WASHINGTON Regulators slammed Bank of America on Wednesday with their toughest enforcement action to date on shady marketing and billing practices for add-on products like identity protection, forcing it to pay $772 million in restitution and fines.
It was the fifth multi-agency action taken in recent years against add-on products, but Consumer Financial Protection Bureau officials told reporters Wednesday that there are likely more on the way.
"We will continue to be vigilant in pursuit of anyone who deceives or mistreats consumers," said CFPB Director Richard Cordray, during a call with reporters. "Through the five enforcement actions the Bureau has taken to date on credit card add-on products, we have now put nearly $1.5 billion back into consumers' pockets. We intend to continue cleaning up this market as necessary to ensure that consumers are treated fairly."
The consent orders with the CFPB and Office of the Comptroller of the Currency call for BofA to pay a total of $727 million in relief to affected customers and $45 million in penalties. The bank said it has already stopped selling the add-on products targeted by regulators and refunded money to most customers. It also argued that it will pay another $11 million more in relief than what the CFPB stated.
"Bank of America stopped marketing identity theft protection products in December 2011 and credit card debt cancellation products in August 2012," said Tony Allen, a spokesman for Bank of America, in an emailed statement. "As part of the agreement, Bank of America will pay fines totaling $45 million to the OCC and CFPB and refund approximately $738 million to affected customers. The company has already issued refund payments to the majority of affected customers."
Still, the case was significant for the CFPB because it looked further back than most other cases, examining the billing practices of identity theft products at Bank of America since 2001. The result was a heftier monetary relief action for BofA.
"This is the largest amount of money being refunded to customers in any actions by the CFPB," said Deborah Morris, the CFPB's deputy enforcement director, during a conference call with reporters.
The consent order with the CFPB said the bank and its service provider, FIA Card Services, took monthly payments from consumers for offering credit monitoring and credit report retrieval services that were not actually provided. The agency estimates about 1.5 million consumers paid at least $459 million for such identity protection products. It also alleges that the bank used deceptive marketing tactics when selling a product like payment protection that was meant to cancel the customer's debt if they experienced an involuntary hardship.
"For example, one (telemarketer) script we reviewed stated that with 'Credit Protection Plus,' Bank of America would cancel up to 18 months of the consumer's minimum balance if the consumer was admitted to the hospital for as little as one night," Cordray said. "In reality, a single night's hospital stay would only entitle consumers who successfully navigated Bank of America's claims process to one month of benefits not the 18 months claimed in the scripts."
The CFPB estimates about 1.4 million consumers were affected by such marketing tactics. And the bank "generated hundreds of millions of dollars in revenue" in the two years it offered such payment protection products, Cordray said.
Separately, the OCC also targeted Bank of America's billing practices and ordered the bank to improve its governance of third-party vendors related to add-on products as well as provide a risk management plan for such products that includes its vendors. The OCC issued $25 million in penalties and the CFPB issued $20 million in penalties in addition to the combined $727 million in restitution.
Morris at the CFPB said Bank of America has already paid about $459 million in relief to affected customers with respect to its billing issues and provided six months of no-cost coverage to their customers.
"As we become aware of marketing and billing practices related to products like these, we will continue to assess whether legal violations have occurred and if so, what is the appropriate corrective action," Morris said. "We continue to expect that more actions like this will follow."
The CFPB has looked at add-on products from the agency's inception three years ago, issuing its first joint enforcement action with the OCC in July 2012 against Capital One Financial Corp. for using vendors who aggressively marketed and sold certain add-on products that were offered through two key providers. At the time, those providers who were not named in the settlement were also reportedly being used by Bank of America, Wells Fargo & Co. and Citigroup. Soon after that action, Discover reached a $214 million settlement over allegations that it improperly marketed payment protection and identity theft services to credit card customers.
More recently, the CFPB and other federal regulators reached a $76 million settlement with American Express in December with allegations of deceptive marketing and unfair billing practices in selling credit card add-on products to customers.
American Express has now been hit twice by the CFPB, the first time in late 2012 when several regulators charged $112 million in fines and refunds on allegations that it violated debt-collection practice laws, discriminated against new customers based on age and failed to report consumer disputes to the credit bureaus.
At the time, many observers rightfully saw the large action as a sign of where the CFPB's enforcement agenda was headed. Cordray has also repeatedly cautioned companies that this would be an area the agency would heavily focus on. Most of these companies have since either stopped offering or changed their credit card add-on products. But that has not slowed down the agency.
"We're going to continue to look at these problems as we become aware of them and determine in each case what action is appropriate," said Morris.