CFPB Sues TransUnion A Second Time For Same Violations


TransUnion, one of the three large credit bureaus, never wanted to be in litigation with its regulator the Consumer Financial Protection Bureau.

But the Chicago-based credit reporting agency is fighting back in court after the CFPB sued the company and a former executive in April for allegedly violating a previous 2017 order.

The lawsuit is being closely watched because TransUnion already paid a $3 million fine and $13.9 million in restitution to consumers to resolve the 2017 order—only to be sued for the same violations five years later.

CFPB Director Rohit Chopra has made cracking down on repeat corporate offenders a top priority. But financial institutions are concerned that Chopra is effectively punishing companies multiple times for the same violations.

“No rational regulated entity would ever agree to this type of ‘Groundhog Day’ enforcement loop,” said Valerie Hletko, a partner at Kaplan Hecker & Fink, who represents TransUnion, in a motion earlier this month to dismiss the case.

The CFPB declined to comment.

TransUnion could prove to be a test case for the CFPB at a time when the business community led by the U.S. Chamber of Commerce, and with the support of Republican lawmakers, are targeting Chopra for what they perceive to be the bureau’s aggressive agenda. Suzanne Clark, the president and CEO of the U.S. Chamber, has been a director on TransUnion’s board since 2017.

The case also is unique because TransUnion is arguing that the CFPB’s complaint should be dismissed on constitutional grounds as well. TransUnion argues that the CFPB’s funding from the Federal Reserve violates the constitution’s appropriations clause.

Earlier this month, five out of 17 active judges on the U.S. Court of Appeals for the Fifth Circuit signaled their view that the CFPB’s funding mechanism violates the Constitution’s separation of powers because it happens outside of the congressional appropriations process.

Some view another constitutional challenge to the CFPB as inevitable and predict more companies will challenge the bureau.

“Every company that is faced with a CFPB lawsuit alleging that it violated a consent order would move to dismiss or move for judgment … on the basis that the CFPB has been unconstitutionally funded,” said Dustin Nofziger, of counsel at the law firm Pryor Cashman LLP.

Still, the case before District Judge Elaine Bucklo, in the U.S. District Court for the Northern District of Illinois, is complicated by its scope, which includes several years of turnover in the CFPB’s leadership.

Former CFPB Director Richard Cordray filed the first order alleging that TransUnion, as well as Atlanta-based Equifax, had deceived consumers about the cost of credit reporting and monitoring services. (Equifax settled as well.)

Though Cordray signed off on TransUnion’s plan to provide restitution to consumers, he didn’t sign off on the company’s compliance plan. Neither did former CFPB Director Kathy Kraninger, according to court documents.

By 2019, however, the CFPB had received nearly 100 complaints from consumers alleging that TransUnion enrolled them in monthly credit monitoring services they didn’t want. Many of the consumers said they had responded to ads to obtain a free credit score but had not read the fine print disclosing that they were enrolling in a monitoring service.

TransUnion has denied allegations that it deceived consumers.

In court documents TransUnion said the CFPB required that the company get “express informed consent from the consumer,” before enrolling them in any trial period for a credit-related product.

The two sides also sparred over how TransUnion characterized VantageScore, a top competitor of Fico that is used by credit card issuers such as Synchrony Financial, among others.

The CFPB filed the lawsuit against TransUnion just 10 days before the first consent order was set to expire. TransUnion argues that the CFPB failed to fulfill its own obligations as a regulator by signing the compliance plan or by asking for revisions or changes, even though the bureau had five years to do so.

In court documents, the company said that it would never have agreed to pay $17 million in fines and restitution, plus undergo a costly five-year compliance and enforcement regime, if the bureau was not required to respond to its compliance plan.

TransUnion has argued that the CFPB cannot take action a second time against the same party based on the same facts. Because the violations involve the same marketing practices and credit-related products that the CFPB investigated and resolved in the first consent order, TransUnion claims the CFPB cannot litigate again.

“The CFPB did not follow through on its end of the bargain,” wrote Hletko, TransUnion’s lawyer, in the motion to dismiss. ”That is not just poor regulatory oversight, it is an abrogation of the explicit commitment that the CFPB made in the consent order.”

TransUnion said it would want to be in a position “of implementing significant, costly, and complex changes to its business practices if it faced the risk that the Bureau would later claim they were not good enough, or that [the company] should instead have complied in some materially different way,” she wrote.

Some observers say TransUnion has a high bar to clear in getting the judge to dismiss the case. The company also alleges the claims are now time-barred since there was a three-year statute of limitations for bringing a claim under the Consumer Financial Protection Act.

Critics think the lawsuit was filed by Chopra to deliver on promises to hold executives responsible for repeat corporate violations.

Many financial firms are closely watching the case because the lawsuit personally named John Danaher, a former top executive at TransUnion’s Interactive unit, which was responsible for selling the products to consumers.

Danaher’s lawyers argued in court filings this month that the now-retired executive cannot be held responsible for complying with the first consent order because he was not a party to it, did not sign it and never agreed to it. Moreover, the fist consent order did not specifically name Danaher or seek damages from him.

“To hold Danaher individually liable under a consent order that exclusively binds the CFPB and Corporate Defendants would contravene due process, the CFPA itself, and common sense,” wrote Jeff Knox, a co-managing partner at the law firm Simpson Thacher, and a former head of the Department of Justice’s fraud section.

A ruling by Judge Bucklo is expected by the end of the year or early 2023.

Source: site