On April 25, 2018, sixteen state attorneys general submitted a Letter responding to the Consumer Financial Protection Bureau's (CFPB) Request for Information Regarding Bureau Civil Investigative Demands and Associated Processes (Docket No. CFPB-2018-0001). While the state AGs urge the Bureau not to "curtail" the Bureau's investigative authority and to keep issuing Civil Investigative Demands (CIDs), the Letter also sheds light on states' own investigative powers, which differ among the states and from the CFPB's investigative powers in important ways.
For example, whether certain conduct may be investigated can depend on whether the investigator is the CFPB or a particular state. The CFPB is empowered by Congress to investigate violations of "any provision of Federal consumer financial law," and these enumerated consumer financial laws are specifically defined in the Dodd-Frank Act.1 By contrast, New York's attorney general is authorized to investigate "repeated fraudulent or illegal acts or otherwise  persistent fraud or illegality in the carrying on, conducting or transaction of business"2 or "[d]eceptive acts or practices in the conduct of any business." In California, the head of each department in the state, including the state attorney general, is authorized to investigate "all matters relating to the business activities and subjects under the jurisdiction of the department"3 and "[v]iolations of any law or rule or order of the department." This also highlights the importance of paying attention to which regulatory entity within a state is conducting the investigation.
As another example, the type of information that may be sought can depend on whether the investigator is the CFPB or a particular state. CFPB CIDs can seek the production of documents or tangible things, written reports or answers to questions, or oral testimony.4 While many states, including Virginia and Maryland, are similar in this regard, the CID provision of New Mexico's Unfair Practices Act, for example, only authorizes the state attorney general to seek "documentary material" and other records, but not oral testimony under oath.5
As a final example, the standards for challenging a CID or subpoena differ, depending on whether the investigator is the CFPB or a particular state. The CFPB is authorized to issue CIDs when it "has reason to believe" that a person has information "relevant to a violation."6 In New Mexico, the standard is "has reason to believe" the information is "relevant to the subject matter of an investigation of a probable violation."7 The Letter indicates that in New York, the information sought must "bear a reasonable relationship to the subject matter under investigation and the public interest to be served," and "there is a presumption that [the state attorney general] is acting in good faith."8
These are just a few of the ways that investigative powers vary between federal and state governments and among the different state regulators. Furthermore, as the Letter notes, the CFPB is not the only federal regulator that investigates violations of consumer financial law, and indeed the CFPB's investigative procedures are similar to those of the Federal Trade Commission. Thus, if a financial services company receives a CID or subpoena, that company should first consider which underlying state or federal consumer financial laws apply and the specific procedures associated with that jurisdiction as it prepares to respond.
Moreover, the Letter sheds further light on how states are operating under the Dodd-Frank Act and the nature of the relationship between states and the CFPB. States are not only using their authority under the Dodd-Frank Act to enforce federal consumer financial law themselves (see here and here), but are also applying pressure on the CFPB to continue its own enforcement of these laws.