Thursday, February 7, 2019

FYI: CFPB Enters into $3.2MM UDAAP Consent Order With Online Lender

An online lender that extends payday and unsecured installment loans reached a settlement with the Consumer Financial Protection Bureau (CFPB) regarding "unfair, deceptive, or abusive acts or practices" allegations that the lender unlawfully debited consumers' bank accounts without authorization and failed to honor loan extensions to its customers.


Under the terms of the settlement and consent order, the lender is barred from making or initiating electronic fund transfers without valid authorization, and must pay a $3.2 million civil money penalty.


A copy of the consent order is available at:  Link to Consent Order


The respondent, an online lender ("Lender"), extends and services unsecured payday and installment loans and lines of credit to individual customers in the U.S., U.K. and Brazil. 


Lender purchased consumer loan applications with the consumer's bank account information from lead generators; in some instances from consumers who already had loans with Lender, but with different bank account information.  Because Lender maintained a policy to extend only one loan at a time to any consumer, if it found that the consumer already had an outstanding loan with Lender, it would deny the application.


Beginning in 2010, Lender allegedly used consumer bank account information obtained from loan applications purchased from lead generators to overwrite and replace the banking information it had on file with its existing customers.  Supposedly without authorization, Lender was alleged to have electronically debited payments on 5,520 consumers' outstanding loans from the new bank accounts.  Although it stopped overwriting consumers' bank account information from its lead-generator applications in June 2014, it allegedly continued to debit or attempt to debit 265 customers' accounts that had already been overwritten at least 6,425 through December 2018—in most instances supposedly without its customers' authorization.


As a result of the debits or attempted debits, Lender allegedly extracted millions of dollars in unauthorized debits from customers' accounts supposedly without their consent, resulting in unexpectedly low or negative balances and impositions of insufficient funds fees and other bank fees to its customers.


During the same relevant period, Lender also allegedly offered certain consumers who had previously repaid two or more loans, and had a debit card on file with Lender, a same-day expedited funding ("Flash Cash").  In instances where funding to the debit card on file failed, the Flash Cash funding was allegedly denied, but the loans were funded to the consumer's bank account the following day. 


Between May 2013 and May 2014, Lender supposedly created two records associated with these customers; one incorrectly reflecting the Flash Cash as returned with a $0 balance, and the second accurately reflecting the loan funded the following day.  When some of these consumers later requested and received loan extensions, Lender allegedly incorrectly applied the extensions to the loan files with the $0 balance, rather than the funded loan.  This allegedly resulted in 308 consumers not receiving the approved extensions, and having their accounts debited for full loan payments instead of the extension fee, resulting in unexpectedly low or negative balances and impositions of insufficient funds fees and other bank fees to its customers.


After consumers notified Lender of this issue in September 2013, Lender identified the source as a coding error, and implemented a coding fix in January 2014. However, when the fix failed ten days later, Lender manually disabled it, and did re-enable the fix until May 2014.  Affected customers allegedly were not informed that Lender had deducted the full loan payment amounts from their bank accounts, instead of the promised extension fee, until almost a full year later, in April 2015.


As you may recall, sections 1031 of the Consumer Financial Protection Act of 2010 provides the CFPB with authority to declare an act or practice to be unlawful if it "has a  has a reasonable basis to conclude that — (A) the act or practice causes or is likely to cause substantial injury to consumers which is not reasonably avoidable by consumers; and (B) such substantial injury is not outweighed by countervailing benefits to consumers or to competition."  12 U.S.C. §§ 5531(c)(1).


Moreover, section 1036 prohibits any "covered person" or "service provider" "to engage in any unfair, deceptive, or abusive act or practice."  12 U.S.C. § 5536(a)(1)(B).


Lender (and its subsidiary entities) is subject to the CFPB's authority because it (i) extends credit and services loans offered or provided for use by consumers primarily for personal, family, or household purposes. (12 U.S.C. § 5481(15)(A)(i)) and; (ii) collects debt related to the loans it extends. 12 U.S.C. § 5481(15)(A)(x).


First, as to the Lender's practice of unauthorized debiting its customers' accounts, the CFPB asserted that the injury to consumers from the unauthorized debiting was not outweighed by any countervailing benefit to consumers or to competition, and the consumers supposedly could not have reasonably avoided the injury.  Moreover, the cost to Lender from refraining from the practice allegedly would not have been significant.  Accordingly, the CFPB concluded that Lender's practice of unauthorized debiting constituted an unfair act and practice in violation of section 1031(c) and 1036(a) of the CFPA, 12 U.S.C. §§ 5531(c), 5536(a)(1)(B).


As to Lender's failure to honor loan extensions to its consumers who applied for Flash Cash funding, the CFPB similarly concluded that injury to consumers from Lender's failure to honor loan extensions was not outweighed by any countervailing benefit to consumers or to competition.  Moreover, the CFPB again asserted that the cost of correcting Lender's software errors would not have been significant and the erroneous practice did not confer any benefit to consumers or competition. 


Accordingly, Lender's failure to honor loan extensions also was deemed an unfair act and practice in violation of section 1031(c) and 1036(a) of the CFPA, 12 U.S.C. §§ 5531(c), 5536(a)(1)(B).


Pursuant to the CFPB's Consent Order, Lender is permanently restrained and enjoined from:

debiting or attempting to debit any consumer's bank account without having obtained the consumer's express informed consent;

making or initiating electronic fund transfers from a consumer's bank account on a recurring basis without obtaining a valid authorization signed or similarly authenticated from the consumer for preauthorized electronic fund transfers from that particular bank account and providing the consumer a copy of the authorization signed or similarly authenticated by the consumer for preauthorized electronic fund transfers from the consumer's account;

failing to honor loan extensions granted to consumers, and;

debiting the full payment instead of a loan extension fee to consumers granted a loan extension.


As a result of the above-described violations, Lender was ordered to pay the CFPB a $3.2 million fine.  


Under the Consent Order, additional requirements concerning reporting, distribution of the consent order, recordkeeping, and compliance monitoring were imposed against Lender.  Although the provisions of the Consent Order do not bar, estop or prevent the CFPB or any other government agency from taking action against Lender, Lender was forever released and discharged from all potential liability for law violations concerning its unauthorized debiting and failure to honor loan extensions.




Ralph T. Wutscher
Maurice Wutscher LLP
The Loop Center Building
105 W. Madison Street, 18th Floor
Chicago, Illinois 60602
Direct:  (312) 551-9320
Fax: (312) 284-4751

Mobile:  (312) 493-0874


Admitted to practice law in Illinois




Alabama   |   California   |   Florida   |   Georgia   |   Illinois   |   Massachusetts   |   New Jersey   |   New York   |   Ohio   |   Pennsylvania   |   Texas   |   Washington, DC



NOTICE: We do not send unsolicited emails. If you received this email in error, or if you wish to be removed from our update distribution list, please simply reply to this email and state your intention. Thank you.

Our updates and webinar presentations are available on the internet, in searchable format, at:


Financial Services Law Updates




The Consumer Financial Services Blog








California Finance Law Developments