2016-CFPB-0012 Document 1 Filed 07/14/2016 Page1 of 33 UNITED STATES OF AMERICA CONSUMER FINANCIAL PROTECTION BUREAU ADMINISTRATIVE PROCEEDING File No. 2016-CFPB-0012 In the Matter of: CONSENT ORDER SANTANDER BANK, N.A. The Consumer Financial Protection Bureau (Bureau) has reviewed the overdraft practices of Santander Bank, N.A. (Respondent, as defined below) and has identified the following law violations: (1) Respondent failed to obtain an affirmative “opt-in” from certain of its customers before charging them overdraft fees in connection with ATM and one-time debit card transactions, in violation of Regulation E, 12 C.F.R. § 1005.17, the implementing regulation of the Electronic Fund Transfer Act, 15 U.S.C. §§ 1693, et seq. (EFTA) and (2) Respondent, through its vendor, misled consumers about (a) the fees associated with opting in to overdraft service for ATM and one-time debit card transactions, (b) the consequences of not opting in to overdraft service for ATM and one-time debit card transactions, (c) the nature of the sales calls seeking consumers’ consent to opt in to overdraft services for ATM and one-time debit card transactions, and (d) the type of transactions covered by the overdraft service in violation of 12 U.S.C. §§ 5531, 5536. Under Sections 1053 and 1055 of the Consumer Financial Protection Act of 2010 (CFPA), 12 U.S.C. §§ 5563, 5565, the Bureau issues this Consent Order (Consent Order). 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page2 of 33 I Jurisdiction 1. The Bureau has jurisdiction over this matter under sections 1053 and 1055 of the CFPA, 12 U.S.C. §§ 5563 and 5565 and Section 1693o(a)(5) of the Electronic Fund Transfer Act, 15 U.S.C. § 1693o(a)(5). II Stipulation 2. Respondent has executed a “Stipulation and Consent to the Issuance of a Consent Order,” dated July 11, 2016 (Stipulation), which is incorporated by reference and is accepted by the Bureau. By this Stipulation, Respondent has consented to the issuance of this Consent Order by the Bureau under sections 1053 and 1055 of the CFPA, 12 U.S.C. §§ 5563 and 5565, without admitting or denying any of the findings of fact or conclusions of law, except that Respondent admits the facts necessary to establish the Bureau’s jurisdiction over Respondent and the subject matter of this action. III Definitions 3. The following definitions apply to this Consent Order: a. “Account” means a demand deposit (checking) or other consumer asset account established primarily for personal, family, or household purposes, as described in Regulation E, 12 C.F.R. § 1005.2(b)(1). b. “Board” means Respondent’s duly-elected and acting Board of Directors. c. “Covered Overdraft Fees” refers to Overdraft Fees assessed on ATM or one-time debit card transactions during the Relevant Period. 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page3 of 33 d. “Covered Transactions” refers to ATM or one-time debit card transactions during the Relevant Period. e. “Customer Service Representative” or “CSR” means a customer service representative employed by the Respondent’s vendor to conduct consumer calls for the Opt-in Call Campaigns. f. “Effective Date” means the date on which the Consent Order is issued. g. “Opt-In” means the consumer’s affirmative consent to be charged a fee for Overdraft Service for ATM and/or one-time debit card transactions, as described in Regulation E, 12 C.F.R. § 1005.17(b)(1)(iii). h. “Opt-in Call Campaign” refers to any of the telemarketing campaigns conducted by a vendor on behalf of the Respondent to enroll consumers into the Sovereign (later Santander) Account Protector. i. “Opt-In Rule” means Regulation E’s prohibition against “assess[ing] a fee or charge on a consumer’s account for paying an ATM or one-time debit card transaction pursuant to the institution’s overdraft service [without] [o]btain[ing] the consumer’s affirmative consent, or opt-in, to the institution’s payment of ATM or one-time debit card transactions . . . .” 12 C.F.R. § 1005.17(b). j. “Overdraft Fee” means a fee Respondent assessed pursuant to its Overdraft Service. k. “Overdraft Service,” with respect to an Account, shall have the same definition provided by 12 C.F.R. § 1005.17: “a service under which a financial institution assesses a fee or charge on a consumer’s account held by the institution for paying a transaction (including a check or other item) when the consumer has insufficient or unavailable funds in the account.” 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page4 of 33 l. “Regional Director” means the Regional Director for the Northeast Region for the Office of Supervision for the Consumer Financial Protection Bureau, or his/her delegate. m. “Related Consumer Action” means a private action by or on behalf of one or more consumers or an enforcement action by another governmental agency brought against Respondent based on substantially the same facts as described in Section IV of this Consent Order. n. “Relevant Period” includes the period from July 1, 2010 to the Effective Date. o. “Respondent” means Santander Bank, N.A., previously known as Sovereign Bank, and its successors and assigns. p. “Service Provider” or “vendor” shall have the same definition provided by 12 U.S.C. § 5481(26):“any person that provides a material service to a covered person in connection with the offering or provision by such covered person of a consumer financial product or service, including a person that: (i) participates in designing, operating, or maintaining the consumer financial product or service; or (ii) processes transactions relating to the consumer financial product or service (other than unknowingly or incidentally transmitting or processing financial data in a manner that such data is undifferentiated from other types of data of the same form as the person transmits or processes).” This term “does not include a person solely by virtue of such person offering or providing to a covered person— (i) a support service of a type provided to businesses generally or a similar ministerial service; or (ii) time or space for an advertisement for a consumer financial product or service through print, newspaper, or electronic media.” 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page5 of 33 IV Bureau Findings and Conclusions The Bureau finds the following: 4. Respondent is a national bank with its main office in Wilmington, Delaware. As of September 30, 2015, Respondent had $89.4 billion in assets and $58.5 billion in total domestic deposits. Respondent operates a network of nearly 700 retail branch offices and more than 2300 ATMs in Connecticut, Delaware, Massachusetts, New Hampshire, New Jersey, New York, Pennsylvania, and Rhode Island. 5. Respondent is an insured depository institution with assets greater than $10 billion within the meaning of 12 U.S.C. § 5515(a). 