Warren accuses Mulvaney of hobbling CFPB under guise of data security

CFPB architect wants answers on acting director’s actions

Sen. Elizabeth Warren, D-Mass., has never been shy when it comes to defending the Consumer Financial Protection Bureau, the agency she helped form after the financial crisis.

So it should come as no surprise that Warren is finding fault in Mick Mulvaney’s actions since Mulvaney, who also serves as director of the Office of Management and Budget, took over as the CFPB’s acting director.

What may come as a bit of surprise is that Warren appears to believe that Mulvaney is actively working to “halt and weaken critical agency functions” at the CFPB.

Warren makes these claims in a letter sent late last week to Mulvaney, whom she refers to only as the OMB Director, and to Leandra English, whom Warren calls the acting director of the CFPB.

Just before former CFPB Director Richard Cordray stepped down in November, he promoted English to deputy director, which then positioned her to take over as acting director upon Cordray’s departure.

But the Trump administration fought back against Cordray’s chosen line of succession and installed Mulvaney, who frequently criticized the agency while serving in Congress, as acting director.

That set off a legal battle over who was really in charge of the CFPB, but a federal judge sided with Trump, handing control to Mulvaney until the Senate confirms a permanent CFPB director.

And while Warren refers to English as the CFPB’s acting director, Mulvaney is the one in charge at the bureau, and Warren takes issue with several of his actions.

Namely, Warren is concerned about Mulvaney’s decision to freeze the collection of consumer data.

According to Warren’s letter, on December 4, Mulvaney halted the collection of all personal information by the CFPB, citing information security concerns.

Warren’s letter states that Mulvaney made the move in response to a report from the CFPB inspector general, but Warren states that Mulvaney’s response went too far and is impacting the bureau’s ability to regulate the companies it oversees.

“Like Director Mulvaney, I take ‘data security very, very seriously’ and share his conviction that institutions – whether government agencies or private companies – must be responsible stewards of the sensitive consumer data they hold,” Warren writes in the letter. “However, after reviewing the reports, their recommendations, and CFPB’s response, I believe Director Mulvaney’s actions are unjustified and that he inappropriately used the reports as a pretext to halt and weaken critical agency functions.”

According to Warren, the CFPB “cannot fulfill its core functions” without collecting personal information from consumers. According to Warren, CFPB bank examiners “regularly” use account-level data to detect improper and unlawful activity.

“Given how integral these data are to these basic CFPB functions, I fear that the freeze in data collection has in practice fundamentally changed how the CFPB interacts with its regulated entities, particularly in the Division of Supervision, Enforcement and Fair Lending,” Warren writes.

Warren says there her staff has obtained internal CFPB documents that “confirm these fears.”

According to Warren, after Mulvaney issued the directive to halt the collection of personal information, CFPB Assistant Director for Supervision Examinations Paul Sanford sent an email to all the bureau’s bank examiners, directing them to stop sending requests for information to any supervised company “until we issue additional guidance.”

No longer being able to request information from companies effectively halted CFPB examinations, Warren contends.

“Assistant Director Sanford’s instruction to CFPB staff has undermined the agency's work in both the short term and long term,” Warren writes. “In the short term, it halted all examination activity, with no clear timeline on when guidance would be issued that would allow these activities to be restarted.”

According to Warren, Sanford’s email does not prevent CFPB examiners from obtaining information when performing on-site examinations, but it does prohibit them from loading that information onto the CFPB system.

Warren says that those restrictions threaten to “seriously hamper the pace and effectiveness” of CFPB examinations and are “already having a significant impact on the flow of information to CFPB examiners.”

Warren also says that her staff has been told by “several sources” that CFPB enforcement attorneys have been “banned” from reviewing electronic evidence obtained in discovery.

“There is no basis for Director Mulvaney’s orders,” Warren writes. “Director Mulvaney claims that the cybersecurity issues at the agency are so serious that it justifies ignoring congressional mandates, but the IG reports on which he bases his claims demonstrate that the agency’s cybersecurity policies are robust and any problems with them are not nearly serious enough to support the action Director Mulvaney has taken.”

According to Warren, Mulvaney took these actions not to safeguard data, but rather to limit the effectiveness of the CFPB.

“This fact pattern indicates actions taken by Director Mulvaney were not necessary to address cybersecurity problems at CFPB,” Warren writes. “Instead, Director Mulvaney’s actions appear to be aimed at hobbling the agency by inappropriately using the IG reports as a pretext.”

In the letter, Warren asks Mulvaney a series of questions related to the moves and wants Mulvaney to respond by Jan. 19, 2018.

To read Warren’s letter in full, click here.

Most Popular Articles

3d rendering of a row of luxury townhouses along a street

Log In

Forgot Password?

Don't have an account? Please