On June 3, 2024, the Consumer Financial Protection Bureau (“CFPB”) issued a sweeping new regulation establishing a mandatory “Registry” for non-bank financial service providers. This rule, (the “Rule”) which will become 12 C.F.R. Part 1092,  applies to, among others,  virtually all non-depository mortgage companies. It does not apply to individuals.  This measure, which becomes effective September 16, 2024, requires all non-depository financial service providers to register with the CFPB any regulatory enforcement orders naming the company as the defendant or respondent that involve violation of a federal consumer protection law, or a state consumer protection law, regulation, or order specified state-by-state in the Rule’s Appendix “A.” “Financial Services provider” includes mortgage companies, consumer loan companies, payday lenders, automobile finance companies, collection agencies and generally any company that offers financial products to consumers, except auto dealers who do not, themselves, fund auto loans.


The registry requirement applies to any enforcement order, including consent orders, which were dated January 1, 2017 or thereafter.  The Rule also requires a company-designated official to report annually to the CFPB the steps the company has taken to comply with each registered order.  This requirement does not apply to a Memorandum of Understanding or an “Agreement” unless the document constitutes an “order” of the issuing agency.


At first blush, this looks like yet another burdensome layer of bureaucratic reporting requirements.  However, digging a little deeper yields a different result.  Firstly, the list of state statutes in Appendix “A” does not include mortgage licensing provisions.  It is an exclusive list, so if an order does not specify a violation of any of the listed statutes or a federal consumer protection law, then it is not reportable to the CFPB under this Rule.  I did a quick check on a few clients that I knew have received post-1/1/2017 enforcement orders.  None of the orders I reviewed were based on violations of the laws listed in the Rule’s Appendix “A.”  Therefore they are not reportable.


Secondly, The Rule provides that if an order is posted on NMLS (which, for mortgage companies and other financial service providers licensed through NMLS, is mandatory) there is only a one-time registry requirement.  The company simply provides information to the CFPB (on a form presumably that will follow) sufficient to identify the company and the order as posted on NMLS.  If the order is posted on NMLS, the company also need not the file annual reports detailing implementation measures it has taken to comply with the order.


Non-depository financial services companies should consult with their counsel if any enforcement orders have been filed against them after 1/1/2017 to determine whether they are reportable under this new Rule.


This article was written by Steve Lovejoy, Esq.  A version of this article was also posted on June 5, 2024, on Rob Chrisman’s Blog (, where Steve is a frequent contributor.

The information contained herein is provided for general informational purposes only and may not reflect the current law in your jurisdiction. No information contained in this blog should be construed as legal advice from Shumaker Williams P.C. or the individual author, nor is it intended to be a substitute for legal counsel on any subject matter. This blog is current as of the date of original publication.


Shumaker Williams

June 05, 2024