By Martin J. Bishop and Rebecca R. Hanson
(Martin J. Bishop is vice chair of the Litigation Department and co-chair of the Consumer Financial Services Practice at Foley & Lardner LLP. He can be reached at email@example.com. Rebecca Hanson is an associate in Foley’s Business Litigation & Dispute Resolution and Labor & Employment Practices. She can be reached at firstname.lastname@example.org.)
The Consumer Financial Protection Bureau (“Bureau”) has yet to provide a set of concrete, meaningful rules setting forth what it considers unfair, deceptive, or abusive acts or practices (“UDAAP”) are under the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”), but that has not stopped the Bureau from flexing its broad and significant enforcement muscles. In a one-two-three punch maneuver, the Bureau has entered into consent settlements with three major consumer financial services companies – Capital One Bank (U.S.A.), N.A. (“Capital One”), Discover credit card company, Discover Financial Services (“Discover”), and American Express Bank (“American Express”) – over alleged deceptive and illegal practices involving add-on products for credit cards. These three actions alone, which took place over a span of just a few months, resulted in restitution and refunds for consumers of $425 million, in addition to over $100 million in civil penalties paid to the Bureau and other agencies.
With respect to enforcing UDAAP, Bureau director Richard Cordray has stated that it is not the Bureau’s “intention to try to ding institutions on things where it’s not very clear what the law is or what the law says . . . in gray areas. That’s not really worth our time or theirs.” But despite this statement, the Bureau has not set out to create rules around UDAAP, nor does it seem in any hurry to do so. And it’s true that the terms “unfair” and “deceptive” have been given some shape and color in other consumer protection acts, such as the Federal Trade Commission Act. The Bureau, however, has yet to adopt or abandon such precedent, and the term “abusive” is a relatively new concept in the consumer financial services industry with no generally accepted understanding of how the Bureau will apply the standard.
The Bureau’s recent enforcement actions reinforce other public statements Cordray has made that indicate that the Bureau will rely on its enforcement powers to define the UDAAP standards, rather than engaging in rulemaking or other efforts that would set forth what financial institutions have to do to avoid becoming the target of the Bureau’s UDAAP enforcement strategy. For instance, Cordray stated earlier this year that:
How the law that Congress has defined applies in particular situations is something that we’re going to have to measure on a facts and circumstances basis as we go . . . it’s our job to apply it . . . . We could perhaps clarify how it applies in particular facts and circumstances, but I think we ought to take our time with it.
The recent re-election of President Barack Obama to another term in the White House will clear up any lingering doubt about the longevity of the Bureau and Dodd-Frank reform in general and will likely embolden the Bureau’s UDAAP enforcement activities. But will we get more guidance from the Bureau about UDAAP? While the Bureau’s Capital One, Discover, and American Express enforcement actions have brought with them some limited guidance on what deceptive acts and practices might be in certain specific instances, the consumer financial services community is still largely in the dark about how to comply with UDAAP as a whole under the Bureau’s reign. As the Bureau hovers over the industry largely mute on UDAAP, most wonder how deep the impact will be on innovation in the consumer financial services industry.
THE BUREAU’S BROAD ENFORCEMENT OBJECTIVES
The Dodd-Frank Act gives the Bureau the wide-ranging authority to prevent consumer financial institutions from engaging in unfair, deceptive, or abusive practices. The Bureau’s enforcement powers are broad and, as the Bureau has stated in its examination manual, the Bureau’s UDAAP’s examination objectives for large financial institutions include:
• To assess the quality of the regulated entity’s compliance risk management systems, including internal controls and policies and procedures, for avoiding unfair, deceptive, or abusive acts or practices;
• To identify acts or practices that materially increase the risk of consumers being treated in an unfair, deceptive, or abusive manner;
• To gather facts that help determine whether a regulated entity engages in acts or practices when offering or providing consumer financial products or services that are likely to be unfair, deceptive, or abusive; and
• To determine, in consultation with Headquarters, whether an unfair, deceptive, or abusive act or practice has occurred and whether further supervisory or enforcement actions are appropriate.
