Credit union compliance experts are tasked with leading their credit union through the industry’s most challenging compliance issues. Unfortunately, examiner questions and compliance issues are no longer the whole story for financial institutions to manage legal risk. In the past decade, there has been a steep rise in lawsuits naming credit unions as defendants. Compliance teams now have the added burden of working with legal counsel to prepare their institutions against litigation.

While there is no end in sight for the rise in lawsuits, compliance professionals can use legal advice from their counsel to reduce risk of becoming a defendant in a lawsuit. While we cannot provide legal advice, our teams can raise awareness of trends in the legal system that may decrease the risk of being named in a lawsuit.

Overview of the key trends

There are five trends credit union and CUSO compliance experts should be aware of:

Overdraft litigation: Class action lawsuits against credit unions for overdraft violations still remain the single biggest legal threat to credit unions. Credit unions should be aware overdraft class action litigation is increasing and appearing in states that have not really had an abundance of overdraft litigation recently.

Telephone Consumer Protection Act (TCPA): Although the Supreme Court has reduced the risk of using auto-dialers, TCPA litigation remains a real danger. Expect law firms to go after organizations that relax their TCPA controls.

Nondiscrimination: There is increasing litigation against banks for harassing and discriminating against customers on the basis of race.

Security: There are still class action lawsuits filed against credit unions for failure to provide adequate security.

Force Majeure: COVID-19 is changing how force majeure is interpreted by the courts.

Credit unions and CUSOs can help protect themselves against the threat of litigation by working with their legal counsel to review these issues.

Overdraft litigation

Overdraft litigation is not going away. If anything, plaintiff’s law firms have refined the process for these lawsuits and are now pressing claims against financial institutions in jurisdictions that have generally avoided overdraft litigation. For example, in 2021 the National Law Review reported that banks and credit unions in Maine have become targets of overdraft class actions. Credit unions should be very vigilant about how they manage fees to members.

A major item to be aware of are the terms in the Membership Agreement or the credit union’s disclosures. If these terms do not match the actual overdraft fee process, the organization is at risk of being sued in class actions. Some of the ways law firms have challenged the legality of credit overdraft practices include:

• Ambiguous language in agreements regarding how the institutions would treat authorizations and settlements.
• Lack of language expressly authorizing an overdraft fee when a customer’s account had insufficient funds at the time of posting and settlement.
• Institutions used customers’ available balance—including pending debit holds—and therefore charged overdraft fees when the customers had a sufficient ledger balance to cover the transactions. The argument is the credit unions failed to adequately disclose the practice in their account agreements.
• Allegations that financial institutions breach their account agreements when they assess more than one NSF fee on represented transactions, arguing that those multiple transactions only constitute a single item or transaction.

Credit unions should be aware that overdraft fees are completely legal, and where financial institutions have run into trouble is when the practices of collecting fees does not match the disclosures or promises made to members. Credit unions should always consult with their own legal counsel to ensure the disclosures match the actual practices as configured in their core data processing system.

Telephone Consumer Protection Act 

The Telephone Consumer Protection Act is the predominant legislation regarding telemarketing calls and texts. Unfortunately, the TCPA also allows individuals to file class action lawsuits in the event of a TCPA violation. A significant cottage industry has sprung up around TCPA lawsuits. In addition, the TCPA has outdated rules regarding contacting consumers on their wireless cell phones, despite this technology becoming consumer’s favored method of connecting with their financial institution and other businesses.

TCPA has very broad reach with respect to telemarketing calls or texts made to cell phones. Some of the restrictions include:

• No telemarketing to a residential telephone subscriber between 9 PM and 8 AM (called party’s local time).
• No autodialed calls, prerecorded calls, or texts sent or made to a wireless number without prior express written consent and no prerecorded telemarketing calls to a landline number without express written consent or if consent is revoked “through any reasonable means.”
• No autodialed or prerecorded debt collection calls to a wireless number without prior written or oral consent (consent may exist if the consumer has given the cell phone number to the creditor for use in normal business communications).
• No “dual purpose calls”; i.e. calls or messages that would otherwise be exempt from TCPA are considered telemarketing if the calls include any message “for the purpose of encouraging the purchase or rental of, or investment in, property, goods, or services, which is transmitted to any person.”
• No prerecorded calls that do not state clearly the identity and telephone number of the business, individual, or other entity that is responsible for initiating the call.
• No prerecorded calls without an automated opt-out mechanism for the called person to make a do-not-call request.

