On September 24, 2014, the CFPB announced a consent order with a large bank relating to allegations that customers were unfairly billed by a third-party service provider to the bank’s customers for identity theft protection products. According to the CFPB, the third party service provider either never obtained customer authorization or allowed significant time to pass before obtaining a customer’s authorization. This case is significant in that the CFPB is holding the bank responsible for its third party vendor because the bank’s compliance monitoring and vendor management practices were insufficient to prevent “unfair” practices by the vendor.

For a copy of the consent order, click here.