CFPB Enters Into $3.2 Million UDAAP Consent Order With Online Lender
An online lender that extends payday and unsecured installment loans reached a settlement with the Consumer Financial Protection Bureau regarding “unfair, deceptive, or abusive acts or practices” allegations that the lender unlawfully debited consumers’ bank accounts without authorization and failed to honor loan extensions to its customers.
Under the terms of the settlement and consent order, the lender is barred from making or initiating electronic fund transfers without valid authorization, and must pay a $3.2 million civil monetary penalty.
A copy of the consent order is available at: Link to Consent Order.
The respondent, an online lender, extends and services unsecured payday and installment loans and lines of credit to individual customers in the U.S., U.K. and Brazil.
The lender purchased consumer loan applications with the consumer’s bank account information from lead generators; in some instances from consumers who already had loans with the lender, but with different bank account information. Because the lender maintained a policy to extend only one loan at a time to any consumer, if it found that the consumer already had an outstanding loan with the lender, it would deny the application.
Beginning in 2010, the lender allegedly used consumer bank account information obtained from loan applications purchased from lead generators to overwrite and replace the banking information it had on file with its existing customers. Supposedly without authorization, the lender was alleged to have electronically debited payments on 5,520 consumers’ outstanding loans from the new bank accounts. Although it stopped overwriting consumers’ bank account information from its lead-generator applications in June 2014, it allegedly continued to debit or attempted to debit 265 customers’ accounts that had already been overwritten at least 6,425 times through December 2018—in most instances supposedly without its customers’ authorization.
As a result of the debits or attempted debits, the lender allegedly extracted millions of dollars in unauthorized debits from customers’ accounts supposedly without their consent, resulting in unexpectedly low or negative balances and impositions of insufficient funds fees and other bank fees to its customers.
During the same relevant period, the lender also allegedly offered certain consumers who had previously repaid two or more loans, and had a debit card on file with the lender, a same-day expedited funding (“flash cash”). In instances where funding to the debit card on file failed, the flash cash funding was allegedly denied, but the loans were funded to the consumer’s bank account the following day.
Between May 2013 and May 2014, the lender supposedly created two records associated with these customers; one incorrectly reflecting the flash cash as returned with a $0 balance, and the second accurately reflecting the loan funded the following day. When some of these consumers later requested and received loan extensions, the lender allegedly incorrectly applied the extensions to the loan files with the $0 balance, rather than the funded loan. This allegedly resulted in 308 consumers not receiving the approved extensions, and having their accounts debited for full loan payments instead of the extension fee, resulting in unexpectedly low or negative balances and impositions of insufficient funds fees and other bank fees to its customers.
After consumers notified the lender of this issue in September 2013, the lender identified the source as a coding error, and implemented a coding fix in January 2014. However, when the fix failed 10 days later, the lender manually disabled it, and did re-enable the fix until May 2014. Affected customers allegedly were not informed that the lender had deducted the full loan payment amounts from their bank accounts, instead of the promised extension fee, until almost a full year later, in April 2015.
As you may recall, section 1031 of the Consumer Financial Protection Act of 2010 provides the CFPB with authority to declare an act or practice to be unlawful if it “has a reasonable basis to conclude that — (A) the act or practice causes or is likely to cause substantial injury to consumers which is not reasonably avoidable by consumers; and (B) such substantial injury is not outweighed by countervailing benefits to consumers or to competition.” 12 U.S.C. §§ 5531(c)(1).
Moreover, section 1036 prohibits any “covered person” or “service provider” “to engage in any unfair, deceptive, or abusive act or practice.” 12 U.S.C. § 5536(a)(1)(B).
The lender (and its subsidiary entities) is subject to the CFPB’s authority because it (i) extends credit and services loans offered or provided for use by consumers primarily for personal, family, or household purposes. (12 U.S.C. § 5481(15)(A)(i)) and; (ii) collects debt related to the loans it extends. 12 U.S.C. § 5481(15)(A)(x).
First, as to the lender’s practice of unauthorized debiting of its customers’ accounts, the CFPB asserted that the injury to consumers from the unauthorized debiting was not outweighed by any countervailing benefit to consumers or to competition, and the consumers supposedly could not have reasonably avoided the injury. Moreover, the cost to the lender from refraining from the practice allegedly would not have been significant. Accordingly, the CFPB concluded that the lender’s practice of unauthorized debiting constituted an unfair act and practice in violation of section 1031(c) and 1036(a) of the CFPA, 12 U.S.C. §§ 5531(c), 5536(a)(1)(B).
As to the lender’s failure to honor loan extensions to its consumers who applied for flash cash funding, the CFPB similarly concluded that injury to consumers from the lender’s failure to honor loan extensions was not outweighed by any countervailing benefit to consumers or to competition. Moreover, the CFPB again asserted that the cost of correcting the lender’s software errors would not have been significant and the erroneous practice did not confer any benefit to consumers or competition.
Accordingly, the lender’s failure to honor loan extensions also was deemed an unfair act and practice in violation of section 1031(c) and 1036(a) of the CFPA, 12 U.S.C. §§ 5531(c), 5536(a)(1)(B).
Pursuant to the CFPB’s consent order, the lender is permanently restrained and enjoined from:
- debiting or attempting to debit any consumer’s bank account without having obtained the consumer’s express informed consent;
- making or initiating electronic fund transfers from a consumer’s bank account on a recurring basis without obtaining a valid authorization signed or similarly authenticated from the consumer for preauthorized electronic fund transfers from that particular bank account and providing the consumer a copy of the authorization signed or similarly authenticated by the consumer for preauthorized electronic fund transfers from the consumer’s account;
- failing to honor loan extensions granted to consumers, and;
- debiting the full payment instead of a loan extension fee to consumers granted a loan extension.
As a result of the above-described violations, the lender was ordered to pay the CFPB a $3.2 million fine.
Under the consent order, additional requirements concerning reporting, distribution of the consent order, record keeping, and compliance monitoring were imposed against the lender. Although the provisions of the consent order do not bar, estop or prevent the CFPB or any other government agency from taking action against the lender, the lender was forever released and discharged from all potential liability for law violations concerning its unauthorized debiting and failure to honor loan extensions.