WASHINGTON — The Consumer Financial Protection Bureau broke the mold traditionally used by other financial regulatory agencies when it issued its first enforcement action last week against Capital One.
The order signaled the CFPB is shooting for higher settlement amounts, is more interested in providing a detailed account of what went wrong, and wants to specify exactly what institutions should do in similar situations.
Overall, the action marked a significant departure from how the federal banking regulators have operated — and is likely to have far-reaching implications for banks large and small.
Based on interviews with both industry representatives and consumer advocates, here are four key takeaways from the Capital One enforcement action:
No more slaps on the wrist. The sheer size of the fine, which involved a total payout of $210 million by Capital One, shows that the CFPB is interested in upping the amounts banks have typically paid in previous consumer action settlements.
That figure, which is nearly three times larger than the $75 million that Capital One provisioned, includes a $25 million penalty to the CFPB and an even larger penalty of $35 million to the Office of the Comptroller of the Currency.
According to industry representatives, CFPB officials believe past penalties have not stopped banks from profiting from unfair and deceptive businesses practices. The agency is pushing to raise the size of payouts in an attempt to end the perception that they are merely the cost of doing business.
"I was surprised at the amount. It was a lot larger than a slap-on-the-wrist or a don't-do-it-again fine," said Scott Hakala, a managing director at CBIZ Valuation Group, who has consulted for plaintiffs suing banks over practices that were similar to those highlighted in the Capital One case.
When asked how the $25 million penalty was determined, a CFPB spokesperson pointed to statutory language suggesting that the agency determined that Capital One violated the law intentionally.
Under the law, CFPB can assess penalties of up to $25,000 per day for reckless violations of the law, and penalties of up to $1 million per day for intentional violations. The CFPB penalties assessed to Capital One work out to around $110,000 per day.
The agency spokesperson suggested in an email that Capital One's willingness to provide full restitution to affected customers resulted in a smaller penalty than would have been assessed otherwise.
Rick Fischer, a financial services lawyer at Morrison Foerster, noted that the CFPB's first-ever penalty exceeds the largest single-company penalty ever issued by the Federal Trade Commission, which is reportedly closing in on a $22.5 million settlement with Google. "That speaks volumes," Fischer said.
The CFPB's more hard-nosed approach to penalties is already having a practical impact, according to an industry source who asked not to be identified. Some banks are beginning to rethink whether it makes sense to offer high-risk products, this person said.
The source also said, "With the penalties as big as this, there's more possibility that some clients will fight rather than settle. That discussion is under way."
Just the Facts, Ma'am. The CFPB's consent agreement includes numerous findings of fact about Capital One's business practices, which is an unusual step for banking regulators to take, according to industry sources.
For example, the consent agreement states: "When cardmembers called to cancel a product, call-center representatives frequently attempted to rebut cardmembers' requests for cancellation, including by repeating many of the same misleading and incorrect assertions about the benefits and costs of the products as in the activation calls. As a result, many of the cardmembers who called to cancel a product were retained."
In most enforcement actions taken by the banking regulators, they typically avoid detailing exactly what happened. Instead, the wrongdoing must be inferred from what steps the agencies require banks to take.
Although Capital One did not admit to the CFPB's findings, they still might prove useful to plaintiffs in other lawsuits, Fischer said.
"If I'm a class-action plaintiff lawyer, I love this, because what it allows me to do is draft a complaint, not at Capital One, but at another institution that operates in this area," he said.
State attorneys general could also benefit from the facts presented by the CFPB. The Hawaii attorney general, for example, has filed suits related to credit-card payment add-ons against not only Capital One, but also Bank of America, Barclays, Chase, Citigroup, Discover and HSBC.
But the CFPB's decision to provide more detail could also have certain positive effects for the banking industry, according to a second industry source who asked not to be identified.
"I think that it may make it easier for other institutions to understand what the problems were," this person said. "It may make it easier for the financial-services industry to understand why the CPFB is doing what it's doing."
Stay on script. Typically, when bank regulators find violations of the law, they instruct the institution to rewrite its policies, and submit those new policies to the regulators for approval.
The CFPB took a more proscriptive approach with respect to Capital One. Under the consent order, the bank agreed to stop all marketing of the specified credit card add-ons, and to delay resuming marketing until after it has submitted an acceptable compliance plan to the CFPB.
Furthermore, the consent order is very specific about what Capital One's compliance plan must include. For example, it states that if customers indicate that they want to cancel a product, Capital One must immediately cancel the product without trying to re-sell it.
Fischer, the industry lawyer, said that other financial institutions, even including those that are not supervised by the CFPB, would be wise to heed the language in the Capital One consent agreement, along with an industry bulletin that the agency released at the same time.
"This is directed, if you will, at Capital One, but what they're really saying is that the industry as a whole should do this," Fischer argued. "This is a very literal set of requirements. And as presented, it's not something that applies just to Capital One."
Under the industry bulletin, the CFPB lays out of a series of specific expectations it has about the scripts that marketers of credit-card add-ons will use. In one example, the scripts are expected to provide clear guidance regarding the wording of rebuttal language that can be used when a customer tries to decline the product.
"I think that should be interesting to the industry, because it just means that the CFPB is going to be very direct in terms of what they want," said the second industry source. "Some people may think it's going too far, and other people may welcome it."
What's Next. Some industry officials have taken solace from the fact that the CFPB only attacked the way that payment protection plans and other credit-card add-ons were being marketed, rather than the products themselves.
But in testimony on Capitol Hill last week, CFPB Deputy Director Raj Date indicated that the agency has yet to make a determination about whether the underlying products, which have drawn fire from consumer advocates for their low payout rates, are abusive to consumers.
"It would be my characterization that, for example, add-on credit card products may make sense for some borrowers. But it doesn't make sense to make that inquiry until you are confident that the sales practices associated with those products in fact abide by the law," he said.
In the meantime, other credit-card issuers besides Capital One may be vulnerable to CFPB inquiries about their marketing practices. Consumer advocates said that a small number of third-party firms have marketed these add-on products to banks, and argued that the problems encountered are unlikely to be isolated to just one institution.
In January, Discover Financial Services announced that it is bracing for an enforcement action by the CFPB and the Federal Deposit Insurance Corp. in connection with the marketing of its payment protection programs.