Skip to Main Content
Our Commitment to Diversity

D.C. District Court Decision Supports Principle of Allowing Companies to Challenge CFPB Information Requests without Fear of Public Disclosure of Investigation

Date: 5 November 2015
Government Enforcement Alert

Companies in receipt of a civil investigative demand (CID) from the Consumer Financial Protection Bureau (CFPB) are required to take a number of quick and important actions and make decisions that can have significant impact on the course and tenor of what will likely be a months- or years-long investigation.  This can be a frustrating and high-pressure process, particularly given the limited practical options available under the CFPB’s rules for a CID recipient to effectively seek relief from what oftentimes can be broad and onerous requests.  In particular, because of the CFPB’s policy to publicly identify any person or entity that files a petition to modify or set aside a CID, recipients of a CID generally forgo that route and instead are left to rely upon the reasonableness of the staff attorney and supervisor assigned to the matter.

A recent decision in the U.S. District Court for the District of Columbia, however, may provide some measure of relief for CID recipients. [1]  In an injunctive action brought against the agency by the target of a CFPB investigation, the court acknowledged that a company under investigation has a legitimate and significant interest in protecting against the reputational and other harms that are likely to result from publication of the fact that it is under investigation.  The court balanced these privacy interests against the general public interest in open judicial proceedings and decided that the proper course of action was to publish materials relating to the company’s challenge to the CFPB’s investigation tactics, but redact the names of the entities under investigation.  Although the district court did not opine on the CFPB’s policy of publicizing the names of companies and individuals that try to challenge one of its CIDs, the opinion provides a reasoned analysis of why such information should be kept private, and may provide CID recipients a new (more palatable) avenue to seek modification of very broad CID requests. 

CFPB Practice Effectively Limits the Option for Filing a Formal Petition to Challenge CIDs
The limited practical options available to a CID recipient in the early stages of an investigation can sometimes be a challenging and frustrating aspect of the CFPB’s rules and practices.  This is primarily a result of three characteristics of CIDs issued by the CFPB: (1) the oftentimes extremely broad scope of the initial CID requests, (2) the short deadlines for gathering data and being in a position to provide the Staff with initial information, and (3) the limited formal options available for relief from onerous requests. 

  • First, the scope of an initial CID will oftentimes be overly broad.  The CFPB’s Director, Richard Cordray, admits that this may be the case.  In his order denying the first-ever petition seeking to modify or set aside a CID, Director Cordray explained:

    [T]here is typically a substantial information gap between the Bureau and the subject companies and/or individuals. . . .  Because of [that gap], the enforcement team must formulate its initial unilateral inquiries based on preliminary and often incomplete knowledge.  The initial requests may thus be crafted broadly because the enforcement team needs to be thorough and comprehensive about its inquiries into possible violations of law that harm consumers. [2]

Of course, these types of concerns could in most cases be mitigated by a more focused investigation from the outset.  Nevertheless, companies can expect to receive CIDs that ask for “all documents” about a particular subject, or a detailed description (under oath) of every product, service, or operation of the company over a multi-year period.  In such instances, companies may find that there are significant practical difficulties with overbroad initial requests, including very tight timeframes in which the company must educate itself about the matters at issue and be in a position to respond and request modifications. 

  • Second, as noted, the receipt of a CID starts the clock on a number of short deadlines.  Within ten days, the CID recipient must participate in a “meet-and-confer” conference with the enforcement attorney, the purpose of which is “to discuss and attempt to resolve all issues regarding compliance with the civil investigative demand.” [3] At that meeting, the company generally must have available a person familiar with its electronically-stored information systems and must be in a position to discuss each of the CID requests, what modifications are necessary, and what the burdens would be.  This means that (depending on when the CID is received) within six to eight business days the company must review and digest the CID requests, speak to technology personnel and the relevant fact witnesses / custodians, locate and retain outside counsel (in most cases), and decide what objections to raise as to the scope, burden, and feasibility of the CID requests.  Although CFPB attorneys may be amenable to reasonable modification proposals, the CFPB’s rules provide a certain amount of rigidity, including as to possible waiver of objections not raised at the meet-and-confer.

