Unfair, Deceptive, or Abusive Acts or Practicesresources.gabankers.com/Event Agenda...

Unfair, Deceptive, or Abusive Acts or

Practices

THIS PUBLICATION IS… SO… Not offered as legal advice

Readers should consult with legal counsel for advice on specific fact situations.

Copyrighted by Compliance Resource, LLC April 2017

No portion of it, other than any government forms it contains, can be reproduced without violating copyright laws.

(Blank Page)

PUBLISHER AND AUTHOR Publisher

Compliance Resource, LLC is a consulting firm for financial institutions that focuses on compliance with federal laws and regulations applicable to financial institutions. Its website, jackscomplianceresource.com, provides multiple resources to assist financial institutions in their efforts to comply with federal laws and regulations.

Authors

Jack Holzknecht is the CEO of Compliance Resource, LLC. He has been delivering the word on lending compliance for 41 years. In 36 years as a trainer over 130,000 bankers (and many examiners) have participated in Jack’s live seminars and webinars. Jack’s career began in 1976 as a federal bank examiner. He later headed the product and education divisions of a regional consulting company. There he developed loan and deposit form systems and software. He also developed and presented training programs to bankers in 43 states. Jack has been an instructor at compliance schools presented by a number of state bankers associations. As a contractor he developed and delivered compliance training for the FDIC for ten years. He is a Certified Regulatory Compliance Manager and a member of the National Speakers Association.

(Blank Page)

TABLE OF CONTENTS Training Description and Purpose .................................................................. 1

Laws, Regulations and Guidance ................................................................... 3

Unfair Acts or Practices .................................................................................. 4

Deceptive Acts or Practices ............................................................................ 9

Abusive Acts or Practices ............................................................................. 14

Consumer Complaints ................................................................................... 15

Examination Procedures - Objectives ........................................................... 18

Examination Procedures - Document Review .............................................. 19

Examination Procedures - Management and Policy-Related Issues ............ 20

Transaction-Related Examination Procedures .............................................. 23

Recent Examination Issue - Examiner Hot Seat ........................................... 28

Interagency Guidance - Repeal of Regulation AA ....................................... 34

Consent Orders.............................................................................................. 36

Consent Order - Cole Taylor Bank/Higher One ........................................... 37

Consent Order - WEX Bank/Higher One ..................................................... 41

Consent Order - The Bancorp Bank/Higher One ......................................... 42

Consent Order - Bank of America ................................................................ 60

Consent Order - First Electronic Bank ......................................................... 66

Consent Order - Citizens Bank, National Association ................................. 68

Consent Order - Citizens Bank, National Association (Again) .................... 70

Consent Order - Various Auto Finance Companies ..................................... 71

Consent Order - Fifth Third Bank ................................................................ 72

Consent Order - Comenity Bank .................................................................. 73

TCF Enforcement Action and CFPB Lawsuit .............................................. 74

Citizens Bank – Deposit Reconciliation Enforcement Action ..................... 81

(Blank Page)

© 2017 Compliance Resource, LLC 1

Training Description and Purpose Introduction

Regulatory attention on the topic of Unfair or Deceptive Acts and Practices has been rising for several years. The Dodd-Frank Act expanded the topic to include Unfair, Deceptive or Abusive Acts or Practices (UDAAP). UDAAP applies to: • Every product or service offered by any financial institution. • Every aspect of any transaction, including:

o Marketing any product or service; o Opening a deposit account or an open-end line of credit; o Originating a consumer, mortgage, commercial or any

other type of loan; o Administration of existing deposit or loan accounts; o Terminating or closing accounts; and o Much more.

UDAAP appears on every "bad news" list, including frequent violations, significant penalties, enforcement actions, to name a few. With increasing frequency examiners are requiring bank employees to explain the terms contained in account and service documentation, policies and procedures, and advertisements. If you can't explain the terms to your examiner, how can you explain them to your customers?

Purpose

The purpose of this program is to assure you understand the basic UDAAP concepts and are aware of the current status of the rules on this topic.


Training Description and Purpose Goals

Upon completion of this program your staff will understand: • The existing laws and guidance that govern this topic; • What acts or practices are unfair; • What acts or practices are deceptive; • What acts or practices are abusive; • UDAAP examination procedures; • Recent regulatory enforcement actions; and • Steps to reduce the likelihood of UDAAP problems.


Laws, Regulations and Guidance Laws

Unfair and deceptive acts or practices are prohibited by Section 5(c) of the Federal Trade Commission Act. Title X Dodd-Frank Act empowers the Consumer Financial Protection Bureau to prevent unfair, deceptive, or abusive acts or practices (UDAAP).

Guidance

The CFPB's examination manual contains a good summary of the requirements and UDAAP examination procedures. http://www.consumerfinance.gov/guidance/supervision/manual/

Basic Concepts

Following is a review of basic concepts regarding acts and practices that are considered to be unfair, deceptive or abusive.

Regulators

While the Federal Trade Commission (FTC) is the primary regulator for combating unfair or deceptive acts and practices, Congress excluded banks, savings and loans, and national credit unions from the scope of the FTC's section 5(a) jurisdiction. The federal banking agencies—the Board, the Federal

Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), and the National Credit Union Administration (NCUA)—verify compliance with section 5(a) for the institutions they supervise.

http://www.consumerfinance.gov/guidance/supervision/manual/


Unfair Acts or Practices General Rule

The guidelines use a three-pronged approach to determine whether: 1) The practice causes or is likely to cause substantial injury to

consumers, 2) It cannot be reasonably avoided by consumers, and 3) It is not outweighed by countervailing benefits to

consumers or to competition.

Substantial Injury

Substantial injury usually involves monetary harm. Monetary harm includes, for example, costs or fees paid by consumers as a result of an unfair practice. An act or practice that causes a small amount of harm to a large number of people may be deemed to cause substantial injury.

Substantial Injury - Actual Injury

Actual injury is not required in every case. A significant risk of concrete harm is also sufficient. However, trivial or merely speculative harms are typically insufficient for a finding of substantial injury. Emotional impact and other more subjective types of harm also will not ordinarily amount to substantial injury. Nevertheless, in certain circumstances, such as unreasonable debt collection harassment, emotional impacts may amount to or contribute to substantial injury.


Unfair Acts or Practices Unavoidability

An act or practice is not considered unfair if consumers may reasonably avoid injury. Consumers cannot reasonably avoid injury if the act or practice interferes with their ability to effectively make decisions or to take action to avoid injury. Normally the marketplace is self-correcting; it is governed by consumer choice and the ability of individual consumers to make their own private decisions without regulatory intervention. If material information about a product, such as pricing, is modified after, or withheld until after, the consumer has committed to purchasing the product; however, the consumer cannot reasonably avoid the injury. Moreover, consumers cannot avoid injury if they are coerced into purchasing unwanted products or services or if a transaction occurs without their knowledge or consent.

Unavoidability - Key Question

A key question is not whether a consumer could have made a better choice. Rather, the question is whether an act or practice hinders a consumer’s decision-making. For example, not having access to important information could prevent consumers from comparing available alternatives, choosing those that are most desirable to them, and avoiding those that are inadequate or unsatisfactory. In addition, if almost all market participants engage in a practice, a consumer’s incentive to search elsewhere for better terms is reduced, and the practice may not be reasonably avoidable.

Unavoidability - Reasonable Action

The actions that a consumer is expected to take to avoid injury must be reasonable. While a consumer might avoid harm by hiring independent experts to test products in advance or by bringing legal claims for damages in every case of harm, these actions generally would be too expensive to be practical for individual consumers and, therefore, are not reasonable.


Unfair Acts or Practices Countervailing Benefits

To be unfair, the act or practice must be injurious in its net effects — that is, the injury must not be outweighed by any offsetting consumer or competitive benefits that also are produced by the act or practice. • Offsetting consumer or competitive benefits of an act or

practice may include lower prices to the consumer or a wider availability of products and services resulting from competition.

• Costs that would be incurred for measures to prevent the injury also are taken into account in determining whether an act or practice is unfair.

• These costs may include the costs to the institution in taking preventive measures and the costs to society as a whole of any increased burden and similar matters.

Example - Refusing to Release Lien

The FTC brought an enforcement action against a mortgage company based on allegations, described below, that repeatedly failed to release liens after consumers fully paid the amount due on their mortgages. • Substantial injury. Consumer’s sustained economic injury

when the mortgage servicer did not release the liens on their properties after the consumers had repaid the total amount due on the mortgages.

• Not outweighed by benefits. Countervailing benefits to competition or consumers did not result from the servicer’s alleged failure to appropriately service the mortgage loan and release the lien promptly.

• Not reasonably avoidable. Consumers had no way to know in advance of obtaining the loan that the mortgage servicer would not release the lien after full payment. Moreover, consumers generally cannot avoid the harm caused by an improper practice of a mortgage servicer because the servicer is chosen by the owner of the loan, not the borrower. Thus, consumers cannot choose their loan servicer and cannot change loan servicers when they are dissatisfied with the quality of the loan servicing.


Unfair Acts or Practices Example - Dishonoring Convenience Checks Without Notice

The OTS and FDIC brought enforcement actions against a credit card issuer that sent convenience checks with stated credit limits and expiration dates to customers. For a significant percentage of consumers, the issuer reduced credit lines after the checks were presented, and then the issuer dishonored the consumers’ checks. • Substantial injury. Customers paid returned-check fees and

may have experienced a negative impact on credit history. • Not outweighed by benefits. The card issuer later reduced

credit limits based on credit reviews. Based on the particular facts involved in the case, the harm to consumers from the dishonored convenience checks outweighed any benefit of using new credit reviews.

• Not reasonably avoidable. Consumers reasonably relied on their existing credit limits and expiration dates on the checks when deciding to use them for a payment. Consumers had received no notice that the checks they used were being dishonored until they learned from the payees. Thus, consumers could not reasonably have avoided the injury.


Unfair Acts or Practices Example - Processing For Companies Engaged in Fraudulent Activities

The OCC brought an enforcement action in a case involving a bank that maintained deposit account relations with telemarketers and payment processors, based on the following allegations. The telemarketers regularly deposited large numbers of remotely created checks drawn against consumers’ accounts. A large percentage of the checks were not authorized by consumers. The bank failed to establish appropriate policies and procedures to prevent, detect, or remedy such activities. • Substantial injury. Consumers lost money from fraudulent

checks created remotely and drawn against their accounts. • Not outweighed by benefits. The cost to the bank of

establishing a minimum level of due diligence, monitoring, and response procedures sufficient to remedy the problem would have been far less than the amount of injury to consumers that resulted from the bank’s avoiding those costs.

• Not reasonably avoidable. Consumers could not avoid the harm because the harm resulted principally from transactions to which the consumers had not consented.


Deceptive Acts or Practices General Rule

A three-pronged test is also used to determine whether a representation, omission, or practice is deceptive. These elements, all of which must be established for a practice to be deemed deceptive. An act or practice is deceptive if: 1) It misleads or is likely to mislead from the consumer's

perspective; 2) If the consumer's interpretation is reasonable under the

circumstances; and 3) If the representation, omission, or practice is material.

Mislead or Likely to Mislead

Deception is not limited to situations in which a consumer has already been misled. Instead, an act or practice may be deceptive if it is likely to mislead consumers. It is necessary to evaluate an individual statement, representation, or omission not in isolation, but rather in the context of the entire advertisement, transaction, or course of dealing, to determine whether the overall net impression is misleading or deceptive. A representation may be an express or implied claim or promise, and it may be written or oral. If material information is necessary to prevent a consumer from being misled, it may be deceptive to omit that information.

Mislead or Likely to Mislead - Insufficient to Correct

• Written disclosures may be insufficient to correct a

misleading statement or representation, particularly where the consumer is directed away from qualifying limitations in the text or is counseled that reading the disclosures is unnecessary.

• Likewise, oral or fine print disclosures or contract disclosures may be insufficient to correct a misleading headline or a prominent written representation. Similarly, a deceptive act or practice may not be cured by subsequent truthful disclosures.


Deceptive Acts or Practices Mislead or Likely to Mislead - Examples

Acts or practices that may be deceptive include: • Making misleading cost or price claims; • Offering to provide a product or service that is not in fact

available; • Using bait-and-switch techniques; • Omitting material limitations or conditions from an offer; or • Failing to provide the promised services.

