The FDIC has entered into a settlement with Comenity Bank and Comenity Capital Bank regarding their servicing and marketing of credit card add-on products. The liability premise involves Section 5 of the FTC Act, which prohibits unfair and deceptive practices and stems from the banks’ provision through third parties of payment protection/debt cancellation add-on products. As part of the settlement, both banks agreed to pay consumers a total of approximately $61.5 million in restitution, as well as civil money penalties of approximately $2.5 million. As part of the enforcement action leading to the consent order, the FDIC determined that the banks violated the FTC Act by:
- Representing to consumers that there would be no fee associated with their payment protection/debt cancellation add-on products so long as the account had no balance, but then charging a fee in those circumstances;
- Making material misrepresentations or omissions as to the refund process for the consumers’ cancellation of the product during the first thirty days of enrollment; and
- Making material misrepresentations or omissions to consumers regarding the condition of receipt of certain incentives for enrollment.
Beyond the monetary implications, however, the orders contain remediation provisions that should guide other banks, particularly in their management of third party relationships. The Consent Orders require the implementation of an effective third party oversight program, which includes:
- A review of all aspects of the banks’ agreements with third parties providing services or products to or on behalf of banks;
- Procedures for effectively monitoring, training, record-keeping, and auditing of banks’ third parties;
- Access by the banks to all necessary systems of the banks’ third parties to ensure compliance with all consumer protection laws;
- Monitoring of all third party agreements to ensure they contain specific expectations, obligations, and consequences for compliance with all consumer protection laws;
- System for maintaining record of all third party agreements and any marketing or solicitation materials developed by the banks’ third parties for add on products;
- Prompt notification by the banks’ third parties regarding any regulatory inquiries, customer complaints and legal actions received (“other than routine requests such as ‘cease and desist’ collection contact”);
- Procedures to address and resolve consumer complaints and inquiries regarding services or products provided by third parties; and
- Procedures to analyze the underlying cause of complaints and identify any complaint patterns or trends regarding specific products or practices.
Financial service companies should carefully review the enforcement actions and the resulting consent orders of this settlement to identify regulatory points of emphasis and prohibited practices, in addition to regulatory guidance on what constitutes an effective compliance management system.