Banking Exchange Magazine Logo

Q&A: Understanding CFPB's exam mindset

Bureau's Peggy Twohig takes aim at risks to consumers—even the risks they aren't aware of

Peggy Twohig of CFPB at an ABA regulatory panel. She says "There is deep precedent on what a deceptive practice is." Peggy Twohig of CFPB at an ABA regulatory panel. She says "There is deep precedent on what a deceptive practice is."

Peggy Twohig likes to take a hands-on approach to financial regulation. This attitude shows in two ways, one personal and the other professional.

Twohig, initially hired in 2010 to head the Consumer Financial Protection Bureau’s (CFPB’s) nonbank supervisory team, currently serves as assistant director for supervision policy, the head of an office in the bureau’s Supervision, Enforcement, and Fair Lending Division. Before a short stint at the Treasury Department, she spent 17 years at the Federal Trade Commission (FTC) working on enforcement and policy matters related to consumer financial services.

“Because of my profession, I push myself to try things out as a consumer that I wouldn’t naturally do,” says Twohig. “While I have a bit of a leg up considering the work I do, sometimes I am befuddled, puzzled, or even frustrated by some of what I encounter, like many consumers.”

Back when she worked at the FTC, for example, Twohig decided she would use the internet to comparison shop for a pending mortgage refinance, which is something that the FTC stressed in its consumer advisories. “Trying to compare and contrast all the options turned out to be incredibly difficult,” maintains Twohig. “One reason was that lenders used so many different names for the various fees.”

In a related vein, Twohig, being an attorney in consumer finance, serves as a family financial “go-to” person. “I hear my relatives’ experiences and that helps inform me on some of the issues that consumers deal with.” For example, a niece recently experienced a medical billing issue—a charge she’d never learned of surfaced when it was handed over to a debt collection agency—and Twohig encouraged her to submit a complaint.

On the professional front, Twohig also likes the direct approach. “I require my policy staff to go out at least once a year on exams to make sure they understand the exam process and the challenges that our examiners face—it’s a difficult job,” she points out. Some of her staff attorneys and analysts came from examination backgrounds, but for some of them, this is all new.

She, too, will periodically join an exam team—not just observing, but putting herself at the disposal of the group’s top examiner for work. Digging into the daily exam tasks helps her understand the field, which is important because one of the roles of her CFPB section is advisory.

“The way I look at it,” says Twohig, “the examiners are our clients, and we’re like an in-house expert consulting firm trying to make sure we support them so they can do the best job possible.”

Twohig’s supervision policy section works directly with the supervision field force. Typically, each CFPB team that visits a bank has a designated supervision policy person on call. “My office is organized by product market teams,” maintains Twohig. “These are attorneys and analysts who are experts in those markets, who know the issues and how laws and regulations apply.”

Twohig and her staff set the priorities and strategic focus of CFPB’s entire supervision program, and her office also consults with the exam force regarding the direction of exams and the scope of individual exams.

When an issue arises in an exam in one region, her team works to inform other regions’ examiners in order to bring it to their attention and to ensure consistency.

When issues arise in an exam that are not clear-cut, members of the team analyze the matter, coordinate with other CFPB functions, and brief the exam team so they can cite the issue in their examination report. For Twohig, this is important not only for the sake of ensuring consistency in bank supervision, but among the many nonbanks that also fall under CFPB jurisdiction. CFPB regards exams from a functional regulation viewpoint—the type of services under review is the focal point, not the type of company providing the service.

The following dialog has been edited for both flow and clarity.

Q1. You were part of the team that set up CFPB from a nearly blank slate. How did you apply past experience to that?

A. It was exciting to have a fresh start, to decide whether to do things the same way that other regulators had done them or to do some things differently. One decision from the get-go was to not have separate cadres of examiners looking at banks and nonbanks. Our examiners look at both. That helped to ensure that we could fulfill our mission of looking with the same lens across both marketplaces, to level the playing field.

That was something new. State regulators typically separate those functions. I was told by one state regulator that what we were trying to do would never work. Well, we did it anyway. Five years later, I’m glad we did, because it’s helped us accomplish the mission and be flexible with our workforce overall.

Some of our staff who had come from other agencies had to get used to this difference. They were used to supervision on an entity basis, on a reg-by-reg basis. Likewise, it was different for them to work for an agency that prioritized and directed exams based on our ongoing assessment of risks to consumers. They’d come from agencies where, normally, exams were scheduled based on a calendar cycle.

UDAAP is an example of why our approach is different. Early on, someone here from a prudential regulator background was suggesting one institution-wide UDAAP exam. I didn’t see how you could do that. Where would you start? The essence of Unfair, Deceptive, or Abusive Acts and Practices kind of depends on what exact practices you are talking about, product market by product market.

The notion of constantly learning and improving is baked into our DNA. We’ve had the opportunity to be iterative, instead of being an agency that’s always done things a certain way and where it’s assumed that you’ll always do it that way.

Q2. I’d like to better understand the prioritization process. How does it work?

A. Fundamentally, our prioritization approach is based on our assessment of risks to consumers. Many factors go into which markets we prioritize. Then, within those markets, we look at which particular entities we want to focus on, for various reasons. Factors include inputs like complaints, and things our staff in the field has seen developing.

Typically, in examinations, our teams are focusing on one particular product line—not the full range of products a company offers. It might be mortgage servicing or mortgage origination, for example. Sometimes, within the selected product area, we want to focus further. Take mortgage servicing: There, we may be looking at how defaulted loans are serviced and how the company handles loan modification. Those have been priorities for some time.