Mislead or Likely to Mislead - Four "Ps"

The FTC’s “four Ps” test can assist in the evaluation of whether a representation, omission, act, or practice is likely to mislead: • Is the statement prominent enough for the consumer to

notice? • Is the information presented in an easy-to-understand

format that does not contradict other information in the package and at a time when the consumer’s attention is not distracted elsewhere?

• Is the placement of the information in a location where consumers can be expected to look or hear?

• Finally, is the information in close proximity to the claim it qualifies?

Reasonable Consumer -

In determining whether an act or practice is misleading, one also must consider whether the consumer’s interpretation of or reaction to the representation, omission, act, or practice is reasonable under the circumstances. In other words, whether an act or practice is deceptive depends on how a reasonable member of the target audience would interpret the representation. When representations or marketing practices target a specific audience, such as older Americans, young people, or financially distressed consumers, the communication must be reviewed from the point of view of a reasonable member of that group.


Deceptive Acts or Practices Reasonable Consumer - Significant Minority

Moreover, a representation may be deceptive if the majority of consumers in the target class do not share the consumer’s interpretation, so long as a significant minority of such consumers is misled. When a seller’s representation conveys more than one meaning to reasonable consumers, one of which is false, the seller is liable for the misleading interpretation.

Reasonable Consumer - Puffery

Exaggerated claims or “puffery,” however, are not deceptive if the claims would not be taken seriously by a reasonable consumer.

Materiality

A representation, omission, act, or practice is material if it is likely to affect a consumer’s choice of, or conduct regarding, the product or service. • Information that is important to consumers is material. • Certain categories of information are presumed to be material.

In general, information about the central characteristics of a product or service – such as costs, benefits, or restrictions on the use or availability – is presumed to be material.

• Express claims made with respect to a financial product or service are presumed material.

• Implied claims are presumed to be material when evidence shows that the institution intended to make the claim (even though intent to deceive is not necessary for deception to exist).

• Claims made with knowledge that they are false are presumed to be material.

• Omissions will be presumed to be material when the financial institution knew or should have known that the consumer needed the omitted information to evaluate the product or service.

Note: If a representation or claim is not presumed to be material, it still would be considered material if there is evidence that it is likely to be considered important by consumers.


Deceptive Acts or Practices Example - Inadequate Disclosure of Terms

The FTC brought actions against vehicle leasing companies alleging that their television advertisements represented that consumers could lease vehicles for “$0 down” when advertising a monthly lease payment. However, the FTC alleged that the “blur” of “unreadable fine print” that flashed on the screen at the end of the advertisement disclosed costs of at least $1,000. The settlements prohibited the vehicle leasing companies from misrepresenting the amount consumers must pay when signing the lease. In addition, the FTC required that if the companies make any representation about the amounts due at lease signing, or that there is “no down payment,” the companies must make an equally prominent (readable and audible) disclosure of the total amount of all fees due when consumers sign the lease. • Representation or omission likely to mislead. The television

advertisements featured prominent statements of “no money down” or “$0 down” at lease signing. The advertisement also contained, at the bottom of the screen, a “blur” of small print in which disclosures of various costs required by Regulation M (the Consumer Leasing Act) were made. The FTC alleged that the disclosures were inadequate because they were not clear, prominent, or audible to consumers.

• Reasonable consumer perspective. A reasonable consumer would believe that he did not have to put any money down and that all he owed was the regular monthly payment.

• Material representation. The stated “no money down” or “$0 down” plus the low monthly lease payment were material representations to consumers. The fact that the additional, material costs were disclosed at signing of the lease did not cure the deceptive failure to disclose in the television advertising, the FTC claimed.


Deceptive Acts or Practices Example - Misrepresent Loan Terms

In 2004, the FTC sued a mortgage broker advertising mortgage refinance loans at “3.5% fixed payment 30-year loan” or “3.5% fixed payment for 30 years,” implying that the offer was for a 30-year loan with a 3.5% fixed interest rate. Instead, the FTC claimed that the broker offered adjustable rate mortgages (ARMs) with an option to pay various amounts, including a minimum monthly payment that represented only a portion of the required interest. As a result, unpaid interest was added to the principal of the loan, resulting in negative amortization.14 • Practice likely to mislead. The FTC claimed that the

advertisements were misleading because they compared payments on a mortgage that fully amortized to payments on a non- amortizing loan with payments that increased after the first year. In addition, the FTC claimed that after application, the broker provided Truth in Lending Act (TILA) disclosures that misstated the annual percentage rate (APR) and that failed to state that the loan was a variable rate loan.

• Reasonable consumer perspective. It was reasonable for consumers to believe that they would obtain fixed-rate mortgages, based on the representations.

• Material representation. The representations were material because consumers relied on them when making the decision to refinance their fully amortizing 30-year fixed loans. As a result, the consumers ended up with adjustable rate mortgages that would negatively amortize if they made payments at the stated 3.5% payment rate.


Abusive Acts or Practices General Rule

The Dodd-Frank Act makes it unlawful for any covered person or service provider to engage in an “abusive act or practice.” An abusive act or practice: • Materially interferes with the ability of a consumer to

understand a term or condition of a consumer financial product or service or

• Takes unreasonable advantage of : o A lack of understanding on the part of the consumer of

the material risks, costs, or conditions of the product or service;

o The inability of the consumer to protect its interests in selecting or using a consumer financial product or service; or

o The reasonable reliance by the consumer on a covered person to act in the interests of the consumer.

Note: Although abusive acts also may be unfair or deceptive, examiners should be aware that the legal standards for abusive, unfair, and deceptive each are separate.

New Concern

Since the Dodd-Frank Act only recently added “abusive” to the list of acts or practices of concern there is a lack of cases or regulatory enforcement actions that provide insight to form and format of violations in this area.


Consumer Complaints Detection Tool

Consumer complaints play a key role in the detection of unfair, deceptive, or abusive practices. • Consumer complaints have been an essential source of

information for examinations, enforcement, and rule-making for regulators.

• As a general matter, consumer complaints can indicate weaknesses in elements of the institution’s compliance management system, such as training, internal controls, or monitoring.

Connection Between Complaints and UDAAPs

While the absence of complaints does not ensure that unfair, deceptive, or abusive practices are not occurring, complaints may be one indication of UDAAPs. • For example, the presence of complaints alleging that

consumers did not understand the terms of a product or service may be a red flag indicating that examiners should conduct a detailed review of the relevant practice.

• This is especially true when numerous consumers make similar complaints about the same product or service.

• Because the perspective of a reasonable consumer is one of the tests for evaluating whether a representation, omission, act, or practice is potentially deceptive, consumer complaints alleging misrepresentations or misunderstanding may provide a window into the perspective of the reasonable consumer.


Consumer Complaints Broad Scope

When reviewing complaints against an institution, examiners should consider complaints lodged against subsidiaries, affiliates, and third parties regarding the products and services offered through the institution or using the institution’s name. • In particular, examiners should determine whether an

institution itself receives, monitors, and responds to complaints filed against subsidiaries, affiliates, and third parties.

• Consumers can file complaints at a number of entities: o the institution itself, o the Better Business Bureau, o State Attorneys General, o the FTC’s Consumer Sentinel, o the CFPB Consumer Response Center, o other Federal and State agencies, or o on-line consumer complaint boards such as

www.ripoffreport.com or www.complaints.com.

Analyzing Complaints

Analysis of consumer complaints may assist in the identification of potential unfair, deceptive, or abusive practices. • Examiners should consider the context and reliability of

complaints; every complaint does not indicate violation of law.

• When consumers repeatedly complain about an institution’s product or service, however, examiners should flag the issue for possible further review.

• Moreover, even a single substantive complaint may raise serious concerns that would warrant further review.

• Complaints that allege, for example, misleading or false statements, or missing disclosure information, may indicate possible unfair, deceptive, or abusive acts or practices needing review.


Consumer Complaints Other Possible Indicators of UDAAPs

Another area that could indicate potential unfair, deceptive, or abusive acts or practices is a high volume of charge-backs or refunds for a product or service. While this information is relevant to the consumer complaint analysis, it may not appear in the institution’s complaint records.


Examination Procedures - Objectives Overview

Examiners attempt to: • Assess the quality of the regulated entity’s compliance risk

management systems, including internal controls and policies and procedures, for avoiding unfair, deceptive, or abusive acts or practices (UDAAP).

• Identify acts or practices that materially increase the risk of consumers being treated in an unfair, deceptive, or abusive manner.

• Gather facts that help determine whether a regulated entity engages in acts or practices when offering or providing consumer financial products or services that are likely to be unfair, deceptive, or abusive.

• Determine, in consultation with Headquarters, whether an unfair, deceptive or abusive act or practice has occurred and whether further supervisory or enforcement actions are appropriate.


Examination Procedures - Document Review Relevant Documents

To initially identify potential areas of UDAAP concerns, obtain and review copies of the following to the extent relevant to the examination: • Training materials. • Lists of products and services, including descriptions, fee

structure, disclosures, notices, agreements, and periodic and account statements.

• Procedure manuals and written policies, including those for servicing and collections.

• Minutes of the meetings of the Board of Directors and of management committees, including those related to compliance.

• Internal control monitoring and auditing materials. • Compensation arrangements, including incentive programs

for employees and third parties. • Documentation related to new product development,

including relevant meeting minutes of Board of Directors, and of compliance and new product committees.

• Marketing programs, advertisements, and other promotional material in all forms of media (including print, radio, television, telephone, Internet, or social media advertising).

• Scripts and recorded calls for telemarketing and collections. • Organizational charts, including those related to affiliate

relationships and work processes. • Agreements with affiliates and third parties that interact with

consumers on behalf of the entity. • Consumer complaint files. • Documentation related to software development and testing,

as applicable.


Examination Procedures - Management and Policy-Related Issues Review Policies and Procedures

Identify potential UDAAP concerns by reviewing all relevant written policies and procedures, customer complaints received by the entity or by the CFPB, internal and external audit reports, statistical and management reports, and examination reports. Determine whether: • The scope of the entity’s compliance audit includes a review

of potential unfair, deceptive, or abusive acts or practices. • The compliance audit work is performed consistent with the

audit plan and scope. • The frequency and depth of audit review is appropriate to the

nature of the activities and size of the entity. • Management and the Board of Directors are made aware of

and review significant deficiencies and their causes. • Management has taken corrective actions to follow up on

any identified deficiencies. • The entity’s compliance programs ensure that policies are

being followed through its sampling of relevant product types and decision centers, including sales, processing, and underwriting.

• The entity has a process to respond to consumer complaints in a timely manner and determine whether consumer complaints raise potential UDAAP concerns.

• The entity has been subject to any enforcement actions or has been investigated by a regulatory or law enforcement agency for violations of consumer protection laws or regulations that may indicate potential UDAAP concerns.


Examination Procedures - Management and Policy-Related Issues Discussion With Management

Through discussions with management and a review of available information, determine whether the entity’s internal controls are adequate to prevent unfair, deceptive or abusive acts or practices. Consider whether: • The compliance management program includes measures

aimed at avoiding unfair, deceptive, or abusive practices, including: o Organization charts and process flowcharts; o Policies and procedures; and o Monitoring and audit procedures.

• The entity conducts prior UDAAP reviews of advertising and promotional materials, including promotional materials and marketing scripts for new products.

• The entity evaluates initial and subsequent disclosures, including customer agreements and changes in terms, for potential UDAAP concerns.

• The entity reviews new products and changes in the terms and conditions of existing products for potential UDAAP concerns.

• The entity has a thorough process for receiving and responding to consumer complaints and has a process to receive complaints made to third parties, such as the Better Business Bureau or the CFPB.

• The entity evaluates servicing and collections for UDAAP concerns.

• The entity has established policies and controls relating to employee and third-party conduct, including: o Initial and ongoing training; o Performance reviews or

audits; o Discipline policies and records of disciplinary actions; o

Third-party agreements and contractual performance standards;

o Compensation programs; and o Monitoring.

• The entity’s internal control processes are documented. • Computer programs are tested and documented to ensure

accurate and timely disclosures to consumers.


Examination Procedures - Management and Policy-Related Issues Potential Areas for Transaction Testing

Through a high-level assessment of the entity’s products, services, and customer base, identify areas for potential transaction testing. This process should determine whether: a. The entity does not underwrite a given credit product on the

basis of ability to repay. b. A product’s profitability depends significantly on penalty

fees or “back-end” rather than upfront fees. c. A product has high rates of repricing or other changes in

terms. d. A product combines features and terms in a manner that can

increase the difficulty of consumer understanding of the overall costs or risks of the product and the potential harm.

e. Penalties are imposed on a customer when he terminates his relationship with the entity.

f. Fees or other costs are imposed on a consumer to obtain information about his account.

g. A product is targeted to particular populations, without appropriate tailoring of marketing, disclosures, and other materials designed to ensure understanding by the consumers.


