The Hedgehog and the Fox: A Regulatory Parable

The 7^th century BCE Greek lyric poet, Archilochus, observed: "the fox knows many things, but the hedgehog knows one big thing.”[i] Twenty-two centuries later, Erasmus transliterated Archilochus’s dictum by precisely rendering it into the Latin aphorism: “multa novit vulpes, verum echinus unum magnum.”[ii] When it comes to these two ways of thinking and acting, things didn’t change much between the 7^th century BCE and the 16^th century CE, when Erasmus penned his elucidation.

Isaiah Berlin, the British political philosopher, whose life span stretched nearly the whole 20^th century,[iii] wrote a well-known essay in 1953, inspired by Archilochus’s apothegm. It was entitled “The Hedgehog and the Fox: An Essay on Tolstoy's View of History.”[iv]

Of Berlin’s essay, Arnold Toynbee, one of the great historians of our time, wrote:

“This fragment of verse by the Greek poet Archilochus describes the central thesis of Isaiah Berlin's masterly essay on Tolstoy, in which he underlines a fundamental distinction between those people (foxes) who are fascinated by the infinite variety of things and those (hedgehogs) who relate everything to a central, all embracing system.”[v]

Since its inception, it seemed clear to me that the Consumer Financial Protection Bureau (the “Bureau”) is a hedgehog. It tends to view the world through the lens of a single defining idea: consumer financial protection. In accordance with this idea, the Bureau exercises this vision through a single, predominant, and coherent framework of regulations. As a hedgehog, the Bureau stays focused on this one foundational principle and repeatedly, unvaryingly, and rigidly seeks to implement that overriding proposition by applying the same methods and solutions, usually to the exclusion of other possible remedies.

This predilection is not simply a matter of judgment or style. Hedgehogs actually have one grand theory which they seek to extend into many domains, furthering their rule through a fervent belief in the guiding principle. They express their views with confidence; assurance; coolness; obstinacy; unrelenting drive; generally rigid adherence to an impliable mission; unwavering obedience and devotion to a regnant objective; a proclivity to roll results up into an aggregate value; and, a tendency to express themselves with such idiomatic phrases as “mission critical,” “the ends justify the means,” “by and large,” “ball-park figure,” “jack-of-all-trades,” “grand strategy,” “seeing the larger picture,” and “the system is the solution.” Usually, hedgehogs have a unique vision that gives rise to the ability to notice complex circumstances and discern the underlying patterns. In effect, their reach exceeds their grasp. Examples of hedgehogs are Plato, Dante, Proust and Nietzsche.

Residential lenders and originators (the “RMLOs”) are, as a group, foxes - they draw on a wide variety of experiences and do not believe for a second that the world can be boiled down to a single idea, evinced through an all-embracing framework, howsoever cogent it appears to be.

Foxes are skeptical about grand theories. They are constrained in their forecasts, and adaptive to actual events. They tend to be more accurate in their predictions than hedgehogs, since they are more agile in assigning probabilities to their expectations. While hedgehogs see the larger picture, thereby missing opportunities, foxes notice each and every pixel contributing to it, and thus quickly find opportunities. Because the fox is acutely aware of each part of the whole, it devises complex strategies to gain an advantage on the hedgehog. Often, it succeeds in its plans due to this advantage.

The kinds of idiomatic expressions that foxes use are “zero in on something,” “devil's in the details,” “under construction,” “mixed feelings,” “barking up the wrong tree,” “at this stage,” “first in class”, “trying something new,” and “let’s get another pair of eyes on this matter.” Foxes are centrifugal: they pursue divergent ends and usually possess a sense of reality, which keeps them from designing a logistical framework that purports to contain all possibilities. They instinctively know that complexity does not conduce to a unitary structure. Although foxes may have a broad vision and much agility in complex interactions, often their grasp exceeds their reach. Examples of foxes are Montaigne, Balzac, Goethe and Shakespeare.

Foxes pursue many ends at the same time, with much energy and cunning. They see the world in all its complexity. Hedgehogs simplify a complex world into a basic principle or concept that unifies and guides everything. Foxes tend to be scattered, diffused, and inconsistent. For hedgehogs, the world is reductive; that is, all challenges and dilemmas are reduced to simple hedgehog ideas, and anything that does not correlate to the hedgehog idea is without relevance. Hedgehogs see what is essential and ignore the rest.