In addition, a company has only 20 days from service of a CID to file a formal petition seeking to modify or set aside the CID.  In many cases, the meet and confer process will hopefully result in reasonable modifications that satisfy a company’s concerns.  However, that will not always be the case.  Also, because the enforcement attorneys are not empowered to grant any CID modification without written supervisor approval, the CID recipient may not know whether modifications are agreeable until several days after the meet-and-confer.  Further, although the CFPB is likely to agree to some modifications to an initial CID, its enforcement attorneys may be hesitant to significantly scale back broad requests early in the investigation, thus keeping the sword of the broadly-worded CID hanging over the company’s head long after the 20-day deadline for a formal petition to modify passes. 

  • The third complicating characteristic of CFPB CIDs is the fact that, practically speaking, the option for filing a formal petition may not be much of an option at all.  Although the CFPB’s rules provide that Bureau investigations generally are non-public, [4] the CFPB has taken the position that petitions to set aside a CID are public proceedings and, absent extraordinary circumstances, it will post a company’s petition on its website shortly after the petition is filed.  Significantly, the CFPB has explained that the name of an entity that receives a CID is not confidential and the CFPB “does not agree” that public disclosure of the fact that an entity has been served with a CID would harm reputations and injure business and financial interests. [5]

This creates potential for a thorny dilemma.  A company may find itself in receipt of a purposefully broad CID and unable to fully or adequately convince the CFPB attorneys—or, more accurately, their bosses—to modify broad requests early on in the investigation.  The company is then faced with the decision either to roll the dice that things will work out later in informal discussions or to file a formal petition that essentially acts as a press release to the company’s investors, clients, partners, customers, and employees that it is under investigation by the CFPB, without an ability to control the message.  It is not an enviable position for the company (especially if the company is otherwise subject to supervision by the CFPB, and would thus be formally challenging its regulator, which could have adverse spillover consequences). 

The D.C. District Court Explains Why Targets of CFPB Investigations Should Not Be Prematurely Outed, and Provides a Possible Means of Reprieve to Companies Facing Onerous Demands
The U.S. District Court for the District of Columbia has offered some hope to companies facing this dilemma. 

Some background on the case:  During the 2014-2015 holiday season, the “John Doe Companies” (credit counseling businesses kindly given their anonymous pseudonyms by the district court) and one of their former lawyers received gifts from the CFPB in the form of two CIDs.  Several months later, the CFPB informed the John Doe Companies that it was considering enforcement action against them.  A few weeks later, the John Doe Companies also learned that the CFPB would be taking a deposition-type hearing of the former lawyer.  The companies’ counsel requested to be present at that hearing in order to protect the attorney-client privilege, but the CFPB refused; the John Doe Companies then filed a suit under the Administrative Procedures Act in federal district court seeking (among other things) a temporary restraining order barring the CFPB from proceeding with the hearing.  The companies also sought to seal the case, asserting the serious harm they would face from disclosure of the ongoing investigation.  The CFPB opposed, citing the “strong presumption in favor of public access to judicial proceedings.” [6]

In ruling on the motion to seal, District Court Judge Randolph D. Moss weighed the competing interests under the D.C. Circuit’s well-established test, which evaluates several factors, including the need for public access, the property and privacy interests involved, and the possibility of prejudice to those opposing disclosure.  Although the court agreed with the CFPB that “the public interest weighs strongly in favor of unsealing the case,” it also held that the possibility of prejudice to the John Doe Companies from the public revelation that they are subjects of a CFPB investigation is “significant.” [7]  The court further expanded on this “commonsense” notion: “it is not difficult to see how disclosure of the fact that an entity is subject to investigation by federal authorities would inflict non-trivial reputational, and possibly associated financial, harm on that entity.” [8]  After weighing the factors, the Court decided to unseal the case, but redact the names of the parties involved. 