6. In 2009, Banco Santander S.A. completed its purchase of Sovereign Bank and officially rebranded the Bank as Santander in October of 2013. 7. Respondent is a “covered person” as that term is defined by 12 U.S.C. § 5481(6). 8. Respondent is also a “bank … that directly ... holds an account belonging to a consumer” and is therefore a “financial institution” as defined by 12 C.F.R. § 1005.2(i). The Opt-In Rule 9. Prior to the implementation of the Opt-In Rule, many financial institutions—including Respondent—provided Overdraft Service for ATM and one-time debit transactions (in addition to other transactions such as checks and recurring transfers) as a standard feature of their Accounts. Providing Overdraft Service for those transactions allowed consumers to complete one-time debit card purchases and ATM withdrawals that would likely otherwise have been declined because of insufficient or unavailable funds. However, that service came with a price: financial institutions, including Respondent, generally charged consumers a fee when the service was used. 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page6 of 33 10. The Board of Governors of the Federal Reserve System (Federal Reserve Board) found that state of affairs concerning because, among other things, many consumers lacked understanding of the service’s risks, costs, and conditions. In particular, the Federal Reserve Board noted that many consumers did not understand they could be charged overdraft fees for using their debit card. As a result, “consumers may unintentionally overdraw their account based on the erroneous belief that a transaction would be paid only if the consumer has sufficient funds in the account to cover it.” 74 Fed. Reg. 59033 at 59039 (Nov. 17, 2009). 11. To address this, the Federal Reserve Board amended Regulation E by adopting the OptIn Rule, which requires financial institutions to obtain consumers’ affirmative consent or opt-in to Overdraft Service for Covered Transactions before assessing overdraft fees on such transactions. Only after obtaining that consent can financial institutions charge Overdraft Fees on Covered Transactions. 12. The Rule also requires financial institutions to disclose any Overdraft Fees they will charge based on Covered Transactions. 12 C.F.R. § 1005.17(d)(2). 13. The Opt-In Rule had a mandatory compliance date of July 1, 2010 for new accounts and August 15, 2010 for existing accounts. 12 C.F.R. § 1005.17(c). Respondent’s Response to the Opt-In Rule 14. Respondent determined that the Opt-In Rule could have a significant negative impact on its fee revenues. 15. To protect its fee revenue, Respondent needed to persuade its customers to opt in. 16. Respondent renamed its Overdraft Service on Covered Transactions the Sovereign (later Santander) Account Protector (“SAP”). 2016-CFPB-0012 17. Document 1 Filed 07/14/2016 Page7 of 33 Respondent charged consumers who opted into the SAP $35 for each overdraft on a Covered Transaction and a $5 fee per consecutive day the account was overdrawn if the overdraft remained unpaid for more than five business days. Later, Respondent changed the terms to $35 for each overdraft and an additional, one-time $35 fee on the sixth business day if the account was still overdrawn. 18. Respondent’s customers could opt in to SAP through a variety of channels, including at the branches, online, by mail, and over the phone. 19. To increase enrollment in SAP, Respondent launched a series of vigorous telemarketing campaigns, the Opt-in Call Campaigns. 20. Respondent hired a third-party vendor to conduct the Opt-in Call Campaigns. The vendor marketed the SAP on both outbound and inbound calls. 21. Respondent paid the vendor a base amount for each employee hour. Additionally, as an incentive to enroll more consumers, Respondent paid the vendor a variable premium of up to approximately $9 per hour if the vendor hit specified sales targets. 22. The vendor, in turn, incentivized its CSRs to make sales by establishing sales quotas and requiring a certain number of sales per hour. 23. In numerous instances, the vendor’s CSRs who failed to achieve the required number of sales per hour were sent home early and were not paid for the remainder of the day. 24. The vendor also terminated certain CSRs who continued to miss its sales goals. 25. Respondent created or approved scripts to be used by the CSRs who conducted the calls for the Opt-in Call Campaigns. 26. During a pilot test in 2010, Respondent learned that CSRs were being overly aggressive, making sales without the consumer’s consent, and not following the script. Respondent also received complaints from consumers who incurred unauthorized overdraft fees. 2016-CFPB-0012 27. Document 1 Filed 07/14/2016 Page8 of 33 In response, Respondent temporarily halted the Opt-in Call Campaign for a few days and conducted further training with the CSRs. Respondent also listened to the enrollment calls that corresponded with the consumer complaints and noted that either the consumer did not opt in during the call or inaccurate fee information was provided. 28. But, as the Opt-in Call Campaigns proceeded over the next several years, CSRs continued to deviate from the script and provide consumers with incomplete, inaccurate, or misleading information to persuade the consumers to enroll in the SAP. 29. Nevertheless, Respondent continued to use this same vendor to conduct the Opt-in Call Campaigns on its behalf until 2014, while continuing to include financial incentives in the vendor’s contract tied to the number of consumers the vendor enrolled in SAP, neglecting to properly monitor the vendor, and failing to detect widespread problems in the Opt-in Call Campaigns. Findings and Conclusions as to Violations of the Opt-In Rule’s Affirmative Consent Requirement 30. In numerous instances during the Opt-in Call Campaigns, CSRs enrolled consumers in the SAP without their consent. 31. In numerous instances, the CSRs did not ask the consumers if they wanted to opt-in. Instead, the CSRs gave consumers a brief description of the product and then had the consumers verify the last four digits of their social security numbers, which was the standard enrollment confirmation practice. 