Deja Vu All Over Again: CFPB Fines Big Bank for Opening Fake Accounts

Today the CFPB announced an enforcement action against Bank of America for double-dipping on NSF fees, withholding cash and points rewards on credit cards, and using customer information to open unauthorized accounts. As a result, Bank of America will be forced to pay more than $100 million to harmed customers, along with $150 million in total penalties to the CFPB and the OCC.

Let's take a look at each of these three practices and why the CFPB came down on them.

Double-dipping on NSF Fees

The Bureau noted that Bank of America charges customers a $35 fee when a transaction is declined due to NSF. However, what caught the ire of the CFPB was the practice of repeatedly charging fees for the same transaction. When a check or ACH was returned, and the merchant would re-present the item, Bank of America would assess additional NSF fees on the re-presentment of items it had already returned unpaid, enabling it to collect multiple NSF fees on the same item.

The Bureau found that Bank of America had this practice from September 2018 until February 2022. As part of the enforcement action, Bank of America must refund all repeat NSF fees it collected since September 2018, as well as pay a $60 million fine to the OCC.

Withholding of Credit Card Rewards

The CFPB found that while Bank of America advertised a sign-up bonus for all new credit card accounts, they denied the bonus to customers who applied in-person or over the phone. The bonus was advertised with terms like "$200 online cash rewards bonus offer" or "50,000 online bonus points offer," but it did not expressly state that the bonus offers were limited to online applications and did not apply to in-person or over-the-phone applications. Customers, the CFPB found, reasonably interpreted the word "online" in that context to refer to the advertisement itself, and not necessarily that they could only earn the bonus by applying online. The Bureau determined this to be a deceptive act or practice and ordered Bank of America to pay redress to customers in addition to a $30 million penalty.

Using Customer Information to Open Fake Accounts

The CFPB found that some Bank of America employees sometimes submitted applications for and issued credit cards without customer consent. This was done to improve their performance ratings and incentive compensation. In this process, CFPB also noted that these employees obtained credit reports without a permissible purpose. Finally, CFPB noted that Bank of America generated fee income from some of these fake credit card accounts.

If this last one sounds familiar, it should. Back in September 2016, the CFPB found that Wells Fargo was boosting sales figures by secretly opening unauthorized deposit and credit card accounts. They also highlighted the link between sales of new accounts, incentive compensation and performance reviews.

In the Consent Order, CFPB did note that Bank of America has since changed its practices by eliminating sales goals for employees primarily responsible for the sale of consumer credit card accounts.

What Can Credit Unions Learn?

CFPB enforcement actions are a good opportunity to review your credit union's policies, procedures and practices to make sure you don't run afoul in these areas. Some issues to consider:

1. How does your CU handle fees charged on re-presented items? In addition to this enforcement action, this topic has also been the subject of class action lawsuits in recent years against financial institutions that have ambiguous disclosures. Reviewing the language of your fee schedules and ensuring your practices are aligned is always a good idea.

2. Are your marketing terms clear? In ruling that the marketing language Bank of America used was deceptive, the CFPB put themselves in the shoes of the customer and found they could reasonably interpret the language used in multiple ways. In addition to a compliance review to make sure marketing materials have all the necessary language and logos, do you also check to see if members could interpret keywords or phrases in different ways?

3. Are you only pulling credit for permissible purposes? While not opening fake credit cards and accounts is obvious, part of the CFPB's ruling was that by pulling credit reports to get the customer information they needed to open those accounts, Bank of America employees pulled credit without having a permissible purpose. These permissible purposes can be found in Section 604(f) of the Fair Credit Reporting Act.

To read the CFPB's press releases and enforcement actions, click here.