CFPB expands scope of UDAAP

The Consumer Financial Protection Bureau targeted MasterCard and UniRush, a prepaid card issuer, over a technical glitch with a platform migration that left some consumers unable to access funds in a timely manner.

Further expanding its already broad consumer protection authority, the Consumer Financial Protection Bureau issued a consent order this month against MasterCard and UniRush, a prepaid card issuer.

The order alleges that the two companies engaged in “unfair acts or practices” by failing to conduct adequate testing and preparation for the conversion of UniRush’s RushCard prepaid card onto the Mastercard technology platform. The CFPB has required the two respondents to pay $10 million in consumer restitution and $3 million in civil penalties.

According to the consent order, when technical problems arose during the transfer of RushCard’s operating platform to the MPTS platform in October 2015, many consumers who rely on RushCard for services were unable to access funds in a timely manner. In announcing the action, CFPB Director Richard Cordray stated that this failed systems conversion falls under the CFPB’s authority to penalize unfair, deceptive, and abusive acts and practices under operative provisions of the Dodd-Frank Act. The CFPB press release announcing the action stated that the respondents “botched the processing of deposits and payments” during the conversion.

The Dodd-Frank Act defines an act or practice as “unfair” when (i) it causes or is likely to cause substantial injury to consumers which is not reasonably avoidable by consumers; and (ii) the substantial injury is not outweighed by countervailing benefits to consumers or to competition. No further guidance on the term “unfair” is given in the statute, nor is any help given in the rules promulgated by the CFPB’s director.

The CFPB does not allege any intentional or willful misconduct or misrepresentation by the respondents, nor does it claim that respondents failed to test the platform switch. The consent order clearly states that this was a one-time failure that, though quite serious, only covered the span of a few weeks. Neither respondent is said to have had similar behavior in the past. The consent order simply states that the issues were “preventable.” The fact that the technologically challenging switch ran into glitches is seemingly taken by the CFPB as proof of inadequate and therefore “unfair” testing and implementation.

Given the inherent complexities of developing and using financial technology, avoiding regulatory actions for technology failures has now become more difficult for financial services firms. It bodes ill for the financial services industry if events of this nature can be seen as actionable violations of Dodd-Frank. The bureau seems to suggest that there is literally no room for error in handling customer accounts.

Fredrikson & Byron Law