The district court’s reasoning gives rise to several observations:

  • First, the same factors the district court used in its analysis would seem to apply to a formal petition under the CFPB rules.  The CFPB’s rationale for disclosing the name of entities that file formal petitions to modify or set aside a CID is that the name of a company is not “commercial” information under FOIA exemptions.  However, Judge Moss’s focus on a test that weighs the interests and harms of public disclosure seems more appropriate in the context of a non-public government investigation. 
  • Second, the differences between the court’s and the CFPB’s views regarding the consequences of being named as a target of a government investigation—especially when that investigation is in its early stages and there have been no claims asserted—are significant.  Whereas Judge Moss described as “commonsense” the fact that disclosure of an investigation by federal authorities would inflict “significant” reputational and possibly financial harm, [9] the CFPB dismissed identical claims as “remote” and stated that “the mere fact that [an entity] would suffer embarrassment as a result of [its] associations with law enforcement investigations is not the type of ‘harm’ that justifies confidentiality.” [10] 
  • Third, although the district court case did not involve a CFPB formal petition to set aside, Judge Moss did discuss the possibility of the CFPB making such a theoretical petition by the John Doe Companies publicly available, and noted that, were the CFPB to do so, “it is likely that [the John Doe Companies] would have an opportunity to seek judicial review (and potentially interim relief) on grounds similar to those they advance here.” [11]  Judge Moss may thus be providing a potential opportunity for companies considering filing a formal petition to set aside a CID to seek federal district court relief to require the CFPB to keep confidential the name of the company (for example, by filing a formal petition to set aside or modify at the same time as filing an under-seal lawsuit in federal court seeking an injunction against publication of the company’s name).

Although the playing field is still by no means even, and companies in receipt of a CFPB CID still face the need to make difficult decisions in a compressed timeframe, the John Doe Companies opinion may provide some assistance to those who face broad requests that the Staff is unwilling to modify and do not want the price for challenging those requests to be the “significant” reputational and financial harm that would accompany public disclosure as a target of a CFPB investigation.  Companies seeking to challenge CFPB actions related to CIDs should evaluate their options and may consider the court’s decision in the John Doe Companies as part of that process.

[1] John Doe Company 1, et al. v. CFPB, No. 1:15-cv-1177, ECF No. 16 (Oct. 16, 2015).

[2] See Decision and Order on PHH Corporation’s Petition to Modify or Set Aside Civil Investigative Demand at 3, In re PHH Corporation, No. 2012-MISC-PHH Corp-0001 (Sept. 20, 2012),[3] 12 C.F.R. § 1080.6(b).

[4] 12 C.F.R. § §1080.14.

[5] See Decision on Request for Confidential Treatment at 4-6, In re Great Plains Lending, LLC, Mob

iloans, LLC, and Plain Green, LLC, at 4, 6-7, No. 2012-MISC-Great Plains Lending-0001 (Sept. 12, 2013), (“[T]he mere fact that Petitioners would suffer embarrassment as a result of their associations with law enforcement investigations is not the type of ‘harm’ that justifies confidentiality.”).  The CFPB noted that its position is consistent with FTC practice.  Id. at 10.

[6] John Doe Companies at 3.

[7] John Doe Companies at 4, 7.

[8] John Doe Companies at 7-8.

[9] John Doe Companies at 7-8.

[10] See Great Plains Lending at 7. 

[11] John Doe Companies at 5.

This publication/newsletter is for informational purposes and does not contain or convey legal advice. The information herein should not be used or relied upon in regard to any particular facts or circumstances without first consulting a lawyer. Any views expressed herein are those of the author(s) and not necessarily those of the law firm's clients.

Return to top of page

Email Disclaimer

We welcome your email, but please understand that if you are not already a client of K&L Gates LLP, we cannot represent you until we confirm that doing so would not create a conflict of interest and is otherwise consistent with the policies of our firm. Accordingly, please do not include any confidential information until we verify that the firm is in a position to represent you and our engagement is confirmed in a letter. Prior to that time, there is no assurance that information you send us will be maintained as confidential. Thank you for your consideration.

Accept Cancel