A $37.5 million fine for allegedly illegally exploiting customers’ personal data to open sham accounts for unsuspecting customers was announced Thursday against the fifth-largest U.S. bank by the federal consumer financial protection agency.
The Consumer Financial Protection Bureau (CFPB) said the fine against Minneapolis-based, $599 billion-in-assets U.S. Bank for unlawfully accessing its customers’ credit reports and opening checking and savings accounts, credit cards, and lines of credit without customers’ permission.
The CFPB alleged that U.S. Bank “pressured and incentivized” its employees to sell multiple products and services to its customers, including imposing sales goals as part of their employees’ job requirements.
The agency said that in response, U.S. Bank employees unlawfully accessed customers’ credit reports and sensitive personal data to apply for and open unauthorized accounts.
In addition to the $37.5 million penalty, the CFPB said, the bank must also forfeit and return all unlawfully charged fees and costs to harmed customers. The bank is required to develop a plan to remediate harmed consumers by returning all unlawfully charged fees and costs, plus interest, the agency said.
According to the bureau, its investigation found that U.S. Bank was aware that sales pressure was leading employees to open accounts without authorization, and the bank had inadequate procedures to prevent and detect these accounts. “Specifically, U.S. Bank imposed sales goals on bank employees as part of their job requirements,” the bureau said. “U.S. Bank also implemented sales campaigns and an incentive-compensation program that financially rewarded employees for selling bank products.”
Charges against the bank include: exploiting personal data without authorization; opening accounts without consumer permission; and failing to provide legally required consumer disclosures.