Transaction-Related Examination Procedures Overview

If upon conclusion of the management and policy-related examination procedures, procedural weaknesses, or other UDAAP risks require further investigation, conduct transaction testing, as necessary, using the following examination procedures. • Use judgment in deciding to what extent to sample

individual products, services, or marketing programs. Increase the sample size to achieve confidence that all aspects of the entity’s products and services are reviewed sufficiently.

• Consult with Headquarters to obtain assistance with the sampling process.

Marketing and Disclosures

Through a review of marketing materials, customer agreements, and other disclosures, determine whether, before the consumer chooses to obtain the product or service: a. All representations are factually based. b. All materials describe clearly, prominently, and accurately:

o costs, benefits, and other material terms of the products or services being offered;

o related products or services being offered either as an option or required to obtained certain terms; and

o material limitations or conditions on the terms or availability of products and services, such as time limitations for favorable rates, promotional features, expiration dates, prerequisites for obtaining particular products or services, or conditions for canceling services.

c. The customer’s attention is drawn to key terms, including limitations and conditions, that are important to enable the consumer to make an informed decision.

d. All materials clearly and prominently disclose the fees, penalties, and other charges that may be imposed and the reason for the imposition.


Transaction-Related Examination Procedures Marketing and Disclosures, continued

e. Contracts clearly inform customers of contract provisions

that permit changes in terms and conditions of the product or service.

f. All materials clearly communicate the costs, benefits, availability, and other terms in language that can be understood when products are targeted to particular populations, such as reverse mortgage loans for the elderly.

g. Materials do not misrepresent costs, conditions, limitations, or other terms either affirmatively or by omission.

h. The entity avoids advertising terms that are generally not available to the typical targeted consumer.

Availability as Advertised - Select Sample

Evaluate whether product(s) and service(s) that consumers are receiving are consistent with the disclosures and policies. For each product and service being reviewed, select a sample that: a. Is sufficient in size to reach a supportable conclusion about

such consistency; b. Includes, as appropriate, transactions from different

origination and underwriting channels — for example, different geographical areas or different sectors of the entity’s organization structure; and

c. Includes approved and/or denied accounts.

Availability as Advertised - Evaluate

Determine whether: a. Consumers are reasonably able to obtain the products and

services, including interest rates or rewards, as represented by the entity.

b. Consumers receive the specific product or service that they request.

c. Counter-offers clearly, prominently, and accurately explain the difference between the original product or services requested and the one being offered.

d. Actual practices are consistent with stated policies, procedures, or account disclosures.


Transaction-Related Examination Procedures Availability of Actual Cash

Evaluate whether the entity represents the amount of useable credit that the consumer will receive in a truthful way. Consider whether: a. The available credit is sufficient to allow the consumer to

use the product as advertised and disclosed to the consumer. b. The fees and charges, typically imposed on the average

targeted customer, both initially and throughout the term of the loan, remain in a range that does not prevent the availability of credit.

c. The entity honors convenience checks when used by the customer in a manner consistent with introductory or promotional materials and disclosures.


Transaction-Related Examination Procedures Interactions With Consumers

Evaluate how the entity monitors the activities of employees and third-party contractors, marketing sales personnel, vendors, and service providers to ensure they do not engage in unfair, deceptive, or abusive acts or practices with respect to consumer interactions. Interview employees and third parties, as appropriate. Specifically, consider whether: a. The entity ensures that employees and third parties who

market or promote products or services are adequately trained so that they do not engage in unfair, deceptive, or abusive acts or practices.

b. The entity conducts periodic evaluations or audits to check whether employees or third parties follow the entity’s training and procedures and has a disciplinary policy in place to deal with any deficiencies.

c. The entity reviews compensation arrangements for employees, third-party contractors, and service providers to ensure that they do not create unintended incentives to engage in unfair, deceptive, or abusive acts or practices, particularly with respect to product sales, loan originations, and collections.

d. Performance evaluation criteria do not create unintended incentives to engage in unfair, deceptive, or abusive acts or practices, including criteria for sales personnel based on sales volume, size, terms of sale, or account performance.

e. The entity implements and maintains effective risk and supervisory controls to select and manage third-party contractors and service providers.


Transaction-Related Examination Procedures Servicing and Collections

Evaluate whether servicing and collections practices raise potential UDAAP concerns, by considering whether: a. The entity has policies detailing servicing and collections

practices and has monitoring systems to prevent unfair, deceptive or abusive acts or practices.

b. Call centers, either operated by the entity itself or by third parties, effectively respond to consumers’ calls.

c. The entity ensures that employees and third party contractors: o represent fees or charges on periodic statements in a manner that is not misleading; o post and credit consumer payments in a timely manner; o apply payments in a manner that does not unnecessarily

increase customer payments, without clear justification; o only charge customers for products and services, such as

insurance or credit protection programs, that are specifically agreed to;

o mail periodic statements in time to provide the consumer ample opportunity to avoid late payments; and

o do not represent to consumers that they may pay less than the minimum amount without clearly and prominently disclosing any fees for paying the reduced amount.

d. The entity has policies to ensure compliance with the standards under the Fair Debt Collections Practices Act to prevent abusive, deceptive, or unfair debt collection practices.

e. Employees and third party contractors clearly indicate to consumers that they are calling about the collection of a debt.

f. Employees and third party contractors do not disclose the existence of a consumer’s debt to the public without the consent of the consumer, except as permitted by law.

g. The entity avoids repeated telephone calls to consumers that annoy, abuse, or harass any person at the number called.

Interviews With Consumers

If potential UDAAP issues are identified that would necessitate interviews with consumers, consult with regional management who will confer with Headquarters.


Recent Examination Issue - Examiner Hot Seat Issue

With increasing frequency examiners are requiring bank employees to explain the terms contained in account and service documentation, policies and procedures, and advertisements. If you can't explain the terms to your examiner, how can you explain them to your customers? Examiners explore both written and verbal communications with customers. • Are you familiar enough with your printed materials (note

forms, deposit account agreements, etc.) to explain them to your customer.

• Can you explain your institutions procedures to customers. Regarding a product or service, any time a customer says, “ I do not understand “ the product or service, the fees associated with the product or service, a potential UDAAP issue exists. How you respond to their statement determines if the potential violation becomes as actual violation.

Reminder

UDAAP applies to: • Every product or service offered by any financial institution. • Every aspect of any transaction, including:

o Marketing any product or service; o Opening a deposit account or an open-end line of credit; o Originating a consumer, mortgage, commercial or any

other type of loan; o Administration of existing deposit or loan accounts; o Terminating or closing accounts; and o Much more.


Recent Examination Issue - Examiner Hot Seat Exam Procedures - Marketing and Disclosures

Examiners are required to review marketing materials, customer agreements, and other disclosures, to determine whether the materials are sufficient to avoid UDAAP issues.

Exam Procedures - Interactions With Consumers

Examiners must evaluate how the entity monitors the activities of employees and third-party contractors, marketing sales personnel, vendors, and service providers to ensure they do not engage in unfair, deceptive, or abusive acts or practices with respect to consumer interactions. • The procedures require the examiner to interview employees

and third parties, as appropriate. .

Example - Loan Contract Issue

Inquiry: A customer asks, "How are my payments applied to the loan?" • Your mortgage states: All payments accepted and applied by

Lender shall be applied in the following order of priority: (a) interest due under the Note; (b) principal due under the Note; (c) amounts due under Section 3. Such payments shall be applied to each Periodic Payment in the order in which it became due. Any remaining amounts shall be applied first to late charges, second to any other amounts due under this Security Instrument, and then to reduce the principal balance of the Note.

Concern: Can your employees explain this adequately to a customer, or to the examiner, if asked?


Recent Examination Issue - Examiner Hot Seat Example - Deposit Contract Issue

Inquiry: I want to avoid overdrafts. How do you calculate my available balance? • Your deposit Account Agreement states:

TRANSACTION POSTING ORDER We reserve the right to decide the order of the items we will pay and which items will be returned (if any). Generally, we post the following three transaction types after the close of each business day in the following order: 1. Deposits we receive before the daily cut off time will be posted before any withdrawals. 2. Your non-check withdrawals will be posted in date/time order, based on the date and time associated with each transaction. A date and time (if one is available) will be assigned to each transaction based on one of the following: (1) when the transaction was preauthorized (for example a debit card or ATM transaction was approved); or (2) when the transaction was processed by U.S. Bank (for example an ACH, or Bill Pay transaction for which there is no pre-authorization). If a date and time is not available, these transactions are posted to your account after all transactions with a valid date and time or check number are complete, and posted to your account in order of amount, starting with the lowest transaction amount first (frequently referred to as low-to-high). 3. Your checks will be posted in check number order, starting with the lowest number. (For example: on Monday we may receive and post check # 107; on Tuesday we may receive check # 102 and # 105, and those would be posted on Tuesday in the order of lowest check number (i.e., # 102) posting first). DEPOSITS When you make a non-cash deposit to your account, we give you credit for that deposit, but that credit is provisional (temporary). If the deposit needs to be collected from another financial institution, we must be paid before the credit becomes final. After a credit is final it may still be reversed if the funds cannot be collected. See the sections titled Returned Deposited and Cashed Items and Funds Availability. All deposit receipts are issued subject to our count and verification of the items deposited. Foreign Currency: If you make a deposit in the form of, or payable in a foreign currency, that deposit has to be converted (exchanged) into U.S. dollars. That takes time, there may be additional expenses, and your final credit will be adjusted to reflect the final exchange rate as well as any fees imposed by the entity that makes the conversion.


Recent Examination Issue - Examiner Hot Seat Example - Deposit Contract Issue, continued

Deposits by Mail: If you make a deposit by mail, we have to receive it and have time to record it before it becomes effective. (See our Funds Availability section.) Cutoff Time: A deposit made after our daily cutoff time on a business day, or on a day we are not open for all forms of business, will be considered deposited on the next full business day. (Refer to our Funds Availability section for cutoff time description.) The cutoff time applies to all accounts (savings, certificate of deposits, payments, etc.), not just checking accounts. Endorsement: If you make a deposit to an account and you fail to endorse the item, we may add an endorsement on any item and you will be responsible for the item as if you endorsed it yourself. We can refuse to accept any item for deposit for any reason, or no reason, or impose conditions on a deposit. For example, we can treat a deposit as an “inquiry” or take an item for “collection” instead of deposit.

Concern: Can your employees explain this adequately to the customer, or to the examiner if asked? Good luck explaining this one.


Recent Examination Issue - Examiner Hot Seat Loan Procedure Issue

Inquiry: Two different borrowers ask, "Do I have to get flood insurance on my detached garage or just on my house? • Your Flood Hazard Notice (effective January 1, 2016) states:

Although you may not be required to maintain flood insurance on all structures, you may still wish to do so, and your mortgage lender may still require you to do so to protect the collateral securing the mortgage. If you choose not to maintain flood insurance on a structure and it floods, you are responsible for all flood losses relating to that structure.

• Your mortgage/deed of trust states: Borrower shall keep the improvements now existing or hereafter erected on the Property insured against loss by fire, hazards included within the term “extended coverage,” and any other hazards including, but not limited to, earthquakes and floods, for which Lender requires insurance.

• Your written flood insurance procedures are silent on the issue of flood insurance waivers for detached structures.

Response: In response to the first inquiry the loan officer states, "You only need insurance on your house." The second borrower is told, "We require flood insurance on all buildings that secure our loans if they are located in a special flood hazard area." Issue: Is the examiner more likely to cite your bank for the potential fair lending violation, the potential UDAAP violation, or both?


Recent Examination Issue - Examiner Hot Seat Steps to Avoid the Problem

The following steps increase the likelihood of surviving this aspect of a UDAAP examination: • Make sure products, contracts, marketing materials are

simple and easy to understand; • Conduct initial and periodic training sessions, for

appropriate personnel, on topics such as: o UDAAP; and o The content of contracts, policies and procedures, and

marketing materials. • Prior to an actual examination conduct a mock exam.

Challenge employees to answer questions that examiners might ask. If anyone struggles with the answer to a question provide remedial training on the topic.


