Individual Liability in CFPB Enforcement Proceedings

advertisement
May 28, 2014
Practice Groups:
Government
Enforcement
Consumer Financial
Services
Global Government
Solutions
Individual Liability in CFPB Enforcement
Proceedings
By: Jon Eisenberg
To date, the CFPB has brought 12 cases—out of more than three dozen total CFPB
enforcement cases—in which it named individuals as defendants or respondents liable for
violations of consumer protection statutes. Below, we consider the standards for individual
liability in CFPB cases, the actual cases that have been brought, and 10 lessons that can be
drawn from these cases.
1. CFPB Director Cordray’s Recent Statements on Individual Liability
A. The Current Regulatory Environment
Individual accountability is the regulatory catchphrase of the moment. In imposing a $10
million fine on a bank executive and a $7.5 million fine on a CFO for a bank’s alleged
disclosure violations, the New York Attorney General said, “This settlement is one more step
in our effort to hold top financial executives accountable for their actions.” In a March 2014
speech to the Exchequer Club, New York State’s Superintendent of Financial Services
focused almost exclusively on his intent to punish Wall Street executives and stated that
there was an “accountability gap” on Wall Street because “no single senior executive has
really been held to account” and that “real deterrence…means a focus not just on corporate
accountability, but on individual accountability.” The Chair of the SEC has made targeting
individuals a “core principle” of the SEC’s enforcement program on the theory that “when
people fear for their own reputations, careers or pocketbooks, they tend to stay in line.”
Indeed, the SEC highlights the fact that, as of the end of 2013, it had filed enforcement
actions against 70 CEOs, CFOs, and other senior officers in connection with its financial
crisis enforcement actions. The U.S. Treasury Department’s Undersecretary for Terrorism
and Financial Intelligence testified before Congress that the agency was focused on
“employing all the tools at the agency’s disposal to hold accountable those institutions and
individuals who allow our financial institutions to be vulnerable to terrorist financing, money
laundering, proliferation finance, and other illicit financial activity.” (emphasis added).
B. Director Cordray’s Statements
CFPB Director Richard Cordray recently became the latest regulator to weigh in on the issue
of individual accountability in his May 9, 2014, Remarks at the Federal Reserve Bank of
Chicago. Because these are, by far, his most detailed remarks on the issue of individual
accountability, we quote them at length below. Cordray stated:
An article on the same topic will be appearing in the July issue of Mortgage Banking magazine.
Individual Liability in CFPB Enforcement Proceedings
[W]e have also reflected in various settings that a company only acts through
individuals—both decision-makers and those who carry out decisions. This is nothing
new. It accords with time-honored principles of law, including those governing
relationships between the corporation and its employees and agents, principles of
vicarious liability, and the concept of piercing the corporate veil. These
determinations must be handled in a measured manner, but if treated properly they
can achieve just and effective results in more fully redressing legal violations. The
issues should not devolve into mere technical arguments about corporate form and
structure; instead they must represent the more straightforward concept of
accountability.
In other words, there are legitimate occasions where it is appropriate to pursue not
only the company that was a party to the consumer’s transaction, but also individuals
who were decision-makers or actors relevant to that transaction. And so the
Consumer Bureau has sued not only companies but also their executives in cases
where we are authorized to do so. Under the law, this includes not only a provider of
consumer financial products or services, but also, in certain cases, anyone with
“managerial responsibility” or who “materially participates in conduct of [its] affairs.”
We have named such individuals as parties in a variety of cases, and they have been
required to finance restitution to consumers and submit to injunctive relief. Individuals
have also been barred, sometimes permanently, from offering certain kinds of
financial products or services. And they have been referred to the Justice
Department for criminal prosecution in appropriate instances. The right response
depends on the circumstances, and different thresholds may apply to each of these
accountability measures, which are important supplements to simply imposing all
legal responsibility on the corporate entity itself.
This expands upon, and is consistent with, comments Director Cordray made last year about
individual liability. “I’ve always felt strongly,” he stated, “that you can’t only go after
companies. Companies run through individuals, and individuals need to know that they’re at
risk when they do bad things under the umbrella of a company.”
Cordray’s statements raise a number of interesting issues about personal liability in CFPB
proceedings. When is the CFPB authorized to bring actions against individuals? When does
it, in fact, sue individuals? What level of culpability is required? What level of involvement in
the underlying unlawful conduct is required? Is there true “vicarious” liability? What type of
relief does the CFPB demand? We turn to these issues below.
