The Consumer Financial Protection Bureau has squelched a plan to require banks to sign a contract that would have given the agency ownership of the content of consumers' complaints that it receives online.
In essence, the plan died before it ever started, following strenuous objections behind the scenes from banking industry officials.
CFPB had circulated a draft contract among a limited number of banks, according to people familiar with the agency's effort. The CFPB said all along that it was testing the waters, these people said. The contract's scope was to be limited to information filed by consumers through the CFPB's online complaint portal.
Even the possibility of a mandatory agreement raised multiple concerns about the nature of the relationship between supervisors and banks, as well as how the CFPB deals with issues of privacy and data collection, bankers and industry experts familiar with early drafts say.
"It's unprecedented for a federal financial agency to compel its regulated entities to sign a contract dictating uniform, non-negotiable, one-way terms in order to implement a claimed regulatory authority," Richard Riese, the senior vice president for the Center for Regulatory Compliance at the American Bankers Association, said before the CFPB's decision.
The agency "is not moving forward with the contemplated contract approach," CFPB spokeswoman Moira Vahey said in an email Monday. But "the bureau will continue to engage with industry stakeholders to ensure compliance with their legal obligations for securely and appropriately handling consumer complaint information."
The biggest mystery is why the CFPB thought the contract might be necessary. Some wondered if it could relate to questions that U.S. lawmakers have raised about whether the agency is amassing so much data on consumers that their privacy might be threatened.
In response to critics who have compared the CFPB's mortgage-data collection to the National Security Agency's alleged eavesdropping on American citizens, CFPB Director Richard Cordray promised in June that the agency would take several steps, including having a third party scrub its mortgage database of identifying details "like name, address [and] Social Security number."
CFPB made no such connection in briefly describing its motivation for considering the consumer-complaints contract.
"Outreach to industry stakeholders regarding our consumer complaint handling is about ensuring companies are complying with their existing legal obligations," Vahey wrote.
It was confusing why the CFPB would require banks to sign a contract governing a situation for which there were no known problems or concerns, according to both Riese and Alan Kaplinsky, an attorney at Ballard Spahr.
Banks are already required by the Dodd-Frank Act to respond in writing to all consumer complaints submitted through the online portal, Kaplinsky says. However, if a bank had refused to sign the portal contract, and the CFPB responded by sealing off the bank's access to portal data and information, a bank would have been unable to respond to consumers' complaints as Dodd-Frank requires, he says.
"If the CFPB cut off access to the [complaint] portal because a company refused to sign this agreement, this would not be beneficial to consumers and could potentially undermine the CFPB's responsibilities under the Dodd-Frank Act," Kaplinsky says.
Financial regulators have always shared the content of consumers' complaints with the banks, Riese says. So it's confusing why the CFPB considered it necessary to have a legal contract governing that relationship.
"There has been no need for a legal contract to dictate the terms of how the content is shared or protected since there are already adequate agency regulations for those purposes," Riese says. "We see no evidence that any problems have occurred that warrant this extraordinary change of approach."
Draft versions of the contract, called the Company Portal Services Agreement, were circulated in August and September among banks, credit unions and other financial institutions.
Those institutions were apparently confused about whether the CFPB simply wanted feedback or if it was already requiring them to agree to the contract's terms. Three copies of the contract that were obtained by American Banker had been signed by executives at Navy Federal Credit Union in Vienna, Va., Fay Servicing of Chicago and Continental Service Group of Fairport, N.Y.
When asked if Navy Federal was required to sign the contract, spokeswoman Jeanette Mack said: "After satisfying ourselves of the CFPB's authority to require our participation — and reviewing their agreement governing the participation — we signed the agreement without edits and complied with their request."
Calls made Friday to Fay Servicing and Continental were not returned.
The Portal Services Agreement could have controlled control all facets of the CFPB's online complaint portal. A draft version of the contract contains language that appears to state that the CFPB owns all data submitted through the online complaint portal and that banks would have had to keep the information confidential and "not disclose or disseminate it" without the CFPB's approval.
One banker who asked not to be identified said he was concerned that the portal agreement could have forced a bank to defy a court order or a subpoena to produce documents, if the CFPB had already ordered the bank to destroy the documents.
But Kaplinsky says the agreement appeared to provide a way for banks to avoid that situation.
"The company would be required to notify the CFPB [of a court order or subpoena], consult with the CFPB, give the CFPB the opportunity to respond and consent to CFPB applications to intervene," Kaplinsky says.
Kaplinsky also thinks there are ways banks could have gained access to information that the CFPB has asked it to destroy, since banks obtain some consumer complaints simultaneously as an agency receives them.
"Banks should be able to retain that data, as it was obtained independently from the CFPB," Kaplinsky says.