The Bureau set out to employ these objectives in its recent investigations and enforcement actions against Capital One, Discover, and American Express. It should not come as a surprise that credit cards have been the target of the Bureau’s first enforcement actions. In a compliance bulletin released by the Bureau following the Capital One settlement – the first of the three – the Bureau specifically referred to consumer complaints received by the Bureau indicating that consumers have been misled by the marketing and sales practices associated with credit card add-on products.
According to the Bureau’s semi-annual report, thirty-four percent of the 55,300 complaints the Bureau received between July 21, 2011 and June 30, 2012 related to credit cards. Credit card complaints are only second in volume to mortgage-related complaints, which make up forty-three percent of the complaints received by the Bureau. Additionally, according to a March 2011 report from the Government Accountability Office, consumers paid $2.4 billion in fees for payment-protection products in 2009 – the same type of products that were the focus of the Bureau’s enforcement actions.
CAPITAL ONE: THE BUREAU’S FIRST ENFORCEMENT ACTION
The Bureau focused its first enforcement action on Capital One, which ended in a settlement and consent order this past July. After conducting an investigation, the Bureau claims that it discovered that Capital One’s marketing of certain products was misleading and deceptive. Specifically, the Bureau alleged that Capital One was employing high pressured sales tactics to sell credit card add-on products to consumers with low credit scores or low credit limits. These add-on products included “payment protection” plans, which were supposed to allow the consumer to request that the bank cancel up to 12 months of minimum payments if they become unemployed or temporarily disabled, or debt forgiveness in the case of death or permanent disability. Consumers were also offered “credit monitoring” that included identity-theft protection, access to “credit education specialists,” daily monitoring and notification.
Notably, the Bureau did not condemn the products themselves as deceptive or misleading, but rather focused on the methods used by Capital One in offering the products to the consumer. For example, in promoting these products, the Bureau alleges that Capital One’s call-center vendors sometimes led the consumer to believe that the product would improve their credit scores. In other cases, the Bureau claims that consumers were led to believe that the product was mandatory in order to activate their card or were wrongly told that they could cancel the product if they did not like it. Consumers who then tried to cancel the products allegedly had trouble doing so. Other consumers were supposedly told that the products were free, when they were not and some call center vendors processed add-on products for consumers who had not agreed to purchase the product. The Bureau also alleged that the call-center employees wrongly led consumers to believe the products would improve their credit score or would help them build good credit. Across all of these alleged violations, Cordray noted that Capital One’s “compliance mechanisms failed to prevent, identify, and correct the practices.”
As part of the settlement, the Bureau required Capital One to refund approximately $140 million to an estimated two million consumers. In addition to the amount paid for the product, cardmembers will receive a refund of the associated finance charges, any over-the-limit fees resulting from the charge for the product, and interest. The bank also agreed to pay civil penalties of $60 million ($25 million to the Bureau’s Civil Penalty Fund and $35 million to the Office of the Comptroller of Currency’s Civil Penalty Fund).
The Bureau also ordered Capital One to cease all marketing of these products until the Bureau has approved a compliance plan to help ensure the violations are not repeated in the future. Capital One must also engage an independent auditor to ensure compliance with the consent order.
Capital One did not admit or deny any of the Bureau’s findings, but did acknowledge that Capital One was “accountable for the actions that vendors take on our behalf.” At the time of the Capital One settlement, Cordray foreshadowed the next two enforcement actions stating: “We know these deceptive marketing tactics for credit card add-on products are not unique to a single institution. We expect announcements about other institutions as our ongoing work continues to unfold.”
DISCOVER: ENFORCEMENT ACTION NUMBER TWO
The Bureau next joined an investigation that was initially started by the Federal Deposit Insurance Corporation (“FDIC”) of Discover. The Bureau’s enforcement action against Discover – similar to that involving Capital One – focused on allegedly deceptive telemarketing and sales tactics that mislead consumers into paying for various credit card “add-on products” – payment protection, credit score tracking, identity theft protection, and wallet protection that had generated $428 million in revenue for Discover in 2011.
