CFPB Authority
Comerica Bank v. CFPB
Date: Nov. 8, 2024
Issue: Whether the Consumer Financial Protection Bureau exceeded its authority by investigating the U.S. Department of the Treasury’s Bureau of the Fiscal Service’s Direct Express program, which distributed benefits via debit cards.
Case Summary: Comerica Bank sued the CFPB in Texas Federal Court, alleging the bureau exceeded its authority under the Consumer Financial Protection Act and Dodd-Frank Act by investigating the U.S. Department of the Treasury’s Bureau of the Fiscal Service’s Direct Express program, which distributed benefits via debit cards.
Fiscal Service created the Direct Express program to provide recipients of federal benefits with consumer-friendly debit card accounts through which they can receive and use benefit payments. In 2008, Fiscal Service conducted a competitive selection process and chose Comerica to be the service provider for Direct Express. Comerica has remained the service provider for Direct Express throughout the program’s existence. Fiscal Service has exercised oversight and control over the program since its inception.
In 2021, CFPB launched its investigation of Comerica’s administration of Direct Express by issuing a Civil Investigative Demand (CID). Comerica asserted that it incurred significant legal fees and expended substantial resources by providing the requested information in its CIDs. Afterward, CFPB informed Comerica it was considering legal action, including bringing a claim alleging Comerica’s customer service practices in connection with Direct Express constituted an unfair or abusive act or practice (UDAAP).
In its complaint, Comerica made four main claims. First, Comerica claimed CFPB’s allegation that its customer service deficiencies are UDAAPs exceeds the bureau’s statutory authority under the CFPA. Comerica argued the Bureau characterized alleged customer service deficiencies, such as long call wait times, as UDAAPs. But Comerica noted that Congress did not delegate unfettered discretion to CFPB to declare any practice a UDAAP and impose potentially crippling penalties for those who allegedly engaged in that putatively illegal practice. In Comerica’s view, CFPB’s attempt to characterize call wait times and other customer service practices as a “substantial injury” for a putative unfairness claim is not a reasonable interpretation of the CFPA.
Second, Comerica claimed CFPB’s allegations that it did not have proper fraud controls exceed the Bureau’s statutory authority under the CFPA. CFPB claimed Comerica’s security controls were inadequate because they failed to prevent and detect particular account takeover fraud, resulting in unauthorized electronic fund transfers. Comerica claimed it satisfied all requirements to resolve these transfers under the EFTA. Even still, Comerica claimed that CFPB threatened a UDAAP enforcement action. Comerica emphasized there is no support for the bureau’s view that a bank can comply with its obligations under EFTA while still violating the CFPA, and CFPB should not be allowed to circumvent EFTA’s framework.
Third, Comerica claimed CFPB’s current funding method violates the Appropriations Clause and the Dodd-Frank Act. Comerica noted that CFPB’s funding is subject to the requirements of the Appropriations Clause, which requires that executive agencies be funded by “appropriations made by law.” Comerica highlighted that the relevant “law” providing funding for the CFPB is the Dodd-Frank Act, which authorizes the CFPB to draw public funds from a particular source, the “combined earnings” of the Federal Reserve System. Yet, there are currently no “earnings” that can be drawn from the Federal Reserve System because the Federal Reserve has not made a profit since 2022. Thus, Comerica contended that CFPB is being funded from the Federal Reserve’s deficit, and any action the bureau takes using such unappropriated funds, such as investigating Comerica, is unlawful.
Finally, Comerica claimed the CFPB’s enforcement activity violates Comerica’s constitutional due process rights. Constitutional due process requires Comerica to have fair notice that CFPB would attempt to regulate specific categories of activities before the Bureau engaged in them. Comerica asserted that CFPB’s attempt to characterize certain customer service practices and failures, which functioned as security controls to detect account takeovers as UDAAPs, exceeded any reasonable interpretation of the CFPA or EFTA. Comerica contended that CFPB’s threat to bring enforcement actions founded in these new interpretations of UDAAPs violated Comerica’s due process rights because Comerica lacked fair notice that CFPB would adopt such expansive and flawed interpretations of the CFPA.
Bottom Line: CFPB’s answer to Comerica’s complaint is due Jan. 15, 2025.
Documents: Complaint