Sometimes, we have strategic priorities where we are prioritizing, say, consumer reporting. Not just consumer reporting agencies, which CFPB is doing for the first time, but also the inputs to consumer reports by furnishers.

Q3. How much would you have to see of a particular kind of complaint for bells to go off and for you to make it a priority?

A. Complaints are important. They represent feedback from consumers in terms of what’s going on in the marketplace. They inform our process, but they are just one input. There are some areas where consumers don’t even know to complain, so complaints aren’t the be-all and end-all. For example, take adverse action notices that you have a right to receive, but which you may not know you have a right to get. You wouldn’t know to complain.

I was at the FTC in the run-up to the Great Recession. The FTC didn’t get many complaints about mortgages then. In some instances, consumers didn’t know that they were being deceived about the terms of the mortgages. We had some investigations where the first time the consumer learned they had received a balloon loan, instead of a regular amortizing loan, was when FTC’s investigator told them so.

Complaints are important, especially to the companies receiving them. In a good compliance management system, complaints are not only responded to—and we look for that at CFPB—but they should also be analyzed. For example, is there a root cause for multiple complaints, such as a marketing representation that consumers are being deceived by? Is there some system issue that needs to be looked at?

Q4. I’ve been in conference sessions running as long as two hours where compliance officers have tried to parse what is and isn’t a UDAAP problem. Some bankers, on the other hand, apply the simple “would you sell it to Mom” test. How do you think bankers should be thinking about UDAAP now that the concept has had time to gestate out there in the industry and at CFPB?

A. It’s interesting for me to hear expressions like, “Now that it’s out there,” given my career at FTC. The FTC has been enforcing unfair and deceptive acts and practices law for decades, as applied to different types of markets and situations. So one way to think about UDAAP is to consider the history.

There’s deep precedent on what a deceptive practice is. No one should be surprised that those basic principles will be applied to financial services. In fact, with respect to nonbanks, at FTC, it was applied to financial services practices.

Now, take unfairness. The law has elements regarding this that need to be applied. A factual basis must support each element. The nature of unfairness, and UDAAP in general, is that it can be applied to practices that may be new or evolving.

People fail to understand the nature of unfairness—that problematic practices can arise that can be addressed with application of existing law to the facts. We don’t necessarily have to devise a new regulation every time one entity or a few are doing something that’s a problem.

Now, take the abusive part of UDAAP. Contrary to some assertions by opposing counsel who are trying to stir the pot, there are elements of an abusive standard under existing law. Banks must look at how the bureau has applied this under UDAAP. I think those facts speak for themselves.

Q5. I’ve seen you on panels at conferences, and you have made the point more than once that CFPB has put a great deal of information out there. You’ve advised bankers to read the rule, read the regs, and read the consent decrees to get the picture.

A. That’s right. Our publicly posted exam manuals, industry bulletins, and outreach provide guidance to companies about what to expect. And we also publish our Supervisory Highlights periodically throughout the year. I think it’s a novel communication tool, where a regulator, without breaking supervisory confidentiality, reports on the kinds of things we’re finding in our supervisory work. I think it’s a very valuable tool.

And the other thing I say a lot is that the frequency with which we examine a particular financial institution will depend on our evaluation of the consumer risks they pose. The more we are convinced that a company has a robust compliance management system, the more they have things under control in terms of compliance and protecting consumers, the less they’re going to see of us.

We want companies that we supervise to know they can reach out to us. If you have questions about our supervisory program or expectations, please contact us. As shown by Supervisory Highlights, it is important to us that industry knows what we are focusing on and finding as we supervise institutions. Companies can use this valuable information to review their own practices and make any adjustments needed to ensure compliance.

Q6. Crossing the $10 billion threshold—where direct CFPB supervision and more begins—has come to be a major milestone for banks, especially as the industry continues to consolidate. Banks plan for it. What advice would you give institutions nearing that mark?

A. Again, look at what we publish, especially in terms of our expectations for compliance management systems. That would go a long way to understanding what we are looking for. But I would also encourage those banks to reach out to our regional directors. If they believe they are about to cross the threshold, if they haven’t heard from us already, they can start a dialog. We definitely encourage that kind of conversation.

Q7. More and more of my reporting concerns innovation and services being offered on devices like iPhones. How is this changing the game? Is this only a challenge, or is it also a solution, in terms of compliance and consumer protection?

A. I think it’s both. Mobile services are an extension of the innovations and technology advancements over the last couple of decades. We here at CFPB are monitoring developments across the marketplace. As a consumer, I can see benefits, such as the ability to comparison shop. My work, however, is focused on supervision.

But there’s more to technology than that, and something we are increasingly focusing on in our supervisory work are the third-party compliance systems that both banks and nonbanks sometimes rely on. I’m not talking about mobile apps, but the behind-the-scenes technology that drives and supports compliance.

Sometimes, those systems can be a problem in terms of compliance. In the future, we are going to be looking at those kinds of service providers directly through our supervisory work. And one aspect of that will be to make sure we have the capability in-house to understand this technology.

This article originally appeared in the "7 Questions" section of the August-September 2016 Banking Exchange magazine.

Subscribe to Banking Exchange

back to top


About Us

Connect With Us



How to get the most out of Data and AI
with Ravi Loganathan from Sardine
and President of Sonar

Wednesday, July 24, 2024 at 11 AM ET / 8 AM PT

In this webinar we will cover:


This webinar is brought to you by:

SardineBanking Exchange