As we noted last week, the Consumer Financial Protection Bureau (“CFPB”) is fast becoming a powerful, important player in the consumer finance market.  It has broad powers to ensure compliance with consumer protection laws for big banks, limited powers to monitor smaller banks, and supervisory authority over credit unions, residential mortgage companies, payday lenders, private education lenders, and nonbank “larger participants,” including credit reporting companies and certain other consumer reporting companies.

In the enforcement area, the CFPB can impose appropriate legal or equitable remedies, including temporary and permanent cease-and-desist orders, rescission, refunds, disgorgements, damages and civil monetary penalties. The CFPB’s initial focus has been on two significant industries – mortgage finance and credit cards.  These efforts finally resulted in the agency’s first two law enforcement actions, announced this summer against marketers of credit cards and mortgage assistance relief services.

This week, the CFPB announced its third such action, with an order requiring Discover Bank (“Discover”) to refund approximately $200 million to 3.5 million customers and pay an additional $14 million penalty, for allegedly deceptive marketing tactics used to mislead consumers into paying for various credit card “add-on products:” payment protection, credit score tracking, identity theft protection, and wallet protection.

According to the CFPB, Discover engaged in deceptive telemarketing tactics to sell several credit card add-on products: Payment Protection was marketed as a product that allows consumers to put their payments on hold for up to two years in the event of unemployment, hospitalization, or other qualifying life events; Credit Score Tracker was designed to allow unlimited access to a consumer’s credit reports and credit score; Identity Theft Protection was marketed as providing daily credit monitoring, and Wallet Protection was sold as a service to help a consumer cancel credit cards in the event of a stolen wallet.

CFPB alleged that Discover used misleading language to deceive consumers about whether they were actually purchasing a product, and that its telemarketers downplayed key terms and spoke quickly during the part of the call in which prices and terms of the add-on products were disclosed.  Because of the allegedly misleading language in the telemarketing scripts and the actions of Discover’s telemarketers, the CFPB charged that consumers were misled about the fact that there was a charge for the products and whether they had purchased the products. The CFPB also alleged that Discover enrolled consumers without their consent and withheld material information about eligibility requirements for certain benefits.

In the Consent Order settling these charges, Discover neither admitted nor denied liability but agreed to stop its deceptive marketing, submit a compliance plan and take specific corrective actions; pay $14 million in penalties and $200 million in restitution to 3.5 million consumers who purchased products between December 1, 2007 and August 31, 2011 (amounts will vary depending on when purchased and how long held; all consumers will get back at least 90 days’ worth of fees, with about 2 million getting full refunds); provide this restitution without any further action by consumers, and undergo an independent audit to ensure order compliance.

The CFPB brought its action, alleging violations of the Dodd-Frank Act’s prohibition against deceptive acts or practices, jointly with the Federal Deposit Insurance Corporation (“FDIC”), which alleged similar violations of the Federal Trade Commission (“FTC”) Act’s prohibition against deceptive acts and practices (the FDIC brings FTC Act actions since the FTC has no jurisdiction over banks). 

Again, the risks are very real, and companies must prepare and devote even more resources and efforts to consumer financial regulatory compliance.  The CFPB is watching — and taking action.