The FDIC has entered into a settlement with Comenity Bank and Comenity Capital Bank regarding their servicing and marketing of credit card add-on products and once again emphasized the importance of effectively managing third party relationships.  The premise for liability was Section 5 of the FTC Act which prohibits unfair and deceptive practices and stems from the banks’ provision through third parties of payment protection/debt cancellation add on products.  As part of the settlement, both banks agreed to pay a total of approximately $61.5 million in restitution to consumers, as well as civil money penalties of approximately $2.5 million dollars. As part of the enforcement action leading to the consent order, the FDIC determined that the banks violated the FTC Act by:

  • Representing to consumers that there would be no fee associated with their payment protection/debt cancellation add-on products so long as the account had no balance but then charging a fee in those circumstances;

  • Making material misrepresentations or omissions as to the refund process for the consumers’ cancellation of the product during the first thirty days of enrollment; and

  • Making material misrepresentations or omissions to consumers regarding the condition of receipt of certain incentives for enrollment.

Beyond the monetary implications, the orders contain remediation provisions which should provide guidance to other banks, particularly in their management of third party relationships. The Consent Orders require the implementation of an effective third party oversight program, which includes:

  • A review of all aspects of the banks’ agreements with third parties that provides services or products to or on behalf of the banks;

  • Procedures for effective monitoring, training, record-keeping, and audit of the banks’ third parties;

  • Access by the banks to all necessary systems of the banks’ third parties to insure compliance with all consumer protection laws;

  • Monitoring of all third party agreements to ensure they contain specific expectations, obligations, and consequences for compliance with all consumer protection laws;

  • Maintenance of records of all third party agreements and any marketing or solicitation materials developed by the banks’ third parties for add on products;

  • Prompt notification by the banks’ third parties regarding any regulatory inquiries, customer complaints and/or legal actions received by the banks’ third parties (“other than routine requests such as requests for cease and desist collection contact);

  • Procedures to address and resolve consumer complaints and inquiries regarding services or products provided by the banks’ third parties; and

  • Procedures to effectively analyze the root cause of complaints and identify any patterns or trends in complaints about specific products or practices.

Enforcement actions and the resulting consent orders should be reviewed carefully by other financial service companies not only to identify regulatory points of emphasis and prohibited practices, but also as guidance provided by regulators as to their expectations for effective compliance management systems.