The CFPB consent order also directs U.S. Bank to “develop a plan to remediate harmed consumers by returning all unlawfully charged fees and costs, plus interest.”
U.S. Bank “pressured and incentivized its employees to sell multiple products and services to its customers, including imposing sales goals as part of their employees’ job requirements,” CFPB stated in a press release. “In response, U.S. Bank employees unlawfully accessed customers’ credit reports and sensitive personal data to apply for and open unauthorized accounts.”
The CFPB also said it found in its investigation evidence revealing “U.S. Bank imposed sales goals on bank employees as part of their job requirements. U.S. Bank also implemented sales campaigns and an incentive-compensation program that financially rewarded employees for selling bank products.”
Compliance Failures
According to the CFPB, U.S. Bank engaged in the following compliance violations:
- Exploiting personal data without authorization: The Fair Credit Reporting Act (FCRA) defines, among other things, the permissible uses of credit reports, and users of credit reports may only request them if they have a permissible purpose. “U.S. Bank used customers’ credit reports without a permissible purpose, and without its customers’ permission, to facilitate opening unauthorized credit cards and lines of credit,” the CFPB stated.
- Opening accounts without consumer permission: U.S. Bank opened deposit accounts, credit cards, and lines of credit without permission, including opening reserve and premier lines of credit, which carry high interest rates and expensive fees. This conduct violated the Consumer Financial Protection Act Cand the Truth in Lending Act.
- Failing to provide legally required consumer disclosures: The Truth in Savings Act requires banks to provide certain disclosures when opening new deposit accounts. U.S. Bank violated the law when its employees opened consumer deposit accounts without permission and, in the process of doing so, failed to provide the required disclosures.
Additionally, as described in the consent order, U.S. Bank implemented processes that “were not reasonably designed to determine the full scope of improper sales acts or practices.” For example, prior to 2016, U.S. Bank primarily relied on consumers to self-identify, or on consumers or employees to allege improper activity, according to the consent order.
Even when consumers or employees alleged improper sales acts or practices, U.S. Bank “only recorded or investigated the allegations if the allegation was escalated above the bank-branch level,” the consent order continued. U.S. Bank new many allegations weren’t escalated or recorded and did not begin enhancing its processes for detecting and investigating sales misconduct until 2016, according to the consent order.
Under the terms of the CFPB consent order, U.S. Bank must submit a “comprehensive compliance plan” that includes, among other things, “policies and procedures to identify, manage, mitigate, and report risks and misconduct associated with sales-related behaviors,” according to the consent order. It must also describe how [the bank] prevents and detects sales misconduct and oversees the appropriateness, effectiveness, and timeliness of actions taken in response to sales misconduct.”
Wells Fargo: A Comparison
The year U.S. Bank changed its fake account practices—in 2016—was the same year the CFPB hit Wells Fargo Bank with a $100 million penalty for similar illegal account-opening practices. “Spurred by sales targets and compensation incentives, employees boosted sales figures by covertly opening accounts and funding them by transferring funds from consumers’ authorized accounts without their knowledge or consent, often racking up fees or other charges,” the CFPB stated at the time. “According to the bank’s own analysis, employees opened more than two million deposit and credit card accounts that may not have been authorized by consumers.”
“Wells Fargo employees secretly opened unauthorized accounts to hit sales targets and receive bonuses,” said then-CFPB Director Richard Cordray. “Because of the severity of these violations, Wells Fargo is paying the largest penalty the CFPB has ever imposed. Today’s action should serve notice to the entire industry that financial incentive programs, if not monitored carefully, carry serious risks that can have serious legal consequences.” 
Jaclyn Jaeger is a contributing editor at Compliance Chief 360° and a freelance business writer based in Manchester, New Hampshire.