On June 27, 2025, the Consumer Financial Protection Bureau (“CFPB”) published a policy statement titled “Guidance on Referrals for Potential Criminal Enforcement” (“Guidance”) in the Federal Register to provide an outline of its plan to address criminally liable regulatory offenses.
The policy statement, effective as of the publication date, follows an Executive Order (“E.O.”) issued by the President on May 9, 2025, titled “Fighting Overcriminalization in Federal Regulations.” The E.O. required each agency to publish guidance within 45 days, in consultation with the Attorney General, that describes the agency’s plan to address criminally liable regulatory offenses. Agencies also have one year to submit a report that provides a list of all criminal regulatory offenses that it may enforce. The E.O. defines a “criminal regulatory offense” as a “[f]ederal regulation that is enforceable by a criminal penalty.”
The CFPB administers and enforces federal consumer financial laws, including the Truth-in-Lending Act (TILA”), the Real Estate Settlement Procedure Act (“RESPA”), and the Fair Credit Reporting Act (“FCRA”), each of which may include a criminal regulatory offense.
The Guidance published by the CFPB in response to the E.O. provides that when the CFPB obtains evidence that a party has committed a criminal regulatory offense, it may refer the offense to the Department of Justice, when appropriate. In exercising its discretion as to when it would be appropriate to refer criminal regulatory offenses to the Department of Justice, the CFPB will consider the following factors:
- The harm or risk of harm, pecuniary or otherwise, caused by the alleged offense;
- The potential gain to the putative defendant that could result from the offense;
- Whether the putative defendant held specialized knowledge, expertise, or was licensed in an industry related to the rule or regulation at issue; and
- Evidence, if any available, of the putative defendant’s general awareness of the unlawfulness of his conduct as well as his knowledge, or lack thereof, of the regulation at issue.
The CFPB plans to provide a report to the Director of the Office of Management and Budget (“OMB”) within a year from the issuance of the E.O. that lists all criminal regulatory offenses it may enforce, and the range of potential criminal penalties for each violation. The report will also contain the elements of the mens rea standard for each offense.
The Guidance clarifies that it articulates a general policy statement relevant to the CFPB’s exercise of its authority. It does not impose any new requirements on covered entities. Also, it does not have the force and effect of law and may be rescinded or modified in the CFPB’s complete discretion.