Interagency Guidance - Repeal of Regulation AA Overview

On August 22, 2014 the Board of Governors of the Federal Reserve System (Board), Consumer Financial Protection Bureau (CFPB), Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), and Office of the Comptroller of the Currency (OCC) (collectively, the Agencies) issued guidance regarding certain consumer credit practices. • While the Federal Trade Commission’s (FTC) Credit

Practices Rule remains in effect, the credit practices rules for banks, savings associations, and Federal credit unions are being repealed as a consequence of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act).

• Notwithstanding the repeal of these regulations, the Agencies have supervisory and enforcement authority regarding unfair or deceptive acts or practices, which could include the practices previously addressed in the former credit practices rules.

FTC Credit Practices Rule - Issuance

The FTC Act permits the FTC to promulgate regulations that define with specificity acts or practices that are unfair or deceptive, including requirements prescribed for the purpose of preventing such acts or practices. On March 1, 1984, pursuant to this rulemaking authority, the FTC issued its Credit Practices Rule. The rule was effective March 1, 1985. The FTC’s Credit Practices Rule is applicable to creditors that are within the FTC’s jurisdiction; it is not applicable, for example, to banks, savings associations, and Federal credit unions.

FTC Credit Practices Rule - Prohibitions

The FTC’s Credit Practices Rule generally prohibits the (1) Use of certain provisions in consumer credit contracts, (2) Misrepresentation of the nature or extent of cosigner

liability, and (3) Pyramiding of late fees.


Interagency Guidance - Repeal of Regulation AA Regulation AA - Issuance

The Federal Trade Commission Act required the Federal Reserve Board (FRB), the Federal Home Loan Bank Board (FHLBB)—predecessor to the Office of Thrift Supervision (OTS)—and National Credit Union Administration to adopt regulations that were substantially similar to the FTC’s Credit Practices Rule within 60 days. In April 1985 the FRB issues its Regulation AA to implement the Credit Practices rule, effective January 1, 1986. These regulations applied to banks, savings associations, and Federal credit unions, respectively.

Regulation AA - Repeal

In 2010 the Dodd-Frank Act repealed the rulemaking authority of the Board, FHLBB/OTS, and NCUA under the FTC Act. Consequently, those regulations have been repealed.

Guidance

This interagency guidance clarifies that the repeal of credit practices rules applicable to banks, savings associations, and Federal credit unions should not be construed as a determination by the Agencies that the credit practices described in these former regulations are permissible. • The Agencies believe that, depending on the facts and

circumstances, if banks, savings associations, and Federal credit unions engage in the unfair or deceptive practices described in these former credit practices rules, such conduct may violate the prohibition against unfair or deceptive practices in Section 5 of the FTC Act and Sections 1031 and 1036 of the Dodd-Frank Act.

• The Agencies may determine that statutory violations exist even in the absence of a specific regulation governing the conduct.


Consent Orders Regulation By Enforcement

The CFPB has been criticized for providing guidance in the form of enforcement actions rather by writing regulations. Expect more of the same.

Compliance Malpractice

In a March 9, 2016 speech Director Cordray confirmed that consent orders that accompany the Bureau’s public enforcement actions, provide detailed guidance for compliance officers across the marketplace about how they should regard similar practices at their own institutions. If the same problems exist in their day-to-day operations, they should look closely at their processes and clean up whatever is not being handled appropriately. He added that “it would be ‘compliance malpractice’ for executives not to take careful bearings from the contents of these orders about how to comply with the law and treat consumers fairly.”

Why No Regulations

Many have suggested that the CFPB should publish rules before taking enforcement action. Cordray responds that the suggestion that law enforcement officials should think through and explicitly articulate rules for every eventuality before taking any enforcement actions at all would lead to paralysis because it simply sets the bar too high.


Consent Order - Cole Taylor Bank/Higher One Background

The Federal Reserve Board on July 1, 2014 issued a consent order to cease and desist and a civil money penalty assessment of $3,510,000 against Cole Taylor Bank of Chicago, Illinois. The order addresses the participation by the bank and its agent, Higher One, Inc. of New Haven, Connecticut (Higher One), in deceptive practices in violation of section 5 of the Federal Trade Commission Act. Higher One is a nonbank entity that provides institutions of higher education with financial aid refund disbursement services for students. Higher One typically offers students three methods of receiving their financial aid refund: (1) paper check; (2) ACH transfer to an existing bank account; or (3) direct deposit to the Higher One deposit account and debit

card product known as the "OneAccount." Because Higher One is not a bank, it must partner with banks to offer the OneAccount. From May 4, 2012 to August 14, 2013, Cole Taylor served as one of the banks providing deposit accounts in connection with the OneAccount.


Consent Order - Cole Taylor Bank/Higher One Issues

The actions addressed in this order involve the following deceptive practices by Higher One, under Cole Taylor's oversight, that, at various points in the financial aid refund selection process, misled students about the OneAccount. • The omission of material information about how students

could get their financial aid refund without having to open a OneAccount;

• The omission of material information about the fees, features, and limitations of the OneAccount product, which may have made it more difficult for students to make fully informed decisions prior to selecting the method for financial aid refund disbursement;

• The omission of material information about the locations of ATMs where students could access their OneAccount without cost and the hours of availability of those ATMs; and

• The prominent display of the school logo, which may have erroneously implied that the school endorsed the OneAccount product.

Corrective Action

Higher One is taking material corrective action to address these practices in its current disclosures to students. • However, appropriate remedial actions against Higher One,

including the payment of restitution for its past practices, are currently being pursued.

• The order against Cole Taylor Bank also requires it to assume backup liability for any restitution to students that Higher One is required to pay in a Federal Reserve enforcement action in the event that Higher One cannot pay the restitution amounts.

• Actions are also being pursued against another state member bank that has a similar arrangement with Higher One relating to the OneAccounts.


Consent Order - Cole Taylor Bank/Higher One Consumer Compliance Risk Management Program - Adopt a Plan

Should Cole Taylor plan to enter into an agreement with a third party under which the third party solicits, markets, or services a consumer deposit product on behalf of the Bank, at least 90 days before entering into such an agreement, Cole Taylor shall submit to the Reserve Bank and the Department an acceptable written plan (the “Plan”) to enhance its consumer compliance risk management program (the “Program”) to ensure that the soliciting, marketing, and servicing of the consumer deposit product in connection with the third party comply with all consumer protection laws and regulations, including section 5(a)(1) of the FTC Act (15 U.S.C.§ 45(a)(1)).

Consumer Compliance Risk Management Program - Content of the Plan

The Plan shall, at a minimum, address, consider, and include measures to: (a) Ensure that the Program is developed in accordance with

supervisory guidance of the Board of Governors, including, but not limited to, the guidance entitled: • “Guidance on Managing Outsourcing Risk,” dated

December 5, 2013 (SR 13-19/CA 1321); • “Community Bank Risk-Focused Consumer Compliance

Supervision Program,” dated November 18, 2013 (CA 13-19);

• “Consumer Compliance Examination Procedures for the Unfair or Deceptive Acts or Practices Provisions of Section 5 of the Federal Trade Commission Act,” dated November 6, 2007 (CA 07-8); and

• “Unfair or Deceptive Acts or Practices by State- chartered Banks,” dated March 11, 2004 (CA 04-2); and

(b) Address board and senior management oversight; policies, procedures, and limits; risk monitoring and management information systems; and internal controls.


Consent Order - Cole Taylor Bank/Higher One Restitution

If the Board of Governors determines, and advises Cole Taylor, that Higher One cannot pay, in whole or in part, any amounts of restitution that Higher One may be required to pay for the benefit of consumers who opened their OneAccounts at Cole Taylor during the Relevant Period (“Eligible Students”) under the terms of any enforcement action issued by the Board of Governors against Higher One (“Required Restitution”), then Cole Taylor shall be liable for payment of the unpaid restitution amounts for the benefit of Eligible Students, up to a maximum of the lesser of: (a) $30,000,000, or (b) the total amount of Required Restitution based on fees that

Higher One collected from Eligible Students from May 4, 2012 through and including June 30, 2014.

Civil Monetary Penalty

The Board of Governors hereby assesses Cole Taylor a civil money penalty in the amount of $3,510,000 to be paid to the Board of Governors at the time of the execution of this Order by Fedwire transfer of immediately available funds to the Federal Reserve Bank of Richmond, ABA No. 05 1000033, beneficiary, Board of Governors of the Federal Reserve System. The Board of Governors or the Federal Reserve Bank of Richmond on its behalf shall remit the funds to the United States Treasury, pursuant to section 8(i) of the FDI Act (12 U.S.C. § 1818(i)). The Department hereby assesses Cole Taylor a civil money penalty pursuant to Section 48(8) of the Illinois Banking Act in the amount of $600,000 to be paid to the Department as soon as practicable on or after July 1, 2014. The fine is payable by certified check or money order to: Department of Financial and Professional Regulation, Division of Banking, 320 West Washington, 5th Floor, Springfield, Illinois 62786.


Consent Order - WEX Bank/Higher One Summary

On December 23, 2015 the Federal Deposit Insurance Corporation entered into a settlement with WEX Bank, Midvale, Utah. for deceptive practices in violation of Section 5 of the Federal Trade Commission (FTC) Act. As part of the settlements, WEX Bank and Higher One have each stipulated to the issuance of a Consent Order, Order for Restitution, and Order to Pay Civil Money Penalty. The FDIC orders require WEX Bank to pay $1.75 million, and together with Higher One to pay total restitution of approximately $31 million to an estimated 900,000 harmed consumers. WEX Bank has offered the OneAccount since May 4, 2012.


Consent Order - The Bancorp Bank/Higher One Summary

The FDIC brought an enforcement action against the Bancorp Bank on August 12, 2012. That settlement involved The Bancorp Bank and Higher One, Inc. and alleged unfair and deceptive practices in violation of Section 5 of the Federal Trade Commission Act (Section 5). Under the settlements, The Bancorp Bank agreed to a Consent Order. In addition, the FDIC imposed civil money penalties of $172,000 for The Bancorp Bank. The Consent Order required The Bancorp Bank to increase board oversight of all compliance matters, improve its compliance management system, enhance its audit program, correct all violations, significantly increase its management of third party risk, and provide to the FDIC details relating to the termination of its relationship with Higher One. In addition, if Higher One failed to complete restitution, the FDIC reserved the right to require The Bancorp Bank to establish a restitution account in the amount of restitution unpaid by Higher One.


Consent Order - The Bancorp Bank Summary

On December 21, 2015 the Federal Deposit Insurance Corporation (FDIC) announced another settlement with The Bancorp Bank for unfair and deceptive practices in violation of Section 5 of the Federal Trade Commission Act. As a second time offender the penalties, fines and enhances to the compliance program increased. Under the FDIC Orders, The Bancorp Bank will pay a civil money penalty of $3 million and an estimated $1.3 million in restitution to approximately 21,000 harmed customers.

Specific Issues

The Bancorp Bank issues prepaid cards on behalf of numerous non-bank entities. The FDIC determined the bank: • Failed to provide promised protections to consumers in the

resolution of account errors; • Failed to provide promised benefits for a debit card rewards

program that the bank offered with a third-party services provider; and

• Charged deceptive debit decline fees on a general purpose reloadable prepaid card.


Consent Order - The Bancorp Bank Supervision by Board

The Board of Directors must: • Increase its oversight of the affairs of the Bank by approving

sound policies and objectives and by supervising all of the Bank’s activities relating to the Bank’s consumer and commercial deposit, lending, and other products and services consistent with the role and expertise commonly expected for directors of banks of comparable size and complexity and offering comparable banking products and services.

• Increase its oversight activities of the Bank’s compliance management system.

• Document activities of the Board in the minutes of Board meetings.

• Approve sound policies and objectives for the Bank’s Products and Services offered to consumers, including any of the Bank’s Consumer Products offered in conjunction with a third party. Require that any such Consumer Products comply with applicable consumer protection and fair lending laws, including Section 5, implementing rules and regulations, and regulatory guidance and statements of policy.

CMS - Compliance Program - General

The Bank, on an ongoing basis, shall review, revise, and implement changes to its risk-based compliance management system (CMS), including the written compliance program to ensure that the Bank’s Consumer Products, including any Third-Party Products, comply with Consumer Protection Laws.


