CFPB dings Discover, Santander in year-end enforcement actions

The Consumer Financial Protection Bureau (CFPB) issued a pair of enforcement actions Tuesday: one ordering Discover to pay $35 million over issues with its student loan servicing program, and a second requiring Santander's U.S. consumer lending arm to pay $4.75 million for knowingly giving inaccurate consumer credit data to credit reporting agencies.

The penalties come amid a flurry of year-end regulatory and legal actions from agencies that oversee banking activity.

The Securities and Exchange Commission (SEC) on Tuesday sued blockchain payments company Ripple for selling more than $1 billion of the cryptocurrency XRP without registering with the agency. The SEC also announced a $65 million settlement last week with stock-trading app Robinhood over the company's failure to disclose until 2018 that it sold its clients' orders to high-speed trading firms.

The Federal Deposit Insurance Corp. (FDIC) last week issued a final rule regarding industrial loan company charters and floated a proposal — in tandem with the Office of the Comptroller of the Currency (OCC) — that would give banks 36 hours to report a cyberattack to their primary federal regulator.

Discover withdrew payments from more than 17,000 consumer accounts without proper validation and canceled payments for more than 14,000 consumers without notifying them, the CFPB said in its consent order Tuesday.

The company also misrepresented the minimum payments more than 100,000 consumers owed, as well as the amounts of interest more than 8,000 consumers paid, the agency found.

Those actions violate a 2015 consent order the bureau handed Discover for misstating the minimum amount due on billing statements.

Tuesday's penalty breaks down to a $25 million fine and $10 million in consumer redress. The 2015 order required Discover to refund $16 million to consumers, pay a $2.5 million penalty and improve its billing, student loan interest reporting, and collection practices.

The 2020 consent order stems from the migration of consumer data to a new student loan servicing platform. However, the CFPB alleges Discover was aware of those migration issues — yet not fully transparent — when bureau representatives performed a site visit in 2017 to test the company's compliance.

"Although Respondent was aware of potential Consent Order Violations arising from the Migration while Bureau examiners were on-site examining Respondent's compliance with the 2015 Consent Order, Respondent did not report these violations to the Bureau at that time," the CFPB wrote in Tuesday's order.

A Discover spokesperson acknowledged to American Banker that the 2017-18 migration of student loan portfolios from two legacy systems caused issues but said many had been resolved.

"While the migration resulted in the development of new and helpful features for consumers and enhancements to the customer experience, it also unfortunately caused issues we did not anticipate," the spokesperson wrote in an email. "We regret that unanticipated migration issues negatively impacted some customers. ... We are committed to complying fully with the consent order."

In the Santander case, the CFPB on Tuesday said the bank violated the Fair Credit Reporting Act by supplying credit bureaus — between June 2016 and August 2019 — with consumer data that contained "systemic errors," including incorrectly stating the date an account first became delinquent and, at times, reporting files as delinquent when they weren't.

Santander knew of some of these errors as early as September 2016 and failed to correct them, the bureau said, adding that many were "internally inconsistent" and should have been "readily apparent" to the bank.

The CFPB ordered Santander to improve its internal policies and procedures regarding data it reports to the credit bureaus and to submit a detailed compliance plan within 45 days.

Two dates are crucial to credit bureaus looking at consumer data supplied by banks: the date a lender pulls the information and the date of first delinquency. The latter date helps the credit bureau know the precise seven-year window to hold negative information — after which the penalty to a consumer expires, according to the Fair Credit Reporting Act.

Those two dates were identical on 35% of accounts Santander gave the credit bureaus between June 2016 and August 2019, the CFPB said.

"We are pleased to resolve this legacy issue and put this matter behind us," a Santander Consumer spokesperson told American Banker in an email Tuesday.

Santander's auto lending practices came under fire in May, when the lender reached a $550 million agreement to settle charges from 34 attorneys general that it made auto loans it knew low-income and subprime borrowers could not pay.

The lender agreed to pay consumers $65 million in restitution, but the bulk of the settlement — $478 million — represented loan forgiveness. Santander agreed to waive about $45 million in loan balances for consumers who had defaulted but whose cars were not repossessed. Santander also said it would waive at least $433 million in deficiency balances — the amount consumers owe after their cars are repossessed.