2. The CFPB’s Authority to Name Individuals Who Engage in Knowing or
Reckless Misconduct
The Dodd-Frank Wall Street Reform and Consumer Protection Act, which created the CFPB,
provides in Section 1036(a)(3) that:
1. “any person”
2. who “knowingly or recklessly”
3. provides “substantial assistance” to a covered person or service provider in violation of
Section 1031
2
Individual Liability in CFPB Enforcement Proceedings
shall be “deemed to be in violation of that section to the same extent as the person to whom
such assistance is provided.” We can think of this as the CFPB’s authority to sue aiders and
abettors of Section 1031 violations.
Section 1031, in turn, is the catch-all provision authorizing the CFPB to prevent “covered
persons” and service providers from engaging in an “unfair, deceptive, or abusive” act or
practice in connection with consumer financial products or services. Most CFPB
enforcement proceedings allege violations of Section 1031 even when the CFPB also sues
for violations of other consumer statutes. Thus, there is almost always a statutory basis for
bringing aiding and abetting claims if the CFPB is able to allege and prove knowing or
reckless misconduct.
3. The CFPB’s Authority to Name Individuals Who Engage in Non-Culpable
Misconduct
The CFPB, however, rarely wants to take on the burden of alleging and proving “knowing” or
“reckless” misconduct. Instead of relying on the aiding and abetting provision, it usually
alleges that individuals are themselves “covered” persons and, as covered persons, are
directly liable for violations of the relevant consumer statutes.
A. Covered Persons
The two obvious questions are who is a “covered person” and what must a covered person
do to violate a consumer protection law.
The term “covered person” includes:
1. any person that engages in offering or providing a consumer financial product or service;
2. any “affiliate” of such person if the affiliate acts as a service provider to such person; and
3. any “related person.”
An “affiliate” is a person that
1. controls;
2. is controlled by; or
3. is under common control with another person.
A “related person” is
1. any director, officer, or employee charged with managerial responsibility for, or controlling
shareholder of, or agent for, such covered person;
2. any shareholder, consultant, joint venture partner, or other person, as determined by the
Bureau (by rule or on a case-by-case basis) who materially participates in the conduct of
the affairs of such covered person; and
3
Individual Liability in CFPB Enforcement Proceedings
3. any independent contractor (including any attorney, appraiser, or accountant) who
knowingly or recklessly participates in any—
1. violation of any provision of law or regulation; or
2. breach of a fiduciary duty.
There is a carve-out, however, from the definition of a related person. The above persons
cannot be deemed related persons of bank holding companies, credit unions, or depository
institutions.
As a practical matter, the most likely candidates for individual liability are controlling persons
and persons who have “managerial responsibility” and persons who “materially participate” in
the affairs of the entity—owner operators and senior executives.
B. What Must an Individual Covered Person Do to Have Liability?
Section 1031 does not provide that a “covered person” is vicariously liable for the acts of the
entity. Rather, Section 1031 provides that the CFPB may take action to prevent a covered
person from itself “committing or engaging in an unfair, deceptive, or abusive act or practice.”
This suggests that by choosing not to rely on the aiding and abetting provisions in
1036(a)(3), the CFPB takes on the burden of proving that the individual defendant or
respondent deemed to be a covered person itself engaged in unfair, deceptive, or abusive
acts or practices. This is similar to the standard that federal banking regulators apply to
institution-affiliated parties under the Federal Deposit Insurance Act—in which federal
banking regulators may bring actions against individuals who themselves engage in a
violation of federal banking law but in which concepts of vicarious liability do not arise.
Below, we discuss representative cases in which the CFPB has brought actions against
individuals.
4. Suing the CEO and Vice President for Unlawful Bonus Payments
In July 2013, the CFPB sued a mortgage loan company, its president, and its vice president
for capital markets. The company had approximately 330 employees and originated over a
billion dollars of mortgage loans a year. The CFPB alleged that the defendants violated
consumer financial protection laws by paying quarterly bonuses to loan officers in amounts
that varied based on the interest rates of the loans they originated, with higher interest rates
resulting in higher quarterly bonuses.
