Earlier this month, Bank of America, N.A. and its credit card subsidiary FIA Card Services, N.A. got hit with millions in fines from the Consumer Financial Protection Bureau (CFPB) and the Office of the Comptroller of the Currency (OCC) for unfair billing practices related to the companies' handling of identity theft protection products.
The CFPB has ordered the companies to pay $727 million in consumer relief to approximately 1.4 million Bank of America credit card holders in order to make good on deceptive marketing of credit card add-on products. In addition, the CFPB found that the financial institution charged about 1.9 million accounts for credit monitoring and credit reporting services that they never delivered. Along with the restitution, Bank of America will have to pay the CFPB a $20 million civil money penalty.
"We have consistently warned companies about illegal practices related to credit card add-on products," said CFPB Director Richard Cordray in a statement. "Bank of America both deceived consumers and unfairly billed consumers for services not performed. We will not tolerate such practices and will continue to be vigilant in our pursuit of companies who wrong consumers in this market."
The CFPB's findings were two-fold. In the first, the CFPB found that Bank of America gave consumers misleading information about its Credit Protection Plus and Credit Protection Deluxe credit card payment protection products. These products were designed so consumers could ask for cancellation of credit card debt if faced with life hardships, such as unexpected unemployment or disability, or if they had a sudden change in income for life events like going to college or retiring.
In its findings, the CFPB discovered that telemarketers selling these products often went off script during their sales pitches and provided misleading information to more than 1.4 million cardholders.
In the second part of its decision, the CFPB found that Bank of America enrolled cardholders in its consumer credit monitoring services called Privacy Guard, Privacy Source and Privacy Assist without their consent, which is a violation of federal law.
In response, Bank of America has halted these practices. It stopped marketing the identity protection products in December 2011 and the credit protection products in August 2012. By March 2013, it provided six months of no-cost coverage to consumers who were already enrolled in the services, and cancelled all existing accounts as of September 2013.
The CFPB order stipulates that Bank of America may not market credit protection or credit monitoring add-on products until it submits a plan to the CFPB stating how it will comply with regulations around marketing and selling these products. It can no longer bill consumers for products in which they don't receive the promised benefits. Bank of America also had to pay $268 million in refunds to the 1.4 million customers who were trapped in these deceptive marketing practices and then another $459 million to 1.9 million customers who were paying for credit monitoring services but receiving no service.
The OCC also found fault with Bank of America in these misleading practices and while it worked with the CFPB for the restitution orders against the bank, it also levied a $25 million fine against the bank and its subsidiary because their billing practices for these two categories of products violated the section of the Federal Trade Commission Act that prohibits unfair and deceptive acts or practices. Along with paying this fine, Bank of America must improve how it manages third-party vendors who provide such add-on consumer services and create a risk management program for these products.
Bank of America has issued a statement saying it has already issued refunds to the majority of customers affected by these rulings.