The Consumer Financial Protection Bureau is ordering U.S. Bank, chartered in Ohio, to refund more than $48 million to 420,115 customers it says were charged for add-on products, including identity protection and credit monitoring services that were either unauthorized or never received. That bank was also required to pay $9 million in penalties, according to an administrative proceeding order issued on Thursday.
The add-ons in question were offered to customers from at least 2003 to approximately January 2012, according to the CFPB. Although written authorization was needed to obtain credit data, “in many cases some time passed before a customer’s authorization was obtained, or a Customer’s authorization was never obtained.” In other instances, customers provided their authorization, but one or more credit reporting agencies could not process the authorization if they were unable to match identification information with the agency’s own records. In these circumstances, customers were billed the full fee for additional services despite the inability to make good on their promises.
“The bank’s compliance monitoring, service provider management and quality assurance failed to prevent, identify, or correct the billing for services that were not provided,” leading to charges of “unfair, deceptive, or abusive” acts or practices.
The CFPB order also specifies actions that go beyond the fine and customer restitution. The bank, whether acting directly or indirectly, is prohibited from marketing, soliciting, offering for sale and selling identity protection products or similar add-on products, or referring Bank customers to third parties who offer such services, without first securing a determination of non-objection from the Bureau. That request must include “a comprehensive compliance plan” designed to ensure that the offerings comply with all applicable federal consumer financial laws. The CFTB, through a regional director’s review, can require the bank to make revisions to that compliance plan.
Within 90 days or the consent order’s issuance, the bank must also submit an action plan that reviews and, if necessary, revise its third-party risk management program. For new and renewed contracts, a written contract between the bank and the service provider that outlines the latter’s “specific performance responsibilities and duty to maintain adequate internal controls over the marketing, sales, delivery, servicing, and fulfillment of services for add-on products” and require “adequate training on applicable federal consumer financial law and the bank’s policies and procedures. The bank must also demand the authority to conduct periodic onsite reviews of a service provider’s controls, performance, and information systems as they relate to add-on products, or have the ability to void its contract.
No comments yet