Compliance Blog

Hello, compliance folks! Summer 2023 is in high gear. While that means potential fun in the sun, it also means there are many risks out there. The risk of getting a sunburn. The risk of touching poison ivy. The risk of buying counterfeit tickets to a Taylor Swift concert. I could go on. When it comes to compliance, however, the Consumer Financial Protection Bureau (CFPB) recently shone a spotlight on one specific risk that might have come as a surprise to some credit unions.

The CFPB recently announced an enforcement action against Bank of America. In reality, the action involves two separate consent orders. The first alleges that Bank of America failed to honor its promises of cash and rewards points for its rewards credit card customers. The first order also alleges that Bank of America employees used consumers’ data to complete bogus applications and open fake accounts to meet sales incentives. This is reminiscent of other fake account scandals, including the Wells Fargo scandal from 2016 and an action the bureau took last year against U.S. Bank (which we blogged about here). For these violations, Bank of America agreed to pay a $30 million penalty to the CFPB.

The more interesting aspect of this enforcement action for credit unions, however, is actually the second consent order. In that order, the bureau alleges that Bank of America violated the Consumer Financial Protection Act’s prohibition on unfair, deceptive and abusive acts or practices (UDAAP) by charging non-sufficient fund (NSF) fees on represented transactions. Here’s a hypothetical to explain how this works – because this is a blog for credit unions, I’m going to use a credit union for this example:

Sally Member authorizes an ACH payment to her water company from her checking account at ABC Federal Credit Union (ABC FCU). However, when the transaction is presented to ABC FCU for payment, Sally doesn’t have enough money in her account to cover it. If Sally had overdraft protection, then most likely ABC FCU would’ve let the payment go through and Sally’s account would become overdrawn and she’d have to pay an overdraft fee. However, Sally doesn’t have overdraft protection, so instead ABC FCU declines to pay, and Sally is charged an NSF fee. The water company still wants to be paid of course, so they present the transaction for payment again a few days later, hoping that perhaps now Sally will have enough money in her account. Unfortunately, Sally still does not have enough money in her account, so ABC FCU declines the transaction once again and charges Sally another NSF fee. Sally has now been charged multiple NSF fees for the same failed transaction.

With regards to Bank of America, the CFPB alleges that the bank charged its customers a $35 NSF fee and would charge that $35 fee again when failed transactions were represented. The bureau also alleges that Bank of America earned “hundreds of millions of dollars” on these representment NSF fees. Importantly, the consent order does not allege that these NSF practices were improperly disclosed or that more thorough disclosures could have prevented this enforcement action. Instead, the CFPB’s analysis states that these practices are a UDAAP violation because consumers could not reasonably prevent these fees because they had no knowledge of when a transaction would be re-presented or how many times a merchant may try to present the transaction. Additionally, the CFPB asserts that such fees provide little or no benefit to the consumer.

While the fake account scandal mentioned in the first consent order is more likely grab headlines in the press, these NSF fee representment violations garnered higher penalties – Bank of America agreed to pay a $60 million dollar penalty for this practice, and (according to the press release) to pay another $60 million penalty to the Office of the Comptroller of the Currency (OCC) for the same NSF fee practices. In total, the practice of charging NSF fees on represented transactions resulted in a $120 million penalty for Bank of America, which is four times the amount the bank had to pay for the credit card and fake account violations.

The practice of charging NSF fees on represented transactions is one that some credit unions might still be engaging in – and that’s not shocking, as the fact that this practice is technically a UDAAP violation seems to have snuck “under the radar.”  While NAFCU had heard anecdotally that examiners had begun to scrutinize this practice, there was no law, regulation or official guidance from CFPB or the National Credit Union Administration (NCUA) clearly prohibiting this practice. Instead, the CFPB seems to have quietly announced this idea in its Winter 2023 edition of its Supervisory Highlights publication (a special edition focused on junk fees), which published in March 2023. That publication included a 1.5 page section titled “Assessing multiple NSF fees for the same transaction,” which noted that examiners had found “unfair” acts or practices relating to this activity. This major action against Bank of America seems to be the bureau’s real “coming out party” for the idea that this practice is a UDAAP violation. The CFPB’s Spring 2023 rulemaking agenda (published last month) does include a forthcoming rulemaking on NSF fees, so it is possible there could be an official rulemaking on this topic at some point in the future.

Notably, the bureau does not discuss any specific risk mitigation methods or steps credit unions can take to be compliant. For example, there is no discussion of whether credit unions are expected to somehow monitor which transactions have already received an NSF fee so that the credit union can identify if those same transactions are presented again later. Instead, the Winter 2023 Supervisory Highlights states that, when CFPB examiners found UDAAP violations for this practice, the institutions under scrutiny all agreed to stop charging NSF fees completely. That’s likely little comfort to credit unions. Credit unions that are currently charging these fees may want to consult with their legal counsel about potential ways to mitigate this newly announced UDAAP risk. 

*****************

LAST WEEK TO SAVE BIG! Purchase a NAFCU Online Compliance Subscription and save up to hundreds off with code SAVE10. But hurry, this offer expires on 7/21/23. Your price includes a full year (or two!) of access for your entire credit union. Subscribe today!