Today, the Consumer Financial Protection Bureau (CFPB) fined Bank of America $100 million for botching the disbursement of state unemployment benefits at the height of the pandemic. Bank of America automatically and unlawfully froze people’s accounts with a faulty fraud detection program, and then gave them little recourse when there was, in fact, no fraud. Today’s order requires Bank of America to undertake a process that is estimated to result in hundreds of millions of dollars in redress to consumers. In a separate order, the Office of the Comptroller of the Currency (OCC) is also fining the bank $125 million.
“Taxpayers relied on banks to distribute needed funds to families and small businesses to rescue the economy from collapse when the pandemic hit,” said CFPB Director Rohit Chopra. “Bank of America failed to live up to its legal obligations. And when it got overwhelmed, instead of stepping up, it stepped back.”
Bank of America (NYSE: BAC) is a national bank headquartered in Charlotte, North Carolina, with approximately 4,100 branches. It has been designated as a global systemically important bank by the Financial Stability Board, and as of December 31, 2021, the company had $2.5 trillion in consolidated assets, which makes it the second largest bank in the United States. The bank has previously been sanctioned by the CFPB. In 2014, the ordered Bank of America to pay $727 million in redress to its victims for illegal credit card practices. And in May of this year, the CFPB ordered Bank of America to pay a $10 million civil penalty over unlawful garnishments.
Bank of America has contracts with various state agencies to deliver unemployment and other benefit payments to consumers electronically through prepaid debit cards and accounts. For example, since 2011, Bank of America has had an exclusive contract with the State of California to deliver unemployment and other benefit payments to California consumers electronically through prepaid debit cards and accounts. Under the Electronic Fund Transfer Act, consumers are protected when they use electronic methods to transfer money; this includes prepaid cards. Protections include that after a consumer contacts the financial institution that there has been an error, the financial institution must conduct a prompt, reasonable, and timely investigation.
When the COVID-19 pandemic hit in early 2020, the unemployment rate surged. Millions of consumers sought unemployment insurance benefits. The surge included a great deal of fraud. There was a significant amount of identity theft that affected eligible cardholders with legitimate prepaid debit card accounts. Still, there were also a significant number of criminals who applied for and began receiving unemployment insurance benefits who filed false error claims to access additional funds.
In its investigation, the CFPB found that Bank of America engaged in unfair and abusive acts and practices that resulted in Californians not getting their unemployment benefits at the height of the pandemic, when many people needed the money the most. Specific findings include that the bank:
- Replaced reasonable investigations with a faulty fraud filter: In the fall of 2020, and continuing through mid-2021, Bank of America changed its practices for investigating prepaid debit card fraud on the unemployment insurance benefit accounts. Instead of conducting reasonable investigations, it implemented a fraud filter with a simple set of flags that automatically triggered an account freeze. This set a low bar to freeze the unemployment insurance benefits of many people, harming thousands of legitimate cardholders needing the money. The bank also retroactively applied its fraud filter to deny some notices of error submitted by prepaid debit cardholders that the bank had previously investigated and paid.
- Left distressed consumers in the lurch: Bank of America made it very difficult for people to unfreeze their prepaid debit cards or for people to report fraudulent use of their cards. People with unemployment insurance benefit prepaid debit cards could not make reports online, or in person at bank branches. People were on hold for hours every day for weeks trying to talk to someone at the bank. Furthermore, the bank told customers they had agents available 24 hours a day, seven days a week, when, in fact, it operated a more limited schedule for its claim call center. Because Bank of America was the strongly preferred provider for California unemployment benefits, consumers were caught without any choice to switch providers.
- Passed the buck to an overwhelmed state agency: When consumers sought assistance, the bank often sent them back to the California state unemployment department for verification in order to regain access to their benefits. But the bank knew the department was stretched and unable to provide services; the bank met with the department dozens of times in the summer of 2020 and should have known it was essentially redirecting people into a black hole.
Under the Consumer Financial Protection Act, the CFPB has the authority to take action against institutions violating consumer financial laws, including engaging in unfair, deceptive, or abusive acts or practices. Bank of America will be required to:
- Provide redress to consumers: Bank of America must pay back the money that they wrongly denied to consumers across the country because of the faulty fraud filter. The bank must also provide each affected consumer with a lump sum consequential harm payment, to be determined through a methodology of financial harm consumers suffered due to the time their accounts remained frozen or blocked. Finally, affected consumers will have the opportunity to receive additional redress through an individualized review process.
- Pay a $100 million fine: Bank of America must pay a $100 million dollar penalty to the CFPB, which will be deposited into the victims relief fund. The penalty reflects the severity and scope of the consumer harm caused by the bank’s practices. The OCC is separately fining the bank $125 million to be remitted to the Treasury.