top of page

What we can learn from the CFPB’s record $3.7 billion judgment against Wells Fargo


There’s a lot to unpack in the CFPB’s recent press release and consent order against Wells Fargo Bank. Here are just a few items we found particularly noteworthy:

  • Automated Fraud Rules and Account Blocks

    • As we wrote in September (see article here) and discussed in a recent Klaros 1st Friday Risk Roundtable, the CFPB has begun to view certain fraud risk management activities as potentially unfair, deceptive, or abusive. In its consent order against BofA in July, the CFPB prohibited BofA from freezing accounts solely based on the results of an automated fraud filter.

    • In its press release regarding the Wells Fargo consent order, the CFPB noted, as it did with BofA, that the bank froze accounts based on the results of a “faulty” automated fraud filter. The CFPB’s prohibition on Wells Fargo, however, was more specific, prohibiting Wells Fargo from freezing accounts when less restrictive means (such as item-level holds) are available and are sufficient to prevent further fraud.

    • Takeaways:

      • All fraud rules will result in some false positives, but at what point will a particular bank’s fraud rules be deemed “faulty?” The CFPB hasn’t provided a direct answer, but it’s already held two banks accountable, so to mitigate this risk, banks and their fintech partners should be:

        • Regularly reviewing false positive rates and adjusting fraud risk management strategies when the rates are too high;

        • Determining if less restrictive options to freezing entire accounts are available and reasonable in certain circumstances, and implementing them when possible;

        • Ensuring customer resolution options allow for quick and painless resolution;

        • Considering restitution for customers caught in fraud rules who cannot easily resolve their issues, leaving them without access to their funds for an extended timeframe. (Note: In its consent order against Wells Fargo, the CFPB required Wells Fargo to provide $150 to each customer impacted by the bank’s account freeze practices.)

  • Auto Servicing - GAP Insurance

    • The order requires Wells Fargo to ensure that the unused portion of GAP contracts is refunded to the borrower promptly after the loan is paid off early or the contract is otherwise terminated. The obligation for the lender to refund GAP fees is usually governed by the terms of the GAP contract or state law. However, the order requires Wells Fargo to refund GAP fees to borrowers regardless of whether state law requires it.

    • Takeaways:

      • Lenders should revisit their GAP refund policies and procedures, specifically for states that do not specifically require refunds.

      • Lenders can and should seek reimbursement from the GAP policy provider for the unused portion refunded to the borrower, but lenders should not wait to be reimbursed before providing refunds to borrowers.

  • “Authorized-Positive” Overdraft Fees

    • The CFPB continues to go after banks related to their overdraft practices, particularly when fees are charged on transactions that were authorized with a positive balance in the account but settled without sufficient funds to cover the transaction (see prior consent order against Regions Bank in September also related to overdraft fees). In its consent order against Wells Fargo, the CFPB noted that Wells Fargo had updated its practices for debit card purchases in March 2022 and was in the process of updating its practices for ATM withdrawals, but it still required Wells Fargo to refund customers approximately $205 million in “authorized-positive” overdraft fees.

    • The order did not discuss Wells Fargo’s disclosures regarding its overdraft program, but the CFPB has previously made clear that “authorized positive” overdrafts constitute unfair practices, regardless of any disclosure.

    • Takeaways:

      • Banks and their fintech partners should:

        • Review the regulatory guidance (see the CFPB’s 2022-06 Circular on Unanticipated Overdraft Fee Assessment Practices, which includes links to additional regulatory guidance) to identify areas of possible non-compliance;

        • Implement changes to practices, as necessary, including, at a minimum, cessation of any “authorized-positive” overdraft fees; and

        • Consider making restitution to customers for prior practices.

The CFPB has made its intent to invoke UDAAP for consumer protection clear. With the actions against Regions, BofA and Wells Fargo following in fairly quick succession, banks should take notice and expect additional scrutiny. If you’re interested in our Friday Risk Roundtables, or other banking/fintech topics, shoot us a note at

Photo by CafeCredit on Flickr.


bottom of page