Go to main content

Engagement

Awareness
News
Young Professionals
Foundation

Events

Register Now
 
 
More Upcoming events
Support
America's Credit Unions

Resources

Industry
Small-Asset CUs
Careers & Finder
Position Toolkits

About Us

Our Story
Organization
Membership
Opportunities
menu logo
Home

  • February 11, 2025
    IRAs: Essentials and Advanced Workshop
  • March 26, 2025
    Marketing, Compliance, YOU and Lending Conference

  • Sponsor an Event
  • Speaker Proposals

Take A Second: CU Legal Insights

"Take A Second: CU Legal Insights" offers weekly updates and legal analysis tailored for credit unions, helping navigate regulatory landscapes and stay informed on industry trends.

masthead banner

Large CFPB Enforcement Actions Against Credit Unions

11/11/2024

This week, we are taking a second to dig into some of the recent enforcement actions brought by the Consumer Financial Protection Bureau (CFPB) against credit unions and what led to the CFPB taking action for violations of the Consumer Financial Protection Act. Please keep in mind that we have not reviewed any documents or defenses of the credit unions relating to either of the enforcement actions outlined below. The credit unions may dispute the allegations or finding and we are simply summarizing what has been made public below.  

Let’s jump right in! 

In Case You Missed It  

In a little over a week’s time, the CFPB has issued enforcement actions featuring large monetary penalties against two credit unions under their purview. On the receiving end of these penalties were VyStar Credit Union, based in Florida, and Navy Federal Credit Union, based in Virginia. As a quick reminder, the CFPB have authority to take action against credit unions that have assets of $10 billion or higher that violate the Consumer Financial Protection Act.  

Now, more on the “what” that led the CFPB to take action.  

VyStar Ordered to Pay $1.5 Million Civil Penalty 

According to the CFPB, when VyStar rolled out their new online banking platform back in May of 2022, they left their members in the lurch for an extended period of time, causing them financial harm. The new online banking platform’s functionality - or lack thereof according to the CFPB- made it difficult for members to do basic banking actions, which resulted in members being charged fees for a variety of reasons. 

The National Credit Union Administration (NCUA) also weighed in on the situation, agreeing with the CFPB’s order, stating that there was a lack of due diligence on the part of VyStar’s leadership team. Because of the mismanagement, as determined by the regulators, of the new online banking platform rollout, members were financially harmed. NCUA Chairman Todd Harper further provided that this “failure” not only caused harm to the members but also led to “safety and soundness problems like strategic, reputational, legal and compliance risks.” 

In the action brought by the CFPB against VyStar, the CFPB stated that the credit union ignored red flags and proceeded with the rollout despite knowing there were substantial issues. This caused their members to lose access to their accounts and funds, which led to fees and other financial harm to occur. The CFPB pointed to VyStar’s hasty rollout, including bypassing appropriate testing, stating that VyStar ignored issues and warnings from their development team that the platform was not yet ready.  

As part of the Enforcement Action, the CFPB is requiring that Vystar: 

  1. Refund fees to affected consumers. This includes any fees members had to pay to third parties as a result of not having access to online banking, in addition to any fees they charged their members that were incurred because of the improper rollout.  
  2. Clean up process for updating its system. Ensuring that there are contingency plans so that a situation like this doesn’t happen in the future.  
  3. Pay a $1.5 million fine. This fine is to be paid to the CFPB’s victim relief fund.  

Navy Federal Ordered to Pay Largest Civil Penalty to Date: $95 million. 

Navy Federal was also hit last week with the largest civil penalty to date issued by the CFPB. The CFPB is requiring that Navy Federal refund $80 million to consumers and pay $15 million into the CFPB’s victim relief fund as a result of their violations of the Consumer Financial Protection Act.  

According to the order filed by the CFPB, Navy Federal was charging illegal overdraft fees from 2017 until 2022. The claim states that, during that period, Navy Federal was charging members surprise overdraft fees on certain ATM withdrawals and overdraft transactions despite their accounts showing that they had sufficient funds to cover the transaction. The CFPB found that members were charged an overdraft fee for transactions where there was a sufficient balance in the account at the time of the transaction, but where the account had a negative balance once the purchase posted to the account, which was sometimes days later.  

The CFPB also discovered that when members received funds through peer-to-peer payment systems like CashApp, Zelle, PayPal and others, their Navy Federal accounts showed that the money was available immediately. However, the CFPB claimed that Navy Federal failed to inform their members that any payments received after 10:00 p.m. EST (and later, after 8:00 p.m. EST) would not actually be posted and available to spend until the next business day. Members who tried to use funds that appeared to be readily available were charged overdraft fees.  

As part of the Enforcement Action the CFPB is requiring Navy Federal to:  

  1. Refund Overdraft Fees. The improper overdraft fees charged by Navy Federal must be returned to affected members. This amount totals over $80 million in consumer redress.  
  2. Banned from charging certain overdraft fees. As a result of these violations of the Consumer Financial Protection Act, Navy Federal no longer is allowed to charge overdraft fees that are a result of insufficient funds at the time of processing or overdraft fees that result from delayed posting of funds received from peer-to-peer platforms.  
  3. Pay a $15 million fine. This fine is to be paid to the CFPB’s victim relief fund.  

Key Takeaways? 

Regardless of the size of your credit union, it is imperative to keep your finger on the pulse of current issued orders and filed lawsuits. By doing so, it allows you to evaluate your own internal practices against those that have been deemed insufficient and provides an opportunity to make the necessary changes to address deficiencies. It also increases awareness of the things that could trickle down. 

As we all know, regulators and lawmakers at all levels continue to attack fees of all kinds. The action taken against Navy Federal just brightens the spotlight on fees and fee-charging practices. Use this as a reminder to take a look at your own practices, policies and procedures.  

It is also more important than ever to ensure there are proper safeguards in place when implementing new technologies, especially something as expansive as an online banking platform. Slow and steady wins the race.  

To sum it up, I know that lately it feels like credit unions are constantly under a microscope and, much like Roz from Monsters Inc., the regulators are “always watching” - and they are - let these orders serve as a reminder to continually review your policies and procedures and to adjust accordingly to ensure that you and your credit union aren’t next. 

As always, this article is intended for general information only and does not constitute legal advice. If you have any questions about these topics and/or the possible implications, you should contact your attorney for advice. 

Hope to see you next time, when we take a second to discuss fraud trends!



« Return to "Take a Second CU Legal Insights"
Go to main navigation
fed icon Advocacy fed icon Compliance fed icon Member Connection fed icon Education fed icon Foundation fed icon Solutions