U.S. District Court (Again) Rules that Parties Can Challenge a CFPB Information Request Without Revealing Their Identities
By: Ted Kornobis
Last week, a federal court issued an opinion supporting the ability of an entity to file a court challenge to Consumer Financial Protection Bureau (“CFPB”) information requests without necessarily needing to “out” itself as a potential investigation target. Specifically, the court reaffirmed a prior ruling that recipients of a CFPB civil investigative demand (“CID”) who were potential targets of an enforcement action could challenge the CFPB’s attempt to take certain testimony by proceeding as “John Doe” plaintiffs in a federal injunctive action. The district court first allowed the plaintiffs to proceed pseudonymously late last year, and last week’s order denied the CFPB’s motion for reconsideration. A description of the case background and judge’s original decision may be found in our earlier post on this case.
In last week’s order, the court acknowledged that it was a “close question,” but after balancing the “non-speculative privacy interests” with the public’s “strong, unqualified interest in knowing the identities of parties to litigation,” the court declined to overturn its prior ruling and held that the plaintiffs could proceed as John Does.
The court’s opinion is notable in several respects.
- The court made clear that subjects of ongoing, confidential government investigations have a legitimate privacy interest against disclosure of their identities. The court explained, “the disclosure of an ongoing government investigation, even if not criminal and even if not subject to a statutory or regulatory prohibition, can cause substantial and unfair injury,” though the weight of the privacy interest will vary based on the circumstances and nature of the investigation. Publicly naming defendants in litigated enforcement actions (where the government makes concrete allegations of wrongdoing subject to rules requiring factual bases for all claims made) is distinguishable, according to the court, from “the insinuations of wrongdoing—seemingly endorsed by the government—that can arise when an inchoate government investigation is prematurely disclosed.”
- The court rejected the CFPB’s reliance on its own regulations and practice as supporting why the John Does’ identities should be revealed. The CFPB argued that its regulations (which provide that “investigations generally are non-public”) recognizes exceptions to confidentiality, but the court pointed out that the regulations contemplate disclosure only as a matter of “investigative necessity or other substantial purpose.” The CFPB also argued that its practice of publicly naming companies who administratively petition to set aside CIDs should undercut any expectation of confidentiality. The court gave “little weight” to this position, noting that it further shows that the CFPB does not reveal investigative targets’ identities absent the party affirmatively seeking to use that formal process.
- The court analyzed the types of harm (and evidence proving such harm) that could justify nondisclosure. The John Doe plaintiffs submitted two sworn declarations in support of their confidentiality request. The court credited the first declaration, made by an individual with substantial experience in the industry, who explained that the John Doe company’s business was highly competitive and requires ready access to the capital markets. The declarant explained, based on his experience in the industry, that being identified as a CFPB investigation target would likely cause such markets to become unavailable to the John Doe company, result in loss of over 50 jobs, and lead to abandonment of hundreds of potential transactions. The court gave no weight to the second declaration because it was much less specific, was made by a recently-hired CEO of a holding company, and spoke of harm that “could” occur as opposed to that “likely” to occur, “without any elaboration, explanation or support.”
- The court recognized that a ruling that did not balance the competing privacy and disclosure interests would create “risk that the threat of public disclosure of an ongoing CFPB investigation will unduly chill the subjects of investigations from seeking relief or that disclosure may be used—or perceived to be used—punitively against those who challenge the Bureau’s authority.” This same argument has been made by critics of the CFPB’s policy of publicizing the names of entities who file petitions to modify or set aside CIDs (absent exceptional circumstances).
The court acknowledged that pseudonymous treatment will not always be appropriate and instead must be considered on a case-by-case basis. In the present matter, however, the court concluded that permitting a John Doe action reflected an appropriate balance because it results in the public knowing about the litigation while avoiding the likely “debilitating reputational and financial hardship” for the unnamed company. CID recipients who are unsuccessful at negotiating reasonable modifications with the CFPB enforcement lawyers may want to consider the court’s opinion (including its analysis of the types of declarations deemed sufficient) when deciding whether (and where and how) to formally challenge the CID.