Lessons Learned from USAA - Reg E & UDAAP

On 1/2/19, new CFPB director Kathleen Kraninger signed a consent order with USAA Federal Savings Bank.  While the consent order outlines millions of dollars in restitutions and penalties, the order provides financial institutions with fairly detailed insights on a number of Regulation E violations identified by the Bureau.  As Regulation E applies to all financial institutions regardless of their regulator, this consent order can be used as a learning tool for appropriately complying with the Regulation.

Specifically, the USAA consent order outlined six main deficiencies that resulted in either a violation of Regulation or a UDAAP violation, or both, including:

  • Stop payments for payday lenders

  • Oral stop payment requests

  • Stop payments on debit cards

  • Failure to initiate error resolution investigations

  • Failure to conduct reasonable error resolution investigations

  • Unfairly reopening closed deposit accounts

Stop Payments for Payday Lenders

The consent order begins by explaining several deficiencies related to stop payment for payday lenders.  The consent order states that the CFPB noted “numerous occasions” where USAA failed to enter stop payment orders after account holders notified the Bank of their desire to stop payment on Preauthorized EFTs, including by refusing to enter stop payments or by requiring consumers to contact the merchants initiating the EFTs as a prerequisite to implementing stop payment orders. In some of these instances, USAA failed to enter stop payment orders because consumers requested to stop payments to payday loan lenders.

Oral Stop Payment Requests

The next deficiency noted by the consent order relates to oral stop payment requests.  In the order, the CFPB explains that USAA did not consistently honor oral stop payment requests for 14 days. This is a problem because, under EFTA and Regulation E, an oral stop payment request for a Preauthorized EFT is binding on the institution for 14 days.  

It is important to note that a financial institution may require the consumer to give written confirmation of the stop payment order within 14 days of the oral notification, and an oral stop payment order ceases to be binding after 14 days if the consumer fails to provide the required written confirmation.  However, an oral stop payment request for a preauthorized EFT is binding during the first 14 days.

Stop Payments on Debit Cards

The consent order then discussed stop payments on debit cards.  Specifically, the CFPB noted that until January 2015, USAA lacked a systemic mechanism to stop payment of Preauthorized EFTs processed via a debit card. As a result, USAA failed to block thousands of Preauthorized EFTs for which consumers requested stop payment orders.

Failure to Initiate Error Resolution Investigations

The next deficiency identified in the consent order relates to USAA’s failure to initiate error resolution investigations.  The CFPB explains that, on numerous occasions, when consumers notified USAA about suspected errors regarding EFTs that were incorrect, unauthorized, or exceeded the authorization granted by the consumer, USAA failed to promptly initiate error resolution Investigations.

In addition, the consent order explained that USAA had a policy (until May 2015) where they did not investigate reported errors unless the consumer asserting the error submitted a completed “Written Statement of Unauthorized Debit” within 10 days of USAA sending the consumer the form.  The policy, of course, directly contradicts the requirement in Regulation E to investigate disputes promptly.

Furthermore, USAA was found to have had had a separate procedure for consumers who notified the Bank of a suspected error concerning a payday loan.  Up until at least April 2013, the procedure said: “If the account holder wishes to dispute a payday loan, instruct the account holder to contact the lender to dispute the transaction(s).”  This procedure, of course, discourages a customer from submitting a dispute and goes directly against Regulation E and what was disclosed in the EFT disclosure.

It was also noted that USAA representatives would sometimes refuse to investigate errors because they concerned payday loans.

The procedure further discouraged customers from disputing a transaction as it instructed USAA representatives to warn consumers about potential legal and financial consequences of proceeding with an Error Resolution Investigation. For instance, through at least April 2013, the procedure directed USAA representatives to say: “If we determine that the ACH debit in question was authorized, you will be putting your USAA membership at risk. What this means to you is that you may become ineligible to purchase additional USAA products and that existing USAA accounts may be closed. Also, please understand that it is a federal crime to make a false statement to a bank and this is punishable by a fine of up to one million dollars or imprisonment for up to 30 years, or both.”

This warning was part of a general conversation with consumers about payday loan contracts. USAA would send “Written Statement of Unauthorized Debit” forms only to consumers who said they wanted to proceed after hearing the warning.

Through March 2016, USAA required consumers contesting transactions from payday loan lenders to have their “Written Statement of Unauthorized Debit” forms notarized before submitting them. If a consumer contesting an error concerning a payday loan lender did not provide a notarized “Written Statement of Unauthorized Debit” form, USAA did not conduct an error resolution Investigation.

Failure to Conduct Reasonable Error Resolution Investigations

The CFPB next explained that until May 2016, USAA lacked a procedure requiring that a reasonable error resolution investigation occur whenever a consumer notified the Bank about a suspected error regarding an EFT. As a result, through May 2016, USAA routinely failed to conduct a reasonable review of all relevant information within its own records prior to making a determination about whether the consumer had asserted a valid error.

The consent order states that when consumers had transactions with the merchant at issue that predated the disputed transaction, USAA made the summary determination that no error had occurred, without reasonably considering other evidence in its own records, including the consumer’s assertion that the EFT was unauthorized or an incorrect amount or the bases for the consumer’s assertion.  Additionally, even when the consumer did not have a transaction history with the merchant, USAA failed to reasonably consider relevant details in its own records, including the consumer’s account history, the consumer’s assertions that the EFT was unauthorized or an incorrect amount, or the bases for the consumer’s assertion.

The CFPB found that in numerous instances when USAA found no error, a reasonable review of all relevant information within the Bank’s own records would have resulted in a determination in favor of the consumer. As a result of these practices, USAA failed to address adequately the unauthorized or incorrect transactions, as required by law.

Unfairly Reopening Closed Depository Accounts

Finally, the Consent order concluded with discussion about a deficiency related to unfairly reopening closed depository accounts.  The CFPB explained that, until November 2016, when USAA received certain types of debits or credits to accounts previously closed by the account holders, the Bank reopened the accounts without obtaining consumers’ prior authorization and providing timely notice to consumers informing them when their accounts had been reopened.

When USAA reopened accounts to process debits, some account balances became negative and therefore potentially subject to various fees, including overdraft fees and fees for non-sufficient funds. Similarly, when USAA reopened an account to process a credit, creditors had the opportunity to initiate debits to the account and draw down the funds, possibly resulting in a negative balance and the accumulation of fees.

The consent order notes that USAA represents that between July 21, 2011 and November 1, 2016, the Bank reopened 16,980 closed accounts without obtaining consumers’ prior authorization and providing timely notice to consumers.  Furthermore, of the consumers whose accounts were reopened, 5,118 incurred fees from USAA totaling an estimated $269,365 as a result of the account reopening.

The entire USAA consent order can be found here.


NEW RESOURCE - List & Links of Banking Regulations

Back-Up BSA Officer Training Expectations