CFPB Announces First Public Enforcement Action: CFPB and OCC Enter Into Consent Orders with Capital One Bank Requiring an Estimated $150 Million in Restitution and $60 Million in Civil Money Penalties; CFPB Also Issues Related Consumer Advisories and Compliance Bulletin

Sullivan & Cromwell LLP - July 19, 2012

On July 18, 2012, the Consumer Financial Protection Bureau (the “CFPB”) announced its first public enforcement action — a Consent Order requiring Capital One Bank (the “Bank” or “Capital One”) to refund an estimated $140 million to two million consumers and pay a $25 million civil money penalty. The Office of the Comptroller of the Currency (the “OCC”) entered into a related Consent Order with the Bank, assessed a separate $35 million civil money penalty, and is requiring additional restitution for practices that the Bank engaged in but discontinued prior to the effectiveness of the CFPB’s enforcement authority. The OCC Order estimates total restitution to be $150 million (including the restitution required by the CFPB). The Consent Orders relate to the Bank’s sale of credit card “add-on products,” consisting of payment protection and credit monitoring products.

In what is perhaps a demonstration of the CFPB’s approach in future enforcement actions, the CFPB used the Consent Order as a basis for advising consumers and explicitly warning its supervised institutions about practices that the CFPB views as deceptive or otherwise in violation of consumer financial laws. The CFPB released a “consumer advisory” informing consumers who may have been solicited to buy add-on products when calling to activate a credit card to review their statements for unfamiliar fees and contact their credit card provider or the CFPB if they find such fees. The CFPB also released a “compliance bulletin” that notifies the CFPB’s supervised institutions that it will continue to review closely the operations of credit card issuers and service providers with respect to add-on products and will assess whether actions may be necessary to protect consumers from deceptive sales and marketing practices.

The Consent Orders illustrate what appears to be an issue on which the regulators (and now the CFPB) increasingly focus — the reliance by banking institutions on third-party vendors that may engage in questionable or even clearly illegal practices in the sale or servicing of consumer products and services. Both the federal banking agencies and the CFPB appear to apply a theory that banking institutions have full legal responsibility for the actions of their vendors that affect consumers. Accordingly, institutions should be applying a level of risk control and monitoring to these third-party vendors similar to that for the institutions’ own business lines and employees.