Today we’re taking a look at the CFPB’s recent enforcement case against Citibank, N.A. (“Citibank”) and two of Citibank’s subsidiaries, Department Stores National Bank (“DSNB”) and Citicorp Credit Services, Inc. (USA) (“CCSI USA”), for violations relating to credit card add-on products.1 What’s a credit card “add-on product?” Here’s one explanation from the “Ask CFPB” section of the CFPB’s website: “When you call to activate a new credit card or interact with credit card companies in other ways, such as through customer service inquiries, you may be routed to representatives who try to sell you things like “credit protection” or “identity monitoring” to add to your account. These services, or “add-on products,” are additional, optional services. These products will cost you money, generally through a monthly or annual membership fee.”2 If anything, this particular case is notable for its whopping price tag, in excess of $700 million. A copy of the July 21, 2015 Consent Order along with copies of the respondents’ stipulations can be accessed from the administrative adjudication page at the CFPB’s website.3 We should start by noting that this is the latest in a relatively long line of CFPB cases against various card issuers and servicers for violations of credit card practices, starting with some of the CFPB’s earliest cases in 2012--including its very first case which was against Capital One Bank, NA.4 According to BloombergBusiness journalist Ben Steverman, this is the tenth “credit card practices” related enforcement action by the CFPB since the CFPB’s recent creation. “The Consumer Financial Protection Bureau, which turned four years old on Tuesday, has taken action 10 times against what it calls “illegal credit card practices.”5

The credit cards at issue relate to both Citibank’s own cards plus the cards of Citibank’s subsidiary, DSNB, which issues “store-brand cards for Macy’s and Bloomingdale’s.”6 The other Citibank subsidiary in this case, CCSI USA (along with CCSI USA’s “service providers”), operated the telemarketing channels on behalf of Citibank and DSNB for the “add-on products” at issue.7 

Here are some quick background points from the “Bureau Findings and Conclusions” in the Consent Order:

  • “The Bank (Citibank) is a national bank with approximately $1.336 trillion in assets as of March 31, 2015;
  • DSNB is a subsidiary of the Bank and an "affiliate" of the Bank;
  • CCSI USA is a wholly-owned non-bank subsidiary of the Bank and an "affiliate" of the Bank;
  • Respondent marketed and sold seven Covered Add-On Products to Cardholders;
  • Respondent marketed the Covered Add-On Products through, among other channels, inbound and outbound telemarketing. CCSI USA and its Service Providers operated all telemarketing channels for the Covered Add-On Products on behalf of the Bank and DSNB.”8

Additionally, in the Findings and Conclusions of the Consent Order, Citibank, DSNB, and CCSI USA are each deemed a "covered person" as that term is defined by 12 U.S.C.§ 5481(6) which applies to“any person that engages in offering or providing a consumer financial product or service” and any “affiliate” of such a person “if such affiliate acts as a service provider to such person.”9 That’s of course a given for any respondent in a CFPB case.

OK, rather than distill down the alleged violations from the Consent Order which numbers almost 60 pages, I’m going to quickly paraphrase the background summary and list of purported violations from the CFPB’s July 21 announcement regarding this case. According to the announcement, Citibank and its subsidiaries, DSNB and CCSI USA, “marketed or offered credit card add-on products to consumers nationwide,” and, in doing so, did the following [paraphrased]:

  • “From at least 2003 through 2012, Citibank actively marketed and enrolled consumers in five debt protection add-on products: “AccountCare,” “Balance Protector,” “Credit Protection,” “Credit Protector,” and “Payment Safeguard;”
  • These products promised to cancel a consumer’s payment or balance, or defer the payment due date, if the consumer experienced certain hardships, such as job loss, disability, hospitalization, and certain life events, such as marriage or divorce;
  • Citibank also marketed and sold other add-on products – “IdentityMonitor,” “DirectAlert,” “PrivacyGuard,” and “Citi Credit Monitoring Services” – that offered credit-monitoring or credit-report-retrieval services;
  • Citibank also offered “Watch-Guard Preferred,” a wallet-protection service that notified credit and debit card issuers if the consumers reported a card lost or stolen;
  • The Bureau found that Citibank or its service providers marketed these products deceptively during telemarketing calls, online enrollment, “point-of-sale” application and enrollment at retailers, or when enrolled consumers later called to cancel certain products…These illegal practices affected an estimated 4.8 million consumer accounts;
  • Unfair Billing Practices: Under federal law, in order for Citibank or its vendors to obtain consumers’ credit information to provide the credit-monitoring or credit-report-retrieval services for certain add-on products, consumers generally must authorize access to that information. In many instances, however, Citibank billed consumers for these products without having the authorization necessary to perform the credit-monitoring and credit-report-retrieval services.
  • Deceptive Collection Practices:  When collecting payment on delinquent retailer-affiliated credit card accounts, Citibank offered consumers the option to pay by phone using a checking account, so the payment would post to the account on the same day. There was a $14.95 fee associated with using this option. Citibank misled consumers by not disclosing the purpose of the expedited payment fee. It misrepresented the payment fee as a “processing” fee and did not explain that the fee was to post payment to the account on the same day it was made rather than a fee to allow payment. Citibank also failed to disclose other no-cost payment alternatives. The company charged the fee even though it was rarely in the consumer’s interest to pay the fee so that the payment would post on the same day.”10 