The complaint alleged that both the company and individual defendants developed and
implemented a scheme by which the company would pay quarterly bonuses to loan officers
in amounts that varied based on the interest rates of the loans they originated; that the
president allegedly sanctioned and decided to implement the bonus program; and that the
vice president of capital markets allegedly calculated the amount of quarterly bonuses to be
paid each quarter. The CFPB charged that, because they “had managerial responsibility for
the Company and [have] materially participated in the conduct of its affairs,” the two
individuals were “related persons” and, thus, were liable for the violations to the same extent
as the company.
The district court entered injunctive relief against all three defendants imposed a judgment of
“equitable monetary redress” of $9.2 million “against Defendants, jointly and severally,” and
4
Individual Liability in CFPB Enforcement Proceedings
imposed a $4 million fine “against Defendants, jointly and severally.” Because the monetary
relief and the fine were entered “jointly” against the defendants, the company defendant
could pay the entire amount.
5. Suing the Owner/CEO for Collecting on Loans that Failed to Comply With
State Usury Laws
In December 2013, the CFPB sued an online loan servicer, its individual owner/CEO, its
subsidiary, and its affiliate. The CFPB alleged that the defendants attempted to collect on
hundreds of thousands of small loans that violated state usury laws, and it rejected the
defense that those laws did not apply to its business because it was based on an Indian
reservation and owned by a member of an Indian tribe. The complaint alleged that the
owner/CEO had managerial responsibility and was thus a “related person,” and that he
“knew or should have known” about the allegedly violative practices. The complaint seeks
an injunction as well as restitution, disgorgement, and civil money penalties against the
defendants.
6. Suing the Owner/CEO for Violating RESPA Anti-Kickback Provisions
In January 2014, the CFPB sued a mortgage loan originator and its owner/president for
allegedly violating the anti-kickback provisions in RESPA by paying above-market rental fees
in exchange for mortgage referrals. The complaint alleged that the individual defendant was
a “related person” because he had managerial responsibility and materially participated in
the company’s affairs; that he had insisted on the arrangement; and that he had signed the
lease agreement. The CFPB issued a cease and desist order against both the corporate
entity and the individual, issued a disgorgement order against the corporate entity alone, and
issued a civil money penalty against both respondents “jointly and severally.”
7. Suing Owners/Officers for Offering Deceptive Debt-Relief Services
The CFPB has named individuals as defendants in a number of cases against companies
marketing debt-relief services in an allegedly deceptive manner. In fact, most of the CFPB’s
debt relief services cases involve claims against individuals (as well as against entities). The
individuals were often both the owner and the CEO (or the primary lawyer in the case of a
law firm defendant), they were involved in day-to-day operations and developed the business
model, and they often directly engaged in the debt-relief sales efforts on the company’s
behalf.
The complaints sometimes allege that the individuals “knew or should have known” of the
allegedly unlawful conduct. They contain language such as the individual “approves, ratifies,
endorses, directs, controls, and otherwise materially participates in the conduct of the
company’s affairs.” In cases that have been settled, the monetary relief is typically entered
“against Defendants, jointly and severally,” which means that the individual may avoid liability
if the company pays the entire amount.
8. Cases in Which Individuals Are Not Named
As important as the cases in which the CFPB has named individuals are the cases in which it
has not. In just over two-thirds of its enforcement cases, the CFPB has not named any
5
Individual Liability in CFPB Enforcement Proceedings
individual defendants or respondents. None of the CFPB’s 10 largest settlements name
individuals. None of the CFPB’s cases against public companies name individuals. None of
the CFPB’s cases name non-officer directors. None of the CFPB’s cases name low-level
officers or employees as individual defendants or respondents.
9. Practice Pointers
The fact that the CFPB focuses on individuals means that practitioners also have to be alert
to making sure that individuals are vigorously represented before the CFPB. When the staff
gives any indication that it contemplates potentially recommending an action against an
individual (or when the facts otherwise suggest that as a realistic possibility), careful
consideration should be given to retaining separate counsel for the individual and making a
separate NORA submission. An individual submission will often focus less on whether there
were violations of consumer protection laws and more on the individual’s background, good
faith, and relative absence of involvement in the alleged violations.
On the other hand, it is important not to overreact as well. More than two-thirds of CFPB
enforcement cases involve no individual defendant. Bringing in separate counsel may send
exactly the wrong message when the staff otherwise had not even contemplated the
prospect of recommending an action against an individual. A middle course may be to bring
in “shadow counsel.” The role of shadow counsel is to make sure the individual’s interests
are being protected, but not to formally surface in the investigation.