32. For example, the following exchange between a CSR and a consumer resulted in a consumer being enrolled: CSR: We have noticed that you have not enrolled in Santander Account Protector service. This is a free service that allows us to apply our standard overdraft practices for ATM and debit card transactions. So generally, this means that we may pay ATM and one time debit card purchases, even if they overdraw your account, and charge you 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page9 of 33 overdraft fees. And if you are not enrolled, we typically will decline to pay these transactions for you. So, you know, basically it’s a free service and, uh, we would like to send you out Account Protector package for your account ending in . . . . . Would that be OK? Consumer: Sure. CSR: OK, and what is your, uh, can you verify nothing but the last four digits of your social we have on file for you? 33. In other instances, the consumers explicitly stated that they did not want to enroll in the SAP at that time but requested information about the product. In response, the CSRs enrolled the consumers without their consent or knowledge and told them that they would receive information about the SAP in less than 10 business days. 34. For example, the following exchange between a CSR and a consumer resulted in a consumer being enrolled: Consumer: OK but that this doesn’t mean that I’m enrolling or anything right now, right? CSR: Yeah, no, we’re just um Consumer: You’re just going to send me the information? CSR: Yeah, we’re going to, yeah we’re going to send you – um – the information and like I said you can opt out, um, you know, you know at any time by calling that 1-877-7682265… 35. The Opt-In Rule prohibits financial institutions from assessing a “fee or charge on a consumer’s account for paying an ATM or one-time debit card transaction pursuant to the institution’s overdraft service unless the institution … obtains the consumer’s affirmative consent, or opt-in, to the institution’s payment of ATM or onetime debit card transactions[.]” 12 C.F.R. § 1005.17(b)(1)(iii). 36. As described above, Respondent enrolled consumers into overdraft services for Covered Transactions without first obtaining their affirmative consent. 37. When Respondent charged those consumers overdraft fees on Covered Transactions, it was in violation of the Opt-In Rule, the Electronic Fund Transfer Act, 15 U.S.C. §§ 1693, et seq., and § 1036(a)(1)(A) of the CFPA, 12 U.S.C § 5536(a)(1)(A). 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page10 of 33 Findings and Conclusions as to Deceptive Acts or Practices Regarding Misleading Consumers about the Fees Associated with Opting into the SAP 38. CSRs made misrepresentations regarding the fees the consumer would pay if the consumer opted into the SAP. 39. In numerous calls, CSRs stated that the SAP is a free service. Often these CSRs would later only state the fees associated with using the service in a “legal disclosure,” which was generally read at the end of the call, often quickly, after the consumer consented to enrollment. 40. In numerous calls, CSRs reinforced the impression that the SAP is free by telling consumers “This is not a sales call.” 41. However, the CSRs were selling Santander’s overdraft service to consumers, and consumers would ultimately be charged fees for using that service. In fact, Santander’s own internal documents characterize these transactions as “sales.” 42. During numerous calls, CSRs failed to inform consumers that, in addition to the initial $35 fee, Respondent would charge consumers an additional $35 fee on the sixth business day of any remaining unpaid balance. 43. During numerous calls, CSRs directly stated or implied that the initial $35 fee was the only fee charged for an overdraft. 44. For example, a CSR answered a consumer’s question about whether there is a cost for the SAP as follows: CSR: There is no monthly or annual fee and even after you do over, um, overdraw your account, and then there’s – that’s the only time there’s a fee of $35 and even if it takes you a while to pay it up, it’s only that $35 that you’ll ever have to pay. There’s no other fees after that. 45. During numerous calls, CSRs directly stated or implied that the only charge was a $35 fee on the sixth business day. 2016-CFPB-0012 46. Document 1 Filed 07/14/2016 Page11 of 33 For example, a CSR responded to a consumer’s statement that he or she did not want to pay $35 as follows: CSR: Well, you won't have to pay [the $35 fee] ma’am unless you overdraft your account and that is still not due until the sixth business day. 47. During numerous other calls, CSRs directly stated or implied that Santander would not charge any overdraft fees at all if consumers repaid the overdraft within five business days. 48. For example, a CSR made the following statement to a consumer who later agreed to opt in: CSR: There is no monthly or annual fee to have this service and you would only incur the fee if you ever overdraw your account. Would this be something you’d be interested in having? Basically, if you need to overdraw your account, you can. There’s a $35 transaction fee on the sixth business day. If you pay it back within six business days, we don’t charge you anything. 49. In reality, Respondent charged consumers $35 for each overdraft and, after five consecutive business days of unpaid balance, an additional $35. 50. In numerous instances, CSRs directly stated or implied that overdraft services provide a benefit in emergency situations and that non-emergency charges would not result in overdraft fees. In reality, consumers could incur overdraft fees regardless of whether the transaction was for an emergency or non-emergency situation. 51. As described above, in connection with offering or providing consumer financial products or services, Respondent represented, directly or indirectly, expressly or by implication, that consumers who enrolled in the SAP: a. would not have to pay for the service; b. would only be charged one $35 fee, either at the time of the overdraft or on the sixth day after the overdraft; 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page12 of 33 c. would not be charged an overdraft fee at all if the overdraft was repaid within five business days; and d. would only be charged an overdraft fee if the consumer was in an emergency situation. 52. In truth and in fact: a. consumers incurred fees by using Santander’s overdraft service; b. consumers could be charged two $35 fees for an overdraft, one at the time of the overdraft and a second on the sixth business day after the overdraft if the account was still overdrawn; c. consumers were charged an overdraft fee at the time of the overdraft regardless of whether they repaid it within five business days; and d. consumers were charged an overdraft fee regardless of whether the transaction involved an emergency situation. 