WASHINGTON, D.C. — Sen. Sherrod Brown (D-OH), Chairman of the Senate Committee on Banking, Housing, and Urban Affairs, joined fellow Banking and Housing Committee members Elizabeth Warren (D-MA), Catherine Cortez Masto (D-NV), Chris Van Hollen (D-MD), and Robert Menendez (D-NJ) in a letter to Andrew Cecere, CEO of U.S. Bank, requesting information about the bank’s use of consumer data to open unauthorized bank accounts. The letter comes after the Consumer Financial Protection Bureau (CFPB) fined the bank $37.5 million for illegally accessing consumers’ credit reports to open fake checking and credit accounts, accrue fees, and increase profits.

It is unacceptable that U.S. Bank provided incentives to and pressured its employees to take advantage of their unique access to a veritable treasure trove of sensitive, personal information to sign up unsuspecting customers for fee-generating financial products and services,” wrote the Senators.

Brown has led the fight to protect consumers from banks’ malicious practices. Last week, he led his colleagues in reintroducing the Fair Access to Financial Services Act, which would hold financial institutions accountable for discriminatory practices. In May, he sent a letter to Wells Fargo highlighting the bank’s history of consumer abuses. Brown also led the charge against Wells Fargo after it was found that the bank opened millions of fake customer accounts.

A copy of the letter is available here and below:

Dear Mr. Cecere:

We are deeply concerned by the reported misconduct by U.S. Bank National Association (“U.S. Bank”) that led the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) to issue a consent order and $37.5 million fine against U.S. Bank for illegally using consumer data to issue credit cards and lines of credit and to open deposit accounts for consumers without their knowledge or consent. Troublingly, this is the second time in less than a decade where the federal government has sought accountability and redress by a major bank for perpetuating this practice – since 2016, Wells Fargo has paid a $3 billion penalty in a settlement with the Securities and Exchange Commission (“SEC”), in addition to a $100 million fine to the CFPB, a $35 million to the Office of the Comptroller of the Currency (“OCC”), and a $50 million fine to the City and County of Los Angeles for unlawfully opening fake accounts for millions of customers without their approval.

The CFPB’s consent order tells a problematic story. According to the Bureau, U.S. Bank, the nation’s fifth largest commercial bank, sought to increase sales of its products and services by rewarding employees who met sales goals and generated more revenue for the bank through an incentive-compensation program.  Under this pressure, employees engaged in unlawful activity by utilizing customers’ personal identifying information to open deposit accounts, apply for and issue credit cards, and open lines of credit from 2010 to 2020.  All of these products accrued fees and increased profits for U.S. Bank – to the detriment of its own customers.  The CFPB found that these practices violated federal consumer laws and violated individual consumers’ control over their data privacy

Banks are entrusted with customers’ most sensitive information in support of applications for mortgages, loans, credit cards, deposit accounts, and financial services necessary to participate in the economy.  It is unacceptable that U.S. Bank provided incentives to and pressured its employees to take advantage of their unique access to a veritable treasure trove of sensitive, personal information to sign up unsuspecting customers for fee-generating financial products and services. 

We request that U.S. Bank brief Congressional staff on the matter.  Additionally, to understand the full scope of the problem, we request responses to the following by September 6, 2022:

  1. The number of unauthorized accounts opened from January 1, 2010 to the present. In responding to this question, please provide the number of deposit accounts opened, as well as the number of credit cards and other lines of credit issued without the knowledge or consent of U.S. Bank customers.  Please provide a state-by-state breakdown.  Are any of the fraudulently opened accounts, credit cards, or lines of credit operational today?
  2. The number of unauthorized accounts opened by U.S. bank employees on the basis of existing customers’ personal identifying information and the number of accounts opened on behalf of new customers.  The number of customers who had unauthorized accounts opened on their behalf without their knowledge or consent.
  3. Please describe how U.S. Bank measured employee performance and made decisions to retain employees during the findings period in the consent order, especially with regard to employees who served customers directly and authorized new accounts.  In responding to this question, please describe how the incentive-compensation program factored into performance reviews and provide the terms of the incentive-compensation program that rewarded employees for increased sales referenced in para. 8 of the consent order.
  4. Are any employees who engaged in the unauthorized accounts scheme still employed or otherwise retained by U.S. Bank?
  5. When did senior leadership and the Board of Directors first become aware of unauthorized account openings? Please describe in detail the first instance U.S. Bank became aware of unauthorized account openings. Please provide a timeline.
  6. Please describe all measures taken by U.S. Bank to contact affected consumers. In response to this question, please provide the following:
    1. The date U.S. Bank notified affected customers regarding fraudulently opened accounts.
    2. The date U.S. Bank closed the fraudulently opened accounts.
    3. The date U.S. Bank refunded customers any fees paid on these fraudulently opened accounts.
    4. The method of outreach used by U.S. Bank to notify affected customers.
  7. The total revenue generated by U.S. Bank from the creation of unauthorized accounts.
  8. Please describe in detail internal safeguards U.S. Bank had in place to protect against these practices. 
  9. For consumers whose credit files and scores sustained damage due to unauthorized account activity, please detail the steps U.S. Bank plans to take to remediate harm to customer credit files and scores.
  10. Please describe the data privacy protections instituted by U.S. Bank since the CFPB issued the consent order to protect consumers’ sensitive financial data and information within U.S. Bank.

The Committee plans to hold its Annual Wall Street Oversight Hearing in September of this year and we look forward to your participation.

###