10. Insurance and Indemnification
Defending against CFPB investigations and proceedings can be expensive. Individuals
should review and pursue their rights to advancement of legal fees, indemnification, and
insurance coverage. The CFPB often takes the position that defendants may not seek
reimbursement from insurance carriers or others for any penalties imposed, but has not
taken the same position with respect to advancement and reimbursement of legal fees or the
payment of monetary relief other than penalties, such as consumer restitution.
Conclusion
We draw the following 10 lessons from enforcement cases that the CFPB has brought
against individuals to date:
1.
Owners are, by far, the most commonly named individual defendants. For relatively
small companies, the CFPB may make little distinction between what the company
does and what the owner/operator of the company does. Arguments about corporate
form may not have much impact in that setting.
2.
When the CFPB has named individuals, it has not relied on theories of vicarious
liability or relied exclusively on their status as owners or officers—rather, it has typically
alleged that the individuals were involved in the allegedly unlawful conduct.
3.
Although the CFPB has authority to name individuals as aiders and abettors if it
alleges that they engaged in reckless or knowing misconduct, the CFPB rarely relies
on the aiding and abetting provision to name individuals. That creates the odd
dynamic that the authority Congress most clearly provided for the CFPB to bring cases
6
Individual Liability in CFPB Enforcement Proceedings
against individuals is almost never used by the CFPB when it actually brings cases
against individuals.
4.
The CFPB rarely names individuals in cases against large companies. That makes
sense because the larger the company, the less likely it is that there will be an owner
or senior officer that was culpably involved in the alleged misconduct. Moreover, the
statute itself limits the CFPB’s authority to sue individuals associated with bank holding
companies, credit unions, and depository institutions.
5.
To date, the CFPB has not named individuals in the CFPB’s 10 largest settlements or
the CFPB’s cases against public companies. The CFPB also has not named nonofficer directors or low-level officers or employees as individual defendants. There are
good reasons for this.
6.
In most cases when it has named individuals, the CFPB has been willing to enter into
settlements in which the company and the individual are jointly responsible for the
monetary relief. That allows the company to pay the entire amount. There is no
assurance, however, that this will always be the case.
7.
CFPB investigations can be expensive. Individuals should carefully review their rights
to advancement, indemnification, and insurance.
8.
Practitioners need to be alert to the possibility the CFPB staff will recommend naming
an individual. Depending on the circumstances, individuals may be well served by
being separately represented and making separate NORA submissions. Submissions
by individuals will often focus less on whether there were violations at all, and more on
the individual’s good faith and the relative absence of involvement in the violation.
9.
On the other hand, practitioners should also avoid overreacting. Given that more than
two-thirds of CFPB proceedings do not name individuals, separate representation may
be premature absent an indication by the staff that it contemplates recommending an
action against an individual. Indeed, separate representation may send exactly the
wrong signals to the staff. In close cases, “shadow counsel” may be appropriate to
provide completely independent advice to the individual without formally surfacing in
the investigation.
10.
Finally, because the CFPB is a young agency, it is wise to provide the usual cautionary
observation—we know what the CFPB has done so far, but we do not know what
twists and turns it will take in the future.
Author:
Jon Eisenberg
jon.eisenberg@klgates.com
+1.202.778.9348
7
Individual Liability in CFPB Enforcement Proceedings
Anchorage Austin Beijing Berlin Boston Brisbane Brussels Charleston Charlotte Chicago Dallas Doha Dubai Fort Worth Frankfurt
Harrisburg Hong Kong Houston London Los Angeles Melbourne Miami Milan Moscow Newark New York Orange County Palo Alto Paris
Perth Pittsburgh Portland Raleigh Research Triangle Park San Diego San Francisco São Paulo Seattle Seoul Shanghai Singapore Spokane
Sydney Taipei Tokyo Warsaw Washington, D.C. Wilmington
K&L Gates comprises more than 2,000 lawyers globally who practice in fully integrated offices located on five
continents. The firm represents leading multinational corporations, growth and middle-market companies, capital
markets participants and entrepreneurs in every major industry group as well as public sector entities, educational
institutions, philanthropic organizations and individuals. For more information about K&L Gates or its locations,
practices and registrations, visit www.klgates.com.
This publication is for informational purposes and does not contain or convey legal advice. The information herein should not be used or relied upon in
regard to any particular facts or circumstances without first consulting a lawyer.
© 2014 K&L Gates LLP. All Rights Reserved.
8
Download