53. Therefore, Respondent’s representations described above are false and misleading, and constitute deceptive acts or practices in violation of the CFPA, 12 U.S.C. §§ 5531(a) and 5536(a)(1)(B). Findings and Conclusions as to Deceptive Acts or Practices Regarding Misleading Consumers about the Consequences of Not Opting into the SAP 54. CSRs made misrepresentations about the consequences of not opting in to the SAP: a. In numerous calls, CSRs told consumers that they would be charged overdraft fees on Covered Transactions even if they did not enroll in the SAP. b. In numerous calls, CSRs told consumers that they would be subject to daily transaction and transfer fees in addition to the overdraft fees. CSRs further implied that these additional fees did not apply to consumers enrolled in the SAP. 2016-CFPB-0012 55. Document 1 Filed 07/14/2016 Page13 of 33 For example, one CSR made the following statement to a consumer who later agreed to opt in: CSR: Now if you are not reenrolled or enrolled into the SAP what’s going to happen is you’re going to get hit with fees, I mean, all over the place from individually $35 overdraft fee, um, transaction and also maybe transfer fees may apply… 56. To the contrary, declining the SAP did not expose consumers to any additional fees. 57. In connection with offering or providing consumer financial products or services, Respondent represented, directly or indirectly, expressly or by implication, that consumers would be charged overdraft on Covered Transactions and certain additional fees even if they did not opt in to Santander’s overdraft services. 58. In truth and in fact, consumers would not be charged overdraft fees on Covered Transactions or the additional fees if they did not opt-in to Santander’s overdraft services. 59. Therefore, Respondent’s representations, as set forth above, are false and misleading, and constitute deceptive acts or practices in violation of the CFPA, 12 U.S.C. §§ 5531(a) and 5536(a)(1)(B). Findings and Conclusions as to Deceptive Acts or Practices Regarding Misleading Consumers about the Nature of the Call 60. CSRs made misrepresentations about the purpose of the call. 61. In numerous calls, CSRs told consumers “This is not a sales call.” 62. However, Santander’s internal documents characterize these transactions as “sales.” The CSRs were selling Santander’s overdraft service to consumers, and consumers would ultimately be charged fees for using that service. 63. In numerous calls, CSRs told consumers that the reason for the call was the Respondent’s name change from Sovereign to Santander, leading consumers to believe 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page14 of 33 the reason they needed to opt in to the SAP was the name change. In fact, the Respondent needed to get these consumers to opt in because the new consumer protections under the Opt-In Rule mandated that it do so. 64. For example, one CSR made the following statement: CSR: The reason for my call today is because, um, a lot of our customers were enrolled in the account protector whenever the bank was Sovereign and now that we’ve switched the name to Santander we just wanted to call the customers and make sure they wanted to be enrolled before we actually enrolled them. 65. In numerous calls, CSRs told consumers that the reason for the call was to reenroll the consumers into the SAP when these consumers had not previously been enrolled in the SAP. 66. In connection with offering or providing consumer financial products or services, Respondent represented, directly or indirectly, expressly or by implication, that: a. Santander was not trying to sell anything to consumers; b. Santander was inquiring about consumers’ opt-in status because the bank changed its name from Sovereign to Santander; and c. Santander was attempting to reenroll the consumers in the SAP. 67. In truth and in fact: a. Santander was selling its overdraft service, the SAP, to consumers, and consumers would be charged fees for using that service; b. Santander was trying to market its overdraft service, the SAP, to consumers because the consumers were not currently opted in, and the fact that the bank had changed its name was irrelevant; and c. the consumers had not previously opted in to Santander’s overdraft service and thus the call was not to reenroll the consumers in the SAP. 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page15 of 33 68. Therefore, Respondent’s representations, as set forth above, are false and misleading, and constitute deceptive acts or practices in violation of the CFPA, 12 U.S.C. §§ 5531(a) and 5536(a)(1)(B). Findings and Conclusions as to Deceptive Acts or Practices Regarding Transactions Covered by the SAP 69. In numerous calls, such as in the examples below, CSRs misrepresented the type of transactions that were covered by the SAP. CSRs repeatedly told consumers that the SAP also covered checks. However, the SAP was limited to Covered Transactions. 70. For example, a CSR had the following exchange with a consumer: Consumer: What about, what about my checks? I write checks a lot. What about that? CSR: The checks are included too. Because they say, if we charge – we would charge you that overdraft fee of $35 for any transaction that is including checks. So if you would have a check that you forgot about that went through, that’s another good example because if you have a check that came through, instead of sending that check back to whoever you wrote it for, we’re going to go ahead and pay the check. We’re going to charge you the overdraft fee but instead of sending it back to whoever you wrote that check to and you having two charges because probably the bank is going to charge you too and whoever you wrote that check to is going to charge you. So now the bank is going to pay that for you and you’re just going to owe them and not two different people. 71. CSRs also told consumers that other non-Covered Transactions, such as bill pay, were covered by the SAP, as seen in the following exchange: Consumer: Now does that also include the bill pay, like if I have a scheduled bill pay to go through on a specific date? CSR: Yes sir. Any type of transaction on your account. Consumer: OK. Great. 72. Respondent automatically provided overdraft services for checks and bill pay and could not lawfully condition the payment of checks or bill pay overdrafts on consumers affirmatively consenting to the SAP. 2016-CFPB-0012 73. Document 1 Filed 07/14/2016 Page16 of 33 In connection with offering or providing consumer financial products or services, Respondent represented, directly or indirectly, expressly or by implication, that overdrafts for checks and bill-pay transactions would be covered by Santander’s overdraft service, the SAP. 74. In truth and in fact, the SAP only covers overdrafts from ATM and one-time debit card transactions, not from checks and bill-pay transactions. 