Consumer Financial Protection: A New Paradigm

The following post comes to us from Karen Petrou, co-founder and managing partner of Federal Financial Analytics, Inc., and is based on a FedFin white paper by Ms. Petrou.

In this post, Federal Financial Analytics, Inc. (FedFin) recommends steps the Consumer Financial Protection Bureau (CFPB) and other regulators can and should take to make their rules simpler, clearer, less burdensome and—critically—more enforceable. This paper is not a call for “cutting the red tape,” a mantra that has all too often meant eviscerating critical consumer protections. It is, rather a how-to on ways to cut through the daunting morass of consumer-protection standards that have only grown worse in the wake of the financial crisis.

We note not only ways to restructure rules to meet these goals, but also how to do so without losing the clarity essential to legal integrity and supervisory effectiveness. We also describe recent efforts by U.S. bank regulators to curtail problematic products (e.g., payday lending) by limiting it at banks, leaving wide swaths of the financial sector (sometimes called “shadow banks”) free to engage in predatory practices unless the bank-centric rules choke them off (uncertain), state regulators intervene (problematic) or federal rules across the sector are quickly enacted (so far unseen).


The FedFin strategy is based on a fundamental and costly lesson of the financial crisis: complex rules breed an “is it legal” approach to product design, disclosure and enforcement that can put consumers, especially the most vulnerable ones, at real risk. And, even if practices appeared legal under one or another rule, courts are increasingly sanctioning lenders over $100 billion and counting, making it clear that consumer regulation must focus on meaningful standards that not only protect consumers, but also form a sound framework on which lenders and other retail financial services providers can rely with certainty. Key elements in the new paradigm include:

  • reliance on meaningful, measurable principles, not big data or deep dives into detail that often turn regulation into post hoc enforcement instead of ex ante consumer protection;
  • focus in rule on core expectations for boards of directors and senior management. These should not be the typical demand for “policies and procedures” that lead to a book suitable only for shelving, but rather a focus on the key criteria to which directors and senior management will be held accountable. The Federal Reserve has issued a precedent-setting statement that, while not directly germane to consumer protection, for the first time stipulates the need for “economically-intuitive” criteria by which decision-makers are to judge actions throughout a firm and for which they are themselves responsible. [1] It is an important sign-post for consumer-financial regulation;
  • confinement of implementation details to examination guidance and similar documents where case-by-case examples, Q&As and similar presentations provide vital guidance to staff at both financial institutions and regulators. Undue complexity in the body of rule creates only confusion and legalism, while hands-on guidance to those with their hands actually on implementation promotes effective consumer protection and efficient, accountable regulation; and
  • recognition that information asymmetry cannot be fixed by websites and detailed guides alone. Instead, rules should be made increasingly flexible as consumers are deemed increasingly “accredited” based on factors like income or the product requested.

I. Emerging Risks

Did Dodd-Frank solve for effective consumer protection for all time to come? Of course not. Although the CFPB is now established in law and, despite ongoing challenges, ramped up to take charge of consumer-financial protection standards and enforce them with uniformity not possible with prior, divided regulatory jurisdictions, its work to date shows little sign of ameliorating the most critical failures in consumer-financial protection regulation: complexity and unaccountability both for banks and regulators.

A prime example here is the CFPB’s qualified-mortgage (QM) rule [2] which clocked in at 804 pages upon issuance in January of 2013 and since has been subjected to five “clarifications” and revisions even though still more are in the works. Website postings seeking to translate this rule into handy how-tos are of little practical value because of the significant legal and reputational risk resulting from violations often of even the most miniscule provisions in rules this complex.

The Bureau has the best will in the world and the statutory muscle to back its will with might, but initial forays like the QM rule are even more daunting than the overlapping, lengthy standards they replace. Where the CFPB has been direct (some might say dictatorial) as in the case of a recent pronouncement on disparate impact in auto finance [3] —it may well be right, but only time will tell because its rulings were not informed by public notice and comment.

The industry has of course protested all these CFPB actions and many more. As a result, problems here might be dismissed as industry bellyaching about robust efforts to curb predatory lending. But, to the extent the Bureau’s standards—even if tougher—hold financial institutions no more accountable or no more enforceable by regulators and the courts than the old rules, the new body of consumer-financial product edicts will fare no better.

