Five issues to watch when Chopra goes to Congress

Chopra will get an earful about the CFPB's proposal to slash credit card late fees to $8 — a substantial decline when compared with the current $30 for a first late fee and $41 for subsequent late payments. The CFPB's proposal would eliminate $9 billion a year in annual revenue by amending a provision that has allowed credit card companies to raise fees to account for inflation. 

Some Republican lawmakers said credit card issuers should be able to continue charging the high late fees to consumers and to continue adjusting them for inflation. In March, 17 Republican members of the House Financial Services Committee sent Chopra a letter claiming "the CFPB broke with precedent," by refusing to allow credit card issuers to raise late fees in 2022. 

"The CFPB has yet to explain or justify why there was not an increase in the most recent annual adjustment announcement — a striking lack of transparency and accountability, and especially so in an era of outsized inflation," the lawmakers said in the letter.

Cracking down on junk fees has become a political rallying cry for President Biden as the Democratic Party seeks to portray itself as helping consumers cut costs. Republicans are likely to ask Chopra to explain whether its communications were coordinated with the Biden Administration or other federal agencies. The Republican lawmakers called the CFPB's late fee proposal "junk economics," claiming it amounted to socialism.

"It reflects the CFPB's seeming inability to understand that any service provision by the  private sector involves costs, all of which ought not to be redistributed to others and effectively socialized," the lawmakers said in the letter. 

Chopra likely will be asked how the CFPB came up with the specific $8 fee amount, and why a small business review panel was not convened to assess the impact on small banks and credit unions. 

Credit card issuers and trade groups are expected to sue the CFPB over the proposed rule, but they can only do so once the rule is finalized and published in the Federal Register.

Chopra has criticized repeat corporate offenders and was widely expected to ramp up enforcement actions and investigations at the CFPB when he took over. 

But the bureau's own data show that enforcement is trending at about 20 actions a year, below actions brought by Chopra's predecessors in the Obama and Trump administrations. Despite bringing fewer actions, the level of monetary relief jumped to $2.5 billion last year, the largest amount since 2015. Still, roughly $1.7 billion of that amount came from a penalty assessed against Wells Fargo in December for wrongfully foreclosing on homes, illegally repossessing vehicles and charging customers surprise fees. 

Because of the pending Supreme Court challenge to the bureau's constitutionality, the CFPB's investigations and enforcement actions are increasingly being challenged in court, tying up the bureau's resources. The CFPB opened just 25 new enforcement investigations in fiscal year 2022, compared with 64 in fiscal year 2021.

Both Democrats and Republicans are likely to question Chopra about his enforcement strategy going forward including whether the CFPB is expected to have more actions on fair lending given that redlining and reversing discrimination are policy priorities.  

Chopra may win plaudits from Democrats for getting most of the major banks to slash billions in overdraft fees in the past two years. He also may get questions on other ways that the CFPB is working to get banks and financial institutions to adjust their policies and practices through supervision. 

For the past decade, Republican lawmakers have routinely criticized the CFPB for engaging in what has been termed "regulation by enforcement," which amounts to regulators doing their job of filing lawsuits and engaging in settlement discussions with wrongdoers. 

Chopra also may get sharp questions about his use of the bully pulpit, in which he issue advisory opinions to encourage financial institutions to adopt pro-consumer policies.

Chopra will face tough questions about a data breach in March when a CFPB bank examiner sent confidential supervisory information on dozens of companies, and some information on roughly 250,000 consumers to their personal email account.

Republican lawmakers are likely to seize on the data breach to raise questions about the CFPB's security protocols and Chopra's response. The incident occurred on February 14 and the bureau notified lawmakers about the breach on March 21, which was first reported by the Wall Street Journal.  

Rep. Bill Huizenga, R-Mich., chairman of the House Financial Services Oversight and Investigations subcommittee, demanded in a letter in April that Chopra brief the House Financial Services Committee staff about the breach. Lawmakers are likely to question why it took the CFPB five weeks to notify Congress.

Banks typically must report an outage or security breach within 36 hours of the incident being detected to their primary regulator — either the Federal Deposit Insurance Corp., the Federal Reserve or the Office of the Comptroller of the Currency — under a Biden administration rule that went into effect last year. The reporting requirements also cover tech vendors of banks that are affected by cybersecurity incidents. 

Lawmakers are likely to ask for more specific details about the breach, including whether the CFPB notified the 256,000 consumers whose data may have been compromised and what remediation steps have been taken to address data privacy practices.

The bureau has said that it has no evidence to indicate that confidential information or personal information was disseminated beyond the employee's personal email account. But the CFPB also raised further concerns when it said at the time of the breach that the former employee had not complied with a demand to attest that the 14 emails sent to his personal account had been deleted.

The breach also could lead some lawmakers to question the bureau about the safety of data submitted by financial institutions. Last year, Chopra ordered six of the largest tech firms — Amazon, Apple, Alphabet's Google, Meta, PayPal and Square (now Block) — to provide information about their payments platforms including how they safeguard consumer data.