On July 16, 2012, the Consumer Financial Protection Bureau (CFPB) announced its first public enforcement action. The CFPB found that Capital One Bank (USA), N.A. violated sections 1031 and 1036 of the Consumer Financial Protection Act1 by engaging in deceptive marketing practices in connection with certain add-on products that Capital One offered to credit card holders.2 The CFPB and Capital One entered into a Stipulation and Consent Order requiring Capital One to: (1) pay $210 million in restitution, remediation and penalties;3 and (2) strengthen its internal and external controls to ensure compliance with the Consumer Financial Protection Act. The Capital One enforcement action provides a roadmap for what the consumer credit industry can expect from the CFPB with respect to compliance and what the CFPB expects from a company’s board in connection with the marketing of services for which the customers must pay an additional fee.
The CFPB’s Findings
When some customers called a third-party call center to activate their Capital One credit cards, they were routed to a credit card activation process that involved the solicitation of products marketed and sold by Capital One. One of the products provided the customers with credit monitoring services, and the other product provided customers with an opportunity to request the cancellation of their entire credit card balance up to the credit card limit in the event of death, unemployment, disability, or other life event.4
Capital One developed scripts for the third-party call center representatives to follow. The CFPB found that the call center representatives sometimes deviated from these scripts and misrepresented or omitted information in doing so. These misrepresentations and omissions included, among others:
- Stating that acquiring the products will allow customers to increase their credit scores and raise their credit limit;
- Expressly or implicitly stating that the products were free or a minimal cost;
- Stating, without support, that identity theft is the number one crime and informing customers that federally certified agents will monitor their accounts; and
- Failing to inform the customers that the products were optional.
The CFPB also found that the third-party call center representatives: (1) failed to determine whether the customers were eligible for the products; (2) mischaracterized customers in a manner that rendered them eligible for the products when the customers were not otherwise eligible; (3) failed to obtain sufficient affirmative consent from the customers before enrolling them in the program to obtain the products; and (4) discouraged the customers from cancelling the products after enrollment.
The CFPB found that Capital One’s Compliance Department failed to adequately monitor the call center representatives to prevent, identify, or correct the foregoing acts and omissions. Compliance Plan The CFPB required Capital One to develop a compliance plan. Under the compliance plan, Capital One must:
- Prohibit marketing the products during activation calls, unless prior to the solicitation the cardholder is informed that activation is complete and listening to the solicitation is optional;
- Develop scripts that pre-determine a cardholder’s eligibility for the product;
- Develop scripts that disclose certain information to the consumer immediately after he or she elects to purchase the product, such as that the charge will appear on the next billing statement and the product’s cancellation policy;
- Issue a full refund to any customer who requests cancellation within 30 days of receiving the first statement on which a charge for the product appears;
- Immediately cancel the product without attempting to re-sell it when a cardholder indicates that he or she wishes to cancel; Develop scripts that require the customer to affirmatively request or consent to purchase the product;
- Provide all material information about the product before the customer purchases the product if the customer requests the information prior to purchasing the product;
- Cancel the product without trying to re-sell it to the customer, or engage in a comprehensive review process to determine whether the customer authorized the product, if the customer states that he or she never authorized the product; and
- Within three days after a customer purchases a product, Capital One must mail a disclosure to the customer that clearly explains the fees associated with the product, the cancellation and refund policies, and the product’s material conditions, benefits, and restrictions.
Compliance Management System
The CFPB also ordered Capital One to create a Compliance Management System, which imposes obligations on, among others, Capital One’s Board. Specifically, Capital One’s Board must oversee revisions to Capital One's compliance program and management system and submit the revisions to the CFPB.
Recognizing that Capital One hires third parties to solicit the products, the CFPB ordered Capital One to develop a written policy regarding the management of the third-party providers to ensure that the providers have the capacity to comply with all consumer protection laws, bank policies and procedures. In addition, the written contract between Capital One and the service providers must, among other things: (1) state that the providers will maintain adequate internal controls and training over the marketing, sales, delivery, servicing, and fulfillment of services for the products; and (2) provide Capital One with the authority to conduct periodic onsite reviews of the service providers to ensure compliance with the consumer protection laws.
Compliance Bulletin for All Financial Institutions Covered by the CFPB
The CFPB issued a compliance bulletin as guidance to help other institutions avoid similar violations. This guidance is consistent with the Capital One Stipulation and Order and can be found here.