The effect of Dodd-Frank and the CFPB has started us down a new road of regulatory risk. Particularly for SMBs, addressing the risk, building a new portfolio of compliance activities and solutions has become mission critical. Numerous segments of the marketplace are calling this the rise of a fourth branch of government – one that is a heavy burden for all of America, but especially SMBs and the middle class.
Without the help of Congress and the Legislative Branch, government agencies are making law. They call it rulemaking, regulations, interpretations, guidelines and all of these carry the power of law. In fact, a strong argument can be made that the work product coming out of this new 4th branch (referred to as “underground regs”) rises above being mere laws, thanks to a number of factors, briefly listed here:
1. ENFORCEMENTS – Is the bureau playing “Let’s Pretend?” They find an appropriate case and defendant to prosecute an action that would be illegal if the law covered it and it clearly applied to the particular facts in a way the agency wished it did. Then they convince the court to assist by applying the Judicial Deference Doctrine. When the case is won for the bureau it’s used to establish a new law, providing precedence for further enforcements.
2. JUDICIAL DEFERENCE – A legal doctrine routinely followed by courts at all levels, deciding that, where an agency associated with the regulation and claiming to be assisting the court and Congress by framing a law the way Congress intended and clearing up any ambiguities. The agency is given deference over the claims of individual plaintiffs (a built-in summary judgment in favor of the government). And so, the regulators are not only making new law but have convinced the court to aid and abet.
3. ADMINISTRATIVE COURTS AND JUDGES – The best way to build the 4th branch is simply to move everything into the Administrative Courthouse. Why bother with the legislative or judicial branches – move everything in-house. And as shown by the red underlined above, from CFPB.gov, the bureau has their choice of enforcing against “violators” in either federal district court OR an administrative “proceeding.” In a recent, blatant example of agency power, a ruling by an administrative judge regarding CFPB charges against the PHH Corporation for violating the law regarding alleged kickbacks in referring mortgage clients to a specific reinsurance provider, the judge, based on statutes of limitations in the law, fined the defendant company $6.4 million dollars. Then, in April, 2016 the CFPB Director (in his first administrative appeal) overturned that penalty, saying that statutes of limitations contained in the law and applied by the courts do not apply to an administrative proceeding and the fine could have/should have been higher. He adjusted the fine upwards 17-fold to $109 million dollars. PHH has appealed. The case will go to an
The American Bar Association has called the decision “startling.” The former CFPB deputy enforcement director for litigation who was in charge of the administrative case during her tenure at the CFPB stated “If the court of appeals upholds it or doesn't reverse it, then 10 years from now, the Bureau could attempt to go back to its ‘live date' in 2011 or even earlier to pursue remedies and penalties for conduct long since over, so the potential exposure is pretty huge.” Article and Analysis from the ABA
4. EXECUTIVE ORDERS – These are a double-whammy . . . a way to grow power while, at the same time, weakening the other two branches; the President and his or her agencies are uniquely partnered in furthering political agendas to shape public policy any way they wish. These two branches partner in many ways, leaving out the public, courts and our elected officials to push their agenda to reality.
In his Executive Order blocking all property of any person significantly engaged in a cyber-attack, President Obama: (see critique by EFF.org )
o “malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States. I hereby declare a national emergency to deal with this threat.”
o “responsible for or complicit in, or to have engaged in, directly or indirectly, in cyber-enabled activities . . . (or is)
o complicit in . . . the use of . . . trade secrets reasonably likely to (be) a significant threat to the . . . economic health or financial stability of the United States.”
o (Makes) “any contribution or provision of funds, goods, or services by, to, or for the benefit of any person whose property and interests in property are blocked pursuant to this order;”
o “All agencies of the United States Government are hereby directed to take all appropriate measures within their authority to carry out the provisions of this order.”
5. AMICUS BRIEFS – Agencies can insert themselves into the argument by submitting amicus briefs. If the case doesn’t arise by an agency suit, they can still get a foot in the door under the guise of assisting judges to fully understand the government’s position.
If all of this is true, it supports the belief of this 4th Regulatory Branch. Its arrival began in earnest with the enforcement of consumer protection statutes. The enforcements and rulemaking are the second phase of this new environment named RB4. To some extent it can be said that most RB4 activities are adversarial to the best interests of SMBs and the effects are serious and systemic.
The risk and the point of contact between regulators and SMBs centers around compliance. Our company began this year marketing a Compliance Management System, fully populated with operating procedures, training and a complaint database. It also contains a robust Data Security module populated with Best Practices documentation and templates for business recovery plans. Our pricing and features get the job done and when used effectively, will help businesses become compliant with CFPB and related agency requirements. SMBs are increasingly (1) becoming aware of the risks, and (2) seeking solutions for their compliance needs, especially to satisfy the CFPB requirement for a compliance management system.