Chairman Cornyn, Ranking Member Durbin, and distinguished members of the Subcommittee, I thank you for the invitation to appear at today’s important hearing. I am Mark Calabria, Director of Financial Regulation Studies at the Cato Institute, a non‐profit, non‐partisan public policy research institute located here in Washington, D.C. Before I begin my testimony, I would like to make clear that my comments are solely my own and do not represent any official positions of the Cato Institute. In addition, outside of my interest as a citizen and taxpayer, I have no direct financial interest in the subject matter before the Committee today, nor do I represent any entities that do.
I also thank the Subcommittee for its interest in hearing from a non‐lawyer. I believe the Constitution should be of great interest to all Americans, and not just lawyers. My primary interest is that of an economist and policy analyst.
Dodd‐Frank and the Administrative State
“Formulation of policy is a legislature’s primary responsibility, entrusted to it by the electorate, and to the extent Congress delegates authority under indefinite standards, this policy‐making function is passed on to other agencies, often not answerable or responsive in the same degree to the people.” Justice Brennan, NAACP v. Button, 371 U.S., at 432 .
Over the many years I have worked on financial policy, one of the most striking elements continues to be the vast delegation of actual decision‐making to executive branch and so‐called “independent” agencies. The Dodd‐Frank Wall Street Reform and Consumer Protection Act (“Dodd‐Frank”) doubles down on that approach. The law firm Davis Polk estimates that Dodd‐Frank will require almost 400 separate rule‐makings.
Not only is Dodd-Frank’s coverage extensive, but most of its decisions are left to unelected bureaucrats. I believe a basic characteristic of a good legal system is one where private parties can read the law and have a strong sense of whether they are in compliance or not. In such important areas as bank capital, which derivatives are subject to mandated clearing, what trades are “proprietary” under the Volcker rule, what consumer products are “abusive”, and countless other areas, private parties are left guessing. Dodd‐Frank is largely one massive delegation after another. Such is bad enough, and of questionable constitutionality, but regulators themselves have also failed in many instances to give Dodd‐Frank specificity.
After the financial crisis, Congress had a duty to the American public to reform our financial system. Instead Congress largely kicked the can to the regulators. Setting aside the constitutional issues, without significant structural changes to our financial regulatory system, and monetary system, from Congress, another financial crisis is only a matter of “when” and not “if”. Given the intense partisan nature and inability to deal with actual drivers of the recent crisis, Congress would be wise to fully repeal Dodd‐Frank and start over again.
While I share the concerns raised by others on this panel, I will focus on the remainder of my testimony on Dodd-Frank’s Consumer Financial Protection Bureau (CFPB). In no way should this emphasis be interpreted to mean that CFPB is the only problematic section of Dodd‐Frank. The Act’s flaws are many. I will also focus on two aspects of the CFPB. The unusual funding structure and its bulk collection of consumer finance data. Its problems extend far beyond these two areas.
CFPB — Funding issues
Dodd‐Frank creates an unusual, dangerous and unconstitutional funding structure for the CFPB. Essentially the CFPB is allowed to set its own budget and have it covered by the Federal Reserve. Dodd‐Frank has placed the CFPB outside the appropriations process. As this Subcommittee is aware Article I Section 9 of the Constitution requires that “no money shall be drawn from the Treasury, but in consequence of appropriations made by law”. The “earnings” of the Federal Reserve are generally derived from its holdings of Treasury (and now agency) securities. “Excess” earnings are returned to Treasury and are used by Congress in the appropriations process. Every dollar allocated to the CFPB is a dollar taken away from Congress’ appropriation’s process. So while one might argue that the CFPB’s funding mechanism does not run afoul of Article I Section 9, it has the same effect as if such funds were appropriated, but without the oversight and rigors of the appropriations process.
Moving beyond whether the CFPB’s funding mechanism is “loop‐hole” to Article I Section 9 is the fact that it so clearly subverts the spirit and intent of Article I Section 9. The Constitution rests “the power of the purse” with Congress. With great power comes great responsibility; a responsibility to make the hard choices about allocating federal dollars. A dollar that goes to the CFPB is a dollar that does not go to health care, education, fighting homelessness or to tax relief. Members of Congress were elected to make those hard choices. Not to dodge that responsibility by delegating funding decisions to agency heads.
Some might respond that such is simply keeping with the structure of other financial regulators. Such would at best be half right. Agencies such as the Securities and Exchange Commission and the Commodity Futures Trading Commission, despite being funded by industry fees, are still in the appropriations process. Those currently outside that process, such as the Federal Reserve, should have their operating budgets included in the appropriations process. No federal agency should be outside the appropriations process.
