The Consumer Financial Protection Bureau (CFPB) is facing significant turmoil after the Office of Management and Budget's Acting Director Russell Vought ordered a freeze on much of the agency’s work, prompting two lawsuits from the National Treasury Employees Union (NTEU) and sowing chaos for the beleaguered regulatory agency.
The lawsuits challenge Vought’s directive to halt rulemaking and investigations, as well as his refusal to accept CFPB’s next funding disbursement, arguing that these moves unlawfully undermine the agency’s congressional mandate.
Additionally, personnel affiliated with the newly-established Department of Government Efficiency (DOGE) reportedly gained access to CFPB internal systems, and the agency’s website and X account have gone offline.
What’s the context here?
The unfolding legal battle highlights the broader implications of the Trump administration’s efforts to restructure federal agencies through DOGE.
Courts have already intervened to restrict DOGE’s access to sensitive Treasury Department data, and similar legal challenges are emerging against actions targeting USAID employees. The swift and unprecedented steps taken against CFPB suggest a targeted effort to limit its enforcement capabilities, aligning with the administration’s broader deregulatory agenda.
OK, but what did CFPB do exactly?
Established in 2011, as part of the Dodd-Frank Act, which in turn was the response to the 2008 mortgage and banking crisis, CFPB has been instrumental in enforcing federal consumer financial laws and ensuring fair treatment of consumers by financial institutions. Over the years, the CFPB has taken numerous enforcement actions against major companies, resulting in nearly US$20 billion in consumer relief and civil money penalties through its enforcement actions.
The agency has also been criticized for its investigation methodologies and its structure — the latter of which went all the way to the US Supreme Court in Seila Law v. Consumer Financial Protection Bureau, which found that funding for CFPB was legal.
What should in-house counsel consider?
For in-house counsel, these developments raise immediate concerns about regulatory uncertainty and potential shifts in enforcement priorities. Companies should closely monitor the legal status of existing CFPB rules and ongoing investigations, while also considering whether alternative regulators, such as state attorneys general, may step in to fill the void.
- What are the immediate compliance risks for our company during the CFPB shutdown?
- Even though the CFPB has halted operations, existing regulations and enforcement actions remain in effect.
- In-house counsel must assess whether pending investigations, supervisory exams, or enforcement actions involving the company are paused or could be revived later.
- Additionally, companies should ensure continued adherence to consumer protection laws to mitigate post-shutdown regulatory scrutiny.
- How will the shutdown impact ongoing regulatory guidance and rulemaking?
- Many companies rely on CFPB guidance for compliance and operational decisions. With work suspended, in-house lawyers must determine whether proposed rules or pending guidance (such as those related to junk fees or open banking) will be delayed or deprioritized, impacting long-term planning.
- Are state regulators or other federal agencies likely to step in and fill the gap?
- While the CFPB’s activities are paused, state attorneys general, state consumer protection agencies, and other federal regulators may increase their enforcement activities.
- In-house counsel should evaluate whether their industry or business practices could attract greater scrutiny from these alternative regulators.
- What should be communicated to internal stakeholders, customers, and business partners?
- Legal teams need to guide internal stakeholders on how to handle compliance matters and consumer complaints. CFPB is still the law and banks and service providers subject to CFPB are required to comply with its regulations.
- If vendors or partners rely on CFPB oversight, companies must assess potential risks and determine whether contingency plans are necessary.
- How should we prepare for potential legal challenges or changes in enforcement priorities if the CFPB resumes operations?
- If the CFPB returns to full functionality, it may ramp up enforcement actions to make up for lost time or shift priorities based on new leadership or political influences.
- Corporate counsel should analyze historical enforcement trends to anticipate potential risks and ensure readiness for renewed scrutiny.
Additionally, financial institutions should assess the implications of potential CFPB restructuring on compliance strategies, particularly given the agency’s past role in addressing issues like consumer banking access and data privacy enforcement.
Disclaimer: The information in any resource in this website should not be construed as legal advice or as a legal opinion on specific facts, and should not be considered representing the views of its authors, its sponsors, and/or ACC. These resources are not intended as a definitive statement on the subject addressed. Rather, they are intended to serve as a tool providing practical guidance and references for the busy in-house practitioner and other readers.
