On September 8, 2016, the Consumer Financial Protection Bureau (CFPB or “Bureau”), the Office of the Comptroller of the Currency (OCC), and the City and County of Los Angeles entered into a Consent Order with Wells Fargo (the “Bank”), with civil money penalties totaling $185 million. The CFPB’s portion of those penalties is $100 million, which is the largest fine the Bureau has imposed since opening its doors in July 2011. The alleged conduct in question involved bank employees opening new deposit and credit accounts, issuing debit cards, and initiating online banking services without the knowledge of customers.

ALLEGED CONDUCT

According to the CFPB, the Bank set sales goals and implemented sales incentives, including an incentivecompensation program, in an effort to improve cross-selling of banking products and services to existing customers. Allegedly, between May 2011 and July 2015, thousands of bank employees engaged in improper conduct to meet the Bank’s sales goals and take advantage of the sales incentive program, reportedly resulting in the termination of over 5,000 employees. The conduct allegedly included:

• Opening deposit accounts without customers’ knowledge or consent;

• Submitting applications for and obtaining credit cards for customers without the customers’ knowledge or consent;

• Using false email addresses to enroll customers in online banking services without the customers’ knowledge or consent; and

• Requesting debit cards and creating personal identification numbers (PINs) to activate those debit cards without the customers’ knowledge or consent.

According to the CFPB, more than 1.5 million unauthorized deposit accounts may have been opened and may have been funded by unauthorized transfers, resulting in $2 million in fees for overdrafts and failure to maintain minimum balances. Also according to the CFPB, more than 500,000 credit card accounts were opened that may not have been authorized, and those accounts incurred $403,145 in fees.

UDAAP DETERMINATIONS

The CFPB alleged that the improper conduct resulted in violations of the prohibition against unfair, deceptive and abusive acts and practices (UDAAP). Specifically, the Bureau found that opening unauthorized deposit accounts and transferring funds from the customers’ existing accounts, as well as opening credit card accounts using customers’ information, without the knowledge or consent of the customers, was an unfair practice.

The CFPB also found that the activities were abusive. By engaging in these practices without the customers’ knowledge or consent, the Bureau concluded that the Bank materially interfered with the ability of customers tounderstand the terms and conditions of a consumer financial product or service because the customers had no or limited knowledge of those terms and conditions, including associated fees. Additionally, the Bureau found that the employees who allegedly engaged in these practices “took unreasonable advantage of consumers’ inability to protect their interests in selecting or using consumer financial products or services, including interests in having an account opened only after affirmative agreement, protecting themselves from security and other risks, and avoiding associated fees.”

ORDERED ACTIONS AND PENALTIES

As a result of the Consent Order, the Bank has agreed to pay $100 million in penalties to the CFPB, $35 million to the OCC and $50 million to the City of Los Angeles. The $100 million fine by the CFPB is the largest penalty assessed in the CFPB’s history. The Bank also must reserve at least $5 million to provide any additional refunds that may be due to customers as a result of the alleged conduct.

In addition, the Bank is required to hire “an independent consultant with specialized experience in consumerfinance-compliance issues” to assess the Bank’s sales practices related to deposit accounts, credit-card accounts, unsecured lines of credit and related products and services. The consultant also must evaluate the Bank’s training programs, monitoring policies and procedures, customer complaint management, employee allegation management, identification and remediation of potential sales integrity violations, and performance management and sales goals for employees.

TAKEAWAYS

With CFPB civil money penalties skyrocketing into the hundreds of millions, financial institutions must be more vigilant than ever to maintain proper controls and a culture of compliance. Incentive programs, particularly those that involve significant financial compensation for employees, are particularly likely to draw regulatory scrutiny.

Unlike the prohibitions on “unfair” and “deceptive” practices, which had been routinely enforced by the Federal Trade Commission before the Dodd-Frank Act, the prohibition on “abusive” practices is new to the post-DoddFrank era, and there is less precedent to demonstrate how it may be enforced. This lack of precedent calls for even more vigilance on the part of financial institutions.

For more information about the CFPB’s UDAAP enforcement precedents, click here.