Companies should monitor their third-party business partners' contact with consumers. Image: iStock.
Companies should monitor their third-party business partners' contact with consumers. Image: iStock.

On Sept. 25, the Consumer Financial Protection Bureau, in conjunction with the Office of the Comptroller of the Currency, issued a consent order against U.S. Bank for illegal billing practices which specifically implicated a lack of third party service provider oversight and management by U.S. Bank.

U.S. Bank contracted with a TPSP to provide identity protection services and credit monitoring services. As per the CFPB consent order, consumers were billed for services they did not receive; were charged unfairly for interest and fees pertaining to customers’ credit limits and interest charges for services that they never received; and under the mis-impression that the above-listed credit services were being performed. Of note, there is no indication of intent on the part of U.S. Bank to deceive, defraud, overcharge and/or otherwise harm its customers.

The CFPB is requiring U.S. Bank to stop billing its customers for credit monitoring services that are not actually provided; make complete restitution of $48 million to all affected customers; pay a $5 million penalty to the CFPB’s Civil Penalty Fund (the OCC is requiring a separate $4 million penalty); and improve its TPSP oversight and management program.

An important takeaway from this consent order is that the CFPB is enforcing its requirement and expectation that regulated financial institutions develop and maintain a comprehensive TPSP oversight and management program to ensure that all TPSPs with which the financial institution interacts and/or contracts are financially sound, compliant with all applicable federal and state laws and regulations, and actually performing the services for which the TPSP is contracted. This consent order makes clear that the CFPB will hold the financial institution responsible, regardless of intent, for practices by a TPSP with which the financial institution contracts where a consumer is negatively affected.

Financial institutions should ensure that they implement an effective and comprehensive TPSP oversight and management program which conducts appropriate due diligence into the TPSPs and continues to monitor for compliance and performance of services. Financial institutions should also continue to internally monitor all fees and charges they require a consumer to pay to ensure that the fees and charges are reasonable, clear, and actually provided.