Generally, the fox’s style is often deprived of rigorous models, specific goals, and global metrics. Foxes learn incrementally, over many iterations of experience. The foxy RMLO has a succinct advantage in swaying the hedgehog Bureau, because it nimbly responds to new information, constantly reconfiguring its market knowledge in reaction to changing circumstances. Such vital information leads to greater performance and the ability to provide solutions that open up new ways for the Bureau to fine tune its single overarching vision.

The Bureau has set compliance effective dates in January 2014 for many new rules that will affect RMLOs. As these rules go into effect, we enter the New Year noting a rather obvious example of the hedgehog’s vision and the fox’s hastening to fulfill it. Their relationship is bound by the unwavering path of the Bureau and the serpentine path of the RMLO. The Bureau’s grand vision presents a broad plan of action that must be implemented. In complying with the Bureau’s rules, the RMLO must bestir itself to be particularly attuned to working with the minutiae of details that are a part of the practical experience of actually originating and servicing residential mortgage loans.

In 2014, here are three questions to keep in mind about the relationship between the Bureau and the RMLO:

1) How prepared is your financial institution to comply with the Bureau’s expectations?

2) Are you ready to implement the Bureau’s complex requirements?

3) Does your company act like the visionary hedgehog or the nimble fox?

Foxes are cunning and have the advantage of knowing how reality works, poking holes in the hedgehog’s grand scheme of things, even as the many spindled hedgehog rolls into a big bulky ball. But beware of that ball! The hedgehog and the fox have learned never to underestimate each other. Although the fox is clever, swift, skilled in action, and knows many tricks, the hedgehog knows one big decisive trick: it can roll itself into a ball of sharp and painful spikes! 

______________________________________________________

Jonathan Foxx

President & Managing Director

Lenders Compliance Group

Brokers Compliance Group

National Mortgage Professional Magazine - December 2013

---

[i] Archilochos (c. 680–c. 645 BC) was a Greek lyric poet from the island of Paros in the Archaic period.

[ii] Adagia, ("Erasmus") Desiderius Erasmus Roterodamus (October 27, 1466-July 12, 1536), Paris, 1500, from Robert Bland, Proverbs, Chiefly Taken from the Adagia of Erasmus, with Explanations; and Further Illustrated by Corresponding Examples from the Spanish, Italian, French & English Languages, Volumes 1-2, London, 1814

[iii] Sir Isaiah Berlin, (June 6, 1909-November 5, 1997), British social and political theorist, philosopher and historian of ideas.

[iv] Berlin, Isaiah, The Hedgehog and the Fox: An Essay on Tolstoy's View of History, Weidenfeld & Nicolson, London, 1953.

[v] Idem

The Enforcement Powers of the Consumer Financial Protection Bureau

For several months, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) has implemented a spate of enforcement actions against banks and nonbanks. My interest in this article is neither to re-litigate those cases nor single out any particular financial institution for further scrutiny.* Sometimes we must learn our lessons at somebody else’s expense, rather than to castigate another for unseemly conduct. None of us, however, is absolved of the responsibilities, the violations of which could lead to enforcement actions against us or the financial institution where we are employed.

It is important, therefore, to have some sense of what is meant by the term “enforcement,” especially with respect to the CFPB’s authorities. The CFPB received a host of enumerated laws and related authorities on July 21, 2011[i], and, pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”), a concomitant set of defined rules were established[ii] that gave the Bureau numerous enforcement powers, including the powers to conduct investigations and implement enforcement actions to enforce federal consumer financial law.[iii]

For instance, Section 1052 of the Dodd-Frank authorizes the CFPB to engage in joint, interagency investigations and requests for information, including matters relating to fair lending. Though the statute specifically provides that, “where appropriate,” the Bureau may conduct “joint investigations” with the Secretary of Housing and Urban Development, the Attorney General of the United States, or both, it also sets forth lengthy provisions governing subpoena powers and civil investigative demands.