In April 2021, the U.S. Supreme Court restricted the definition of what an “auto-dialer” is.  However, this decision does not mean the TCPA is dead. Law firms will likely go after organizations that relax TCPA controls as these lawsuits can be very lucrative. Under TCPA, violators are liable for $500 per violation (i.e., per call, text message or fax), or up to $1,500 for a “willful” or “knowing” violation at the court’s discretion. TCPA imposes strict liability; lack of knowledge or intent is not a defense.

In addition, TCPA violators can be sued multiple times for different breaches of the law. For example, Navy Federal Credit Union settled a 2016 TCPA lawsuit alleging the credit union was improperly calling individuals on their cell phones by agreeing to pay $2.75 million. In 2020, Navy Federal settled a separate TCPA class action lawsuit alleging robotexts were sent to non-consenting members. This second settlement cost $9.25 million.

Credit unions should already have Consent to Communicate or Consent to Contact provisions for member opt-out and consent to contact via cell phones, including requirement that the member update the cell phone numbers. Opt-outs should be managed in the credit union’s core data processing system.

Nondiscrimination

A trend recently receiving national attention are claims of racial profiling by banks. The New York Times reported in 2020 on a lawsuit filed against Wells Fargo for discriminatory banking practices. In another case, a Detroit man sued TCF Bank for discriminating against him when he tried to cash settlement checks. Other similar cases have been filed in Oregon and Florida.

Credit unions have historically been bastions of fair lending and credit provided to all qualified applicants regardless of race, creed, or other legally protected status. However, credit unions can have exposure if fraud blockers are not carefully managed. Fraud blockers, if not managed correctly, can potentially block persons who are eligible to receive service from the financial institution.

Using fraud blockers without management can be used as evidence of discrimination. All credit unions should ensure there is a documented process followed when a customer is blocked. Whatever core data processing system is used, being aware of the tools to manage fraud blockers can be invaluable for credit unions if challenged by a customer who is eligible for financial services.

Reasonable security

There are still class action lawsuits filed against financial institutions for failing to provide security that results in the breach of protected member information. For example, in 2021, a credit union settled a class action lawsuit alleging negligence in protecting their identities. All financial institutions have the risk of being held accountable if their security promises in the membership agreement do not match actual practices. Failure to deliver on that promise entitles consumers to restitution.

To help bolster a credit union’s defense that its security practices are not negligent, credit unions should ensure the security access allowed to employees is managed appropriately.

Force majeure

Force majeure is a contract term that allows a party to claim circumstances prevented them for completing their responsibilities on a contract. As with so many other issues over the past year, COVID-19 is reshaping force majeure clauses. For example, a student sued his university claiming that it breached a contract to provide in-person learning after COVID-19 caused the school to turn to remote learning.

Credit unions should ensure force majeure clauses do not apply if the credit union has failed to provide services. Credit unions should reconcile their force majeure terms with the same testing and availability language as offered by their core data processor, and these terms should not exceed what is provided by the processor.

Conclusion

Unfortunately, litigation is a reality of the credit union industry. Despite the credit union mission of being cooperative, not-for-profit financial institutions existing to serve their members, credit unions are targeted as defendants in lawsuits ever more frequently.

Fortunately, there are tools and resources for credit unions. By keeping aware of the latest courthouse developments, maintaining a close relationship with legal counsel who can review the credit union’s disclosures and other terms and conditions, and using the tools made available by the credit union’s core data processor, credit unions can lower the risk of becoming defendants in a lawsuit.