A Missouri bank has agreed to pay a civil money penalty of $1.5 million for violations of Section 5 of the Federal Trade Commission Act, related to billing practices with regards to an identity protection product. UMB Bank, N.A. of Kansas City, Mo., has settled charges with the Office of the Comptroller of the Currency without admitting or denying fault.
Misconduct. According to the Consent Order, from June 2009 to February 2013, the bank marketed and sold an identity protection product to bank customers called Fraud Protection Plus. Enrolled consumers were required to provide sufficient personal verification information and consent before their credit monitoring services could begin and their credit bureau reports could be accessed. The OCC alleged that from June 2009 to April 2014, the bank billed Fraud Protection Plus customers for the full fee of the product, even though not all customers were receiving the credit monitoring and/or credit report retrieval services of the product.
The OCC charged UMB Bank with engaging in unfair practices in violation of Section 5 of the FTC Act, causing substantial consumer injury. In addition, the OCC believes that this misconduct is a pattern of misconduct that resulted in financial gain to the bank.
Additional remedies. In addition to the civil money penalty, UMB Bank has agreed to the following actions:
- A Compliance Committee must be established of at least three members, comprised of outside directors. This committee will be responsible for monitoring and overseeing the bank’s compliance with the consent order, and submitting a written progress report to the board of directors. The board must then submit the report, along with any comments, to the Assistant Deputy Comptroller within 10 days.
- Within 90 days of the consent order, the bank must submit an acceptable plan containing a complete description of the actions necessary to comply with the consent order, including specific timelines.
- Full reimbursement to all eligible consumers, including the development of a reimbursement plan within 60 days.
- Within 120 days, the bank must submit a written policy governing the management of third-parties. The management policy must include an analysis of the third party to perform the marketing, sales, delivery, servicing, and/or fulfillment of services for the product in compliance with all applicable consumer protection laws and bank policies and procedures.
- Within 120 days, the bank must submit a revised written enterprise-wide Unfair and Deceptive Acts and Practices risk management program for all consumer products offered by the bank or through third parties as optional add-on products.
Companies: UMB Bank, N.A.
MainStory: TopStory BankingOperations CyberPrivacyFeed EnforcementActions Privacy UDAAP
Interested in submitting an article?
Submit your information to us today!Learn More