______________________________________________________

IN THIS ARTICLE

 Hearings and Adjudications

Scope of Legal Remedies

Blowing the Whistle on Violations

Policy Statement and Whistleblower Protection

Locking Horns with the Department of Labor

______________________________________________________

Hearings and Adjudications

On November 7, 2011, the Bureau issued CFPB Bulletin 2011-04 (entitled “Enforcement”),[iv] the first in a series of bulletins relating to policies and priorities of the Bureau’s Office of Enforcement. The Bulletin announced that before the CFPB commences an enforcement proceeding, it may (or may not) give the subject of the proceeding notice of the nature of the potential violations and may (or may not) offer the subject the opportunity to submit a written statement in response. The Bulletin also gave specific instructions regarding the submission requirements of the written statement, such as the paper size, spacing, font size, and length, while also mandating that the response had to be received by the CFPB by no more than 14 calendar days after the notice.[v]

Almost a year after the CFPB received its authorities, it adopted rules, on June 29, 2012, regarding the procedures it expected to follow when investigating whether a “person” (a legal term for an individual or entity) is or has been engaged in conduct that would constitute a violation of any provision of federal consumer financial law.[vi]

Indeed, Dodd-Frank authorizes[vii] the Bureau to conduct hearings and adjudication proceedings to ensure or enforce compliance with the following applicable items:

Title X, which established the Consumer Financial Protection Bureau as an independent agency within the Board of Governors of the Federal Reserve System, including any rules prescribed by the CFPB under Title X; and

“… any other Federal law that the Bureau is authorized to enforce, including an enumerated consumer law, and any regulations or order prescribed thereunder, unless such Federal law specifically limits the Bureau from conducting a hearing or adjudication proceeding and only to the extent of such limitation.”

Furthermore, Section 1053 of Dodd-Frank sets forth the rules for Cease-and-Desist proceedings and enforcement orders.

Statutorily, Dodd-Frank authorizes the CFPB to apply to the United States district court within the jurisdiction of which the principal office or place of business of the person is located, for the purposes of enforcing any effective bulletin or notice, outstanding notice, or order.

Thus it was that, soon after the Bureau announced its rules for investigating violations, in July 2012 the CFPB announced its first enforcement action. That action consisted of a consent order in which Capital One agreed to refund $140 million to 2 million customers and pay a $25 million penalty. The enforcement was the consequence of alleged deceptive marketing tactics used by Capital One’s vendors to coax consumers into paying for add-on products when they activated their credit cards.[viii]

Dodd-Frank authorizes the CFPB to commence a civil action against any person who violates a federal consumer financial law and to impose a civil penalty or to seek all appropriate legal and equitable relief including a permanent or temporary injunction.

When commencing a civil action, the Bureau must notify the Attorney General and, with respect to a civil action against an insured depository institution or insured credit union, the appropriate prudential regulator. Except as otherwise permitted by law or equity, no action may be brought under Title X more than three years after the date of discovery of the violation.

Indeed, the CFPB published an interim rule regarding its awarding of attorney fees and other litigation expenses in certain situations, as required by the Equal Access to Justice Act.[ix]

Scope of Legal Remedies

The CFPB has extensive authorities to not only investigate violations of federal consumer protection laws but also implement broad enforcement relief.

Consider this list, which I do not assert to be comprehensive. These legal remedies are held to be “without limitation:”

• Rescission or reformation of contracts
• Refund of money
• Disgorgement and refund of various types of assets
• Return of real property
• Restitution
• Disgorgement or compensation for unjust enrichment
• Payment of damages or other monetary relief
• Public notification regarding the violation (including the costs of notification)
• Limits on the activities or functions of the person
• Civil monetary penalties

Indeed, Dodd-Frank authorizes the court in a court action, or the CFPB in an administrative proceeding, to grant “any appropriate legal or equitable relief with respect to a violation of federal consumer financial law, including a violation of a rule or order prescribed under a federal consumer financial law.”[x]

Social Media and Networking

When you think of advertising, do you include social media? These days, most of you do!

However, social media compliance - which I shall call "SMC" - is a considerable undertaking, far more involved than just issuing a policy and procedure. Often, implementing SMC includes working with internet technology and information security professionals, collaborating with sales, compliance, legal, marketing, and human resources personnel, and ensuring that virtually all employees understand their own obligations with respect to using internet communications.

