the balance in an investigative deposition is weighted heavily in favor of an investigative agency in order to enable it to engage in a broad range of inquiry. However, those liberal rules present a challenge to a company that might be forced by a CID to produce a witness to provide testimony, because of the limited nature by which a defense counsel can interrupt a deposition and advise the deponent. Accordingly, in the instance in which a company representative is called to testify, significant preparation time is advised to adequately prepare the witness to properly respond and provide information.
Contesting a CID
As an initial matter, it is useful to note that a CID is not self-executing—if compliance is not voluntary by a recipient, the CFPB must file an action in federal court to enforce the terms of the CID. Because courts do not like to be bothered by these types of procedural issues (by either side), the party that is presented as the obstructionist is often not viewed favorably by a court that is forced to rule on the matter. Practically, this means that at an early stage in the process a company electing to object to complying with some or all of a CID must present itself as being as reasonable as possible—and being capable of pointing to the demands of the CFPB either as being unreasonable in the circumstances or being unwilling to compromise.
If a decision is made to contest a CID, there are two primary factors—the administrative procedures that must be exhausted prior to seeking a court review, and the standard of review employed by courts when determining whether an investigative subpoena or CID is enforceable.
In regard to the administrative process, the CFPB to date has ruled on three petitions to modify or set aside a CID. Considering that the Director of the CFPB is identified in the CID Rules as the person assigned to determine the validity of a petition, it is not surprising that in all three cases the petitions were rejected as lacking a sufficient basis to warrant relief.8
Specifically, the CFPB has adopted legal standards favored by most courts when reviewing a challenge to an investigatory CID or subpoena, and will deny the petition to modify or set aside a CID if:
- the investigation is for a lawfully authorized purpose;
- the information requested is relevant to the investigation; and
- procedural requirements are followed.
According to the CFPB, “If the agency establishes these factors, the CID will be enforced unless the subject demonstrates the CID imposes an “undue burden” or constitutes an abuse of the court’s process…The Bureau adopts this same framework to resolve petitions to modify or set aside CIDs.”9
This approach—which provides leeway for an investigative agency to perform its statutory or regulatory mission, is summarized in a leading case, FTC v. Invention Submission Corporation, 965 F.2d 1086 (Ct. of App. D.C. Cir. 1992):
The standard for judging relevancy in an investigatory proceeding is more relaxed than in an adjudicatory one. At the investigatory stage, the [FTC] does not seek information necessary to prove specific charges; it merely has a suspicion that the law is being violated in some way and wants to determine whether or not to file a complaint… The requested material, therefore, need only be relevant to the investigation—the boundary of which may be defined quite generally, … as it was in the [FTC’s ] resolution here.
In the minimum, therefore, a company seeking to contest a CID should understand that it may often find itself in a disadvantageous posture to successfully limit the scope of a CID.
Recommendations to Comply with a CID
As can be seen from this discussion, the law favors an administrative agency charged with conducting investigations and eventually determining whether an enforcement action should be initiated. Considering that members of the CFPB’s enforcement staff are all bright lawyers and quite capable of drafting a CID that meets the relevancy standard discussed above, a targeted company should consider the following:
- It is highly improbable that all components of a CID will be modified or denied either by the CFPB (as part of the meet and confer or the petition to modify processes), which means that upon the receipt of a CID a company is immediately placed in what might be described as a discovery “fire drill.” In order to employ the meet and confer requirement to either narrow document production or extend time frames, it becomes necessary to assemble records management and legal staff capable of identifying systems of records responsive to the CID.
- As indicated by the CFPB, electronic records admittedly present retrieval problems, and company technical staff or third party vendors must be included in the response team so that production difficulties may be discussed. (As noted by the CFPB, failing to include technical staff when engaging in the meet and confer process is not looked upon favorably.)
- Because the issuance of a CID means that an investigation has commenced, both the targeted company and possibly related individuals become entitled to constitutional protections, including attorney/ client privilege. Accordingly, in areas of compliance in which internal legal evaluations might indicate possible legal culpability, a company should consider excluding privileged materials from a document production.
- Because difficulty in retrieving documents is not by itself a basis for objecting to a document production pursuant to a CID, consumer financial service companies might consider their risk exposure vis-à-vis the CFPB’s announced areas of interest, and review the efficacy of records management systems. Understanding the content and location of a company’s systems of records is a critical element to navigating the CID process successfully.
- As noted above, if a decision is made that complying with some elements of a requested CID production are not possible, care has to be exercised to position the company in as favorable light as possible. This includes providing supporting data and information at all stages of negotiation with the CFPB, and offering alternative approaches to provide data deemed necessary by the CFPB’s enforcement staff, including the filing of a petition to modify the production request of a CID.
- In the case in which deposition testimony is required of a company’s employees or representatives, a company should use counsel familiar with the limited flexibility afforded counsel when defending an investigatory deposition, and make efforts to prepare those employees or representatives in light of the procedural limitations discussed in this Alert.
- Finally, although the burden of complying with a CID can be terribly disruptive, there are ample anecdotal examples of CFPB staff willing to negotiate document production and alternative time frames (provided that the targeted company actively engages in discussions with CFPB enforcement staff following the receipt of a CID). Counsel experienced with investigative CIDs and the procedural hurdles confronting a company, of course, can greatly facilitate the administrative process.