<img src="https://ws.zoominfo.com/pixel/pIUYSip8PKsGpxhxzC1V" width="1" height="1" style="display: none;">

Compliance Culture Gone Wrong: Ignoring Compliance Risk Results in CFPB UDAAP Violation in $191 Million Overdraft Case

2 min read
Oct 27, 2022

Regions Bank is on the hook for almost $200 million in restitution and fines after the Consumer Financial Protection Bureau (CFPB) said the bank charged customers “surprise overdraft fees” so hidden and confusing that not even the bank’s employees could explain why customers were being charged. 

The CFPB says the bank engaged in unfair and abusive acts and practices (UDAAP) with its overdraft charges between August 2018 and July 2022, resulting in at least $141 million in consumer harm. It charged overdraft fees on transactions that had a sufficient balance when a transaction was authorized but later settled with insufficient funds (Authorized-Positive Overdraft Fees). 

Worse yet, employees warned the bank that its overdraft practices were illegal, but the bank held off on making any changes until it could find a way to make up lost overdraft revenue with other fees, the CFPB says.  

The problem was not a secret. In a 2016 survey of employees, nearly 700 identified overdraft/non-sufficient funds fees as the most difficult customer problem to resolve. A series of consumer and employee focus groups in 2020 found similar results. 

It was also a repeat violation. The bank got in similar trouble in 2015 when the CFPB required it to pay $49 million in restitution and a $7.5 million fine for charging consumers overdraft fees when they hadn’t opted into the program. This time the bank had to pay $141 million in restitution and a $50 million fine. 

Related: You Can’t Handle the Truth: Why Auditors Get a Bad Name When They Should Be Celebrated

The consequences of ignoring compliance risk 

UDAAP violations occur when an act or practice is considered unfair, deceptive, or abusive.

  • Unfair practices are those that may cause substantial injury, are not reasonably avoidable, and the injury is not outweighed by the benefit. 
  • Deceptive practices are material statements or omissions that would mislead a reasonable consumer. 
  • Abusive practices interfere with a consumer’s ability to understand a term or condition or take unreasonable advantage of a consumer. 

Related: UDAAP Compliance: Defining Unfair, Deceptive, & Abusive Acts and Practices 

Regions was warned by its compliance staff that not taking corrective action quickly would create UDAAP risk and that the bank should expect regulators to make the bank refund those overdraft fees.  

The compliance team was right. The CFPB’s consent order says the overdraft fees were both unfair and abusive and that they were “not reasonably avoidable because they were caused by counter-intuitive, complex processes that consumers did not understand or control and were contrary to consumers’ reasonable expectations.” 

Ignoring compliance risk is a sign of an ineffective compliance culture. A strong compliance culture starts at the top with the board and management. These leaders recognize the importance of compliance and proactively set a positive tone. In this case, the compliance team spoke up about a real compliance risk, but management decided to prioritize fee income over compliance—a decision that cost the bank both the fee income and another $50 million in fines. So much for the bottom line.   

Related: Risk Culture vs. Compliance Culture: What’s the Difference?   

Complaints are key risk indicators (KRIs) 

This overdraft UDAAP case is also an example of how complaints can serve as key risk indicators (KRIs). Both and survey and focus groups of employees and customers revealed major frustrations with the overdraft fees. 

3 Complaint Management Questions You Need to Be Asking  

Perhaps this is what alerted the compliance team to the initial problem. Or maybe it was an overdraft compliance risk assessment.

Regardless, it’s important to identify and log consumer and employee complaints and then analyze them for trends. If consumer harm is occurring—even inadvertently—a good complaint management program can serve as a control to identify and resolve the problem before examiners find it.

Want to learn more? Check out our on-demand webinar
Risk & Compliance Culture: What Examiners Want.


Subscribe to the Nsight Blog