Astonishing: Bank of America has agreed to pay more than $150 million to settle civil charges that its employees engaged in various unethical practices with customers in the 2010s, including allegations that Bank of America had its own unauthorized customer account scandal — one that continued for years after Wells Fargo was nailed for the same misconduct in 2016.
The Consumer Financial Protection Bureau and the Office of the Comptroller of the Currency announced the settlement on Tuesday morning. The misconduct in question fell into three broad categories:
- A junk fees scheme. Bank of America had a policy of charging customers a $35 fee whenever the bank declined a transaction due to insufficient funds. The CFPB found that over a period of years, BofA allowed those fees to be charged multiple times for the same invalid transaction.
- Withholding cash and rewards points on credit cards. Bank of America offered consumers cash and rewards points to open new credit cards, but then withheld those points to consumers who submitted in-person or over-the-phone applications. The bank also denied bonuses to consumers due to the failure of Bank of America’s business processes and systems.
- Unauthorized account opening. To reach now-defunct sales incentive targets, Bank of America employees illegally enrolled consumers in credit card accounts without the consumers’ knowledge or permission. Because of those unauthorized account openings, consumers were hit with unjustified fees, suffered harm to their credit scores, and had to waste their time closing those accounts or correcting errors.
The junk fees and withheld bonus points are bad enough, but let’s be honest — the unauthorized account openings are the incredible allegations here. It is essentially the same misconduct that whalloped Wells Fargo in 2016. The CFPB fined Wells Fargo $185 million in that case, which paved the way to a torrent of other regulatory probes, congressional hearings, fired CEOs, and untold billions in other fines, fees, and costs.
Like, Wells Fargo is legendary in corporate compliance circles as an example of bad governance and awful corporate culture.
According to the CFPB’s settlement order, however, Bank of America’s unauthorized account misconduct ran from the start of 2012 through the end of 2020. So BofA employees were engaging in this nonsense even after every banker with a pulse knew about Wells Fargo’s troubles and just how outrageous unauthorized accounts could be.
Bank of America neither admitted nor denied any of the findings in the CFPB’s order, and had no statement about the case as of Tuesday morning.
The Bogus Accounts
As spelled out in the CFPB consent order, Bank of America evaluated financial center employees partly based on the number of new financial products those employees sold to customers.
“In response to sales pressure or to obtain incentive rewards,” the CFPB order says, “employees sometimes submitted applications for and issued credit cards without consumers’ consent. These acts or practices were contrary to [Bank of America’s] policies and procedures” — although, the order also noted, the number of unauthorized accounts involved only “a small percentage” of the bank’s total new accounts.
Moreover, to open those unauthorized credit cards, Bank of America employees first had to run credit reports on those customers; that means the employees were accessing highly personal customer data without permission or legitimate purpose, and potentially harmed the customers’ credit scores (since frequent credit checks for new cards can lower your score).
The new accounts also sometimes generated fees for the bank. So customers might have incurred improper fees on their accounts, and suffered lower credit scores, and had to spend time closing down accounts they never wanted in the first place.
Still, most troubling to me was this paragraph:
[Bank of America] has addressed a root cause of relevant account-opening practices — individual sales goals and sales-based compensation — by eliminating sales goals both for compensation incentives and for performance management for financial center employees primarily responsible for the sale of consumer credit card accounts as of January 1, 2023.
The root cause of the problem was not eliminated until this year. Meanwhile, the Justice Department released a lengthy statement of facts about Wells Fargo’s criminal misconduct in 2020. That statement of facts went into painful detail about Wells Fargo’s flawed incentive program, which drove thousands of employees to engage in unauthorized account misconduct.
So it took Bank of America three years to eliminate a similar dynamic in its own house? I’m not naive; I assume many large consumer banks had similar issues in the early 2010s — but I also assumed that they raced to cease those bad practices in the mid-2010s when Wells Fargo became the poster boy for bad bank behavior. Now we have Bank of America continuing that troublesome behavior for years more. Yikes.
The CFPB settlement order also contained numerous compliance reforms that Bank of America needs to implement.
First, the bank promises not to use sales goals for incentive-based compensation or performance management for those financial center employees for the next three years. Apparently this restriction applies specifically to “employees who are primarily responsible for the opening of consumer credit cards.” It’s unclear whether the bank will expand that restriction to other employees too.
Second, Bank of America must also document that customers have indeed consented to the opening of new financial products. The bank must also implement policies and procedures as necessary to handle consumer complaints about possible unauthorized accounts, and train employees on what those policies and procedures are.
The bank also needs to draft a “compliance plan” within 90 days to assure that its credit-card opening processes comply with federal law and banking regulations. Bank of America’s board then needs to review that plan, authorize whatever actions are necessary to execute the plan, and then require regular updates from management about the progress of that compliance plan.
Another interesting item: how Bank of America must make restitution to all those harmed consumers. Within 30 days the bank must draft a “Redress Plan” that…
- Uses data analytics “other methods available” to identify customers financially harmed by unauthorized accounts;
- Calculate the amount that each harmed customer should receive; and
- Describe how Bank of America will try to reach those customers, and what efforts the bank will undertake to locate customers whose payment letter is returned as undeliverable.
Six months after the plan goes into effect, Bank of America’s internal audit team must then review how well the bank has complied with the plan and whether any outstanding actions still need attention.
We also have the fines and penalties. Bank of America agreed to set aside $80 million to repay customers who suffered improper fees. (BofA already paid $23 million to customers for the bonus points never awarded.) The bank also agreed to pay:
- $30 million to the CFPB for the unauthorized account openings;
- Another $60 million to the CFPB for the repeated insufficient fund fees;
- $60 million to the Office of the Comptroller of the Currency as a separate settlement for the insufficient fees.
We should also note that this is only the latest of several enforcement actions Bank of America has endured in recent years. In 2014, the CFPB ordered Bank of America to pay $727 million in redress to its victims for illegal credit card practices. In May 2022, the CFPB ordered Bank of America to pay a $10 million civil penalty over unlawful garnishments and, later in 2022, the CFPB and OCC fined Bank of America $225 million and required it to pay hundreds of millions of dollars in redress to consumers for botched disbursement of state unemployment benefits during the COVID-19 pandemic.
The more things change, the more things stay the same.