Featured Expert Contributor, White Collar Crime & Corporate Compliance


By Gregory A. Brower, a Shareholder with Brownstein Hyatt Farber Schreck, LLP in Las Vegas, NV and Washington, DC with Sarah Auchterlonie, a Shareholder in the Denver, CO office.

On September 6, 2018 the U.S. Court of Appeals for the Fifth Circuit raised the standard under the Consumer Financial Protection Act (CFPA) (12 U.S.C. § 5562(c)(2)) for the specificity in a Bureau Civil Investigative Demand’s notification of purpose. In Consumer Financial Protection Bureau v. The Source for Public Data, Case No. 17-10732 (5th Cir. Sept. 6, 2018), the CFPB sent a CID to Source for Public Data, Inc., a company that provides records from local, state, and federal agencies about individuals through an internet-based search engine. The CID stated that its purpose was to investigate “unlawful acts and practices in connection with the provision or use of public records information.” It referenced the Fair Credit Reporting Act (FCRA).

The Fifth Circuit held that the CID’s notification of purpose did not sufficiently “state the nature of the conduct constituting the alleged violation which is under investigation and the provision of law applicable to such violation,” as required by the CFPA. It further noted the breadth of the FCRA—which by our count has at least 71 different provisions a person could violate—and that merely naming the statute did not meet the requirement that the CID identify the provision of law applicable to the violation.

This is the second court to reject a nonconforming CFPB notification of purpose. The D.C. Circuit in 2017 refused to enforce a CID whose stated purpose was to investigate “unlawful acts and practices in connection with accrediting for-profit colleges.” Consumer Financial Protection Bureau v. Accrediting Council for Independent Colleges & Schools (ACICS), 854 F.3d 683, 690 (D.C. Cir. 2017). In ACICS, the D.C. Circuit said that the CFPB didn’t clearly have jurisdiction over the accrediting of for-profit colleges and thus refused to enforce the CID. The Fifth Circuit in Public Data, however, focuses less on the market under review and more on the quality of the notice provided to the investigation subject.

The Fifth Circuit declares that to conform to the CFPA, it must have a notification of purpose that tells a court “what the inquiry actually is.” Likewise, to assess whether the CFPB’s demand is “unreasonably broad or burdensome,” the court must know if the CID recipient is the investigation target. The court explains, “it would be reasonable for the CFPB to demand more information from a target of an investigation than a third party, but this Notification of Purpose does not indicate whether Public Data or one of its clients is the target of the investigation.” This is a big deal in CFPB-land.

The CFPB’s enforcement policy is to not identify investigation targets, rather, each CID has its own investigation “subject.” And the CFPB has, for the past seven years, followed a formula in fashioning its CID notifications of purpose in a way that is intentionally opaque. This veil of secrecy often has legitimate law enforcement goals. In other instances, it can enable a fishing expedition and unnecessarily prolong an investigation. Experienced attorneys for subjects of CFPB investigations usually employ gamesmanship with the CFPB’s CID modification process to pierce the veil of secrecy and narrow the investigation. Very few litigate.

Now, however, the Public Data opinion might give those responding to CIDs more strategic options. Ideally, Public Data should inspire the Enforcement Office to reconsider its Obama-era policy. The Public Data opinion indicates a renewed drive toward requiring federal agencies to be more accountable to courts and investigation subjects for justifying the necessity and burden of its investigations.