Losing Control: Poor Compliance Controls Lead to $28.5 Million in Fines and Redress for Navy FCU

Empty threats are rarely a good idea—and sometimes they are straight-up illegal.

That’s the lesson $73 billion-asset Navy Federal Credit Union is learning after the CFPB forced it to pay members $23 million in redress and a $5.5 civil money penalty for making “false threats about debt collection.” The largest credit union in the country is also in hot water for unfairly preventing members that were behind on loan payments from accessing their accounts.

The CFPB found that Navy FCU deceived hundreds of thousands of consumers between January 2013 and July 2015 in an effort to get them to pay off delinquent loans by:

  • threatening legal action it had no intention of taking;
  • threatening to garnish wages when it didn’t have the authority to do so;
  • threatening to contact members’ commanding officers, which can lead to disciplinary action or loss of a security clearance, even though it neither intended nor was authorized to do so;
  • telling members it would be “difficult, if not impossible” to get another loan elsewhere without looking at their credit reports first to see if it was true;
  • implying it could change a member’s credit score; and
  • illegally freezing 700,00 member accounts due to delinquency on a Navy FCU credit product.

How could the nation’s largest credit union—serving U.S. military service members, Department of Defense civilian employees or contractors, and their families—make such a colossal mistake? According to the enforcement action, “compliance controls and employee training regarding debt collection communication were inadequate.”

Well, that’s an understatement.

Debt collection is a highly regulated area—one where companies commonly make mistakes. In recent years Citibank, American Express, Discover and others have each been fined millions of dollars for shady debt collection practices. Meanwhile the CFPB has a proposal under review for “overhauling the debt collection market.”

Smart institutions recognize that failure to follow proper debt collection practices poses a substantial financial and reputational risk. They have strong internal controls to ensure policies, procedures and systems are reliable, effective and compliant. They ensure that individuals are accountable for their actions.

That doesn’t appear to be the case at Navy FCU where there was no “documentation that any employees were disciplined, reprimanded or subject to additional training.”

Banks and credit unions need to carefully review internal controls to ensure they are effectively mitigating risks throughout the institution—and catching mistakes before regulators do.

The threat of regulatory action for institutions that fall short is anything but empty.