State Attorneys General Criticize the CFPB’s Proposal to Create a Fintech Regulatory Sandbox and Revise its No-Action Letter Policy

We have previously reported on the initiatives of the Consumer Financial Protection Bureau (CFPB or Bureau) to foster innovation in the fintech sector.  In December 2018, the CFPB issued proposed revisions to its 2016 final policy on issuing No-Action Letters, along with a proposal to create a new Product Sandbox.  

Press reports now indicate that twenty-two Democratic state attorneys general have submitted a letter to the CFPB commenting on such proposals and in which they challenge the CFPB’s authority to establish a fintech regulatory sandbox.  Led by New York Attorney General Letitia James and California Attorney General Xavier Becerra, the state attorneys general reportedly contend that the CFPB is not authorized to provide successful fintech sandbox applicants with a blanket safe harbor, including “exemptive relief” from state and federal supervisory and enforcement actions.  “Under the Proposed Sandbox Policy, approvals or exemptions granted by the CFPB would purportedly confer on the recipient immunity not only from a CFPB enforcement action, but also from ‘enforcement actions by any Federal or State authorities, as well as from lawsuits brought by private parties,’” the letter reportedly stated.  The state attorneys general reportedly contend that the CFPB’s statutory authority to provide relief under a fintech sandbox is “quite narrow.”  

“The CFPB has no authority to issue such sweeping immunity absent formal rulemaking,” they reportedly stated in the letter.  “Neither Dodd-Frank nor any other statute the CFPB enforces authorizes the CFPB to confer anything approximating the absolute immunity of the type proposed by the CFPB, and it is well settled that an agency may only act within the authority granted to it by statute,” the state attorneys general reportedly commented in the letter.  

The state attorneys general have called on the Bureau to rescind both proposals and reissue them as more formal rulemakings subject to a notice and comment period, as prescribed by the Administrative Procedures Act (APA).  “Courts have consistently held that agency rules altering the substantive standards the agency applies in determining whether to take discretionary actions are subject to the APA’s rulemaking procedures,” the letter reportedly stated.  At this time, it is not yet clear whether any state or consortium of states intends to pursue legal action under the APA against the CFPB on this issue.  

As we noted in our earlier Blog post, the Bureau stated in its Federal Register notice that it had concluded that, if finalized, this policy guidance “would constitute an agency general statement of policy and a rule of agency organization, procedure, or practice exempt from the notice and comment rulemaking requirements under the Administrative Procedure Act, pursuant to 5 U.S.C. 553(b).”  

The state attorneys general also advised new CFPB Director Kathy Kraninger not to act quickly in validating certain “innovative” products and services, and they cited “no-doc” mortgages, payment-option adjustable-rate mortgages, and collateralized debt obligations as examples of products that were once deemed “innovative,” but contributed in part to the financial crisis.  “The use of sophisticated technologies in the consumer financial market is not well understood, even by the creators of such technologies.  Unless and until these technologies – and their implications for consumers – can be better understood, it would be irresponsible to give companies employing them what may effectively be a permanent get-out-of-jail-free card,” their letter reportedly stated.  

Also among the concerns raised by the state attorneys general is the Bureau’s proposed revision to its No-Action Letter Policy that would not make findings or bring a supervisory or enforcement action against a company under its authority to prevent unfair, deceptive, or abusive acts or practices (UDAAPs), which they argue would be a step too far.  

Since the Bureau issued these proposals in the waning days of then-Acting Director Mick Mulvaney’s tenure, it remains to be seen what Director Kraninger’s views are on such proposals, and on innovation more generally.  

Stay tuned for additional developments!

Latest Thinking

View more Insights
Insights Center
Knowledge assets are defined in the study as confidential information critical to the development, performance and marketing of a company’s core business, other than personal information that would trigger notice requirements under law. For example,
The new study shows dramatic increases in threats and awareness of threats to these “crown jewels,” as well as dramatic improvements in addressing those threats by the highest performing organizations. Awareness of the risk to knowledge assets increased as more respondents acknowledged that their