Hands Pen House Keyboard
ComplianceFebruary 14, 2023

A thoughtful approach to aligning bank deposit and disclosure activities

(As published in BankingExchange.com)

CFPB consent order highlights UDAAP issues around deposit practices

In late 2022, the Consumer Financial Protection Bureau (CFPB) issued a consent order (“Order”) with a major U.S. bank (“Bank”) alleging numerous violations over many years — some of which the Bank ultimately discontinued. The alleged violations of the Consumer Financial Protection Act (CFPA) all involved unfair, deceptive, or abusive acts or practices (UDAAP).

The alleged violations crossed multiple lines of business including auto loan servicing, home mortgage servicing, and deposit accounts. It should be noted that this Bank consented to the issuance of the Order, but it did not admit or deny any of the findings of fact or conclusions of law relating to the specified violations.

While this article explores alleged deposit UDAAP violations at a large bank, financial institutions of all asset sizes should be aware of the findings. The Order identified other issues this article doesn’t address, but it provides a timely reminder to review the CFPB’s new guidance,[1] to reevaluate the effectiveness of one’s compliance management systems, and it’s an opportunity to consider some action steps for banks in helping promote adherence to UDAAP principles.

Service fee waivers

In this instance, the Bank had a policy of waiving monthly service fees on some of its checking accounts in certain circumstances. Specifically, its documentation stated that the fees would be waived if the consumer had 10 debit card transactions or other payments in a monthly cycle. However, according to the Order, the Bank only counted debit card transactions that posted during the statement cycle.

The CFPB concluded this was a “deceptive” act or practice under the CFPA.

Critical to the deceptive finding is that the Bank’s deposit disclosures said one thing, but its actual practices did something else.

Applying fee waivers is not inherently deceptive; however, if the circumstances under which certain fees are waived while others are not can raise questions from regulators — and increase inherent risk. For good order’s sake, financial institutions are advised to regularly test and/or audit fee waivers (e.g. annually) from a sample of all deposit account types to ensure that actual practices match disclosures.

Authorize positive settle negative (APSN) overdraft fees

According to the Order, the Bank engaged in the practice of charging overdraft fees on transactions that were authorized on an account with a positive balance, but which had a negative balance when the transaction settled. This is sometimes referred to as an authorized positive, settled negative (or APSN) transaction.

The CFPB concluded these were “unfair” acts or practices under the CFPA. The CFPB aligns its definition of “unfair” with the definition in Sec. 1031 of the Dodd-Frank Act—that is, the practice causes or is likely to cause substantial injury to consumers and the injury is not reasonably avoidable by consumers, and the injury is not outweighed by countervailing benefits to consumers or to competition. This finding is consistent with the Bureau’s previous stance on this issue and is important because a finding of “unfair” means disclosure alone does not provide a remedy. In other words, the practice needs to be avoided or modified to avoid liability.

It is notable that the Bank had already discontinued this practice on consumer debit card purchases in March 2022 and at the time of the Order was in the process of stopping the practice on Automated Teller Machine (ATM) transactions.

Account freezes – Do what’s appropriate

According to the Order, from 2011-2016, the Bank had relied on an automated fraud detection system that identified potentially fraudulent deposits and sent them for employee review. The Bank’s typical response was to freeze a consumer’s entire deposit account, along with the consumer’s other accounts. This account freeze prevented the consumer from accessing any funds in the account for, on average, a period of at least two weeks. The CFPB concluded this was an “unfair” act or practice under the CFPA.

Importantly, the CFPB points out that the Bank “changed its practice and began using, where appropriate under the circumstances and sufficient to prevent further fraud, lesser restraints such as item-level holds under Regulation CC” (Availability of Funds and Collection of Checks).

This is important information and can be interpreted as the CFPB saying that the actions a financial institution takes in response to suspected fraud need to be appropriate to the circumstances — and that a one-size-fits-all policy of freezing or closing an account is not acceptable.

It is also instructive that the CFPB did not recite what the Bank’s deposit terms and conditions said. And that approach makes sense because, since the practice was found to be “unfair,” it is the Bank’s acts or practices that matter and not so much what its documentation says.

So, does this mean an institution’s deposit terms and conditions cannot reserve the right to close or freeze an account in response to suspected fraud? No. In fact, including such a provision is common practice. Again, when evaluating whether a practice is “unfair” under UDAAP, it is not so much what the contract says as it is the actions taken in a particular circumstance. Thus, in some cases, it may very well be appropriate to close or freeze an account.

Let’s look at a couple examples.

Example #1

Let’s say a married couple routinely use an institution’s remote deposit capture service and both spouses inadvertently deposit the same set of checks their child received for his or her birthday. An automated fraud detection system could very well identify this as suspected fraud.

Example #2

A consumer deposits a series of checks from his or her employer into a personal account. The automated system flags the action as possible fraud and the initial investigation suggests that this appears to be intentional (i.e., criminal behavior).

Clearly, under the CFPB’s analysis, a financial institution’s response to these two situations should be considerably different. Under Example #1, freezing or closing all of the consumers’ account is an overreaction. A much more measured response would be to place holds on the duplicate items until the mistake can be rectified. Under Example #2, however, it may very well be appropriate for a financial institution to freeze or close all the consumer’s accounts.

In other words, just because deposit terms and conditions permit a freeze or closure, it does not mean such action is warranted. But it also does not mean such options should be removed from disclosures.

Conclusion and action steps

There are a number of lessons that can be learned from the CFPB’s Order. For the service fee waiver issue, the CFPB noted a disconnect between the Bank’s disclosures and its product implementation. Financial institutions would be wise to review their disclosures against their actual practices and make sure the two align. In other words, compliance needs to be operationalized, monitored, and tested.

APSN transactions have been the source of numerous class action lawsuits in recent years. In addition, numerous agencies have recently taken the position that the practice is unfair and should be discontinued. The Bank’s recent action to discontinue the practice showed reactive rather than proactive compliance. Unfortunately for them, it does not appear the CFPB provided any leniency for the Bank’s recent action. As a result, financial institutions still engaged in the practice would be wise to discontinue it immediately and take any additional remediation before being contacted by the CFPB.

Issues surrounding the freezing of accounts, whether there is suspected fraud or not, remains a concern. Failure to disclose and document why an account is frozen, or applying universal standards when an account should be frozen, has been deemed a potentially unfair practice. Clearly, the CFPB is saying a one-size-fits-all approach will not pass muster. As a result, financial institutions would be wise to review their policies and procedures and institute practices appropriate to the specific circumstances.

For further discussion of legal and regulatory trends affecting overdraft and NSF fees, please see the article, “Overdrafts: Litigation, Regulatory Trends, and Action Steps,” by Wolters Kluwer’s Karl Leslie and Therese Kieffer (September 2022).


[1] The CFPB’s March 2022 procedures include guidance on the principles of unfairness, deception, and abuse; assessing the risk that institutions’ practices may be unfair, deceptive, or abusive acts or practices; and understanding the interplay between unfair, deceptive, or abusive acts or practices and other consumer protection statutes.

Back To Top