Permissibility of a Federal Credit Union Charging Fees to a Member’s Account for Identity Theft Protection Services Without the Member’s Request or Express Consent.

10-0842 / February 2011
Permissibility of a Federal Credit Union Charging Fees to a Member’s Account for Identity Theft Protection Services Without the Member’s Request or Express Consent.

Dear Mr. Schwartz:

You inquired whether federal credit unions (FCUs) can provide identity theft protection services programs to their members where:
  • FCUs automatically enroll their members, without the members’ request or express consent, to receive their services on accounts advertised as free checking;
  •  FCUs deduct periodic fees from the members’ checking accounts unless the members opt out of receiving the services; and
  •  the FCUs’ account agreements with the free checking accountholders include a truth-in-savings fee disclosure, listing a one dollar monthly fee for the services, but describing the fee as “optional.”
While we would look at each specific program to determine its permissibility, a program providing these services to “free checking” accountholders, without their request or express consent, charging them a dollar a month, and disclosing the fee as optional, while using an opt out only option, appears to be an unfair or deceptive practice and may present problems under NCUA’s truth-in-savings and advertising regulations.

An FCU should not assess such charges unless it is clearly within its contractual rights and has met all the relevant requirements of applicable laws. From our review of the type of FCU program you described, we were able to identify the following potential problems.

1. The Federal Trade Commission (FTC) Act’s unfair and deceptive acts and practices (UDAP) provisions as implemented by NCUA.

Under the FTC unfair and deceptive acts and practices (UDAP) provisions, an act or practice is “deceptive” if (1) there is a representation or omission of information that is likely to mislead a consumer acting reasonably under the circumstances; and (2) that representation or omission is material. FTC Policy on Deception (Oct. 14, 1983); see also 15 U.S.C. §§ 45(a), 57a(f)(1), (4).
NCUA has regulatory and enforcement authority under the FTC Act to prohibit an FCU’s practices that are unfair or deceptive to consumers. 15 U.S.C. §57a(f).1 NCUA’s unfair and deceptive credit practices rule provides: “The purpose of this part is to prohibit unfair or deceptive acts or practices in violation of section 5(a)(1) of the [FTC] Act, 15 U.S.C. 45(a)(1). The prohibitions  in this part do not limit NCUA’s authority to enforce the [FTC] Act with respect to any other  unfair or deceptive acts or practices.” 12 C.F.R. §706.0(a) (emphasis added). An FCU’s identity theft services program may be deceptive if the FCU is advertising its checking accounts as free, but charging all checking accountholders for the identity theft protection services unless they opt out. NCUA would review any applicable disclosures an FCU makes in its account agreement, and any other representations to members, to make such a determination.

2. The Truth in Savings Act (TISA) and regulations.

An identity theft protection services program such as you described also might violate TISA, 12 U.S.C. §4301 et seq., and NCUA’ s TISA regulation at 12 C.F.R. Part 707.2 Under TISA, each FCU’s advertisement of interest-bearing accounts referring to a specific interest rate or earning rate generally must state in a clear and conspicuous manner, inter alia, “a statement that regular
fees or other conditions could reduce the yield.” 12 U.S.C. §4302(a)(5). In addition, no FCU advertisement may refer to “an account as a free or no-cost account (or words of similar meaning) if-- . . . any regular service or transaction fee is imposed.” 12 U.S.C. §4302(d)(2). Moreover, FCUs must maintain account fee schedules, including the amount and description of all fees and
charges. 12 U.S.C. §4303(b).

Likewise, under Part 707 of NCUA’s regulations, deposit account disclosures must include “[t]he amount of any fee that may be imposed in connection with the account (or an explanation of how the fee will be determined) and the conditions under which the fee may be imposed.” A credit union cannot describe an account as free if a maintenance or activity fee is assessed on the account. 12 C.F.R. §707.4(b)(4), 12 C.F.R. pt. 707, app. C. §707.4(b)(4)3. See also 12 C.F.R. §707.8(a); see also 12 C.F.R. pt. 707, app. C. §707.8(a).

3. NCUA’s advertising rule.
A program such as one you described might also violate NCUA rules on the accuracy of advertising. Under 12 C.F.R. Part 740, federally insured credit unions are prohibited from using: “any advertising” or from making “any representation which is inaccurate or deceptive in any particular, or which in any way misrepresents its services, contracts, or financial condition, or which violates the requirements of §707.8.” 12 C.F.R. §740.2. An FCU’s provision of the identity theft protection services for a dollar per month fee with opt out only, along with its advertising of free checking accounts, would appear to be deceptive and inaccurate under 12 C.F.R. §740.2.

In conclusion, an identity theft protection program as described may be unfair or deceptive and in violation of one or more of the rules described above, but we would need to review any applicable disclosures an FCU made in its member account agreements, and any other representations to members to make such a determination. We would recommend FCUs offering identity theft protection services from a vendor should structure or modify their policies, practices, and advertising to avoid or eliminate these types of potential violations.

Hattie M. Ulan
Associate General Counsel


1 The Dodd-Frank Wall Street Reform and Consumer Protection (Dodd-Frank) Act deletes the requirement
for NCUA and other regulators to adopt and enforce regulations on unfair or deceptive acts and
practices. Pub. L. No. 111-203, §1092 (2010)(to be codified at 15 U.S.C. §57a(f)). The Dodd-Frank
Act also gives authority to the Bureau of Consumer Financial Protection (CFPB) for prohibiting
unfair, deceptive, or abusive acts or practices and disclosures. Id. at §§ 1031, 1032. These
provisions are effective on the CFPB transition date, July 21, 2011.

2 Under the Dodd-Frank Act, NCUA retains authority to write “substantially similar” regulations to
those prescribed for other depository institutions by the CFPB. Dodd-Frank Act (Amendments to TISA)
§1100B(3), to be codified at 12 U.S.C. §4311(b).

Last modified on