The Consumer Financial Protection Bureau’s approach to regulation has always been distinct from other regulatory bodies. Rather than issuing clear-cut statutes that lay out a lot of specifics, the CFPB favors enforcement actions that financial institutions have to weigh against their own practices and then somehow implement.

CFPB Director Richard Cordray explained the bureau’s methods in a speech he gave last year to the Consumer Bankers Association:

“Likewise, our public enforcement actions have been marked by orders, whether entered by our agency or by a court, which specify the facts and the resulting legal conclusions. These orders provide detailed guidance for compliance officers across the marketplace about how they should regard similar practices at their own institutions.

“If the same problems exist in their day-to-day operations, they should look closely at their processes and clean up whatever is not being handled appropriately. Indeed, it would be ‘compliance malpractice’ for executives not to take careful bearings from the contents of these orders about how to comply with the law and treat consumers fairly.”

The first problem here involves the word “same.” There are so many variables in any given situation, how does a company know if those “same” practices exist in their day-to-day operations? It is very likely that some parts of a situation are similar, while others are not. At what point is the “same” threshold reached? 

Another red flag is the use of "compliance malpractice" when talking about such broad categories of conduct. It would be malpractice "not to take careful bearings." How is the CFPB going to judge whether a company has taken "careful bearings"? What does that even mean? 

And the term "treat consumers fairly" is impossibly broad. The CFPB is the one who should be defining, through specific regulations, what treating consumers fairly means to them. 

No doubt there are companies in the mortgage space, as in any industry, that intend to harm consumers, and the term "compliance malpractice" would describe them correctly. But there are also large numbers of individuals and companies in mortgage finance who want to do the right thing and would be able to do that if it were articulated clearly. It reminds me of the scene in Back to School when Rodney Dangerfield says, "Good teacher...he really seems to care. About what I have no idea."

Cordray addresses this very criticism in the next part of his speech to the bankers:

“Some have criticized this approach as regulation by enforcement, but I think that criticism is badly misplaced. Certainly any responsible official or agency charged with enforcing the law is bound to recognize that they should develop a thoughtful strategy for how to deploy their limited resources most efficiently to protect the public. That means working toward a pattern of actions that conveys an intelligible direction to the marketplace, so as to create deterrence that can be readily understood and implemented.

“The alternative is just a random series of actions that take a few wild swipes at the bad actors without systematically cleaning up the practices that harm consumers across the marketplace.”

Yes indeed, the alternative is just a random series of actions that don't benefit consumers.

If the explicit language of laws are hard to interpret — and they are; hence lawyers — and individual enforcement actions are several steps more difficult still, how in the world are individual companies supposed to correctly interpret, much less implement, “a pattern of actions” of enforcement?

But that’s exactly what the CFPB expects, and incidentally, makes no apologies for. In the same speech, Cordray said:

“Others have framed this criticism as a suggestion that law enforcement officials should think through and explicitly articulate rules for every eventuality before taking any enforcement actions at all. But that aspiration would lead to paralysis because it simply sets the bar too high.

“Particularly in an area like consumer financial protection, the vast majority of our enforcement actions involve some sort of deception or fraud. And courts have long noted that trying to craft specific rules to root out fraud or untruth is a hopeless endeavor, as they would likely fail to cabin ‘the ingenuity of the dishonest schemer.’

“For these reasons, we strive to present specific enforcement orders that meticulously catalogue the facts we have found in our very thorough investigations and set out the legal conclusions that follow from those facts. These specific orders are also intended as guides to all participants in the marketplace to avoid similar violations and make an immediate effort to correct any such improper practices."

I’m pretty sure no one expects a regulatory agency to “explicitly articulate rules for every eventuality before taking any enforcement actions at all.” That straw man argument has never been what the mortgage industry has asked for — companies just want to know what the rules are before they set up policies, procedures and operations, not after.

As for Cordray’s assertion that the exercise of writing more specific rules on the part of the CFPB would “set the bar too high” and lead to paralysis, it seems laughable on its face. Regulatory and law enforcement agencies manage to do this in every other area of our civic lives, so why the reluctance on the part of the CFPB?

Cordray asserts that protecting consumers in financial matters involves too many bad actors trying to do too many bad things to be accounted for in actual laws.

This is ludicrous.

Why then have specific laws protecting health care consumers? Are there not some really bad people peddling harmful drugs, treatments, equipment or surgeries? In the entire health care industry, are there not just as many schemes to defraud consumers as in the financial industry? Common sense, and the dozens of commercials for medical lawsuits on late-night TV, suggest otherwise.

On Monday, the issue of regulation by enforcement came up again when several CFPB regulators sat for a panel discussion at the Practicing Law Institute’s 22nd Annual Consumer Financial Services Institute in New York City.

And this is where regulation by enforcement gets even worse.

Ballard Spahr provides a very informative summary here, which details “particularly noteworthy comments.”

Among those, referencing comments by CFPB attorneys Anthony Alexis, assistant director for enforcement, and Peggy Twohig, assistant director for supervision policy, there's this:

“Mr. Alexis and Ms. Twohig discussed the CFPB’s process for deciding whether the CFPB will use a supervisory or an enforcement action to address violations found in an examination. Ms. Twohig indicated that the decision whether to refer a matter to enforcement is made by an Action Review Committee (ARC), which considers various factors such as the severity of the violation, the entity’s cooperation with the CFPB, and policy factors that include the need for the CFPB to send a public message of deterrence.”

Wait, what?

So, all other things being equal, it sounds like the CFPB might decide to take enforcement action against one particular company if they need to “send a public message of deterrence” to the whole industry.

That's right — your company might just be the unlucky tipping point for the agency.

Maybe they've seen five other companies doing the same thing. Instead of thinking to themselves, "Wow, we certainly failed in clearly articulating this regulation," they think, "Wow, this seems like a great time to let people know this is against the regulation, and this company would make a great example."

If I don't know something is against the law, how can I be held accountable for breaking it? A public message of deterrence would be unnecessary if the CFPB wrote more specific rules. And a public message of deterrence will be completely ineffectual anyway if particular companies can't see how it relates to their particular behavior.

And most importantly, a public message of deterrence should not be a reason for taking enforcement action against a particular company. 

Clear rules, clearly violated, deserve swift action. Violating broad rules and enforcement actions that require a decoder ring to interpret do not deserve the same level of punishment.

Talk about malpractice.