Written by Bernadette Clair, Senior Regulatory Compliance Counsel
Earlier this month, the CFPB ordered Bank of America, N.A. and FIA Card Services, N.A. (collectively, the “Bank”) to pay an estimated $727 million to consumers harmed by deceptive marketing practices and unfair billing practices related to credit card add-on products. The CFPB’s press release is available here.
This enforcement action stems from the CFPB’s investigation of the Bank’s credit card payment protection products as well as an investigation initially initiated by the Office of the Comptroller of the Currency (OCC), and later joined by the CFPB, into unfair billing practices related to identity protection products. In addition to ordering restitution payments to consumers, the CFPB assessed a civil money penalty of $20 million to be paid into the Civil Penalty Fund of the CFPB. The OCC assessed a separate civil money penalty of $25 million to be paid to the U.S. Treasury.
Deceptive Marketing. The CFPB found that the Bank engaged in deceptive marketing of two credit card payment protection products. These types of products generally allow customers who are enrolled in the product to request cancellation of some or all of their credit card balance under certain circumstances – such as unemployment or disability – as specified in the terms and conditions of the product coverage. Some of the marketing practices cited in the order include misleading statements about the cost of coverage during an initial 30-day review period, the enrollment process for credit protection products, and the benefits of coverage.
Unfair Billing Practices. In connection with identity protection credit card add-on products, the CFPB cited unfair billing practices. These products were supposed to monitor an enrolled consumer’s credit and alert the consumer to potentially fraudulent activity. However, it appears that in some cases the Bank billed consumers for the product without or before having the necessary authorization from the consumer to pull credit (as required under the Fair Credit Reporting Act), resulting in charges to consumers for services that were not being performed at all, or were only partially performed. Additional unfair billing practices related to fees and interest charges were also cited.
Vendor Management. The orders issued by the CFPB and OCC serve as a reminder about the importance of vendor management. Both orders require the Bank to beef up oversight over any third-party vendors used in connection with providing add-on consumer products and to submit a risk management program for add-on consumer products marketed or sold by the Bank or its vendors.
This is just a taste from the CFPB’s order requiring the Bank to take steps to improve its vendor oversight for add-on consumer products:
“The Action Plan shall include a review, and if necessary, the revision of the Add-On Products related portions of its written Service Provider Management Program to ensure that all Add-On Products which are marketed and sold by the Bank comply with applicable Federal consumer financial law. At a minimum, the Service Provider Management Program shall require:
(a) An analysis to be conducted by the Bank, prior to the Bank entering into a contract with the Service Provider, of the ability of the Service Provider to perform the marketing, sales, delivery, servicing, and fulfillment of services for the Add-On Product(s) in compliance with all applicable Federal consumer financial laws and the Bank's related policies and procedures;
(b) For new and renewed contracts, a written contract between the Bank and the Service Provider, which sets forth the responsibilities of each party, especially:
(i) the Service Provider's specific performance responsibilities and duty to maintain adequate internal controls over the marketing, sales, delivery, servicing, and fulfillment of services for the Add-On Products;
(ii) the Service Provider's responsibilities and duty to provide adequate training on compliance with all applicable Federal consumer financial laws and the Bank's related policies and procedures to all Service Provider employees or agents engaged in the marketing, sales, delivery, servicing, and fulfillment of services for the Add-On Product(s);
(iii) granting the Bank the authority to conduct periodic onsite reviews of the Service Provider's controls, performance, and information systems as they relate to the marketing, sales, delivery, servicing, and fulfillment of services for the Add-On Product(s); and (iv) the Bank's right to terminate the contract if the Service Provider materially fails to comply with the terms specified in the contract, including the terms required by this Paragraph.
(c) Periodic review by the Bank of the Service Provider's controls, performance, and information systems related to Add-On Products.”
Programming Note. NAFCU’s offices will close today at noon for the Easter weekend and will reopen on Monday, April 21st.
Happy Friday everyone!