The CFPB Takes Aim at Third-Party Products Offered to Customers
By Peter G. Weinstock, Hunton & Williams LLP
On July 26, 2012, the Consumer Financial Protection Bureau (CFPB) announced a $210 million settlement with a large national bank. The bank agreed to pay $150 million in restitution and $25 million of fines assessed by the CFPB, and $35 million assessed by the Office of the Comptroller of the Currency (OCC). The action concerned credit add-on products that are offered by many financial service companies, including:
Notably, the CFPB did not take issue with the products themselves, but instead, with how they were being marketed. This settlement is notable not only because it represents the first enforcement action by the CFPB, but for its subject matter. Specifically, the sanctions are for conduct of a third-party provider, rather than direct actions of a financial services company.
This onus on what ramifications there can be on a financial services company from the actions of its service provider is not new. In June 2012, the CFPB issued a bulletin advising financial institutions of their responsibility to police the actions of companies with which they contract. Perhaps the CFPB was echoing earlier pronouncements by other regulators. For instance, in 2008, the FDIC issued FIL 44-2008, “Guidance for Managing Third-Party Risk.” The FIL Guidance noted eight risk areas for third-party service providers, including transaction risk (service or product delivery deficiencies), reputation risk (adverse public opinion or adverse publicity) and compliance risk (conduct of the third party fails to comply with the law or is inconsistent with the financial services company’s policies or procedures or business standards). In my June 2012 client alert entitled, “Increased Regulatory Scrutiny of Third-Party Vendors and Their Contracts,” I set forth the regulatory expectations for agreements with third-party providers.
The CFPB’s position in this recent enforcement action was that the third-party provider was deceiving consumers, which warranted enforcement action based on the authority to penalize unfair, deceptive or abusive acts or practices (UDAAP). All financial services companies should consider the CFPB’s allegations. Specifically, the CFPB alleged that customers were routed to a different process to activate their credit cards depending upon their credit score and credit limits. The activation process went through a call center. The bank developed call-center scripts for each product to be used by call-center representatives in each solicitation. Call-center representatives, however, frequently deviated from the scripts. According to the CFPB, the call-center employees:
The CFPB was also greatly concerned about rebuttal tactics that were used to try to convince customers to continue the product when they had tried to cancel it. These tactics allegedly included many of the issues alleged above.
The CFPB deemed such conduct to represent deceptive marketing materials and activities, and thus, was a UDAAP violation. The Order mandated that in any customer presentation, there could not be any misrepresentations related to:
Moreover, the Order prohibited:
Thus, the CFPB mandated corrective action that arguably went beyond the misconduct cited.
The CFPB also provided instruction for disclosures, including a definition for “clearly and prominently” with regard to disclosures. Specifically, written information must be in a type size and location sufficient for an ordinary consumer to read and comprehend it.
In CFPB Bulletin 2012-06, the CFPB indicated that it evaluates the effectiveness of disclosures by whether:
The CFPB also stated that it will closely examine employee incentive or compensation programs that might result in incentives for employees to provide inaccurate information.
When the CFPB announced the enforcement action, its director, Richard Cordray, noted that, “[w]e know these deceptive marketing tactics for credit card add-on products are not unique to a single institution.” In light of the OCC’s complimentary action, financial service companies (regardless of size) that offer these products should re-examine the disclosures and marketing practices as well as the agreements with such parties and terms of such products, especially if the third-party provider has customer contact. Even if the add-on products are offered by the financial institution itself, the approach to them should be re-evaluated. The CFPB’s allegations should form a template for evaluating such products and the way they are being sold.