Richard Cordray became the first director of the Consumer Financial Protection Bureau lacking any regulatory experience, but with lots of enforcement experience.  (He had previously been designated the CFPB's head of enforcement.) Now he's taking a shortcut, regulating by enforcement rather than developing and implementing substantive regulations. The result is big headlines and benefits for some credit protection customers but not for many others.

A case in point: Credit protection.

Since I invented it over 20 years ago, non-insurance payment or credit protection provided by lenders on most credit cards has generated many billions in bank revenue—right up there with overdraft fees. (For the record: I have no financial interest in this product today.)

Product terms and marketing—not to mention regulations—haven't evolved much.  Yet the CFPB now makes this headline news:

Capital One has settled with the agency and desisted from offering the product. The CFPB also revealed plans to take enforcement action against Discover--which ranked No. 2 in the industry for card customer satisfaction in the recent J.D. Power survey.  

On the CFPB's credit card complaint database, these protection products account for only 4% of complaints—less than late fees, much less than APR. Discover's share of the protection complaints (5 out of a grand total of almost 4,000 credit card complaints and 138 protection complaints) represents far less than its market share. Is the CFPB bothering to read its own data in deciding whom to pursue for what?

Allegations seem to focus on three points: some customers are charged for protection who didn't buy it; the products provide little or no protection to some people who do buy them; and the terms are complicated and inadequately disclosed. 

None of that is alleged to be new. What's new is the swing towards egging on regulators to punish banks, plus legal trends that make the promulgation of new regulations increasingly difficult—small business advisory panels, the threat of cost-benefit analysis requirements, and an overload of Congressional mandates. The compliance bulletin published July 18 by the CFPB is no substitute for explicit regulations.

Charging a customer for anything he hasn't communicated a clear, verifiable decision to buy is heinous. However, payment protection is no more susceptible to this abuse than other optional services such as credit line increases (which likewise should not, although they often do, take place without customer consent), or overdraft protection.

Regulators, including the CFPB, should enact regulations to minimize abuses on all sales. For telephone sales, requirements might include recording and retaining phone calls proving informed consent, with review and reporting on samples of calls. 

Enforcement keyed off the vague "unfair, deceptive, or abusive acts and practices" standard or Federal Trade Commission rule is great for making news but not for protecting consumers. And if a disclosure regulation for protection plans is needed, write it. Regulation Z's disclosure requirements for cards are detailed and complex. They work—an excellent precedent to follow, opposite of UDAAP.

Even adequately informed consumers sometimes decide to buy products that are highly unlikely to help them. A non-earning spouse or a retiree might not notice he'll be paying for without much chance of benefit (since the major benefits of the protection apply only if the cardholder has lost income as a result of involuntary unemployment, illness, accident or disability). Just as he might not notice that a prepaid card account could replace his checking account while costing much less.

So, does the CFPB advocate a suitability requirement, such as the SEC applies to stockbrokers? Should a bank have to say, for instance: "This would be your eighth credit card. You don't need more. We won't issue another"?  Or, "You're spending too much on overdrafts. We won't let you overdraw anymore"?

If we need a suitability regulation, draft it.  Regulators should not attempt to eliminate legal but undesirable behavior, such as sale of unsuitable products, by selective prosecution. Leave that for state attorneys general facing elections.

That said, if I were selling credit protection now, I would set its terms and control marketing so that few if any purchasers expected benefits they would not receive.

Some argue that this product is too profitable—that is, too high-priced.  They think it's insurance. If it were, state insurance commissioners would have horned in years ago.  But it isn't, and they can't.

Here too, how about some fairness? If the CFPB doesn't want consumer financial services to be "too profitable," then let's see a proposed regulation applying that notion fairly. Why not start with credit card interchange fees? But Dodd-Frank, Sec. 1027(o), explicitly prohibits establishment of usury ceilings by the CFPB. If it can't regulate interest rates, it shouldn't regulate other prices.

Treating banks capriciously and unfairly won't help consumers.  It hurts them, generating expense, uncertainty and misdirection.

Andrew Kahr is a principal in Credit Builders LLC, a financial product development company, and was the founding chief executive of First Deposit, later known as Providian.