Earlier this year, the Consumer Finance Protection Bureau (CFPB) published a request for information (RFI) for vendors in order to better understand capabilities and strategies as it considers proposing a registration system for non-bank financial institutions.
Why Is the CFPB Considering a Registration System for Non-Banks?
The CFPB seeks to protect consumers and promote fair, transparent and competitive markets through regulations. Under Dodd-Frank Act, the bureau regulates or oversees the activities of non-banks including mortgage originators, mortgage brokers and servicers, and services that provide foreclosure relief or loan modifications to consumers. Other non-banks under the CFPB’s supervision include private education lenders and payday lenders, as well as “larger participants” in the auto finance, debt collection, consumer reporting and money services business marketplace.
The idea behind a registration system for these non-bank entities is that it would help the CFPB in its mission to prevent harm to consumers.
This is not the first time the CFPB has raised the possibility of such a registration system; it was identified in both the bureau’s Fall 2015 and Spring 2016 rule making agendas as an area under consideration.
What Did the RFI Include?
The RFI was specifically targeted toward systems and technology vendors, and asked about respondents’ capabilities to automate and collect data about non-banks’ structure, operations and finances.
Capabilities explored in the RFI included:
- How and when authorized users and members of the general public could access information about registered non-bank entities.
- Under the proposed system, registrants and authorized CFPB personnel would also have unique identifiers and systems permissions, so respondents to the RFI were asked to provide details about their capacity to meet these access parameters.
- The system would also have built-in workflows, including alerting and notifying users at various steps and access levels, to facilitate and maximize usefulness of the information captured. Workflows would also assist with the verification of registrants’ information and with periodic registration renewals.
- In order to allow the CFPB to use collected information in furtherance of its mission, it will also be critical that the system allow for reporting and data mining, providing the capability for both regular and systematic reporting as well as ad hoc reports, so respondents were tasked with outlining their ability to provide such reports.
- Implementing a new system is never an easy task, so the RFI also asked vendors to provide information about their capabilities for project management, training, maintenance and support services.
- Lastly, vendors were asked to provide information addressing their proposed systems’ compliance with the Federal Information Security Management Act, and verifying their commitment to implementing cybersecurity controls.
By gathering all of this information, the CFPB will determine the availability of their systems “wish list” requirements, as well as the cost for implementing those requirements. Vendors were also informed that they may be asked to provide demonstrations of their systems capabilities.
What’s in Place Today
There is not a uniform registration system in place today for these types of non-bank entities; however, other regulatory and supervisory bodies have systems in place for their entities and personnel, so the idea is not novel.
Banks, credit unions and similar entities are mainly regulated by the Federal Reserve and registered with the Office of Thrift Supervision; broker-dealers are registered with the Financial Industry Regulatory Authority (FINRA); and investment advisers are registered with the U.S. Securities and Exchange Commission (SEC).
For those entities that could be covered under a new CFPB registration system, there are also certain systems already in place. For example, mortgage loan originators and mortgage companies are registered under the Nationwide Multistate Licensing System & Registry (NMLS). In fact, the vendor that owns and operates the NMLS, State Regulatory Registry LLC, announced that it responded to the RFI.
- A registration system for non-bank financial entities would allow the CFPB to exercise greater oversight and supervision of such entities, helping further its goals of protecting the public.
- The RFI’s questions were intended to measure vendors’ capabilities to meet systems requirements for a registration system that would allow for secure access and availability, streamline workflows and provide for periodic reporting.
- Given the widespread current use of the NMLS, it seems likely that the CFPB will choose State Regulatory Registry LLC to design and implement a new non-bank registration system, if a decision is ultimately made to do so. However, it is also possible that other vendors were able to create a compelling case for their systems capabilities and services.
Responses to the RFI were due on July 29, 2016, so it will likely take the CFPB some time to evaluate responses and determine whether it should continue evaluating the use of a registration system for non-bank financial entities.
It is important to note that the RFI does not, by itself, indicate that a registration system is imminent. However, when the RFI as an exploratory measure to gauge the systems capabilities is viewed in the context of the CFPB’s other published comments about implementing a non-bank registration system, it seems likely that such a system is forthcoming.