75. Therefore, Respondent’s representations as set forth above are false and misleading, and constitute deceptive acts or practices in violation of the CFPA, 12 U.S.C. §§ 5531(a) and 5536(a)(1)(B). ORDER V Conduct Provisions IT IS ORDERED, under sections 1053 and 1055 of the CFPA, that: 76. Respondent and its officers, agents, servants, employees, and attorneys who have actual notice of this Consent Order, whether acting directly or indirectly, may not violate the Opt-In Rule or sections 1031 and 1036 of the CFPA, 12 U.S.C. §§ 5531 and 5536, and must take the following affirmative actions: a. Respondent and its officers, agents, servants, employees, and attorneys who have actual notice of this Consent Order, whether acting directly or indirectly, must ensure that Respondent’s presentation of the Opt-In election to consumers satisfies the requirements of Regulation E. 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page17 of 33 b. Respondent, and its officers, agents, servants, employees, and attorneys who have actual notice of this Consent Order, whether acting directly or indirectly, may not misrepresent, or assist others in misrepresenting, expressly or impliedly: i. the terms and conditions of Overdraft Service for Covered Transactions; ii. the categories of transactions covered by Overdraft Service; iii. the risks and costs associated with Opting In; iv. the risks and costs associated with not Opting In; v. the fees associated with Opting In; vi. the nature of any sales or enrollment call for Overdraft Service; or vii. any other term material to the Opt-In election. c. Within 90 days after receipt of the non-objection described in subparagraph ii below, Respondent shall provide all consumers who, based on a full review by Respondent of its records, were enrolled in the SAP through the Opt-in Call Campaigns an opportunity to validate their opt-in decisions (Validation). In order to validate an optin decision, Respondent must obtain the consumers’ affirmative consent to Respondent’s payment of Covered Transactions. No later than 90 days after receipt of the non-objection described in subparagraph ii below, Respondent must cease charging Covered Overdraft Fees on all Accounts for which Validation is required but has not been obtained, unless the consumer affirmatively contacts Respondent to Opt-In. Validation shall be subject to the following requirements: i. Within 30 days of the Effective Date, Respondent must submit to the Regional Director for review and determination of non-objection a comprehensive plan for obtaining Validation from consumers (Validation Process). The plan must include the communication channels and methods the Bank proposes using to 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page18 of 33 complete the Validation Process as well as any scripts, internal guidance for communicating with consumers, letters, or direct marketing materials to be used in the Validation Process. At a minimum, the Validation Process shall include (a) a balanced presentation of the risks and benefits of Overdraft Service for Covered Transactions; and (b) an explanation of how the consumer’s Overdraft Service will change in the event the consumer declines to validate his or her opt-in decision. Respondent shall not use a Service Provider to communicate with consumers as part of the Validation Process. Mailing a document that was written and approved by the Respondent shall not be considered communication with consumers under this section. ii. The Regional Director will have the discretion to make a determination of nonobjection to the Validation Process or direct the Respondent to revise it. If the Regional Director directs the Respondent to revise the Validation Process, Respondent must make the revisions and resubmit the Validation Process to the Regional Director within 15 days. iii. After receiving notification that the Regional Director has made a determination of non-objection to the Validation Process, Respondent must implement and adhere to the steps, recommendations, deadlines, and timeframes outlined in the Validation Process. d. Respondent, whether acting directly or indirectly, is prohibited from using a Service Provider to engage in any outbound telemarketing of Overdraft Services for Covered Transactions to consumers. Nothing in this Order shall be read as an exception to this Paragraph. 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page19 of 33 e. Respondent and its officers, agents, servants, employees, and attorneys who have actual notice of this Consent Order, whether acting directly or indirectly, may not (i) require its employees to generate a specific number of opt-ins; (ii) cause any employee to suffer adverse consequences for failing to satisfy any such requirement; or (iii) provide employees financial incentives in connection with opt-ins. f. Within 90 days of the Effective Date, Respondent must develop a new or revised written policy governing vendor management for Service Providers engaged in telemarketing of consumer financial products or services. After receiving the Regional Director’s determination of non-objection described in Section VI, the Respondent shall implement this new or revised vendor management policy according the timelines and deadlines set forth in the Compliance Plan. The policy shall require, at a minimum: i. An analysis to be conducted by Respondent, prior to Respondent entering into a contract with a Service Provider relating to the offering or providing of a consumer financial product or service via telemarketing, of the ability of the Service Provider to perform telemarketing of the product or service in compliance with all applicable Federal consumer financial laws and Respondent’s policies and procedures. ii. For new and renewed contracts to perform telemarketing of consumer financial products or services, a written contract between Respondent and the Service Provider, which sets forth the responsibilities of each party, especially: 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page20 of 33 a) the Service Provider’s specific performance responsibilities and duty to maintain adequate internal controls over telemarketing of the consumer financial product or service; b) the Service Provider’s responsibilities and duty to provide adequate training on applicable Federal consumer financial laws and Respondent’s policies and procedures to all Service Provider employees or agents engaged in telemarketing of the consumer financial product or service; c) granting Respondent the authority to conduct periodic onsite reviews of the Service Provider’s controls, performance, and information systems as they relate to telemarketing of the consumer financial product or service; this authority must permit Respondent or a third party agent of the Respondent, who is not affiliated with the contracting Service Provider, to conduct unannounced live auditing of calls made for Santander by Service Providers performing outbound telemarketing of consumer financial products or services; and d) Respondent’s right to terminate the contract if the Service Provider materially fails to comply with the terms specified in the contract, including the terms required by this Paragraph or applicable provision of this Order. iii. Periodic onsite reviews by Respondent or a third party agent of the Respondent, who is not affiliated with the contracting Service Provider, of the controls, performance, and information systems of any Service Provider providing outbound telemarketing of consumer financial products or services. 