One might argue that the CFPB needs to be outside of the appropriations process in order to insulate it from Wall Street lobbyists. Setting aside the fact that the CFPB does not even have jurisdiction over Wall Street firms, the last time I checked, I couldn’t find a single “Wall Street lobbyist” sitting on the Senate Appropriations Committee. What I did see, however, was earnest, hard working, members trying to do the difficult, and sometimes thankless, job of budgeting work. I have full confidence in the Chair, Ranking Member and other members of the Financial Services Subcommittee of the Senate Appropriations Committee to competently carry out the allocating of federal resources to the CFPB.
It bears remembering that industry interests attempt to influence the functioning of all federal agencies via the appropriations process. It is no surprise that defense lobbyists try to influence the allocation of defense dollars. And of course protecting the lives of our troops is of utmost importance. Yet any suggestion that the Department of Defense should be removed from the appropriations process would be absurd. There is nothing special about the CFPB that requires it to be treated differently than other federal agencies. Every agency is “special” to someone or some group.
Perhaps more troubling is the precedent of funding agency operations from the “earnings” of the Federal Reserve. What is to stop Congress in the future from having the Federal Reserve fund covert operations for the CIA, or peanut subsidies, or any other program?
While the CFPB is in need of a variety of reforms, Congress would do a better job meeting its constitutional responsibilities by bringing the CFPB into the appropriations process.
CFPB — Data protection, privacy and the Fourth Amendment
Passed in the aftermath of the terrorist attacks of 9/11, the Patriot Act vastly expanded the data collection efforts of the U.S. government. The public was told that only if we had had more data, the attacks could have been avoided. Yet the intelligence failures were not from lack of data, but from an inability (or unwillingness) to “connect the dots”. Similarly the financial crisis was met with demands for “more data” as if the overheated housing and mortgage markets were not obvious enough from the generally available aggregate data.
The CFPB has become the lead prophet for the false idol of “more data”. As GAO has reported, the CFPB has engaged in at least 12 large scale data collection efforts.1 At least 3 include information that directly identifies individual consumers. Combining this information with other sources allows most of the remaining data collections to also identify individual consumers.2
While some of these collections are relatively small, such as the 11,204 arbitration case records, the Bureau’s collection of mortgages, credit report and credit card data is quite extensive. Combined with the CFPB’s information sharing agreement with the Office of the Comptroller of the Currency, the CFPB has access to almost 90 percent of outstanding credit card balances.
As a former federal employee and one subject to the recent Office of Personnel Management breach, let me clearly say I do not trust the CFPB with protecting my personal financial data from hackers. In consolidating all this financial information in one place, the CFPB has left consumers extremely vulnerable to identity theft and even extortion from hackers.
The risk of hacking is a threat from outside the Bureau. Unfortunately the CFPB’s data collection, particularly in the area of credit cards, poses significant threats to our fourth amendment protections. As Justice Douglas observed in his dissent to California Bankers Assn v. Shultz, “A checking account…may well record a citizen’s activities, opinions, and beliefs as fully as transcripts of his telephone records.” Credit cards are today’s checks. As GAO noted, the CFPB is not simply collecting account information, which would be bad enough, but also transaction level information. In its brief to California Bankers Assn, the American Civil Liberties Union (ACLU) noted that accessing financial records could allow its membership to be identified, eroding the protections recognized in NAACP v. Alabama. As an employee of an institute that also receives donations transmitted via checks and credit cards, I too fear that allowing government access to such records poses a significant threat to our political freedoms. As Justice Marshall observed in his dissent to California Bankers Assn., “The technique of examining bank accounts to investigate political organizations is, unfortunately, not rare.”
Such concerns are not simply reflections of the Watergate era. As recently as 2012, Justice Sotomayor in her concurrence to United States, Petitioner v. Antoine Jones, correctly observed that “Awareness that the Government may be watching chills associational and expressive freedoms. And the Government’s unrestrained power to assemble data that reveal private aspects of identity is susceptible to abuse.” Justice Sotomayor offers the example of medications purchased by online retailers as an example. Such a purchase could potentially be identified within the CFPB’s database of credit card accounts.
For a variety of reasons, the CFPB has become a highly partisan issue. Were it to use the financial records of its critics in an attempt to silence or intimidate these critics, it would not be the first agency to do so.
Unlike many other law enforcement agencies, the CFPB lacks some basic safeguards. For instance no subpoena or warrant has been issued for its massive data collection efforts.