How important is this to consumers? Very, as the list below of emerging risks to retail consumers of financial services makes clear:

  • Mobile Payments, Prepaid Cards, Emerging Retail-Payment Technologies: Although the CFPB has launched an inquiry into this arena [4] and Congress has held hearings establishing the need for new standards, [5] there has been no action to update law or rule even as consumers quickly shift from traditional financial-product delivery systems to electronic ones. Who is at risk when funds go astray? Are vulnerable consumers paying so much in fees when payroll comes on prepaid cards as to violate appropriate protections? Do point-and-buy technologies protect transaction integrity and privacy? Which fees go to whom how? What about protection since funds are often outside federal deposit insurance protection? Do consumers understand this risk or assume they are covered in a manner that will force federal intervention if providers fail or technology succumbs to cyber-attack or other stress? MMFs aren’t insured, but the Treasury still had to support the sector under stress in 2008.
  • Retirement Investment Products: Sale of recommendations for retirement products pose risks if they do not promote sustainable retirement, provide desired protection for home ownership, ensure health care and other independence needs are met, or, taking fees into account are appropriate substitutes for lower-yielding retirement savings options. Risk here is now particularly acute due to current low-interest rate policy that creates strong incentives for retirees and those planning for it to undertake high-risk strategies. Does insurance regulation ensure appropriate consumer protection in annuity products, especially when these are linked to reverse mortgages and other offerings? Can the SEC’s investor-protection regime cope with risks akin not to traditional risk of loss of principal, but rather abusive fees, unsuitable offerings outside the SEC’s purview, and similar consumer-protection challenges? When protected accounts—e.g., 401(k)s—are cashed out, are investors particularly prone to deceptive marketing? If so, do bank regulators, the SEC, and/or the CFPB have jurisdiction?
  • Peer-to-Peer Lending: Through exemptions from many protections, does this fast-growing product pose risks to borrowers and lenders? Is loan-by-loan SEC registration of any use to borrowers and lenders or does it just address shareholder concerns? Do usury ceilings or other borrower protections apply in some states and not in others? What happens if peer-to-peer lenders put retirement savings at risk or if they bet the house, using funds derived from home-equity loans?
  • Social Media: This technology poses a major risk for financial services, upsetting here as elsewhere traditional assumptions about who tells whom what how. How to ensure compliance with relevant consumer standards not harmonious with social-media practice (e.g., wide distribution of otherwise private information, seeming referrals to investment advisers, financial institutions, products, etc by interested parties with conflicts of interest? The Federal Financial Institution Examination Council (FFIEC) has proposed new standards here, [6] but they only crack the surface of possible consumer-protection, transaction-intricacy and regulatory-arbitrage issues. And, of course, many practices on social media—e.g., investment advice to business start-ups—may be wholly outside the purview of bank regulators, residing with state and/or federal securities regulators or, perhaps, subject to no consumer/investor protection governance under any state or federal law.

II. Current Consumer-Financial Protection Rulebook: Long, But Good?

In a recent consultative paper, the Basel committee expounded at length on the benefits of simplicity in financial regulation, noting the extent to which it ensures effective, accountable regulation. [7] While Basel confined its comments to its hundreds of pages of regulatory-capital standards, the construct of simplicity is critical throughout the regulatory rulebook. How do U.S. consumer financial-protection standards fare by this criterion?

In short, not well. Currently, rules are extremely detailed, complex and often dependent on very specific guidance provided on hundreds of pages of “clarifications” issued by the applicable regulator. Some detail is required by Congress, but much is inserted into rules and related regulatory statements to provide the “certainty” requested by lawyers on all sides of the regulatory issue. This process creates strong incentives to comply with the letter of the rule or to litigate meaningless lapses, not to provide genuine and forward-looking protection.

Current policy is unclear with regard to the broader duty of consumer protection. Is it to protect consumers only from deceptive products and those that put them at undue risk (e.g., foreclosure, unreasonable overdraft fees)? Or, is it also to ensure that consumers get a “fair deal”—products priced to protect consumer interests (however defined), not necessarily to promote offerer profitability? Must all consumer financial products be “good” for the consumer or are some seemingly useless services allowed if they do not create risk, just add margin to the vendor—i.e., provide retail financial services just as other retail products (e.g., Frosted Flakes) are sold?

Information asymmetries also promote borrower confusion and permit development of products with complex or high-risk characteristics. Pending work based on behavioral economics is seeking to address this, but many disclosures remain highly problematic. Further, statements (e.g., for transaction accounts) can be hard for consumers to read or understand due to language barriers, time constraints, and/or math-skill limits. Consumer protection should not insulate those who are careless from risk, but reasonable barriers to ineffective alerts and disclosures are an appropriate regulatory goal undermined by the complexity and legalism that characterizes many current disclosures.

Another key concern: rule-making is post hoc—that is, regulations are all too often revised in the wake of risky market practice. Ongoing examinations generally do not identify emerging problems nor is there ongoing market surveillance to identify new products/practices/providers posing potential risk. Sunk costs by the industry in these ventures slow down regulatory intervention, especially when rules require inter-agency consensus. Further, Cost-benefit analysis is largely conducted with regard to the number of forms firms must file and costs associated with them, not a more qualitative assessment of an array of costs to all participants in a financial product (including the cost of heightened consumer difficulty understanding key terms and conditions) versus benefits (e.g., reduced offering cost to regulated institutions that precludes market entry by “shadow” firms with resulting prudential and consumer risk).