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page21 of 33 iv. Auditing of the Service Provider’s telemarketing sales calls, including but not limited to unannounced live listening of sales calls and randomly reviewing a representative number of the recently recorded sales calls. v. A written comprehensive assessment, to be conducted on an annual basis, of the unfair, deceptive, and abusive acts or practices (“UDAAP”) risk for existing, new, and recently modified consumer financial products or services as to which Service Providers engage in telemarketing, including, but not limited to the UDAAP risk of the governance control, marketing, sales, delivery, servicing, and fulfillment of services for existing or new such consumer financial products or services, including the UDAAP risk of marketing and sales practices. vi. The development and implementation of written policies and procedures to effectively manage, detect, and mitigate, on an ongoing basis, the risks identified in the written assessment required by the preceding subparagraph v. vii. Comprehensive written policies and procedures for identifying and reporting any violation of Federal consumer financial laws or Respondent’s policies and procedures relating to consumer financial products or services by Service Providers’ employees or agents engaging in telemarketing, in a timely manner, to a specified executive risk or compliance manager at Respondent. The manager to whom such reports are made must be independent of the unit overseeing the sale and marketing of the consumer financial product or service at issue. viii. Comprehensive written policies and procedures for the development of training materials relating to identifying and addressing violations of Federal 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page22 of 33 consumer financial laws relating to telemarketing by Service Providers of consumer financial products or services that will be incorporated into the existing annual compliance training for appropriate employees. ix. Written policies and procedures to ensure that the appropriate employees and departments within Respondent have the requisite authority and status within Respondent so that appropriate reviews of consumer financial products or services marketed or sold by Service Providers via telemarketing may occur and deficiencies are identified and properly remedied. g. Within 90 days of the Effective Date, Respondent must develop a new or revised written policy governing the management of consumer complaints. After receiving the Regional Director’s determination of non-objection described in Section VI, the Respondent shall implement this new or revised policy governing the management of consumer complaints according the timelines and deadlines set forth in the Compliance Plan. The policy shall require Service Providers marketing Overdraft Services for Covered Transactions to provide any consumer complaints they receive to Santander, and shall require, at a minimum: i. the maintenance of adequate records of all written, oral, or electronic complaints from consumers, formal or informal, received by Respondent and its Service Providers and the resolution of the complaints, and ii. the designation of appropriate personnel as responsible for overseeing the consumer complaint management program, which will include: (a) writing and revising policies and procedures as necessary, (b) reviewing all consumer complaints, including those regarding Service Providers, (c) analyzing consumer complaint data to determine if there exist any patterns of complaints 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page23 of 33 caused by common policies, procedures, individuals, or Service Providers, and (d) if so, making recommendations to eliminate or reduce the number of complaints. VI Compliance Plan IT IS FURTHER ORDERED that: 77. Within 90 days of the Effective Date, Respondent must submit to the Regional Director for review and determination of non-objection a comprehensive compliance plan designed to ensure that Respondent’s presentation of the Opt-In election complies with all applicable Federal consumer financial laws and the terms of this Consent Order (Compliance Plan). The Compliance Plan must include, at a minimum: a. Detailed steps for addressing each action required by Section V of this Consent Order; b. Specific timeframes and deadlines for implementation of the steps described above. 78. The Regional Director will have the discretion to make a determination of non-objection to the Compliance Plan or direct the Respondent to revise it. If the Regional Director directs the Respondent to revise the Compliance Plan, the Respondent must make the revisions and resubmit the Compliance Plan to the Regional Director within 30 days. 79. After receiving notification that the Regional Director has made a determination of nonobjection to the Compliance Plan, the Respondent must implement and adhere to the steps, recommendations, deadlines, and timeframes outlined in the Compliance Plan. VII Role of the Board IT IS FURTHER ORDERED that: 2016-CFPB-0012 80. Document 1 Filed 07/14/2016 Page24 of 33 The Board or a committee thereof must review all submissions (including plans, reports, programs, policies, and procedures) required by this Consent Order prior to submission to the Bureau. 81. Although this Consent Order requires the Respondent to submit certain documents for the review or non-objection by the Regional Director, the Board will have the ultimate responsibility for proper and sound management of Respondent and for ensuring that Respondent complies with Federal consumer financial law and this Consent Order. 82. In each instance that this Consent Order requires the Board to ensure adherence to, or perform certain obligations of Respondent, the Board or a committee thereof must: a. Authorize whatever actions are necessary for Respondent to fully comply with the Consent Order; b. Require timely reporting by management to the Board on the status of compliance obligations; and c. Require timely and appropriate corrective action to remedy any material noncompliance with Board directives related to this Section. VIII Order to Pay Civil Money Penalties IT IS FURTHER ORDERED that: 83. Under section 1055(c) of the CFPA, 12 U.S.C. § 5565(c), by reason of the violations of law described in Section IV of this Consent Order, and taking into account the factors in 12 U.S.C. § 5565(c)(3), Respondent must pay a civil money penalty of $10 million to the Bureau. 