Consent Order - The Bancorp Bank CMS - Compliance Program - Review of Materials

The Bank shall ensure that the Compliance Program includes effective monitoring systems for the Bank’s Third-Party Products with provisions requiring review, approval, and maintenance by the Bank of copies of (1) All marketing, advertising, and solicitation materials,

including direct mail, electronic or telephonic marketing, or internet solicitations, promotional materials, and telemarketing scripts and rebuttals;

(2) Other materials provided or disseminated to customers or potential customers generated in connection with the marketing, administration and servicing of such Third-Party Products, including account agreements, privacy policies, periodic statements, and account histories and other transaction-related information; and

(3) Any material changes or amendments to any such materials.

CMS - Compliance Program - Notification of Action

The Bank shall ensure that the Compliance Program requires timely and regular notification to the Bank by its Third-Party Product partners, vendors, or servicers of any regulatory agency inquiries or legal actions and any legal actions commenced by any customer or potential customer;

CMS - Compliance Program - Customer Service

The Bank shall ensure that the Compliance Program requires review and approval by the Bank of all materials related to: • Customer service; • Monitoring by the Bank of customer service calls on a

regular basis; and • Review by the Bank of service-level reports.


Consent Order - The Bancorp Bank CMS - Compliance Program - Program Performance

The Bank shall ensure that the Compliance Program requires monitoring by the Bank of the performance of marketing and solicitation programs, including numbers of accounts offered, the products in each campaign and the response rate for each Third-Party Product.

CMS - Compliance Program - Compliance Reviews

The Bank shall ensure that the Compliance Program requires • Increased comprehensiveness of periodic compliance

reviews, including on-site visits, by the Bank as appropriate of all Third-Party Product providers, partners, vendors, or servicers and any of their material Third-Party Product-related service providers or subservicers (collectively “Third-Party Product Contributors”) and

• Comprehensive documentation such compliance reviews.

CMS - Compliance Program - Strategic Plan

The Bank shall ensure that the Compliance Program requires periodic review of all the Bank’s business and strategic plans relating to agreements with Third-Party Product Contributors.

CMS - Compliance Program - Record Retention I

The Bank shall ensure that the Compliance Program requires maintenance of records by the Bank of all approved materials, complaints and responses, solicitation materials, administration materials, and agreements related to its Third-Party Products.

CMS - Compliance Program - Record Retention II

The Bank shall ensure that the Compliance Program requires maintenance of records by the Bank documenting the service-level standards for those services provided by Third-Party Product Contributors, including due diligence reports, monitoring and audit results, and financial materials.


Consent Order - The Bancorp Bank CMS - Compliance Program - Compliance Meetings

The Bank shall ensure that the Compliance Program requires quarterly consumer compliance meetings between the Bank and its material Third-Party Product partners, vendors, and servicers, for which written notes will be taken and maintained.

CMS - Compliance Program - Information Security Monitoring

The Bank shall ensure that the Compliance Program requires periodic monitoring of the use of confidential and nonpublic personal information about Bank customers and consumers by its Third-Party Product Contributors and of the information security programs of such Third-Party Product Contributors.

CMS - Training

The Bank shall ensure that its Compliance Program provides for the establishment and implementation of an effective training program for appropriate Bank personnel that includes regular, specific, comprehensive training on applicable Consumer Protection Laws for employees having responsibilities that relate to Consumer Protection Laws, including senior management and the Board, commensurate with their individual job functions and duties.

CMS - Consumer Complaints

The Bank shall ensure that its Compliance Program includes procedures for promptly addressing and resolving consumer complaints arising from any Third-Party Product regardless of the source of the complaints, for monitoring such complaints and identifying any trends concerning the nature of the complaints, and for promptly addressing any root causes of such complaints.


Consent Order - The Bancorp Bank CMS - Administration

The Compliance Program shall: • Be administered by compliance personnel with sufficient

experience in, and knowledge of, Consumer Protection Laws; and

• Provide for sufficient personnel in order to fully comply with all requirements of this Order.

CMS - Compliance Audit Program - Content

Within 60 days from the Effective Date of this Order, the Bank shall review and revise its internal compliance audit program to ensure an effective and independent review of the Bank’s internal policies and procedures and compliance with Consumer Protection Laws. The revised internal compliance audit program shall take into account the size of the Bank and the complexity and risks identified with the Bank’s product, services, and business model, and shall at a minimum include policies, procedures, and processes that ensure: (i) Audit practices and procedures that are consistent with

Generally Accepted Auditing Standards, including provisions to ensure that the internal compliance audits, including audits of the Bank’s Third-Party Products, are independent and adequate in scope;

(ii) Annual risk assessments of each Third-Party Product type to ensure that internal compliance audits are performed with reasonable frequency;

(iii)Completion of a risk-based compliance audit plan each calendar year that considers the Bank’s products, services, and business model in their entirety and that is reviewed and approved by the Board;

(iv) The assignment of ratings or expressions of opinion as to the adequacy, effectiveness, and efficiency of the internal control environment of each line of business which offers one or more Third-Party Products; and

(v) Provisions for an adequate formal tracking and monitoring system for exceptions identified by internal compliance audits and regulatory examinations.


Consent Order - The Bancorp Bank CMS - Compliance Audit Program - Reporting

Internal compliance audit findings, deficiencies, and recommendations shall be promptly documented in a written report and provided to the Audit Committee of the Board at its next meeting. • The Bank shall promptly forward a copy of each internal

compliance audit written report and the minutes reflecting the Board’s review of such report to the Regional Director of the FDIC’s New York Regional Office (“Regional Director”).

• Within thirty (30) days of receipt of the internal compliance audit written report, the Board shall take action to address the internal compliance audit’s findings, correct or take steps to correct any deficiencies noted in a timely manner, implement any recommendations, and establish follow-up measures to monitor the effectiveness of corrective actions.

• The Board’s review of the internal compliance audit written report shall be fully documented in its minutes, together with a report of the Board’s actions in response to the internal compliance audit, including where applicable an explanation why a recommendation has not been implemented.

Managing Third Party Risk - Program

The Bank shall maintain, review, revise, and implement a Board-approved Third-Party Risk Management Program (“Third-Party Program”) which shall set forth the Bank’s plan for managing the risks of its Third-Party Product Contributors, vendors, and service providers. • The Bank’s relationship risk committee (“Third-Party

Relationship Risk Committee”) shall keep minutes that shall be regularly reviewed by the Board Risk Committee, and shall enhance its efforts to ensure proper management of third-party risk, consistent with the risk profile of any activity outsourced to Third-Party Product Contributors, vendors and service providers.


Consent Order - The Bancorp Bank Managing Third Party Risk – Program Content

At a minimum, the Bank’s Third-Party Program shall include, consistent with the Guidance for Managing Third-Party Risk (FIL-44-2008, issued June 6, 2008): (i) A risk assessment process to identify the risks associated

with the use of Third-Party Product Contributors, vendors and service providers, including but not limited to, operational and transactional risks;

(ii) Procedures adequate to conduct initial and ongoing due diligence with respect to activities of Third-Party Product Contributors, including but not limited to the marketing, processing, and servicing of Products and Services;

(iii)Procedures for terminating Third-Party Product Contributor relationships in the event that any such relationship fails to comply with the Bank’s systems and controls;

(iv) Procedures to review contract terms with respect to Third-Party Product Contributors; and

(v) Effective oversight of Third-Party Product Contributors to maintain compliance with Bank systems and controls.

Managing Third Party Risk – Program Enhancements

The Bank shall enhance its Third-Party Program to include a specific evaluation of the adequacy of compliance training provided to employees of Third-Party Product Contributors on applicable Consumer Protection Laws, and the Bank will ensure that any deficiencies in training are remediated in a manner consistent with the Bank’s compliance training program.


Consent Order - The Bancorp Bank Managing Third Party Risk – Reporting

On a quarterly basis, the Third-Party Relationship Risk Committee shall report to the Board: (i) Any new or substantive changes in any Third-Party Product

Contributor relationships, (ii) Notable actions taken under subparagraph (a) above and

recommendations made to Bank management regarding the same, and

(iii)The status of any ongoing reviews and audits and any corrective actions taken pursuant to subparagraph (a) above.

The Board minutes shall contain evidence of the Board’s review and discussion of the foregoing and shall include an evaluation of the overall effectiveness of the Third-Party Program.


Consent Order - The Bancorp Bank Third Party Relationships

(a) In the event that the Bank shall desire to introduce any

Third-Party Product, or enter into any new Third-Party Product relationship, or enter into any new agreement which materially changes any existing Third-Party Product or Third-Party Product relationship, the Bank shall provide 20 days’ advance notice thereof to the Regional Director or the Regional Director’s designee prior thereto, except no such notice shall be required by this Order to the extent specified in writing by the Regional Director.

(b) The Bank shall submit the following to the Regional Director or the Regional Director’s designee with any such notice of any Third-Party Product relationship or agreement: (i) a full and complete description of the Third-Party

Product relationship or agreement into which the Bank is entering and any due diligence that was performed in relation thereto;

(ii) a full and complete description of any Third-Party Product Contributors and of any functions or services they are to provide in connection with any proposed Third-Party Product; and

(iii)the projected increase or decrease in the volume of the Bank’s business related to the Third-Party Product.

(c) In the event the Bank terminates any relationship with a Third-Party Product Contributor, the Bank shall provide notice of such termination to the Regional Director or the Regional Director’s designee within 10 days after the termination.

Complaint and Error Claim Oversight and Review Committee

Within 60 days from the Effective Date of this Order, the Board shall establish a Complaint and Error Claim Oversight and Review Committee (“CECOR”) composed of three directors, including at least one director who is not an officer of the Bank or any affiliate of the Bank, and the compliance officer.


Consent Order - The Bancorp Bank CECOR Committee – Scope of Meetings

The Complaint and Error Claim Committee shall meet at least monthly and, at a minimum, the following areas shall be reviewed and, if applicable, approved: (i) Minutes of the previous Complaint and Error Claim

Committee; (ii) In regard to oral and written complaints:

A. The process for handling, monitoring and resolving all complaints received directly by the Bank or through its Third-Party Product Contributors;

B. Complaint trend analyses regarding complaints received directly by the Bank or through its Third Party Product Contributors;

C. Management’s identification of weaknesses within the Bank or its Third-Party Product Contributors associated with complaint trends that impact the Bank’s operations, policies, procedures, consumer accounts, products or services, or compliance with applicable Consumer Protection Laws;

D. Management’s planned corrective action steps (pending, implemented, and timing therefor) related to any identified complaint trends; and

E. Any follow-through testing and reporting to ensure corrective actions are completed timely and effective.

(iii) In regard to claims of “errors” related to electronic fund transfers or inquiries related to such transfers, as that term is defined in 12 C.F.R. § 1005.11(a): A. The process for handling, monitoring and resolving all

error claims received directly by the Bank or through its Third-Party Product Contributors;

B. A review of the Bank’s and Third-Party Product Contributors’ error claims practices and the identification of any weaknesses that impact the Bank’s compliance operations, policies, procedures, consumer accounts, products or services offered through third parties, or compliance with any Consumer Protection Laws;

C. Error claim trend analyses;


Consent Order - The Bancorp Bank CECOR Committee – Scope of Meetings, continued

D. Management’s planned corrective action steps related to

identified weaknesses within the Bank’s and any Third-Party Product Contributors’ error claims practices including due dates, names of individuals assigned responsibility for the corrective action; and

E. Any follow-through testing and reporting to ensure corrective actions are completed timely and effective.

CECOR Committee – Reports From Third Parties

The Bank shall take steps necessary to cause each Third-Party Product Contributor that performs customer service functions on behalf of the Bank to provide the Bank with written monthly reports, in a generally standardized format to be determined by the Bank, for any Third-Party Products. These reports shall include, to the extent the applicable customer service function is performed by the Third-Party Product Contributor, the following data: (i) Volume of error claims received with a breakdown by status; (ii) Volume and nature of oral and written complaints received

from consumers with a breakdown by status; (iii) Volume of inquiries received from consumers and the nature

of the inquiry, to the extent such data is capable of being captured;

(iv) Volume and nature of inquiries or legal actions received from regulatory agencies;

(v) Volume and nature of legal actions commenced by any customer or potential customer.

To the extent any Third-Party Product Contributor is unable to produce the data referenced in this Subsection (b), the Bank shall report the same to the CECOR Committee and the Bank shall thereafter collaborate with such Third Party Product Contributor to establish a written action plan in order to allow for the reporting of the referenced data, to the extent possible, within a reasonable period of time, subject to approval and ongoing monitoring by the CECOR Committee.