We have drafted SMC policy statements that call for constant vigilance by management and appointed staff to monitor for and find the appropriate remedies to transgressions relating to use of a company's name, logo, products, and services, in casual and even formal social media interactions.

Recently, Federal Financial Institutions Examination Council (FFIEC) issued a request for comments, entitled Social Media: Consumer Compliance Risk Management Guidance ("Notice"). FFIEC issued this notice on behalf of its six members, Office of the Comptroller of the Currency (OCC); the Board of Governors of the Federal Reserve System (Board); the Federal Deposit Insurance Corporation (FDIC); the National Credit Union Administration (NCUA); the CFPB (collectively, the "Agencies"); and the State Liaison Committee (SLC). Succinctly put, whatever the federal agencies eventually adopt, the states will issue the final guidance as a supervisory guidance not only to the institutions that are, by extension, under its supervision but also through the State Liaison Committee, thereby encouraging state regulators to adopt the guidance.

This means that institutions will be expected to use the forthcoming guidance in their efforts to ensure that their policies and procedures provide oversight and controls commensurate with the risks posed by their social media activities. State agencies that adopt the guidance will expect the entities that they regulate to use the guidance in their efforts to ensure that their risk management and consumer protection practices adequately address the compliance and reputation risks raised by activities conducted via social media.

In this article, I will consider certain features of FFIEC's social media Notice as well as some important subjects to be addressed in constructing an SMC policy and procedure.*

_______________________________________________________

IN THIS ARTICLE

Defining Social Media

Use of Social Media

Risks of Social Media

Risk Management

Risk Areas

Laws and Regulations

Major Risks

Policy and Procedures

_______________________________________________________

Defining Social Media

Social media has been defined in a number of ways. For purposes of the proposed guidance, the Agencies consider social media to be a form of interactive online communication in which users can generate and share content through text, images, audio, and/or video. 

Social media can take many forms, including, but not limited to, micro-blogging sites (i.e., Facebook, Google Plus, MySpace, and Twitter); forums, blogs, customer review Websites and bulletin boards (i.e., Yelp); photo and video sites (i.e., Flickr and YouTube); sites that enable professional networking (i.e., LinkedIn); virtual worlds (i.e., Second Life); and social games (i.e., FarmVille and CityVille).

A simple test to distinguish social media from other online media is that the social media communication tends to be more interactive.

_______________________________________________________

Use of Social Media

Financial institutions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback from the public, and engaging with existing and potential customers.

For instance, social media has been used to receive and respond to complaints. They have been used to provide loan pricing. Since this form of customer interaction tends to be informal and occurs in a less secure environment, it presents some unique challenges to financial institutions.

To manage potential risks to financial institutions and consumers, however, financial institutions should ensure their risk management programs provide oversight and controls commensurate with the risks presented by the types of social media in which the financial institution is engaged.

_______________________________________________________

Risks of Social Media

The use of social media by a financial institution to attract and interact with customers can impact a financial institution’s risk profile. 

The increased risks can include the risk of harm to consumers, compliance and legal risk, operational risk, and reputation risk. 

Increased risk can arise from a variety of directions, including poor due diligence, oversight, or control on the part of the financial institution. Obviously, procedures must be implemented that help financial institutions to identify potential risk areas and appropriately address as well as ensure that they are aware of their responsibilities to oversee and control these risks within their overall risk management program.

Therefore, financial institutions should address the applicability of existing federal consumer protection and compliance laws, regulations, and policies to activities conducted via social media by banks, savings associations, and credit unions, as well as by nonbank entities supervised by the CFPB.

_______________________________________________________

Risk Management

A financial institution should have a risk management program that allows it to identify, measure, monitor, and control the risks related to social media. The size and complexity of the risk management program should be commensurate with the breadth of the financial institution’s involvement in this medium. 

FFIEC gives this rule of thumb: a financial institution that relies heavily on social media to attract and acquire new customers should have a more detailed program than one using social media only to a very limited extent. 

The risk management program should be designed with participation from specialists in compliance, technology, information security, legal, human resources, and marketing. FFIEC makes it clear that a financial institution that has chosen not to use social media should still be prepared to address the potential for negative comments or complaints that may arise within the many social media platforms and provide guidance for employee use of social media.