April 1, 2015
Authored by: Steven Smith and Lauren Caisman
On January 27, 2015, the Consumer Financial Protection Bureau (“CFPB”) issued Compliance Bulletin 2015-01 as a “reminder” of certain confidentiality and disclosure requirements related to CFPB examinations and investigations. Though the CFPB’s Bulletin did not cite examples of historic violations, those subject to the CFPB’s authority should assess their practices, particularly in litigation, with respect to the disclosure of information and be sensitive to the Bulletin’s message in doing so.
The Bulletin provides warnings of two types of potential violations. One type arises out of a financial institution’s obligations with respect to “confidential supervisory information (CSI).” Examples of CSI include but are not limited to:
- CFPB examination reports and supervisory letters;
- All information contained in, derived from, or related to those documents, including an institution’s supervisory Compliance rating;
- Communications between the CFPB and the supervised financial institution related to the CFPB’s examination of the institution or other supervisory activities; and
- Other information created by the CFPB in the exercise of its supervisory authority.
Specifically, according to the Bulletin, a supervised entity may commit a violation if it discloses CSI or other “confidential information” to a third party without CFPB consent. This is true even if the supervised entity enters into a non-disclosure agreement with a third party.