2016-CFPB-0012 84. Document 1 Filed 07/14/2016 Page25 of 33 Within 10 days of the Effective Date, Respondent must pay the civil money penalty by wire transfer to the Bureau or to the Bureau’s agent in compliance with the Bureau’s wiring instructions. 85. The civil money penalty paid under this Consent Order will be deposited in the Civil Penalty Fund of the Bureau as required by section 1017(d) of the CFPA, 12 U.S.C. § 5497(d). 86. Respondent must treat the civil money penalty paid under this Consent Order as a penalty paid to the government for all purposes. Regardless of how the Bureau ultimately uses those funds, Respondent may not: a. Claim, assert, or apply for a tax deduction, tax credit, or any other tax benefit for any civil money penalty paid under this Consent Order; or b. Seek or accept, directly or indirectly, reimbursement or indemnification from any source, including but not limited to payment made under any insurance policy, with regard to any civil money penalty paid under this Consent Order. 87. To preserve the deterrent effect of the civil money penalty in any Related Consumer Action, Respondent may not argue that Respondent is entitled to, nor may Respondent benefit by, any offset or reduction of any compensatory monetary remedies imposed in the Related Consumer Action because of the civil money penalty paid in this action (Penalty Offset). If the court in any Related Consumer Action grants such a Penalty Offset, Respondent must, within 30 days after entry of a final order granting the Penalty Offset, notify the Bureau, and pay the amount of the Penalty Offset to the U.S. Treasury. Such a payment will not be considered an additional civil money penalty and will not change the amount of the civil money penalty imposed in this action. 2016-CFPB-0012 88. Document 1 Filed 07/14/2016 Page26 of 33 In the event of any default on Respondent’s obligations to make payment under this Consent Order, interest, computed under 28 U.S.C. § 1961, as amended, will accrue on any outstanding amounts not paid from the date of default to the date of payment, and will immediately become due and payable. 89. Respondent must relinquish all dominion, control, and title to the funds paid to the fullest extent permitted by law and no part of the funds may be returned to Respondent. 90. Under 31 U.S.C. § 7701, Respondent, unless it already has done so, must furnish to the Bureau its taxpayer identifying numbers, which may be used for purposes of collecting and reporting on any delinquent amount arising out of this Consent Order. 91. Within 30 days of the entry of a final judgment, consent order, or settlement in a Related Consumer Action, Respondent must notify the Regional Director of the final judgment, consent order, or settlement in writing. That notification must indicate the amount of redress, if any, that Respondent paid or is required to pay to consumers and describe the consumers or classes of consumers to whom that redress has been or will be paid. IX Reporting Requirements IT IS FURTHER ORDERED that: 92. Respondent must notify the Bureau of any development that may affect compliance obligations arising under this Consent Order, including but not limited to, a dissolution, assignment, sale, merger, or other action that would result in the emergence of a successor company; the creation or dissolution of a subsidiary, parent, or affiliate that engages in any acts or practices subject to this Consent Order; the filing of any bankruptcy or insolvency proceeding by or against Respondent; or a change in 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page27 of 33 Respondent’s name or address. Respondent must provide this notice, if practicable, at least 30 days before the development, but in any case no later than 14 days after the development. 93. Within 90 days of the Effective Date, and again one year after the Effective Date, Respondent must submit to the Regional Director an accurate written compliance progress report (Compliance Report) that has been approved by the Board or a committee thereof, which, at a minimum: a. Describes in detail the manner and form in which Respondent has complied with this Order; and b. Attaches a copy of each Order Acknowledgment obtained under Section X, unless previously submitted to the Bureau. X Order Distribution and Acknowledgment IT IS FURTHER ORDERED that, 94. Within 30 days of the Effective Date, Respondent must deliver a copy of this Consent Order to each of its board members and executive officers, as well as to any managers or Service Providers who have responsibilities related to the subject matter of the Consent Order and employees or agents whose responsibilities include managing, overseeing, or negotiating contracts with Service Providers engaged in telemarketing. 95. For 5 years from the Effective Date, Respondent must deliver a copy of this Consent Order to any business entity resulting from any change in structure referred to in Section IX, any future board members and executive officers, as well as to any managers, or Service Providers who will have responsibilities related to the subject matter of the Consent Order and employees or agents whose responsibilities include 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page28 of 33 managing, overseeing, or negotiating contracts with Service Providers engaged in telemarketing before they assume their responsibilities. 96. Respondent must secure a signed and dated statement acknowledging receipt of a copy of this Consent Order, ensuring that any electronic signatures comply with the requirements of the E-Sign Act, 15 U.S.C. § 7001 et seq., within 30 days of delivery, from all persons receiving a copy of this Consent Order under this Section. XI Recordkeeping IT IS FURTHER ORDERED that 97. Respondent must create, or if already created, must retain for at least 5 years from the Effective Date, the following business records: a. All documents and records necessary to demonstrate full compliance with each provision of this Consent Order, including all submissions to the Bureau. b. Copies of all telemarketing calls; sales scripts; training materials; advertisements; websites; and other marketing materials relating to the Opt-In Rule. c. All written records of consumer complaints and refund requests, and any responses to those complaints or requests, that are recorded and tracked by Respondent in accordance with Respondent’s policies, whether received directly or indirectly, that relate to overdraft fees charged on Covered Transactions. 