ARM industry members who are operating under enforcement orders from the CFPB or any other federal or state agency are facing submitting company information as well as copies of the orders on the CFPB’s Nonbank Registry. Large-market participants get to go first and may register starting October 16, assuming that the registration website is available by that date. In the meantime, because the CFPB has published its Nonbank Registration Filing Instructions Guide, anyone who is bound by the rule can prepare for their submission by compiling the information necessary for registration as a user on the Registry site, and for the actual registration of their Order(s). This 71-page behemoth work instruction seeks to help registrants to register their company accurately and completely, and then to properly identify, classify, and upload their relevant orders.

Keep in mind that once you start to enter information into the portal, whether you are registering your company, creating a password, or entering and managing your orders, if you leave the site, close the site or refresh the site, you will lose all of the information you have input. There is no mechanism to save your work and come back later. That’s why I advocate a process I’ll steal from French cooking—mise en place–which means reading the entire recipe, then gathering up and preparing all the ingredients, so that when you have the heat on, you are ready to go. Identify the information that applies to you and have it at hand. For example, you will need identifying information that you might not normally use very often, such as any of the following if they are applicable to your company: LEI, Taxpayer ID Type, Taxpayer EIN, NMLS ID, RSSD ID, EDGAR CIK and HDMA ID. You’ll need all of these that are applicable to your company.

Before you get started, be sure you know who is going to be the point of contact for your company related to your registry entry. The manual makes it clear that the POC is the person who will receive email correspondence related to the portal entries. The POC can also designate company users—others who may be responsible for administration or updates to the company’s information.

Use the same diligence in gathering information about the enforcement Orders that you have to register. You will need details such as docket, case or tracking number assigned by the court or government entity issuing the order, a list of the specific laws the order alleges were violated, the jurisdiction of the court, and the type of court, effective date of the order, expiration date, information about the government entity that issued the order if it’s not a court order, and more. If you have multiple orders, you’ll be entering this information for each order. You will need a clear and fully executed PDF file of each order to upload as well.

This article does not provide a complete list of the information you will be providing in the portal. Our goal is to emphasize that completing registration and entering the orders is a detail-oriented process that will take time. Changing the information you have entered after the fact, depending on what you need to change, may require opening a Support Ticket with the CFPB help desk, the email address for which is provided in the manual. This is a job where doing it right the first time is preferred. The CFPB has offered free training sessions that cover how to complete the form. One has already occurred, and the second training is scheduled for Wednesday, October 9 at 1:30 pm Eastern. To register for the event, click here.

The Nonbank Registration Filing Instructions Guide can be obtained here.

insideARM take: 

Frankly, any process that requires a 71-page instruction manual for its users should be simplified. The information it requests is available to the CFPB via public searches in PACER, the court system websites, state regulator websites, NMLS, the through the non-public Sentinel database, and through its relationships with regulators in all 50 states. We realize that the CFPB wants to create a one stop shop for information about past enforcement actions to which financial services organizations have been subjected, but it seems like overkill. The fact that an organization has been subjected to enforcement in the past does not mean that it is a bad actor now. Tainting a new relationship with a consumer with potentially irrelevant information of which companies may be required to inform consumers seems to have an underlying detrimental purpose.

On September 24, the Consumer Financial Protection Bureau (CFPB or Bureau) announced a significant development in its efforts to implement open banking rules in the United States. The Bureau has initiated a public comment process for the first application from an organization seeking recognition as an open banking standard-setter.

In our previous post, we discussed the CFPB’s final rule issued in June 2024, which outlined the qualifications for becoming a recognized industry standard setter body (Standard Setter Rule). These bodies will play a pivotal role in issuing standards for companies to comply under the forthcoming Personal Financial Data Rights Rule under Section 1033 of the Consumer Financial Protection Act (Section 1033 Rule).

The CFPB’s Standard Setter Rule identifies five key attributes that standard setters must demonstrate to gain recognition:

• Openness: The process must be open to all interested parties, including public interest groups, app developers, and financial firms.
• Transparency: Procedures must be transparent and publicly available.
• Balanced decision-making: No single special interest should dominate the process. The decision-making power to set standards must be balanced across all interested parties, including consumer and other public interest groups.
• Consensus: Standards development must proceed by consensus, with fair consideration of comments and objections.
• Due process and appeals: The body must use documented, publicly available policies and procedures, including adequate notice of meetings, time for review, and an impartial appeals process.

According to the Bureau, these attributes are designed to ensure that the standard-setting process is inclusive, transparent, and fair, ultimately leading to the development of effective open banking standards that serve the interests of all stakeholders, especially consumers. In furtherance of that goal, the Standard Setter Rule also states that when an organization applies for recognition, the CFPB may publish the application and seek public input. This process is designed to enable stakeholders who believe the application is deficient in some respect to bring such evidence to the CFPB’s attention. In response to comments, or to the CFPB’s own analysis, applicants may choose to adjust applications before final resolution.

The Bureau is now seeking public comment on the first application for recognition as an open banking standard-setter, submitted by the Financial Data Exchange (FDX). To review the FDX application and submit comments, visit the CFPB’s Application for Open Banking Standard Setter Recognition website. Other applications published for public comment will also be posted at the same location. We will continue to follow and report on these developments.

Editor’s Note: This article, authored by Kristen E. Larson, John L. Culhane, Jr. & Ronald K. Vaske of Ballard Spahr, previously appeared on Ballard Spahr’s Consumer Finance Monitor and is re-published here with permission. 

Editor’s Note: This article, authored by Rachel Ommerman, Virginia Bell Flynn & Brooke Conkle previously appeared in Troutman Pepper’s Consumer Financial Services Law Monitor and is re-published here with permission.