On July 18, 2012, the Consumer Financial Protection Bureau (CFPB) and the Office of the Comptroller of the Currency (OCC) announced a joint enforcement action against Capital One Bank (USA) N.A. arising from sale of “add-on products” in connection with newly issued credit cards, including “credit protection” and “identity monitoring” services. Those add-on products were allegedly marketed to consumers with low credit scores or low credit limits by directing them to a third-party call center at the time the consumers sought to activate their credit cards. It was during these calls that the third-party vendors allegedly used high-pressure sales tactics and made materially false, deceptive, or otherwise misleading oral statements relating to the cost, coverage terms, benefits, and other features of the add-on products that allegedly led consumers to purchase them. Similarly, when these consumers sought to cancel their purchases, they were allegedly routed to these third-party vendors who used the same allegedly deceptive marketing tactics to convince the consumers to keep paying for the add-on products. In addition, consumers were allegedly charged the full fees for these products while they were in a pending status waiting for their credit card application to be approved. Among other things, the settlement is noteworthy because it is the first enforcement action by the CFBP and contradicts the government’s past rhetoric that the establishment of the CFPB would not subject financial institutions to duplicative oversight.
The CFPB assessed a $25 million penalty against Capital One for violations of 12 U.S.C. § 5536 for deceptive marketing tactics, and the OCC assessed a $35 million penalty for violations of Section 5 of the Federal Trade Commission Act and the safety and soundness OCC requirements (12 C.F.R. §37.8) for failure to develop and implement a comprehensive and effective enterprise risk-management program to detect and prevent unfair and deceptive practices. In addition, for violations of Sections 1031 and 1036 of the Consumer Financial Protection Act (the CFPA), the bank agreed to reimburse approximately $150 million to consumers who purchased debt cancellation and credit and identity monitoring products, to discontinue the sale of add-on products until it receives a supervisory non-objection from the OCC, and to implement risk programs and procedures for consumer products sold by the bank directly or through third-party vendors. The settlement with the CFPB also obligates it to retain an independent auditor approved by the CFPB to determine the bank’s compliance with its remediation obligations contained in the CFPB Consent Order.
As a result of this investigation, the CFPB has released a Compliance Bulletin that contains a list of compliance “expectations” for other financial institutions to ensure that marketing tactics are not deceptive. The CFPB compliance expectations include:
- clear marketing materials;
- that employee incentive or compensation programs tied to the sale or marketing of add-on products do not create incentives for employees to provide inaccurate information;
- clear telemarketing and customer service scripts and manuals that accurately describe the terms and conditions, prohibit enrolling consumers in programs without clear affirmative consent, and appropriately guide and limit rebuttal language, among other requirements;
compliance management programs including the following features:
- written policies specific to credit card add-on products that prohibit deceptive practices;
- periodic quality assurance reviews;
- independent audits of the credit card add-on programs;
- oversight of affiliates and third-party service providers that perform marketing or other functions related to the credit card add-on products;
- an appropriate channel to resolve consumer complaints;
- comprehensive training programs.
The full list of CFPB compliance expectations is available at:
In a fact sheet also released on July 18, the CFPB advised that its Compliance Bulletin “warns other financial institutions the CFPB will not tolerate deceptive marketing practices,” and notes that “[t]he Bureau’s Consumer Response Office has received complaints about other credit card add-on products, which the Bureau will monitor.”
The key lesson learned from the CFPB and OCC’s actions announced on July 18 is that financial institutions need to be vigilant to ensure that third-party vendors’ actions on their behalf comply with the institutions’ own compliance policies. Active audit programs should be in place to confirm that such vendors are in compliance with the applicable statues, rules, and regulations as well as the financial institution’s own policies and procedures. In addition, this action is a game changer for banks by showing that the CFPB will impose fines on banks for violations of the CFPA even if the OCC is also imposing fines based on the same conduct.
The CFPB Consent Order is available at: http://files.consumerfinance.gov/f/201207_cfpb_consent_order_0001.pdf
The OCC Consent Order is available at: http://www.occ.treas.gov/news-issuances/news-releases/2012/2012-110a.pdf
The OCC Consent Order for a Civil Money Penalty is available at: http://www.occ.treas.gov/news-issuances/news-releases/2012/2012-110b.pdf