The CFPB’s Consent Order with Navy Federal Credit Union (“NFCU”) should provide a wakeup call for all community banks and credit unions as to how they conduct their internal debt collection efforts.The Consent Order requires Navy Federal Credit Union, the nation’s largest credit union, to pay roughly $23 million in redress to affected consumers and a civil monetary penalty of $5.5 million to the CFPB.

The Consent Order takes issue with the credit union’s internal collection practices, as well as its policies for freezing members’ electronic access to accounts post delinquency.The Consent Order further reiterates the CFPB’s position that first party debt collectors, while not subject to the FDCPA, are prohibited from engaging in unfair, deceptive, or abusive acts or practices when engaged in the collection of consumer debts.

The Consent Order, which was entered into by the credit union without admitted or denying any of the key findings of fact or conclusions of law, takes issue with the credit union’s internal collection practices.As with many community banks and credit unions, NFCU conducted most of its collection efforts internally prior to the point of litigation.NFCU’s primary debt collection activities were through letters and telephone calls to delinquent and overdrawn members.In reviewing the credit union’s activities, the CFPB took issue with the credit union’s debt collection letters, telephonic communications with consumers and its practice of freezing consumer electronic account access (notably ATM and debit card access).


  • The credit union’s letter templates contained several material misrepresentations that were likely to mislead reasonable consumers. Specifically, several letter templates threatened legal action when in fact the credit union had narrow perimeters for litigation.The CFPB found that the message “pay of be sued” was inaccurate about 97% of the time. Consent Order, ¶24.Particularly, the CFPB noted letter templates that:
    • Stated legal action had “been recommended”;
    • Stated that if the consumer failed to make a payment, the credit union would “have no alternative but to recommend [the account] for legal action”; and
    • Threatened garnishment of wages which is generally a post judgment remedy.
  • The CFPB also took issue with letters which threatened to contact active servicemembers’ commanding officers.While the CFPB acknowledged that the credit union’s account agreements contained a provision which “purported to give… [the credit union] the right to disclose servicemembers’ debts to their military commands”, the CFPB contended that the contract clause was ineffective because it was “buried in fine print, non-negotiable, and not bargained for by consumers.”The Order noted that while the threat was communicated, there was no evidence that the credit union ever contacted commanding officers and thus, the threat was false.
  • The CFPB also noted that the credit union’s letters miscommunicated the credit consequences of delinquency.The Order finds that the letters misleadingly implied the credit union issued credit ratings or offered credit repair services.Particularly, the CFPB highlighted letters that stated:
    • “You will find it difficult, if not impossible, to obtain additional credit because of your present unsatisfactory credit rating with” the Credit Union;
    • The consumer could “repair[]” his or her credit or credit reputation by contacting the credit union.


The CFPB also found that the credit union’s collection personnel made statements by telephone that were likely to mislead consumers including threatening legal action or garnishment and threatening to contact the members’ military commander.


The Consent Order finally found that that credit union had a practice of freezing the consumer’s electronic account access and disabling certain electronic services once the consumer became delinquent, including debit or ATM card access.“In most cases, consumers could not regain their electronic services until after they settled their debt or made arrangements with” the credit union.The CFPB further found that until mid-2015, the credit union did not make an exception for accounts containing protected federal benefits, including social security income or veteran’s benefits.


  • The CFPB’s finding that the credit union made false threats of litigation was keyed upon its finding that the message to consumers was inaccurate 97% of the time.Banks and credit unions should take note that the CFPB came to that conclusion by reviewing the number of consumers who received the letters at issue and the number of debt collection suits filed by the credit union in the same period.The order noted that the disparity appeared to be the result of “the disconnect between the… [credit union’s] narrow litigation practice and its broad letter campaign.”The lesson to be learned here is twofold: (a) compliance teams need to insure their letter templates are in fact in line with the entity’s actual practices; and (b) compliance teams need to audit and test their letter campaigns vis-à-vis their actual practices to insure accuracy.
  • Banks and credit union should review their compliance management systems to insure they adequately address and are consistent with the FDCPA, as well as CFPB Bulletin 2013-07, both of which set forth debt collection practices that are deemed unfair, deceptive and abusive.
  • Banks and credit unions should also insure that their policies and procedures are consistent with the FDCPA and CFPB Bulletin 2013-07 as applicable.Moreover, training materials and internal policies should be updated periodically and at least annually to address any deficiencies in training or compliance issues identified by other means, including consumer complaints;
  • The Consent Order makes clear the expectation that banks and credit unions provide initial and periodic training to collections personnel regarding debt collection practices and that banks and credit unions audit and test their debt collection practices to insure compliance.
  • Moreover, the Consent Order sets forth the CFPB’s expectation that training should be documented, along with any corrective actions taken including discipline, reprimand or provide remedial training to employees that are not proficient.
  • The Consent Order finally finds that the credit union’s practice of freezing and disabling electronic account access to accounts when the member became delinquent (often on an unrelated account) was unfair debt collection practice.Banks and credit unions should review their practices and if engaged in a similar practice as a means of debt collection, should cease and desist the practice immediately.Banks and credit unions should note the distinction between the practice highlighted in the Consent Order and any contractual or statutory right of set off the bank or credit union may have.