Consent Order - The Bancorp Bank CECOR Committee –Minutes

The CECOR Committee shall report the minutes of its meetings and provide any relevant attachments to the Board at each regularly scheduled Board meeting, including: (i) Its review and identification of complaint trends; its analysis

of root causes of complaints; and its recommendations for, and progress on, corrective actions to reduce complaints; and

(ii) Its review and analysis of a compilation of the written monthly reports received for each Third-Party Product as outlined in Section 6(b) of this Order; its review and identification of weaknesses within the error claim practices of the Bank or any Third-Party Product Contributor; and its recommendations for, and progress towards, corrective action to address identified weaknesses within the error resolution practices.

CECOR Committee –Content of Minutes

The Board minutes shall document the review and approval of all CECOR Committee items before the Board, including the names of any dissenting directors.

CECOR Committee –Allocation of Resources

The Board, in conjunction with the CECOR Committee shall allocate resources that are commensurate with the recommended corrective actions approved and any follow-through testing and reporting that are sufficient to ensure that corrective actions are completed and effective to ensure the Bank’s compliance with all Consumer Protection Laws.

CECOR Committee –Reporting to Regulator

Copies of the CECOR Committee minutes, including any applicable attachments shall be submitted to the Regional Director as part of the progress reports required by this Order.


Consent Order - The Bancorp Bank Corrections of Violations of Law

Within sixty (60) days from the effective date of this Order, the Bank shall eliminate or correct violations of Consumer Protection Laws cited in the FDIC’s most recent Compliance Report of Examination. • The Bank shall take all necessary steps to maintain ongoing

compliance with such Consumer Protection Laws, including promptly implementing practices, and causing its Third-Party Product Contributors to implement practices, to properly execute the intake, investigation and resolution of error claims and comply with all error resolution and provisional credit provisions set forth in applicable cardholder agreements (“CHAs”) for all prepaid cardholders and, for cardholders receiving federal benefits on their cards through the ACH system, affording the appropriate protections set forth in the applicable CHAs, in the rule issued by the Treasury Department that governs the use of the ACH system to deliver federal payments to prepaid cards, 31 C.F.R, § 210 (the “Treasury Rule”), and in Regulation E, 12 C.F.R. § 1005 (“Regulation E”).

No Misrepresent-ations or Omissions

Within sixty (60) days from the effective date of this Order, the Bank shall take all action necessary to comply with the guidance set forth in Unfair or Deceptive Acts or Practices by State-Chartered Banks (FIL-26-2004, issued March 11, 2004). Without limiting the foregoing, in any advertising, marketing, offering, soliciting, billing, or servicing of any Products and Services, including any Third-Party Product, the Bank shall not make, or allow to be made, any misleading or deceptive representation, statement, or omission, expressly or by implication.

Corrective Action Plan

Within 30 days of the effective date of this Order, the Bank shall commence the Bank’s Corrective Action Plan (CAP), which the Board adopted by resolution on December 16, 2015 and which addresses remedial measures to be taken by the Bank with regard to the certain prepaid cardholders who asserted or attempted to assert error claims.


Consent Order - The Bancorp Bank CAP Content

The Corrective Action Plan includes steps to: (i) Identify prepaid card programs for review, identify the scope

and nature of review of such programs and develop a schedule for review of the programs;

(ii) Review the error resolution practices of certain prepaid card programs for compliance with the requirements of applicable laws, regulations and CHAs;

(iii)Provide restitution to cardholders harmed by certain error resolution practices;

(iv) Correct certain error resolution practices identified by the review and determined by the Bank to violate the requirements of applicable laws, regulations or CHAs; and

(v) Maintain certain records relevant to the review for a specified period of time.

CAP Board Assurance

The Board shall ensure that the Bank adheres to the Corrective Action Plan.

CAP Independent Verification

The Board shall hire an independent auditor who is acceptable to the Regional Director, who shall verify that the Bank is providing restitution to affected prepaid cardholders with respect to whom restitution payments are to be made in accordance with this Order and the Corrective Action Plan. • The independent auditor shall prepare written reports

verifying whether the Bank is adhering to the processes and procedures for determining and making restitution as set forth in the Corrective Action Plan.

• Such reports shall be submitted to the Regional Director for review, comment, and/or non-objection within 180 days from the effective date of this Order, and then every 60 days thereafter until completion of the restitution required by this Order.


Consent Order - The Bancorp Bank Civil Monetary Penalty

IT IS FURTHER ORDERED THAT, by reason of the alleged violations of law and/or regulations, and after taking into account the Consent Agreement, the appropriateness of the penalty with respect to the financial resources and good faith of the Bank, the gravity of the conduct by the Bank, the history of previous conduct by the Bank, and such other matters as justice may require, pursuant to section 8 (i)(2) of the FDI Act, 12 U.S.C. § 1818(i)(2), a civil money penalty of $3 million is assessed against the Bank. The Bank shall pay: • The civil money penalty to the Treasury of the United States. • Such civil money penalty itself, and is prohibited from

seeking or accepting indemnification for such payment from any third-party.

Progress Reports

Within thirty (30) days from the end of each calendar quarter following the effective date of this Order, the Bank shall furnish to the Regional Director written progress reports detailing the form, manner, and results of any actions taken to secure compliance with this Order. • All progress reports and other written responses to this Order

shall be reviewed by the Board and such review shall be documented in the Board minutes.


Consent Order - The Bancorp Bank Board Committee to Monitor

(a) The Board shall maintain an oversight committee charged

with the responsibility of ensuring compliance with the provisions of this Order. A majority of the Oversight Committee shall be comprised of members who are not now, and have never been, involved in the daily operations of the Bank and who shall be acceptable to the Regional Director.

(b) The Oversight Committee shall monitor compliance with this Order and submit a written report quarterly to the entire Board, and a copy of the report and any discussion related to the report or this Order shall be part of the minutes of the Board meeting. Copies of the quarterly report shall be submitted to the Regional Director as part of the progress reports required by this Order. Nothing contained herein shall diminish the responsibility of the entire Board to ensure compliance with the provisions of this Order.

Savings Clause

(a) This Order shall not bar, estop or otherwise prevent the

FDIC or any other federal or state agency or department from taking any action against the Bank, or any of its directors, officers, employees, and agents, or any of the Bank's affiliates, their successors or assigns, or any of their respective directors, officers, employees, and agents, or any of the Bank's current or former institution-affiliated parties, or any of their respective directors, officers, employees, and agents.

(b) The FDIC expressly reserves all rights against each Third-Party Product Contributor. Nothing in the Consent Agreement or this Order shall require the FDIC or any other party to reduce, compromise, or otherwise limit any claims against any Third-Party Product Contributor.

(c) Nothing in the Consent Agreement or this Order shall require the FDIC or any other party to reduce, compromise, or otherwise limit any claims because of any contractual or other commitments of the Bank to indemnify, defend, or hold harmless any Third-Party Product Contributor.


Consent Order - Bank of America Summary

On April 9, 2014 the Consumer Financial Protection Bureau (CFPB) ordered Bank of America, N.A. and FIA Card Services, N.A. to provide an estimated $727 million in relief to consumers harmed by practices related to credit card add-on products. Roughly 1.4 million consumers were affected by Bank of America’s deceptive marketing of their add-on products. Bank of America also illegally charged approximately 1.9 million consumer accounts for credit monitoring and credit reporting services that they were not receiving. Bank of America will pay a $20 million civil money penalty to the CFPB.

Deceptive Marketing

From 2010 through 2012, Bank of America actively marketed two credit card payment protection products, “Credit Protection Plus” and “Credit Protection Deluxe.” Both products allowed customers to request that Bank of America cancel some amount of credit card debt in the event of certain hardships like involuntary unemployment or disability and certain life events such as entering college or retirement. The Bureau found that the telemarketing scripts Bank of America used for these products contained misstatements. Additionally, telemarketers often went off script to make sales pitches that were misleading and that omitted pertinent information. Over 1.4 million card members were affected by this deceptive marketing.


Consent Order - Bank of America Specific Marketing Practices

Among other things, Bank of America misled consumers about: • Cost of first 30 days of coverage: Bank of America led some

consumers to believe that the first 30 days of coverage were free of charge when, in fact, by enrolling, consumers were agreeing to purchase the credit protection products. Consumers would begin incurring charges unless they cancelled within an initial 30-day review period, in which case any fees previously paid would be reimbursed.

• Enrollment process for credit protection products: Bank of America misled some consumers about the enrollment process for these products, telling them that there were additional steps to enroll in or purchase the products after the telemarketing call or that, on the call, they were merely agreeing to receive additional information. In reality, Bank of America was enrolling these consumers in the products during these calls and then charging consumers for the products.

• Benefits of credit protection products: Bank of America misrepresented the benefits consumers could receive from the products, telling consumers they could receive benefits for a longer period of time than was allowed under the terms and conditions of the credit protection products. Bank of America also led some consumers to believe they would be entitled to a “$25,000 death benefit” by enrolling in Credit Protection Plus when that was not the case. Telemarketers misled consumers by implying the benefits of these products were automatic upon notice of a qualifying event when, in fact, benefits were contingent on the successful completion of a benefit request submission and approval process.


Consent Order - Bank of America Unfair Billing Practices

Bank of America also enrolled consumers in identity protection credit card add-on products, known as “Privacy Guard,” “Privacy Source,” and “Privacy Assist,” that promised to monitor customer credit and alert consumers to potentially fraudulent activity. Under federal law, in order for Bank of America or its vendors to obtain consumers’ credit information, the consumers generally must authorize access to credit information. Bank of America, however, billed consumers for these products without or before having the authorization necessary to perform the credit monitoring and credit report retrieval services. As a result, the company: • Billed consumers for services they did not receive: Bank of

America illegally charged customers for these products as soon as they enrolled even if they were not actually receiving the services yet.

• Unfairly charged consumers for interest and fees: The unfair monthly fees that customers were charged sometimes resulted in customers exceeding their credit card account limits, which lead to additional fees for the customers. Some consumers also paid interest charges on the fees for services that were never received.

• Illegally charged approximately 1.9 million consumer accounts: Bank of America engaged in these unfair billing practices from at least October 2000 through September 2011. About 1.9 million consumer accounts were improperly billed product fees while not receiving the full product services, affecting roughly 1.5 million consumers. The unfair billing practices resulted in about $459 million in harm to consumers.

• Failed to provide product benefits: Consumers may have been under the impression that their credit was being monitored for fraud and identity theft, when, in fact, these services were either not being performed at all, or were only partially performed.


Consent Order - Bank of America Enforcement Action

Pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act, the CFPB has the authority to take action against institutions engaging in unfair, deceptive, or abusive practices. Bank of America ended the marketing and sales of credit protection products in August 2012, canceled all existing accounts as of September 2013, and provided six months of no-cost coverage to consumers enrolled as of March 2013. Bank of America stopped marketing the identity protection products in approximately December 2011.


Consent Order - Bank of America Specific Actions

To ensure that Bank of America honors its obligation to provide relief to affected consumers and that consumers are no longer subject to these deceptive marketing tactics and unfair billing practices, the CFPB’s order requires that Bank of America: • Prohibited from engaging in illegal practices: Bank of

America will be prohibited from marketing any credit protection or credit monitoring add-on products until it submits a compliance plan to the CFPB.

• End unfair billing practices: Consumers will no longer be billed for these products if they are not receiving the promised benefits. Bank of America will review and, if necessary, improve its policies to ensure that it does not commit unlawful acts in the future.

• Repayment to affected consumers: Bank of America must provide approximately $268 million in refunds and additional relief to more than 1.4 million customers subjected to deceptive marketing practices. It also must pay approximately $459 million to roughly 1.9 million customer accounts, representing approximately 1.5 million consumers who enrolled in the credit monitoring products and were charged while Bank of America did not perform all of the promised services.

• Conveniently repay consumers: Bank of America has completed reimbursement to consumers for the unfair billing practices relating to the identity protection products. For the credit protection products, if the consumers are still Bank of America customers, they will receive or already have received a credit to their accounts. If they are no longer a Bank of America credit card holder, they will receive or already have received a check in the mail or have charged-off balances reduced by the amount they were charged in fees. Consumers are not required to take any action to receive their credit or check.

• Pay a $20 million penalty: Bank of America will make a $20 million penalty payment to the CFPB’s Civil Penalty fund.


