skip to main content

Our White Collar & Regulatory Defense group has unparalleled experience and expertise, and is among the most respected and successful in the United States. We regularly represent Fortune 500 companies and their executives and boards in connection with investigations by federal and state enforcement authorities, and in courtrooms nationwide. We excel at developing creative and successful strategies and defenses for responding to or preventing government investigations and enforcement proceedings.

CFPB Rescinds Policy of Restraint on Enforcing “Abusive” Prohibition

March 12, 2021 Download PDF

On March 11, 2021, the Consumer Financial Protection Bureau (CFPB) rescinded a policy statement issued in January, 2020 by then-Director Kathy Kraninger that adopted restraint in the agency’s enforcement of the prohibition on “abusive” acts and practices.[1] Acting Director David Uejio described the policy statement as flawed and announced that the CFPB would enforce the abusive prohibition just like any other provision of law. This move was expected and is part of the CFPB’s renewed aggressiveness under the Biden Administration.[2]    

The Dodd-Frank Act prohibits any covered person or service provider from engaging in unfair, deceptive, or abusive acts or practices (“UDAAP”).[3] Case law and guidance on unfairness and deception had been developed by the Federal Trade Commission under its Section 5 authority, but “abusive” was an innovation by Dodd-Frank and has caused regulated entities considerable trepidation as to how it would be applied. Under Dodd-Frank, an act or practice is abusive if it

(1) “materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service” or

(2) takes unreasonable advantage of: (a) a lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service; (b) the inability of the consumer to protect its interests in selecting or using a consumer financial product or service; or (c) the reasonable reliance by the consumer on a covered person to act in the interests of the consumer.”[4]

On January 24, 2020, Director Kathy Kraninger adopted a policy statement that signaled that the CFPB would take a restrained approach to enforcing the abusive prohibition in light of the “significant challenges” to regulated entities posed by uncertainty over its meaning.[5] The statement[6] adopted three principles:

  • The CFPB intended to focus on citing or challenging conduct as abusive if it “concludes that the harms to consumers from the conduct outweigh its benefits to the consumer.”
  • The CFPB would generally avoid challenging acts or practices as abusive if the agency was relying on the same underlying conduct and facts for an unfairness or deception claim.
  • Absent unusual circumstances, the CFPB did not intend to seek civil penalties or disgorgement if a covered person made good-faith efforts to comply with the abusiveness standard.

In rescinding this policy statement, the CFPB stated that, going forward, it “intends to exercise its supervisory authority consistent with the full scope of its statutory authority under the Dodd-Frank Act as established by Congress.”[7] The CFPB also asserted that the principles set forth in the policy statement “do not actually deliver clarity to regulated entities” and that these principles “have the effect of hampering certainty over time.”[8] This is because the Bureau’s commitment to not cite abusiveness when it was also citing deception or unfairness had the effect of “slowing” the Bureau’s ability to clarify the abusiveness standard by articulating abusive claims as well having courts rule on such claims. The CFPB also stated that, going forward, it would consider “good faith, company size, and all other factors it typically considers as it uses its prosecutorial discretion,” but it would no longer treat abusiveness differently


Regulated entities should expect that CFPB examiners and enforcement lawyers will cite abusiveness violations with more frequency, even if deception and unfairness violations are also cited. Uncertainty, however, persists as to how the CFPB will apply the abusiveness standard in a range of fact patterns, making it difficult to assess whether a given product or practice will be found to be in violation. Among other things, there is a concern that the CFPB could use the abusiveness standard to impose heightened disclosure obligations (and even duties inching towards fiduciary-like duties) in certain circumstances based on the nature of the customer relationship and/or the degree of the product or service’s complexity

But even without abusiveness, the deception and unfairness standards provide significant discretion in the hands of an aggressive CFPB. For all these reasons, companies should consider refreshing their reviews of products, practices, and disclosures to identify and minimize UDAAP risk. To account for the uncertain boundaries of the UDAAP prohibition, some companies attempt to identify UDAAP risk by testing against a series of more open-ended fairness standards. In any event, careful evaluation of UDAAP risks helps demonstrate good faith, which may be beneficial in the event of CFPB scrutiny.

Meanwhile, President Biden’s nomination of Rohit Chopra to be CFPB Director continues to be considered by the Senate. Following Chopra’s confirmation hearing, he garnered an evenly split vote by the Senate Banking Committee. Nevertheless, he is expected to move forward to a full Senate vote. During his hearing, Chopra discussed mortgages, student loans, credit reporting, and debt collection, indicating that they are priority areas, particularly during the pandemic. He emphasized the need for CFPB oversight to ensure that more borrowers do not lose their homes to foreclosure during the pandemic or otherwise experience financial injury as forbearance periods and other accommodations begin to lapse. He also addressed tech companies, stating that it will be “critical for the CFPB to take a hard look at how big tech companies and others are entering the financial services, the impact on our privacy and our personal data.” [9] On the topic of enforcement, he noted that at the FTC “we lay the hammer on small business. We go after individuals. We take everything...,” but lamented that regulators do not do the same for larger firms “even though the law is exactly the same.” 

We look forward to providing further updates as the new CFPB takes shape.

                                                                                                    *       *       *


[1]      CFPB, Statement of Policy Regarding Prohibition on Abusive Acts or Practices; Rescission, (March 11, 2021).

[2]      See Paul Weiss Client Memorandum, The Coming Transformation of the CFPB in the Biden Administration: What to Expect and How to Prepare (Feb. 1, 2021).  

[3]      12 U.S.C § 5531.

[4]      12 U.S.C § 5531(d).

[5]      CFPB, Press Release, CFPB Announces Policy Regarding Prohibition on Abusive Acts or Practices, (Jan. 24, 2020).

[6]      CFPB, Statement of Policy Regarding Prohibition on Abusive Acts or Practices, (Jan. 24, 2021).

[7]      CFPB, Press Release, Consumer Financial Protection Bureau Rescinds Abusiveness Policy Statement to Better Protect Consumers, (March 11, 2021).

[8]      CFPB, Statement of Policy Regarding Prohibition on Abusive Acts or Practices; Rescission, (March 11, 2021).

[9]      Senate Banking, Housing and Urban Affairs Committee Holds Hearing on Pending Nominations (March 2, 2021).

© 2024 Paul, Weiss, Rifkind, Wharton & Garrison LLP

Privacy Policy