As Justice Douglas has explained, a neutral third party, such as magistrate, is needed to balance the pressures of law enforcement with protection of our constitutional freedoms. In McDonald v. United States, Justice Douglas expressed this view of the Founders’ intent: “The right of privacy was too precious to entrust to the discretion of those whose job is the detection of crime and the arrest of criminals. Power is a heady thing; and history shows that the police acting on their own cannot be trusted.” The CFPB has repeatedly characterized itself as a “cop on the beat”. It is long past time that it is subjected to the same constraints and oversight as a “cop on the beat”.
While other financial regulators also collect large amounts of data, and we should be concerned about those efforts as well, GAO has observed the efforts of other financial regulators are “less extensive than CFPB’s data collections.” For instance neither the Securities and Exchange Commission nor the Commodity Futures Trading Commission engage in the collection of massive amounts of individual investor data.
The Federal Trade Commission (FTC) and the Consumer Product Safety Commission (CPSC), to which the CFPB is often compared, also lack the extensive data collection efforts of the CFPB. The FTC and CPSC do build databases of complaints they receive from consumers, as does the CFPB. Such databases are more than sufficient for regulators to identify trends in misconduct. Would the CFPB have us believe that there are so few consumer complaints that it needs to actively monitor consumers and companies where there have not been any problems found?
As Law Professor Daniel Solove has noted, the “Framers included the warrant clause” of the fourth amendment, “because of their experience with general warrants and writs of assistance.3 One objective of the fourth amendment is to limit the government’s ability to engage in “fishing expeditions”. Yet such is the very nature of the CFPB’s data collection. Is the CFPB’s data collection limited to following up on suspected violations of the law? No, it covers the extensive surveillance of consumers and companies that have neither been convicted of a crime nor suspected of such.
In reflecting on the Bank Secrecy Act of 1970, from which the third party doctrine flows, Justice Douglas expressed in dissenting from California Bankers Assn that he was “not yet ready to agree that America is so possessed with evil that we must level all constitutional barriers to give our civil authorities the tools to catch criminals.” I am not yet ready to agree that our financial markets are so possessed with evil as to merit the CFPB’s broad presumption of guilt on the part of all financial market participants.
Nor is this level of data collection even needed to monitor our financial markets. The CFPB, like the general public, has access to a variety of public reports that detail, in an aggregate manner, trends in consumer finance. Again I would submit that the aggregate trends in housing and mortgage data before the crisis, while incomplete, were more than sufficient to arouse concern. Such trends certainly concerned me. But even if the CFPB continues to believe that micro data is needed, it is collecting amounts far in excess of required sample sizes. As George Mason University Economics Professor Thomas Stratman has noted, the CFPB plans to collect data samples that are 70,000 times the size needed.4 Such an expansive collection of data reveals that the CFPB is indeed engaged in “fishing expeditions” rather than simply market monitoring.
Setting aside that I believe both California Bankers Assn v Shultz and United States v. Miller to be wrongly decided, it should be noted that Miller, in finding no “expectation of privacy”, relies upon an analysis that “checks are not confidential communications but negotiable instruments to be used in commercial transactions.” True enough. Checks are negotiable and can be widely circulated. Yet what the CFPB collects is not limited to checks. Credit card transactions, for example, are not negotiable. There is no expectation that such will be passed along like currency. Consumers may well prefer credit (and debit) cards due to their relative anonymity. The data collection efforts of the CFPB ( under sections 1022, 1024 and 1025 of Dodd‐Frank) go far beyond those envisioned or approved in either California Bankers Assn or Miller.
Chairman Cornyn, Ranking Member Durbin, the Dodd‐Frank Act represents a massive expansion of legislative delegation to administrative agencies. Its constitutional flaws do not end there. As I have focused upon, the Consumer Financial Protection Bureau is characterized by a funding mechanism designed to specifically subvert Article I Section 9 of the Constitution. Additionally its data collection activities run afoul of our Fourth Amendment protections. These extensive data collections are in no way necessary for the CFPB to achieve its statutory mission. Such could be accomplished in a manner that does not offend the Fourth Amendment. As Courts have too often been slow to protect our Fourth Amendment rights, it did take almost 30 years for Olmstead to be reversed, Congress should move quickly to protect American consumers from harm of CFPB’s data collection efforts.
1Government Accountability Office. 2014. Consumer Financial Protection Bureau: Some Privacy and Security Procedures for Data Collection Should Continue Being Enhanced. Report to Congressional Addresses GAO-14 – 758
2See Yves‐Alexandre de Montjoye, Laura Radaelli, Vivek Kumar Singh and Alex Pentland. 2015. “Unique in the Shopping Mall: On the Reidentifiability of Credit Card Metadata,” Science #6221.
3Daniel Solove. 2002. “Digital Dossiers and the Dissipation of Fourth Amendment Privacy,” Southern California Law Review 75:1083.