The CFPB continues to flex its muscle and expand its reach, this time punishing a prepaid card provider and its vendor for a conversion to a new system that did not go as planned. The consent order, which was entered into without any admission of liability, requires UniRush and its vendor/payment processor to pay an estimated $10 million in restitution to affected consumers and a civil monetary penalty of $3 million.
According to the Consent Order, the problems began with a conversion by UniRush to a new payment processor owned by Mastercard. Despite having engaged in pre-conversion testing and multiple mock tests in preparation for the actual conversion, the conversion did not go as planned. Instead, the conversion took longer than expected and led to a number of issues for consumers. Further, despite having hired additional agents to meet an anticipated spike in customer needs, UniRush could not meet the increased customer service demand.
Of concern is the CFPB’s finding that UniRush engaged in unfair and deceptive practices by failing to ensure pre-conversion testing by its vendor. The CFPB found UniRush had engaged in unfair and deceptive practices despite noting that:
Despite these findings, the CFPB found that “UniRush failed to prepare a contingency plan that would enable it to scale its customer service response to meet the increased demand on its customer service system that resulted from the service disruptions it experienced following the conversion.” The CFPB concluded that “UniRush’s acts or practices in preparing for the payment processor conversion caused or were likely to cause substantial injury to consumers that was not reasonably avoidable or outweighed by countervailing benefits to consumers or to competition.” Consent Order, ¶ 35.
The Consent Order focuses, among other things, upon what the CFPB deemed to be an inadequate incident response program. The Order makes clear that the CFPB will not allow covered entities to rely solely on their vendors to ensure system conversions go as planned and the need for businesses to have plans in place to deal with system failures or service disruptions.
The Consent Order provides guidance for others in the financial services sector as to the CFPB’s expectations regarding response programs in place any time there is a system conversion which may impact consumers. The Consent Order suggests that entities, at a minimum, should have:
Caren Enloe leads Smith Debnam’ s consumer financial services litigation and compliance group. In her practice, she defends consumer financial service providers and members of the collection industry in state and federal court, as well as in regulatory matters involving a variety of consumer protection laws. Caren also advises fintech companies, law firms, and collection agencies regarding an array of consumer finance issues. An active writer and speaker, Caren currently serves as chair of the Debt Collection Practices and Bankruptcy subcommittee for the American Bar Association’s Consumer Financial Services Committee. She is also a member of the Defense Bar for the National Creditors Bar Association, the North Carolina State Chair for ACA International’s Member Attorney Program and a member of the Bank Counsel Committee of the North Carolina Bankers Association. Most recently, she was elected to the Governing Committee for the Conference on Consumer Finance Law. In 2018, Caren was named one of the “20 Most Powerful Women in Collections” by Collection Advisor, a national trade publication. Caren oversees a blog titled: Consumer Financial Services Litigation and Compliance dedicated to consumer financial services and has been published in a number of publications including the Journal of Taxation and Regulation of Financial Institutions, California State Bar Business Law News, Banking and Financial Services Policy Report and Carolina Banker....LEARN MORE