Maryland Legal Alert for Financial Services
CFPB Faults Financial Institution for Rushed Core Conversion
On October 31, 2024, the Consumer Financial Protection Bureau (CFPB) entered into a consent order with a large credit union based in Florida. The credit union’s members include a large number of military service members and their families. In 2022, the credit union attempted to launch a new online and mobile banking platform with a new and untested core account hosting provider. The credit union’s online system did not function properly, causing the credit union to pull the system offline. The online access was restored with limited functionality for several months, resulting in significant restrictions on credit union members’ ability to access funds. The CFPB faulted the credit union for failing to properly plan for the core conversion, including the failure to do sufficient due diligence on its service provider and the failure to leave enough time for adequate development and testing.
The CFPB found that the significant problems experienced by the credit union’s members were foreseeable and preventable and that the credit union’s deficient planning and service provider oversight constituted an unfair practice in violation of the Consumer Financial Protection Act of 2010 that caused financial and non-financial harm to consumers (including fees, costs, and inconvenience). The consent order requires the credit union to come into compliance with applicable law, establish a governance committee to ensure proper management of projects involving consumer facing banking systems, make appropriate redress to impacted consumers, and pay a $1.5 million civil money penalty. The enforcement action serves as a reminder to financial institutions considering core processor conversions to be mindful of applicable interagency guidance concerning service provider oversight.
For more information, contact Christopher R. Rahl.