CFPB Fines Bank for Accessing Customer Credit Reports and Opening Accounts, Credit Cards, and Lines of Credit Without Customers’ Permission

On July 28, 2022, the Consumer Financial Protection Bureau (CFPB) issued a Consent Order against a large bank (the Bank), claiming that the Bank created sales pressure on its employees that encouraged employees to illegally access customer credit reports and to open checking and savings accounts, credit cards, and lines of credit without customer authorization.  The Bank must pay a $37.5 million penalty to the CFPB and must develop a plan to remediate harmed customers by forfeiting and returning all unlawfully charged fees and costs, plus interest.  The alleged conduct in question is similar to conduct that caused the CFPB to levy a record-setting fine on another large financial institution in 2016.

The CFPB found that the Bank violated the Consumer Financial Protection Act, the Fair Credit Reporting Act, the Truth in Lending Act, and the Truth in Savings Act.  The CFPB based these findings on evidence revealing that the Bank imposed sales goals on its employees as a factor in evaluating employee performance, and implemented sales campaigns and an incentive-compensation program financially rewarded employees for selling financial products or services, which led employees to open accounts without customer authorization.

Specifically, the CFPB determined that the Bank: (i) applied for and issued credit cards and lines of credit for consumers without their knowledge or consent; (ii) used or obtained consumer reports of consumers who were not seeking an extension of credit from or involved in any form of credit transaction, account review, or account collection with the Bank; (iii) opened consumer deposit accounts without consumers’ knowledge and consent; and (iv) created sales pressure on its employees, leading employees to opening credit cards, lines of credit, and deposit accounts without consumers’ knowledge and consent.  The CFPB states in the Consent Order that the Bank’s conduct harmed customers through “fees charged on unauthorized accounts; negative impacts to consumer credit profiles; the loss of control over personal identifying information; and the expenditure of consumer time and effort investigating the facts, seeking closure of unwanted accounts, and monitoring and mitigating harm going forward.”

In the CFPB’s press release, CFPB Director Rohit Chopra is quoted as stating that the CFPB “must do more to hold lawbreaking companies accountable when they abuse and misuse our sensitive personal data.”  Financial institutions with incentive-compensation programs rewarding employees for meeting sales targets should monitor those programs very carefully to avoid illegal activity and significant risk exposure.