CFPB sues credit reporter and one of its executives
On April 12, the CFPB sued a credit reporting agency (CRA), two of its subsidiaries (collectively, “corporate defendants"), and a former senior executive for allegedly violating a 2017 enforcement order in connection with alleged deceptive practices related to their marketing and sale of credit scores, credit reports, and credit-monitoring products to consumers. The 2017 consent order required the corporate defendants to pay a $3 million civil penalty and more than $13.9 million in restitution to affected consumers as well as abide by certain conduct provisions (covered by InfoBytes here). The Bureau’s announcement called the corporate defendants “repeat offender[s]” who continued to engage in “digital dark patterns” that caused consumers seeking free credit scores to unknowingly sign up for a credit monitoring service with recurring monthly charges. According to the Bureau’s complaint, the corporate defendants, under the individual defendant’s direction, allegedly violated the 2017 consent order from the day it went into effect instead of implementing agreed-upon policy changes intended to stop consumers from unknowingly signing up for credit monitoring services that charge monthly payments. The Bureau claimed that the corporate defendants’ practices continued even after examiners raised concerns several times. With respect to the individual defendant, the Bureau contended that he had both the “authority and obligation” to ensure compliance with the 2017 consent order but did not do so. Instead, he allowed the corporate defendants to “defy the law and continue engaging in misleading marketing, even in the face of thousands of consumer complaints and refund requests.” The complaint alleges violations of the CFPA, EFTA/ Regulation E, and the FCRA/Regulation V, and seeks a permanent injunction, damages, civil penalties, consumer refunds, restitution, disgorgement and the CFPB’s costs.
CFPB Director Rohit Chopra issued a statement the same day warning the Bureau will continue to bring cases against repeat offenders. Dedicated units within the Bureau’s enforcement and supervision teams will focus on repeat offenders, Chopra stated, adding that the Bureau will also work with other federal and state law enforcement agencies when repeat violations occur. “Agency and court orders are not suggestions, and we are taking steps to ensure that firms under our jurisdiction do not engage in repeat offenses,” Chopra stressed. He also explained that the charges against the individual defendant are appropriate, as he allegedly, among other things, impeded measures to prevent unintended subscription enrollments and failed to comply with the 2017 consent order, which bound company executives and board members to its terms.
The CRA issued a press release following the announcement, stating that it considers the Bureau’s claims to be “meritless” and that as required by the consent order, the CRA “submitted to the CFPB for approval a plan detailing how it would comply with the order. The CFPB ignored the compliance plan, despite being obligated to respond and trigger deadlines for implementation. In the absence of any sort of guidance from the CFPB, [the CRA] took affirmative actions to implement the consent order.” Moreover, the CRA noted that “[r]ather than providing any supervisory guidance on this matter and advising [the CRA] of its concerns – like a responsible regulator would – the CFPB stayed silent and saved their claims for inclusion in a lawsuit, including naming a former executive in the complaint,” and that “CFPB’s current leadership refused to meet with us and were determined to litigate and seek headlines through press releases and tweets.”