In September of this year, the Bureau settled the enforcement action against Discover through a consent order that alleged that Discover’s marketing scripts contained misleading language that led consumers to believe that these products were free benefits or that they would have an opportunity to review the terms of the products before they were charged. The Bureau also alleged that Discover withheld eligibility requirements that applied to payment protection benefits, including exclusions for pre-existing medical conditions. Discover representatives were allegedly downplaying key terms and were, as claimed in the consent order, speaking “more rapidly during the mandatory disclosure portion of the sales call, which included a statement of the Product’s price and some – but not all – material terms and conditions of the Product.” The Bureau also alleged that the impact of Discover’s deceptive telemarketing scripts and presentations was “compounded by the fact that Discover did not need to ask Cardmembers for their credit card numbers in order to bill them for the Products because it had access to [the numbers] and could (and did) directly bill the cost of the Products to Cardmembers’ Discover accounts.”
The Bureau ordered Discover to refund approximately $200 million to more than 3.5 consumers and to pay a $14 million civil money penalty. Like with Capital One, Discover had to agree to stop the challenged practices and adhere to a compliance plan approved by the Bureau. Discover did not admit or deny the Bureau’s findings, but its Chairman and Chief Executive Officer David Nelms responded to the consent order stating that “[w]e have worked hard to earn the loyalty of our card members, and we are committed to marketing our products responsibly.”
AMERICAN EXPRESS: ENFORCEMENT ACTION NUMBER THREE
The Bureau next joined an examination of American Express that had been previously initiated by the Utah Department of Financial Institutions, and which was also joined by the FDIC, the Office of the Comptroller of the Currency (“OCC”), and the Board of Governors of the Federal Reserve System (“Federal Reserve”). The Bureau, along with these other agencies, stated in October that American Express had allegedly violated federal law by deceiving customers “at all stages of the game – from the moment a consumer shopped for a card to the moment the consumer got a phone call about long overdue debt.”
More specifically, American Express supposedly deceived customers by: (1) leading them to believe they would receive $300 in addition to bonus points if they signed up for a particular credit card program; (ii) charging late fees on certain cards based on a percentage of the debt in violation of the Credit CARD Act; (iii) failing to report the existence of certain customer disputes to credit bureaus, which is a violation of the Fair Credit Reporting Act; (iv) wrongfully telling consumers that if they paid off old debt, the payment would be reported to credit bureaus and could improve their credit scores, while in reality, American Express was not reporting the payments and the debts were so old that even if they had tried to report them, many of the payments would not have appeared on these consumer credit reports or affected their credit scores; and (v) discriminating against applicants based on their age.
The Bureau ordered American Express to refund an estimated $85 million to approximately 250,000 consumers as a result of the settlement. American Express must also implement new procedures to ensure compliance with consumer financial protection laws and must use independent auditors to ensure compliance with the Bureau’s order. American Express was ordered to provide “clearly written” disclosures on debt collection statements, and to stop using deceptive credit card solicitations. American Express was also ordered to pay a $27.5 million civil monetary penalty, with the money going to the Bureau ($14.1 million), FDIC ($3.9 million), the Federal Reserve ($9 million), and the OCC ($500,000).
American Express, like Capital One and Discover, did not accept or deny responsibility, but it released a statement in which it said that it would continue “its own internal reviews and is also cooperating with regulators in their ongoing regulatory examination of add-on products in accordance with an industrywide review.”
WHAT CAN WE LEARN ABOUT AVOIDING UDAAP VIOLATIONS FROM THESE ACTIONS?
We can glean a lot from these enforcement actions about how the Bureau will approach deceptive acts and practices under UDAAP. The Bureau, in its compliance bulletin released after the Capital One settlement, indicated that it “will take all necessary steps to ensure that consumers are protected from deceptive sales and marketing practices, including those resulting from failures to adequately disclose important product terms and conditions, or other violations of Federal consumer financial law.”