The CFPB’s claims against Citibank and its subsidiaries are based on sections of the Consumer Financial Protection Act of 2010 (CFPA) and the Telemarketing Sales Rule, more specifically:

  • 12 U.S.C. § 5531, which prohibits unfair, deceptive, or abusive acts or practices. Under this section, the CFPB is allowed to take action against a covered entity that is engaging in such acts while offering or providing a consumer financial product or service.
  • 12 U.S.C. § 5536, which lists prohibited acts that can lead to action against a covered entity by the CFPB (including unfair, deceptive, or abusive acts or practices).
  • 16 C.F.R. § 310.3, which lists prohibited deceptive telemarking acts, including failure to truthfully and clearly disclose information material to a customer’s consent to pay for the service or good being offered.
  • 16 C.F.R. § 310.4, which lists prohibited abusive telemarketing acts, including causation of billing information to be submitted for payment without the informed consent of the customer.11

OK, so we know something about what Citibank and its subsidiaries allegedly did that led to the CFPB bringing this case, we know which legislative sections the CFPB’s claims are based on, and we know that Citibank and its subsidiaries have decided to settle up in an effort to put this matter behind them (as noted in Citibank’s and its subsidiaries’ Stipulations, each respondent “in the interest of compliance and resolution of the matter, and without admitting or denying any wrongdoing, consents to the issuance of a Consent Order substantially in the form of the one to which this Stipulation and Consent to the Issuance of a Consent Order is attached…).12   So we’re at the “bottom line” part of this blog entry, which is, how much is this going to cost Citibank and its subsidiaries?  The answer is, about $770 million, as follows:

  • $479 million: “Citibank must provide approximately $479 million in consumer relief to about 4.8 million consumer accounts as a result of the deceptive marketing or retention practices;”13
  • $196 million: Citibank must “also must pay approximately $196 million to roughly 2.2 million consumer accounts that enrolled in the credit monitoring products and were charged while Citibank did not perform all of the promised services;”14
  • $23.8 million: DSNB“ must provide about $23.8 million in consumer relief to almost 1.8 million consumer accounts for charging expedited payment fees on these delinquent accounts;”15  $35 million: Finally, “Citibank will make a $35 million penalty payment to the CFPB’s Civil Penalty Fund;”16 and
  • $35 million: “The CFPB is taking this action in coordination with the Office of the Comptroller of the Currency, which is separately ordering a $35 million civil penalty and restitution from Citibank and (DSNB) for some of the same illegal practices.”17

That is a lot of dough. A quick word or two on the penalty payments in this and all CFPB cases: When the CFPB imposes and collects a civil penalty; the funds from the civil penalty go into the CFPB’s Civil Penalty Fund.18 Under the Dodd-Frank Act, “funds in the Civil Penalty Fund may be used for payments to the victims of activities for which civil penalties have been imposed under Federal consumer financial laws. In addition, to the extent that such victims cannot be located or such payments are otherwise not practicable, the Bureau may use funds in the Civil Penalty Fund for the purpose of consumer education and financial literacy programs.”19 My point is this: if the CFPB can use some of the funds in the Civil Penalty Fund to finance its programs, this is incentive for the CFPB to doggedly pursue violations of sections of the Consumer Financial Protection Act of 2010 generally--additional incentive over and above their stated mission. As for credit card practices violations specifically, if the CFPB has already brought 10 enforcement actions in less than four years against card issuers and servicers, we know this issue is clearly front and center on the CFPB’s radar (just given the sheer number of consumers involved in these types of cases). Accordingly, card issuers and servicers would be well advised to double down on making sure their credit card practices are in compliance. The costs for violations are substantial to say the least, no matter how big you are, and the CFPB appears to be getting its prosecution of these types of cases down to a science.