For highly regulated industries, “whole of government” has become a dreaded byword for an era of steadily increasing regulatory burdens. It implies a large, coordinated, multiagency effort directed toward a specific public policy goal, but in reality, federal government agencies often struggle to cooperate with each other, especially as newer agencies are brought into existence with broad remits and unclear boundaries for their own regulatory authority.
The Consumer Financial Protection Bureau (CFPB) provides an excellent case in point. Created via the 2010 Dodd-Frank Act, CFPB’s jurisdiction overlaps with several older agencies. Indeed, it puts the CFPB at the very center of what a financial institution does, and as one might imagine, the agency’s activities can create confusion—both inside and outside of government—about who is regulating what.
To dispel such confusion, federal agencies have long used interagency memoranda of understanding (MOU) to clarify how agencies will collaborate in certain instances, and over time CFPB has entered into several of these with federal and state agencies, including the Federal Trade Commission, the National Labor Relations Board, and, most importantly, the federal agencies responsible for prudential regulation of the financial services industry, including the National Credit Union Administration (NCUA).
In 2012, CFPB entered into a broad multiagency MOU with financial services industry regulators that sought to address how the agencies would share information with one another and how they would coordinate certain activities, like the examinations of depository institutions. In 2021, CFPB entered into another MOU with NCUA alone in order to clarify further the government’s regulatory approach to credit unions, including coordination among both agencies’ enforcement staffs. On an important side note, CFPB’s supervisory authority over credit unions is limited to the 21 institutions with assets of over $10 billion.
Prior to the 2021 MOU, the CFPB’s enforcement actions in the credit union space had been negligible, but that may be changing given the rapid succession in which two CFPB consent orders against credit unions were announced in the last month. Before the fourth quarter of 2024, CFPB had entered one consent order against a credit union over its entire 14-year existence. The focus of the consent orders look very familiar to those who have followed recent CFPB actions.
Gap-filling or overreach?
In theory, coordination between agencies can lead to efficiency and could perhaps even reduce the costs associated with compliance by limiting duplicative or repetitive demands; however, interagency coordination can also potentially lead to regulatory approaches that aggressively push against the limits of an agency’s statutory authority.
For example, is the alleged botched rollout of an online banking system a violation of the Consumer Financial Protection Act? Can mere consumer inconvenience be an unfair and/or deceptive business act and practice under the law? According to the CFPB and NCUA, the answer appears to be yes.
On October 31, 2024, the CFPB sanctioned VyStar Credit Union in connection with Vystar’s troubled 2022 launch of a new online and mobile banking platform. According to the CFPB, VyStar’s “new system crashed upon launch because VyStar brought it online prematurely and failed to establish or follow critical processes to ensure its success.” The system’s technical issues in the aftermath of its launch led to what CFPB characterized as “an unfair practice in violation of the Consumer Financial Protection Act of 2010” that led its customers to face “the assessment of fees for failures to make timely payments, restricted access to their funds, and the inability to effectively manage their accounts.” The CFPB’s order required VyStar to refund fees to affected consumers (something the institution had already put in motion proactively), improve its process for updating its systems, and pay a $1.5 million civil penalty.
Notably, the enforcement action against VyStar was the product of close cooperation between the CFPB and NCUA, including a joint investigation of the alleged violations. The VyStar case provides an interesting window on how two agencies acting together can extend enforcement in ways that one agency alone would perhaps find challenging.
Oops…not again?
A favorite target of federal and state banking regulators is the fees associated with overdrafts, and the CFPB has led the charge. In January 2024, it proposed a rule to limit overdraft fees, and in 2022, it also issued a circular stating that overdraft fees unanticipated by consumers, also known as “surprise” fees, are likely illegal. It is unsurprising, then, that CFPB’s second recent consent order entered against credit unions takes up the issue of overdraft fees. On November 7, 2024, the CFPB found that Navy Federal Credit Union violated the Consumer Financial Protection Act through “charging illegal, surprise overdraft fees on purchases made with sufficient funds” and “charging overdraft fees caused by delayed peer-to-peer payments with undisclosed processing times.” These alleged violations resulted in the largest amount the CFPB has ever obtained from a credit union: an $80 million refund to consumers and a $15 million civil penalty. The order also bans Navy Federal from charging certain overdraft fees altogether.
At the center of the case was Navy Federal’s Optional Overdraft Protection Service (OOPS), which according to the CFPB, generated some $1 billion in overdraft fees between 2017 and 2021. Because of the batch method of processing transactions and the variability of when merchants post transactions to be settled, low-balance accounts are often susceptible to overdrafts—even when an account’s available balance at the time of purchase appears adequate. Overdraft protection products, like OOPS, were meant to protect consumers from these overdrafts; however, because transaction settlement is complex and account balances accessed online are not necessarily “real-time” statements, these overdraft protection products have drawn the ire of regulators and consumers alike.
The CFPB and NCUA have been moving in the same direction on overdraft fees. NCUA’s 2024 Supervisory Priorities letter to the credit union industry specifically mentioned overdraft fees as a point of focus, noting that the agency “will continue an expanded review of credit unions’ overdraft programs, including website advertising, balance calculation methods, and settlement processes. The NCUA will also continue to evaluate adjustments credit unions made to their overdraft programs to address consumer compliance risk and potential consumer harm from unexpected overdraft fees.” The Navy Federal case is an example of how the regulatory hammer can be dropped when agencies with overlapping remits are moving in lockstep.
What this means to you
While the result of the 2024 U.S. presidential election could impact the government’s regulatory posture, coordination between CFPB and NCUA may nevertheless result in more scrutiny and more enforcement in the credit union segment of the financial services industry. Credit unions of all shapes and sizes, including those not subject to the CFPB’s supervisory authority, should take heed.
Contact us
If you have any questions about this increased scrutiny, please contact Marci Kawski, Gina Carter, Brenda Barrett, or your Husch Blackwell attorney.