I was reminded recently that the origin of the term vigilante stemmed from the vigilance committees formed in our nation's early days on the frontier where official law enforcement was either weak or nonexistent. They were established for the purpose of providing an environment where law abiding folks could be protected from the law breakers. Vigilance committees were noble and well-intentioned, but often quickly deteriorated into mobs and were characterized by outbreaks of mob rule.

It is a stretch to compare the establishment of any new regulatory agency to the vigilance committees formed on the frontier, but any new agency wrestles with how to appropriately use its new authority. As part of the Dodd-Frank Act passed in 2009, Congress created a new Consumer Financial Protection Bureau and concentrated an extraordinary amount of authority in this new bureau. As if to assure that Congressional intent was for it to be an aggressive regulator, Congress created the CFPB as a bureau — meaning that the authority would be concentrated in the hands of a single bureau director, rather than the more traditional construct of a board or commission where the authority is spread over three or more members. Also, Congress provided access to a revenue source for this new agency that would allow it to be very well funded but would avoid the Congressional appropriation process. In short, the new CFPB is a dream opportunity for a director wanting to wield unprecedented power with minimal checks and balances. As we observe the signals now emanating from the CFPB, this new agency seems intent on living that dream.

Two disturbing bits of recent information give us a taste of how the CFPB plans to operate. Representatives from the CFPB have acknowledged that lawyers from the bureau's enforcement division are accompanying CFPB compliance examiners on their routine examinations.

To understand the significance of this action one first needs a brief tutorial on bank regulation/supervision. There are essentially two approaches to supervision by federal regulatory agencies. One is "prudential supervision," the other is "enforcement."

For its entire history bank regulators have adopted the prudential supervision model. In this model examiners make regular routine visits to the financial institutions. These visits can range from bi-annual full scope examinations for the smallest institutions to maintaining a continuous presence for the very largest. As the visits are routine and required by statute, the examiners do not enter the bank with a presumption of wrong doing. Examinations conclude with a report of examination and a range of outcomes on a continuum from minor suggestions for improvement to a range of informal and formal actions — the most severe of which is a formal enforcement action. While these exams are often stressful, information is readily shared and often corrective action is taken prior to the examiners leaving the institution. A formal enforcement action is always a potential outcome, but it is the ultimate and most infrequently utilized tool in the regulatory tool box.

This prudential supervision model is in contrast to other federal agencies such as the Securities and Exchange Commission, which is an enforcement agency. Enforcement agencies typically do not do regularly scheduled examinations but instead enter an institution almost exclusively under a presumption of wrongdoing. In these instances the relationship is adversarial from the moment the agency sets foot on the premises. There are two potential outcomes for this type of exam: an enforcement action and/or monetary penalties, or no action whatsoever.

If the CFPB includes enforcement lawyers on compliance examinations it will turn prudential supervision on its head. Rather than a free exchange of information, financial institutions will be required to "lawyer up" and will consider any sharing of information to be the initiation of a legal proceeding. Banks already experiencing the burden of additional compliance costs following Dodd-Frank will now experience an even heavier cost burden. With dialog stifled and any exchange of information challenged it is hard to imagine how the inclusion of enforcement staff will enhance regulatory compliance, though the costs will surely skyrocket.

The second disturbing bit of information concerns the manner in which examination findings are shared with other agencies. Because of the confidential nature of bank examination reports, there is a precise protocol for how government agencies share information. This is to guard against information gathered for one purpose by one agency being used by another agency for a different purpose. For example, there are good and obvious reasons why the IRS does not share personal tax information with other agencies outside a court order. There is also a wide concern that the CFPB, which has a Congressional mandate limited to consumer compliance, might use information collected by the safety and soundness regulators (Office of the Comptroller, FDIC, and Federal Reserve) in its enforcement efforts. With such an initiative, the CFPB would be sending an early signal that it does not intend to be limited in its scope by either precedent or Congressional directive. Hopefully the safety and soundness regulators will recognize the implications of such a request and will resist.

There is good reason why the new CFPB should feel it has a mandate for aggressive supervisory action. But just as in the old west, where vigilance committees quickly became vigilantes, there will be a fine line between the CFPB managing its new powers to achieve greater compliance with consumer laws and regulations, and the potential of an army of CFPB lawyers administering frontier justice on providers of financial services.

Mark W. Olson has served as a Federal Reserve Board governor, chairman of the PCAOB and chairman of the American Bankers Association. He currently serves as co-chairman of Treliant Risk Advisors LLC and can be reached at molson@treliant.com.