The Bureau has specifically set forth expectations about how to avoid deceptive practices involving credit card add-on products. In the Bureau’s compliance bulletin, the Bureau stated that it expects that financial institutions will ensure that:
• Marketing materials “reflect the actual terms and conditions of the product and are not deceptive or misleading to consumers;”
• “Employee incentive or compensation programs tied to the sale and marketing of add-on products require adherence to institution-specific program guidelines and do not create incentives for employees to provide inaccurate information about the products;”
• Call-center scripts and manuals are followed and:
(i) “[d]irect the telemarketers and customer service representatives to accurately state the terms and conditions of the various products;”
(ii) prohibit enrolling consumers in programs without “clear affirmative consent to purchase the add-on product, obtained after the consumer has been informed of the terms and conditions;”
(iii) “provide clear guidance as to the wording and appropriate use of rebuttal language and any limits on the number of times that the telemarketer or customer service representative may attempt to rebut the consumer’s request for additional information or to decline the product;” and, (iv)“where applicable, “make clear to consumers that the purchase of add-on products is not required as a condition of obtaining credit, unless there is such a requirement.”
• Telemarketers and customer service representatives do not, to the extent possible, deviate from approved scripts;
• “Applicants are not required on a prohibited basis to purchase add-on products as a condition of obtaining credit;” and
• Cancellation requests are “handled in a manner that is consistent with the product’s actual terms and conditions and that does not mislead the consumer.”
Based on the Bureau’s statements with respect to the enforcement actions, it is clear that financial institutions need to:
• Scrutinize sales scripts and monitor calls to ensure the scripts are followed;
• Ensure consumers’ consent is obtained before enrollment;
• Ensure that consumers are told if a product is optional;
• Ensure a consumer’s ability to cancel a product;
• Ensure that the consumer is aware of the benefits and costs of products;
• Monitor, investigate and resolve consumer complaints; and
• Implement independent audits of programs.
NO GUIDANCE ON THE UNFAIR OR ABUSIVE STANDARD
Importantly, the Bureau only deemed the acts and practices in these enforcement actions as “deceptive” – and we are still left wondering what the Bureau considers unfair acts or practices or what the new “abusive” standard means. Abusive is a new concept in the financial services industry – and the Bureau has done nothing to define the term, leaving financial institutions in the dark as to how they can avoid abusive acts and practices. Likely, the financial services industry will have to wait for further enforcement actions to glean any meaning out of these other terms.
ENFORCEMENT WITHOUT COMPREHENSIVE GUIDANCE AROUND UDAAP WILL CHIP AWAY AT CONSUMER CHOICE
Through these enforcement actions, Cordray has stated that the Bureau is “putting companies on notice that these deceptive practices are against the law and will not be tolerated.” With such a threat lingering, financial institutions may be more reluctant than ever to offer these products in the current environment. After the Capital One settlement, Bank of America Corp. announced that it would no longer sell payment protection plans to new cardholders and would phase out existing plans sometime next year. J.P. Morgan Chase & Co. stopped selling payment protection plans last year and Citigroup Inc. has stopped telephone sales of similar credit card products to their consumers until they can conduct a review on how they are sold.
While consumers would surely want such products offered under beneficial terms, consumers presumably want the protections provided by these add-ons. But financial institutions are shying away from these products in the absence of assurance that they are not going to run afoul of UDAAP, thereby narrowing the range of consumer choice. The Bureau’s clear penchant for piecing together guidance on UDAAP through enforcement actions, rather than through upfront rulemaking or other guidance mechanisms, will only continue to chip away at consumer choice.
THE PRESIDENTIAL ELECTION RESULTS WILL EMBOLDEN THE BUREAU
President Obama’s re-election will surely wash away any doubts about the future of the Bureau. Any concerns over Governor Romney’s promises to repeal the Dodd-Frank Act are now laid to rest and the Bureau has a clear mandate to continue its enforcement actions. With this green light, the Bureau will likely continue to enforce UDAAP without any concerted effort to systematically and uniformly define the UDAAP terms. The consumer financial services industry is left to guess about whether the products they offer – and more importantly, how those products are offered – are in compliance with the Bureau’s expectations.