III. Can Regulators Reform Themselves?

Prior to the crisis, distinctions between regulatory goals were not well defined because, before the establishment of the CFPB, regulators with many objectives issued a single rule. Thus, the banking agencies have tried to focus on safety-and-soundness and consumer protection in a single standard, often confusing the two, trying to accomplish contradictory goals in a single standard or prioritizing one goal at the expense of another. Examples are manifold, but one of the most dramatic examples of rules that missed an ocean-liner-sized boat before the crisis is the 2006 inter-agency guidance covering “non-traditional” mortgages. [8] Delayed by years of inter-agency squabbling (the Office of Thrift Supervision resolutely took the side of firms like Countrywide in opposition to any action), the final standards were forced out when a Senate Banking Committee hearing [9] demanded action. The final rules did characterize many subprime mortgages as “non-traditional”—and, thus, worrisome—but it ducked one vital question because of the conflict between consumer protection and safety and soundness. The rules allowed banks to originate anything no matter how far afoul it ran of the new non-traditional standards if the loan was sold into the secondary market because regulators reasoned that credit risk ended up in someone else’s lap and the bank itself was no longer at prudential risk. Borrowers and the financial system, of course, proved another matter.

Doubtlessly chastened by this experience, several of the banking agencies are trying to get ahead of the next round of products that, even if they pose no prudential risk, threaten consumers with inappropriate cost or hidden risk. An example here is deposit-advance products in which banks offer services akin to payday lending. The Office of the Comptroller of the Currency (OCC) and Federal Deposit Insurance Corporation (FDIC) have proposed standards in this area, [10] but CFPB’s efforts to curtail payday lending have yet to advance beyond the talk stage. [11] And, even as the OCC and FDIC have acted, the Federal Reserve Board has not signed onto a comparably tough proposal. In short, different rules will apply to different institutions offering functionally-equivalent products to the same customer in the same state.

The SEC’s goals for investor protection can also conflict with capital formation and related statutory objectives, doing so in the absence of a well-established regulatory framework for retail protection, especially outside the broker-dealer or mutual-fund arenas. Coverage of market segments—e.g., asset management—is complicated by differing charters active in the same product offerings and, thus, conflicting or absent consumer-protection regulation.

A new organizational structure for rulemaking does not necessarily clarify these distinctions. For example, the FFIEC has proposed guidance on social media, which aims at consumer protection, safety and soundness, information-technology integrity and service continuity in a single standard. The ability of banking regulators to implement or enforce these complex and competing standards is at best unclear even as large segments of the financial-services industry fall outside of any effort at linking use of social media to consumer protection.

IV. New Paradigm

Based on the foregoing analysis, we offer the following recommendations to form a new paradigm of consumer financial-protection regulation:

1. Policy Based on Accountable, Clear Principles

  • The CFPB and other regulators promulgating consumer financial-protection standards should set policy on key principles—e.g., the scope of fee/price regulation, the purpose of disclosures/alerts and the goal of product regulation. These principles should be transparent and guide rulemakings to ensure that regulatory action addresses market inefficiencies, deception, opportunities for regulatory arbitrage and/or predatory practice.
  • Principles should be defined and permit accountability—i.e., the principle should not be solely that the rules are “effective”—and dictate the criteria by which financial institutions—and critically their boards and senior management—will be held accountable and the standards by which the regulator will judge its own supervisory and enforcement practices with regard to the rule.
  • Legal and hands-on compliance details should be confined to ancillary documents (e.g. associated interpretations), with the body of rule stipulating only the statutory basis for action, the standards to be implemented and the criteria by which performance will be judged.
  • Rules should include appropriate reservation of authority allowing supervisory and/or enforcement action when problems are identified, regardless of the degree to which the practice may arguably comply with aspects of a rule or its related guidance. In debatable cases, regulators should reach consent agreements with minimal, if any, penalties to alert the industry to the need to improve without creating reputational risk or prolonged, costly litigation that saps regulatory resources. After these warning shots, though, institutions that still violate rules should be meaningfully sanctioned in short order.
  • FAQs should be used on a regular basis to address emerging issues, with each rule subject to review, revision and reissue for comment on a regular cycle to eliminate unnecessary detail and, importantly, to address emerging practice.

