The CFPB announced that it and the FDIC have issued a consent order against a bank, alleging violations of federal consumer protection laws for deceptive marketing of its add-on products (i.e., payment protection, credit score tracking, identity theft protection and wallet protection). Director Richard Cordray noted that the CFPB and FDIC had listened to numerous recorded sales calls by the bank’s in-house and third-party telemarketers and found that the telemarketers “spoke unusually fast when explaining the cost and product terms,” and “processed purchases without consent of consumers.”
The consent order calls for civil money penalties of $14 million and up to $200 million in restitution to the bank’s customers. Similar to the CFPB’s first public enforcement action, which alleged similar violations of federal consumer protection law (see July 24, 2012 Alert), the consent order also requires a compliance program, including designation by the bank’s board of who in bank management will be responsible for the review and approval of all marketing and solicitation materials, a training program, and monitoring of all third parties (e.g., telemarketing vendors and product program administrators). The bank’s board must also establish an oversight committee. Finally, under the consent order, the bank is required to provide the FDIC’s Regional Director, the CFPB’s Assistant Director of the Office of Enforcement, and the CFPB’s Regional Director with quarterly progress reports addressing each provision in the consent order and “detailing the form, manner, results and dates of any actions taken to secure compliance with the provisions” of the consent order. The CFPB also released a factsheet on the consent order.