98. Respondent must make the documents identified in Paragraph 97 available to the Bureau upon the Bureau’s request. XII Notices IT IS FURTHER ORDERED that: 2016-CFPB-0012 99. Document 1 Filed 07/14/2016 Page29 of 33 Unless otherwise directed in writing by the Bureau, Respondent must provide all submissions, requests, communications, or other documents relating to this Consent Order in writing, with the subject line, “In re Santander Bank, N.A., File No. 2016CFPB-0012,” and send them either: a. By overnight courier (not the U.S. Postal Service), as follows: Regional Director, CFPB Northeast Region 140 East 45th Street New York, NY 10017; or b. By first-class mail to the below address and contemporaneously by email to Enforcement_Compliance@cfpb.gov: Regional Director, CFPB Northeast Region 140 East 45th Street New York, NY 10017 XIII Cooperation with the Bureau IT IS FURTHER ORDERED that: 100. Respondent must cooperate fully with the Bureau in this matter and in any investigation related to or associated with the conduct described in Section IV. Respondent must provide truthful and complete information, evidence, and testimony. Respondent must cause its officers, employees, representatives, or agents to appear for interviews, discovery, hearings, trials, and any other proceedings that the Bureau may reasonably request upon 5 days’ written notice, or other reasonable notice, at such places and times as the Bureau may designate, without the service of compulsory process. XIV Compliance Monitoring 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page30 of 33 IT IS FURTHER ORDERED that, to monitor Respondent’s compliance with this Consent Order: 101. Within 14 days of receipt of a written request from the Bureau, Respondent must submit additional Compliance Reports or other requested information, which must be made under penalty of perjury; provide sworn testimony; or produce documents. 102. Respondent must permit Bureau representatives to interview any employee or other person affiliated with Respondent who has agreed to such an interview. The person interviewed may have counsel present. 103. Nothing in this Consent Order will limit the Bureau’s lawful use of civil investigative demands under 12 C.F.R. § 1080.6 or other compulsory process. XV Modifications to Non-Material Requirements IT IS FURTHER ORDERED that: 104. Respondent may seek a modification to non-material requirements of this Consent Order (e.g., reasonable extensions of time and changes to reporting requirements) by submitting a written request to the Regional Director. 105. The Regional Director may, in his/her discretion, modify any non-material requirements of this Consent Order (e.g., reasonable extensions of time and changes to reporting requirements) if he/she determines good cause justifies the modification. Any such modification by the Regional Director must be in writing. XVI Administrative Provisions 2016-CFPB-0012 106. Document 1 Filed 07/14/2016 Page31 of 33 The provisions of this Consent Order do not bar, estop, or otherwise prevent the Bureau, or any other governmental agency, from taking any other action against Respondent, except as described in Paragraph 107. 107. The Bureau releases and discharges Respondent from all potential liability for law violations that the Bureau has or might have asserted based on the practices described in Section IV of this Consent Order, to the extent such practices occurred before the Effective Date and the Bureau knows about them as of the Effective Date. The Bureau may use the practices described in this Consent Order in future enforcement actions against Respondent and its affiliates, including, without limitation, to establish a pattern or practice of violations or the continuation of a pattern or practice of violations or to calculate the amount of any penalty. This release does not preclude or affect any right of the Bureau to determine and ensure compliance with the Consent Order, or to seek penalties for any violations of the Consent Order. 108. This Consent Order is intended to be, and will be construed as, a final Consent Order issued under section 1053 of the CFPA, 12 U.S.C. § 5563, and expressly does not form, and may not be construed to form, a contract binding the Bureau or the United States. 109. This Consent Order will terminate 5 years from the Effective Date or 5 years from the most recent date that the Bureau initiates an action alleging any violation of the Consent Order by Respondent. If such action is dismissed or the relevant adjudicative body rules that Respondent did not violate any provision of the Consent Order, and the dismissal or ruling is either not appealed or upheld on appeal, then the Consent Order will terminate as though the action had never been filed. The Consent Order will remain effective and enforceable until such time, except to the extent that any provisions of this 2016-CFPB-0012 Document 1 Filed 07/14/2016 Page32 of 33 Consent Order have been amended, suspended, waived, or terminated in writing by the Bureau or its designated agent. 110. Calculation of time limitations will run from the Effective Date and be based on calendar days, unless otherwise noted. 111. Should Respondent seek to transfer or assign all or part of its operations that are subject to this Consent Order, Respondent must, as a condition of sale, obtain the written agreement of the transferee or assignee to comply with all applicable provisions of this Consent Order. 112. The provisions of this Consent Order will be enforceable by the Bureau. For any violation of this Consent Order, the Bureau may impose the maximum amount of civil money penalties allowed under section 1055(c) of the CFPA, 12 U.S.C. § 5565(c). In connection with any attempt by the Bureau to enforce this Consent Order in federal district court, the Bureau may serve Respondent wherever Respondent may be found and Respondent may not contest that court’s personal jurisdiction over Respondent. 113. This Consent Order and the accompanying Stipulation contain the complete agreement between the parties. The parties have made no promises, representations, or warranties other than what is contained in this Consent Order and the accompanying Stipulation. This Consent Order and the accompanying Stipulation supersede any prior oral or written communications, discussions, or understandings. 114. Nothing in this Consent Order or the accompanying Stipulation may be construed as allowing the Respondent, its Board, officers, or employees to violate any law, rule, or regulation. 32 2016-CFPB-OO12 Document 1 Filed 07/14/2016 Page33 of 33 IT IS SO ORDERED, this 13th day of July, 2016. Kain/Q MW Richard Cordray Director Consumer Financial Protection Bureau 33