2. Coherent, Concise Rule-Making Process

  • Proposals should define key questions and solicit documented responses; final rules then should describe key elements of comment and identify commenters principally to explain and ratify final action, not to walk through each and every aspect of the rule-making decision process.
  • In each developing-product or regulatory arena, the CFPB should initially outline key risk parameters, differentiating those germane to the retail customer from prudential ones for the offering institution and operational-risk concerns (e.g., system vulnerability). CFPB rules and enforcement actions should focus on retail protection, alerting other agencies to potential risk under their jurisdiction and, if necessary, testifying or otherwise making clear any emerging concerns in these arenas.
  • The CFPB and other consumer-protection regulators should set standards akin to the “accredited investor” ones used by the SEC to differentiate products suitable for average consumers and those appropriate for wealthier/better-informed ones. It is acknowledged that the SEC standards did not appropriately differentiate low- from high-risk investor segments, but the CFPB’s criteria need not repeat this problem if properly drawn and not unduly reliant on simple numerical criteria (e.g., annual income unadjusted for inflation). Once standards are differentiated, qualified mortgages and other retail products can be further defined to provide legal protection and promote innovation in products suitable for specialized retail markets (e.g., wealth management) without putting vulnerable consumers at risk.
  • Information asymmetries should be addressed not just through consumer advisories posted on the web (largely unseen by vulnerable consumers). Instead, providers are required to offer two disclosures: the first is a tabular, simple, easily translated summary of key terms and conditions set by the CFPB; the second disclosure offers all required disclosures in accordance with applicable law to ensure legal compliance and requisite litigation rights.

3. Spotting Consumer Risk Before It Harms Consumers, Financial-System Integrity/Stability

  • The CFPB and other agencies should survey press, consumer-advocate and related data sources to identify emerging trends. Those that enhance consumer protection should be readily highlighted to enhance industry understanding of desired product/disclosure characteristics. Emerging problems, even if not clearly within CFPB jurisdiction, should be identified to Congress, other regulators and the public. As was demonstrated during the financial crisis, consumer-protection problems pose serious prudential risk. Thus, the CFPB should quickly inform prudential regulators of emerging concerns and promote relevant regulatory enforcement actions, guidance or rule. Action should not await big-data studies of the entire U.S. population, lengthy behavioral-economics research projects or other projects more suitable for doctoral dissertations than policy deliberations.
  • CFPB supervisory policy should track the FRB’s emerging “horizontal” framework in that it looks not only at individual providers by segment (e.g., bank, non-bank, big firm, small provider), but also across the scope of providers and practice in identified product classes. Emerging products or pricing policies should be identified through this horizontal review to ensure 1) that the CFPB quickly addresses emerging trends; and 2) that outliers are queried as to the consumer-protection implications of their product/practice. The CFPB should not intervene solely because outliers are identified, but rather use this horizontal scrutiny to survey market practice to differentiate risk from innovation. If product/pricing or other practices appear quickly to be migrating from regulated to unregulated markets or products are transformed from traditional to non-traditional form, the CFPB should quickly intervene to determine if this transformation results from legislative factors or from regulatory arbitrage.


[1] FRB, Capital Planning at Large Bank Holding Companies: Supervisory Expectations and Range of Current Practice (Aug. 28, 2013), available at
(go back)

[2] CFPB, Final Rule on Ability-to-Repay and Qualified Mortgage Standards, 78 Fed. Reg. 6408 (Jan. 30, 2013), available at:
(go back)

[3] CFPB, Indirect Auto Lending and Compliance with the Equal Credit Opportunity Act (Mar. 21, 2013), available at:
(go back)

[4] CFPB, Advance Notice of Proposed Rulemaking on Electronic Fund Transfers, 77 Fed. Reg. 30923 (May 24, 2012), available at:
(go back)

[5] The Future of Money: How Mobile Payments Could Change Financial Services Hearing Before the House Financial Services Subcommittee on Financial Institutions, 111th Cong. (Mar 22, 2012), and Examining Issues in the Prepaid Card Market Hearing Before the Senate Banking Financial Institutions and Consumer Protection Subcommittee, 111th Cong. (Mar 14, 2012).
(go back)

[6] FFIEC, Social Media: Consumer Compliance Risk Management Guidance (Jan. 22, 2013), available at:
(go back)

[7] Basel Committee, The regulatory framework: balancing risk sensitivity, simplicity and comparability (July 8, 2013), available at:
(go back)

[8] OCC, FRB, FDIC, OTS, NCUA, Interagency Guidance on Nontraditional Mortgage Product Risks, 71 Fed. Reg. 58609 (Oct. 2006), available at:
(go back)

[9] Calculated Risk: Assessing Non-Traditional Mortgage Products: Hearing Before the Senate Banking Subcommittee on Housing and Transportation and the Subcommittee on Economic Policy, 109th Cong. (Sep. 20, 2006).
(go back)

[10] OCC, FDIC, Proposed Guidance on Deposit Advance Products (Apr, 2013), available at: and
(go back)

[11] CFPB, Payday Loans and Deposit Advance Products: A White Paper of Initial Data Findings (April 24, 2013), available at:
(go back)

Both comments and trackbacks are currently closed.