Consent Order - Bank of America Similar Case

On September 19, 2013 the Consumer Financial Protection Bureau (CFPB) ordered Chase Bank USA, N.A. and JPMorgan Chase Bank, N.A. to refund an estimated $309 million to more than 2.1 million customers for illegal credit card practices. This enforcement action is the result of work started by the Office of the Comptroller of the Currency (OCC), which the CFPB joined last year. The agencies found that Chase engaged in unfair billing practices for certain credit card “add-on products” by charging consumers for credit monitoring services that they did not receive.


Consent Order - First Electronic Bank Summary

On December 7, 2015 the FDIC issued Consent Orders to First Electronic Bank, Sandy, Utah ("Bank") for Restitution and to pay a Civil Money Penalty of $250,000, having determined that the Bank has engaged in: • Unsafe or unsound banking practices; • Deceptive and unfair acts and practices in or affecting

commerce, in violation of section 5 of the Federal Trade Commission Act (“Section 5”), 15 U.S.C. § 45(a)(1), by failing to adequately inform consumers of promotion plan requirements concerning deferred interest charges assessed on open-end credit accounts; and

• Other violations of law, including the Equal Credit Opportunity Act (“ECOA”), 15 U.S.C. §§ 1691 et seq., and its implementing Regulation B, 12 C.F.R. § 1002, and Section 207(b)(2) of the Servicemembers Civil Relief Act, 50 U.S.C. App. 501 et seq.

Restitution of at least $56,000 to affected consumers was also ordered.


Consent Order - First Electronic Bank Unfair and Deceptive Acts or Practices

The Bank shall take all action necessary to eliminate and correct all violations of Section 5 and implement a sufficient CMS to prevent future violations of Section 5. Specifically, such CMS shall provide that all notices to consumers for purchases under any interest-deferred promotional financing plan (“Promotional Plan”) offered by or through any of the Bank’s strategic partners, including, but not limited to, any welcome letter and periodic statement, clearly and conspicuously disclose: (a) Both the Promotional Plan expiration date and the periodic

statement due date; (b) If the Promotional Plan expiration date and the periodic

statement due date are not the same date, a notice clearly and conspicuously, in close proximity to payment information, alerting the consumer in the periodic statement that deferred interest will be assessed if the Promotional Plan balance is paid on the periodic statement due date rather than the Promotional Plan expiration date; and

(c) (c) If there is more than one Promotional Plan purchase or any other outstanding balance on the account, a notice concerning the application of payments provision in effect impacting payments made prior to the periodic statement due date.


Consent Order - Citizens Bank, National Association Summary

On November 10, 2015 the OCC issued a Consent Order to Cease and Desist and to pay a $2 million civil money penalty to Citizens Bank, National Association, Providence, Rhode Island, for deficiencies in the bank's practices that resulted in violations of Section 5 of the Federal Trade Commission Act and 12 CFR Part 37, related to billing and marketing practices for identity protection and debt cancellation products.

Issue - Identity Protection Product

Since at least January 2008, the Bank and/or its vendors marketed and sold identity protection products (“Identity Protection Products”), which included credit monitoring and credit report retrieval services, to Bank customers. • Bank customers who enrolled in the Identity Protection

Products were required to provide sufficient personal verification information or authorization before their credit bureau reports could be accessed. Until the information or authorization was submitted, the customers could not receive the full credit monitoring and/or credit report retrieval services of the Identity Protection Product in which they were enrolled.

• From at least January 2008 to September 2014, the Bank and/or its vendors, billed customers of Identity Protection Products who were not receiving credit monitoring and/or credit report retrieval services for the full fee of the product, even though those customers were not receiving all of the benefits of the product.

• From at least January 2008 to September 2014, the Bank retained a portion of the fees paid by the Identity Protection Products customers, including fees paid by the customers who were not receiving the credit monitoring and credit report retrieval services.

• By reason of the foregoing billing practices for its Identity Protection Products as described in Paragraphs (1) to (4) of this Article, the Bank engaged in unfair practices in violation of Section 5 of the FTC Act, 15 U.S.C. § 45(a)(1).

• The Bank’s violations of Section 5 of the FTC Act caused substantial consumer injury.


Consent Order - Citizens Bank, National Association Issue - Debt Cancellation Product

Since 2005, the Bank has marketed and sold a debt cancellation product to Bank customers. The debt cancellation product included cancellation of some or all of a customer’s credit card balance upon the occurrence of certain qualifying events. The Bank contracted with a debt cancellation product vendor in connection with this product. • From at least 2005 through 2013, some Bank customers

experienced an event covered by the debt cancellation agreement, but the Bank and/or the debt cancellation product vendor may have denied the claim or miscalculated the amount of the benefit.

• By reason of the foregoing practices for the debt cancellation product as described in Paragraphs (7) and (8) of this Article, the Bank engaged in an unfair practice in violation of Section 5 of the FTC Act, 15 U.S.C. § 45(a)(1).

• The Bank’s violation of Section 5 of the FTC Act caused substantial consumer injury.

Issue - Debt Cancellation Product - 30 Day Review

Since 2005, the Bank has offered its debt cancellation product with a thirty (30) day review period during which the Bank would credit any product fees imposed on an account if the customer decided to cancel his or her enrollment in the product during the first thirty (30) days. This thirty (30) day review period was set forth in the Bank’s written agreement with the customer. • From 2005 through 2012, a small number of customers were

not credited for debt cancellation product fees imposed upon their accounts despite cancelling their enrollments within the 30-day review period, which was contrary to the terms of the Bank’s written agreement with the customers.

• By reason of the foregoing practice for its debt cancellation product as described in Paragraphs (11) and (12) of this Article, the Bank engaged in a deceptive practice in violation of Section 5 of the FTC Act, 15 U.S.C. § 45(a)(1).


Consent Order - Citizens Bank, National Association (Again) Summary

On August 12, 2015 the Consumer Financial Protection Bureau (CFPB), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) took action against Citizens Bank for failing to credit consumers the full amounts of their deposited funds. The CFPB investigation found that from January 1, 2008 to November 30, 2013, Citizens Bank engaged in the unfair and deceptive practices. The consent order requires the bank to provide approximately $11 million in refunds to consumers and pay a $7.5 million penalty for the violations.

Specifics

For the period at issue, the bank generally required its customers making a deposit to fill out a slip listing the checks or cash being deposited, and their total. The customer then turned the deposit slip over to the bank and got a receipt reflecting the amount on the deposit slip for the transaction. The bank scanned the deposit slip and deposit items at a central location. In cases where the bank’s scanner misread either the deposit slip or the checks, or if the total on the deposit slip did not equal the total of the actual checks, Citizens Bank did not take action to fix the mistake if it fell below a certain dollar amount. From January 2008 to September 2012, the bank only looked into discrepancies greater than $50. From September 2012 to November 2013, the bank only looked into discrepancies greater than $25. Over the years, by ignoring the discrepancies the bank shorted consumers millions of dollars. Although some consumers benefited by this policy, others lost money that rightfully belonged to them. The CFPB concluded that many of those consumers were harmed by this unfair and deceptive practice.


Consent Order - Various Auto Finance Companies Deceptive Collection Practices

The CFPB determined that actions of several auto finance companies were violations of the Fair Debt Collection Practices Act, the Truth in Lending Act, and the prohibition on Unfair, Deceptive or Abusive Acts or Practices (UDAAP).

Case Summaries

• On October 28, 2015 the Consumer Financial Protection

Bureau ordered Security National Automotive Acceptance Company (SNAAC) to pay $3.28 million. A complaint filed by the CFPB alleged that SNAAC exaggerated potential disciplinary action that servicemembers would face, contacted and threatened to contact commanding officers to pressure servicemembers into repayment; falsely threatened to garnish servicemembers’ wages and misled service members about imminent legal action.

• On October 1, 2015 The CFPB found that Westlake Services, LLC and Wilshire Consumer Credit, LLC deceived consumers by calling under false pretenses and using phony caller ID information, falsely threatened to refer borrowers for investigation or criminal prosecution, and illegally disclosed information about debts to borrowers’ employers, friends, and family. The Bureau ordered the companies to overhaul their debt collection practices and to provide consumers $44.1 million in cash relief and balance reductions. The companies will also pay a civil penalty of $4.25 million.


Consent Order - Fifth Third Bank Summary

On September 28, 2015 the CFPB announced it has taken action against Fifth Third Bank for auto-lending discrimination and illegal credit card practices. • The Bureau was joined by the Department of Justice in its

action involving discriminatory auto loan pricing. The joint CFPB and Department of Justice (DOJ) auto-lending enforcement action requires Fifth Third to change its pricing and compensation system to minimize the risks of discrimination, and to pay $18 million to harmed African-American and Hispanic borrowers.

• The CFPB’s action against Fifth Third’s deceptive marketing of credit card add-on products requires the bank to provide an estimated $3 million in relief to eligible harmed consumers and pay a $500,000 penalty.

Note: This is the 11th credit card add-on enforcement action the Bureau has taken against companies for illegal practices in the marketing or administration of add-on products and services.

Deceptive Practices

The CFPB took action against Fifth Third for violations of the Dodd-Frank Act for deceptive acts or practices in the marketing and sales of its “Debt Protection” credit card add-on product. The Bureau found that Fifth Third’s telemarketers deceptively marketed the add-on product during calls. For example, telemarketers did not tell some cardholders that by agreeing to receive information about the product, they were being enrolled and would be charged a fee. In addition, from December 2011 through September 2012, Fifth Third sent cardholders product “fulfillment kits” that contained incorrect descriptions of the product’s cost, benefits, exclusions, terms, and conditions. Among other things, Fifth Third’s illegal practices included: misrepresenting costs and fees for coverage; misrepresenting or omitting information about eligibility for coverage; and illegal practices in the enrollment process.


Consent Order - Comenity Bank Summary

On September 8, 2015 t he Federal Deposit Insurance Corporation announced a settlement with Comenity Bank, Wilmington, Delaware, and Comenity Capital Bank, Salt Lake City, Utah, for deceptive practices related to the marketing and servicing of credit card "add-on products," in violation of Section 5 of the Federal Trade Commission Act. The banks are both wholly-owned subsidiaries of Comenity, LLC, Columbus, Ohio. As part of the settlement, each of the banks stipulated to the issuance of a Consent Order, Order for Restitution, and Order to Pay Civil Money Penalty. Under the FDIC orders: • Comenity Capital Bank will pay a CMP of $450,000 and

provide restitution of approximately $8.5 million to harmed consumers.

• Comenity Bank will pay a civil money penalty (CMP) of $2 million and provide restitution of approximately $53 million to harmed consumers.

Specific Practices

The FDIC determined that the banks violated Section 5 by, among other things: • Representing to consumers that they would not be charged a

fee for the products if their accounts had no balances, but charging fees to consumers in those circumstances.

• Making material misrepresentations and omissions regarding the refund process applicable to consumers' cancellations of the products within the first 30 days of enrollment.

• Making material misrepresentations and omissions regarding the conditions for receipt of the gift cards or account statement credits offered as incentives for enrolling in the products.

https://www.fdic.gov/news/news/press/2015/pr15073b.pdf


TCF Enforcement Action and CFPB Lawsuit CFPB Lawsuit -January 19, 2017

The CFPB sued TCF National Bank alleging the bank was tricking consumers into costly overdraft services. Since 2010, financial institutions have not been able to charge overdraft fees on one-time debit purchases and ATM withdrawals without a consumer’s consent. The CFPB alleges that TCF: • Designed its application process to obscure the fees and

make overdraft services seem mandatory for new customers attempting to open an account; and

• Utilizes a definition of consent for existing customers, that was not within the spirit or regulatory boundaries, in order to opt them into the service and responded negatively to any customer who questioned the process.

The lawsuit seeks: • Restitution for consumers; • An injunction to prevent future violations; and • Civil money penalties. The CFPB alleged that TCF National violated the Electronic Fund Transfer Act and the Dodd-Frank Act.

Background

TCF relied on overdraft fee revenue to a greater degree than most other banks its size and recognized early on that the opt-in rule could negatively impact its business. In late 2009, it estimated that approximately $182 million in annual revenue was “at risk” because of the opt-in rule. As part of a “testing” program, the bank determined that the less information it gave consumers about opting in, the more likely consumers would opt in.


TCF Enforcement Action and CFPB Lawsuit Notice and Opportunity to Respond and Advise

The bank received written communication on October 29, 2015, which stated that its regulatory agency’s enforcement office "is considering recommending that the CFPB take legal action against TCF related to compliance with laws relating to unfair, deceptive and abusive acts and practices … in connection with TCF's practices in administering checking account overdraft program 'opt-in' requirements." The letter from the CFPB "offers TCF the opportunity to make a written statement setting forth any reasons of law or policy why TCF believes that the CFPB should not take action against it”. The bank stated that it believed its overdraft 'opt-in' practices complied with all applicable laws and regulations.


TCF Enforcement Action and CFPB Lawsuit Allegation 1 – Tricking New Customers into Believing Overdraft Coverage was Mandatory

Through consumer testing the bank determined that if new customers were asked to opt in at the same time they were being asked to agree to other mandatory terms and conditions of a new account, the opt-in rate more than doubled.

The bank then decided to strategically have employees conduct the opt-in decision discussion immediately after a series of mandatory items the consumer had to agree to in order to open the account, rather than at the time they received the mandatory notice about their opt-in rights.

If customers were allowed to make a decision when looking at the opt-in notice, testing indicated that the “take rate” was 33% but increased to 77% when customers were required to make their decisions at another point in the process when the opt-in notice was not visible.

The bank then provided branch employees with scripts that did not explain that opting in was optional or that it amounted to giving the bank permission to authorize transactions that would result in fees. Most consumers fell into the rhythm of initialing the terms of the agreement and signed on.


TCF Enforcement Action and CFPB Lawsuit Steps in Account Opening Process for New Customers

• Provide a new customer with a copy of the opt-in notice; • Bank employee did not summarize or explain the notice or

direct the consumer to read the notice; • Instead, employee stated that “this is the federally-required

notice describing our overdraft service” • New customer was not given an opportunity at this point to

opt-in or out of the service; • Bank employee then placed notice in a folder with other

account opening documents and moved to next step in account opening process;

• Employee printed out New Account Agreement and asked customer to initial (First 4 items on the agreement – Arbitration, FCRA Notice, etc. were mandatory in the process in that customer had to initial them – without an initial, customer could not open the account);

• Opt-in language on New Account Agreement came immediately after four required items;

• Bank employee then read a 2-sentence script that referred to opt-in and many customers apparently felt this was also mandatory;

• There was no language in the oral or written language to address risks and costs – the word fee was not used;

• Employees were instructed to not “over explain” the product or its fees and costs and criticized when they did;

• Employees were instructed to persuade customers to opt-in if they did not initial at the identified field; and

• Employees trained to tailor hypothetical examples for maximum emotional resonance such as being stranded in the cold.


TCF Enforcement Action and CFPB Lawsuit Allegation 2 – Pitch to Existing Customers

TCF also devised a scheme to those customers who already had an account on the effective date of the 2010 Regulation E opt-in requirement. These customers could not be charged a fee for a one-time Debit POS or ATM transaction unless the customer had affirmatively opted-in to this service and its fee.

• Bank developed scripts which were used during phone calls

to customers; • Employee would ask the question: “Would you like your

TCF Check Card to continue to work as it does today?; • If the customer answered “Yes”, this was considered an opt-

in; • If customer did not respond in affirmative, employees were

then instructed to use hypotheticals such as being locked out in the cold;

• One of the scripts used by bank employees stated that “not opting in could cause you a real problem”;

• The scripts also referred to check teller withdrawals, ACH and other electronic transactions that were not covered under the Regulation E opt-in program;

• There was no mention of a possible $35 fee until after the bank employee had made the opt-in decision for the consumer; and

• Employees were also instructed to utilize opt-in scripts if existing customers visited branches for other business.


TCF Enforcement Action and CFPB Lawsuit Abusive in Regards to New Customers

TCF materially interfered with its new customers ability to understand terms and conditions by: • Using an account opening process that interfered with

customers’ ability to read the notice; • Using an account opening process that interfered with

customers’ ability to consider the contents of the notice when they made their opt-in decision;

• Using an account opening process that effectively replaced the disclosures contained in the notice with a script that characterized the opt-in as a benefit without adequately disclosing other relevant terms and conditions, including fees;

• Presenting the opt-in decision with a short, cursory explanation and as if it were one in a series of acknowledgements that consumers were required to make to open their account, which in numerous instances led consumer to believe that opting-in was mandatory;

• Directing branch employees to not provide consumers with info that would correct their lack of understanding;

• Incentivizing employees, through both positive and negative incentives, to reach unreasonably aggressive sales targets; and

• Training employees that, while they should not answer consumer questions or provide consumers with clarifying information, employees could emphasize the benefits of opting in with one-sided hypotheticals.


TCF Enforcement Action and CFPB Lawsuit Deceptive in Regards to New Customers

• Using an account opening process that discouraged

customers from reading the notice; • Using an account opening process that discouraged

consumer from looking at or thinking about the notice when they made their opt-in decision;

• Using an account opening process that effectively replaced the disclosures contained in the notice with a script that characterized opt-in as a benefit and did not adequately disclose other relevant terms and conditions, including fees; and

• Presenting the opt-in decision with a short, cursory explanation and as one in a series of acknowledgements that consumers had to make to open their account.

Note: Net impression left by the bank was that there was no cost to opting in. Process also created the net impression that initialing the opt-in section was mandatory on New Account Agreement.

Existing Customers

• Bank effectively changed decision from opt-in to opt-out;

and • Existing customers did not have a “reasonable opportunity”

to consent nor did they affirmatively consent to the payment of a fee.


Citizens Bank – Deposit Reconciliation Enforcement Action Regulatory Consent Decrees

The CFRB, OCC and FDIC filed a lawsuit against Citizens Bank in 2015 seeking approximately $11 million in restitution for customers of the bank and another $7.5 million in penalties based on allegations that the bank had violated the Dodd-Frank Wall Street Reform and Consumer Protection Act as well as Section 5 of the FTC Act.

THE CONSENT ORDER... ISSUED BY THE…

INCLUDED…

CFPB Only the bank’s violations of the Dodd-Frank Wall Street Reform and Consumer Protection Act’s (“Dodd-Frank”) prohibition on unfair and deceptive practices by failing to properly credit consumers checking and savings accounts

OCC Deficiencies in the practices related to deposit reconciliation that resulted in violations of Section 5 of the FTC Act.

FDIC Violations of Section 5 of the FTC Act as a result of the bank’s unfair and deceptive disclosure and implementation reconciliation procedures.

This was the first instance of any banking regulatory agency utilizing Section 5 of the FTC Act to take action involving deception related to a consumer deposit product or practice.

Restitution and Penalties

Citizens Bank paid restitution to consumers of approximately $14 million and paid approximately $20.5 in Civil Monetary Penalties (CMPs). The financial loss was likely higher than announced since the bank did not appear to reconcile deposits where the amount on the deposit slip exceeded the total of items deposited.


Citizens Bank – Deposit Reconciliation Enforcement Action Actions Cited

The following practices in place at the bank were specifically outlined by the regulators as the root cause for the deficiencies: • Crediting consumer and business checking and savings

accounts with amounts shown on the deposit slip without any attempt to reconcile to the amounts from checked being deposited;

• Reconciling the amount on the deposit slip to the total of checks being deposited but making no adjustments if the amount of discrepancy was less than $25 or $50 (depending upon time period);

• Stating in account opening disclosures that deposits would be reconciled but no such reconcilement took place;

• Encoding errors and poor image capture quality by the bank and calculation errors by consumer;

• The bank’s practice for deposit discrepancies did not comply with the bank’s written policies or procedures – policy called for review of all discrepancies;

• Bank did not detect the failure due to weaknesses in its compliance management system; and

• Errors in advertising, marketing, promoting offering for sale and sale of deposit accounts as bank had represented, expressly or impliedly, that consumer deposits were subject to verification and that the bank would take steps to ensure consumers were credited with the correct amount.


Citizens Bank – Deposit Reconciliation Enforcement Action Specific Practices

1. Bank required consumers making a deposit to present the

deposited items and a deposit slip on which consumer indicated total amount of the deposit;

2. Bank provided consumer a receipt for the amount on the deposit slip;

3. Branches then batched deposit items and slips and sent to centralized processing facility;

4. Bank’s Enterprise Transaction System (ETS) flagged those deposits where the total of deposited items differed from the amount on the deposit slip;

5. Depending on time frame (pre- or post-September 2012) the bank used a threshold amount ($25 or $50) for identification of discrepancies to research further;

6. If discrepancy fell below threshold level, no research was conducted and the incorrect amount (higher or lower) was credited to the consumers account; and

7. Banks ETS system would not accept incorrect amounts so bank had to create substitute tickets which credited/debited the bank’s GL account with the overage or underage.

During review period, underage was calculated at approximately $12.3 million. The $14 million restitution amount also included interest, NSF fees, overdraft fees and any maintenance fees that were paid as a result of the errors.


Citizens Bank – Deposit Reconciliation Enforcement Action CMS - CFPB Mandated Enhancements

Bank required to enhance its Compliance Management System (CMS) to include: • Compliance functions to ensure the processing of deposits

and discrepancies complies with federal consumer financial laws;

• Policies, procedures and practices to ensure processing of deposits and discrepancies complies with federal consumer financial laws; and

• Complaint procedures and processing to ensure complaints related to the processing of deposits and discrepancies are identified, tracked, and resolved in accordance with the bank’s policies and procedures.

CMS - CFPB Mandated Additions

Bank required to incorporate into its CMS: • Sufficient monitoring and oversight of the processing of

deposits and discrepancies to ensure practice adheres to bank policies and procedures;

• Corrective actions sufficient to address any issues identified in the monitoring and auditing of the processing of payments; and

• Sufficient training of personnel involved in the processing of deposits and discrepancies to ensure such personnel understand the bank’s policies and procedures related to these issues.

CMS - CFPB Mandated Audit Improvements

Bank required to develop written policies and procedures for: • Conducting audits of bank’s compliance with federal

consumer financial laws with respect to the processing of deposits and discrepancies including the scope, frequency and depth of such audits; and

• Expanding sampling when exceptions based on potential violations of federal consumer financial laws are detected with respect to the processing of deposits and discrepancies.


Citizens Bank – Deposit Reconciliation Enforcement Action OCC Mandated Risk Management Improvements

The OCC required the development and/or implementation of: • Annual comprehensive UDAAP assessments for deposit

reconciliation practices; • Procedures for providing appropriate FTC Act Section 5

training, including related bank policies and procedures, to appropriate bank employees;

• Policies and procedures for identifying and reporting any violation of Section 5 of the FTC Act and/or related bank policies and procedures to a specific executive bank manager who is independent of the deposit reconciliation process;

• Policies and procedures to ensure that risk management, legal, internal audit, and compliance departments have the requisite authority and status so that appropriate reviews of deposit reconciliation practices may occur and deficiencies are identified and remediated; and

• Policies and procedures to manage, prevent, detect and mitigate the risks identified in the UDAAP program related to deposits.

2012 Consent Decree

Citizens was the subject of a Consent Decree in 2012 and agreed to pay $137 million to settle allegations related to its overdraft practices whereby its method of paying debit card transactions was from highest dollar to lowest dollar amounts, rather than in order of receipt, in order to maximize the number of overdraft fees charged to consumers. This restitution involved transactions between January 1, 2002 and August 13 2010.

Connections Between Consent Decrees

Careful monitoring as a result of the 2012 Consent Decree, combined with a tip from an inside whistleblower, resulted in the 2015 action related to deposit reconciliation.


Citizens Bank – Deposit Reconciliation Enforcement Action Reputational Risk

A headline from the August 12, 2015 USA Today read: “Citizens Bank to Pay $35 million in penalties and restitution”.

All three Consent Decrees were made public.

Financial Risks

In addition to the almost $35 million in restitution and CMPs, the bank’s stock closed down over 3% on the day of announcement of the Consent Orders.

Regulatory Risks

The effect upon the bank’s numerical compliance rating is unknown since such information is confidential. However, the regulatory agencies cited significant deficiencies in the Compliance Management Program of the bank. The Guidance, Consent Decree, and likely the Compliance Reporting of Examination (CROE), referred to possible errors related to Regulation CC account opening disclosures as the written disclosures did not agree with the bank’s actual practices. The bank’s practices were found to be deceptive and/or unfair.

Date post:	28-Mar-2018
Category:	Documents
Upload:	ngobao
View:	222 times
Download:	2 times