The Consumer Financial Protection Bureau (CFPB) on Tuesday filed a lawsuit in federal court charging TransUnion, two of its subsidiaries, and one of its longtime executives with violating a 2017 consent order and other consumer financial protection laws.

“TransUnion is an out-of-control repeat offender that believes it is above the law,” said CFPB Director Rohit Chopra in a press release. “I am concerned that TransUnion’s leadership is either unwilling or incapable of operating its businesses lawfully.”

In January 2017, the CFPB settled charges with TransUnion and its subsidiaries for deceptively marketing credit scores and credit-related products. Under the settlement, TransUnion agreed to pay $16.9 million in restitution and civil penalties and entered a consent order, in which it agreed to stop engaging in deceptive marketing practices.

The order was binding on the company, its board of directors, and its executive officers.

In October 2018, the CFPB commenced an examination of TransUnion and found multiple violations of the order’s requirements. “In these instances, companies typically work constructively with the CFPB to make quick fixes and come into compliance,” the agency stated. However, as late as June 2021, TransUnion remained in noncompliance with the order, according to the CFPB.

“I hope that [TransUnion’s] board of directors will take this action seriously and immediately change its corporate culture when it comes to compliance with consumer protection law,” said Chopra in prepared remarks accompanying the complaint. “The company’s conduct is a stark contrast to most of the institutions the CFPB examines.”

The CFPB’s complaint against TransUnion alleges the following:

TransUnion violated the consent order. The company continued to engage in deceptive conduct in its marketing and sale of credit-related products; failed to provide required disclosures to make its marketing not misleading; and failed to assemble and review consumer information and implement appropriate improvements to advertisements, the CFPB stated.

John Danaher, a former executive at subsidiary TransUnion Interactive, was also bound by the consent order. Danaher “repeatedly failed to ensure that TransUnion took certain required steps and refrained from prohibited conduct,” the CFPB said, adding he “determined that complying with the order would reduce the company’s revenue, so he created a plan to delay or avoid having to implement the order.”

“I do not take the decision to charge individuals lightly,” remarked Chopra. “Based on the evidence uncovered in the investigation, I believe it was appropriate that [Danaher] be named individually and answer our allegations. If, in the course of the legal proceedings, we uncover evidence of wrongdoing by other senior executives, we will amend our complaint accordingly.”

Danaher retired from TransUnion in February.

TransUnion deceived customers through digital dark patterns, including enrolling customers into recurring payment subscriptions and making it difficult for them to cancel.

TransUnion cheated customers through the marketing and sale of its credit-related products, including misrepresenting its credit monitoring service was a standalone credit score or credit report.

The CFPB’s lawsuit alleges TransUnion violated the Consumer Financial Protection Act by failing to implement the 2017 consent order requirements and engaging in deceptive acts and practices. The agency also alleged TransUnion violated Regulation V, which implements the Fair Credit Reporting Act and the Electronic Fund Transfer Act.

The CFPB is seeking monetary relief for consumers.

Compliance message

In remarks made last month, Chopra discussed how “reining in repeat offenders” is a top priority for the CFPB.

“We need penalties where the expected financial benefits of an illegal scheme do not outweigh the expected costs,” he said. “And we need an understanding that agency and court orders are not suggestions.”

Chopra noted the agency plans to establish dedicated units in its supervision and enforcement divisions “to enhance the detection of repeat offenses and corporate recidivists and to better hold them accountable. This will include closer scrutiny to ensure orders are being followed and closer coordination with partner agencies to ensure that each agency’s orders are not treated as suggestions.”

TransUnion response

In a statement, TransUnion said the CFPB’s allegations are “meritless and in no way reflect the consumer-first approach we take to managing all our businesses.” The company redirected blame onto the regulator.

“As required by the consent order, TransUnion submitted to the CFPB for approval a plan detailing how it would comply with the order,” the company stated. “The CFPB ignored the compliance plan, despite being obligated to respond and trigger deadlines for implementation. In the absence of any sort of guidance from the CFPB, TransUnion took affirmative actions to implement the consent order.”

TransUnion stated it remains in compliance with the consent order.

“Rather than providing any supervisory guidance on this matter and advising TransUnion of its concerns—like a responsible regulator would—the CFPB stayed silent and saved their claims for inclusion in a lawsuit, including naming a former executive in the complaint,” TransUnion stated. “… The CFPB’s unrealistic and unworkable demands have left us with no alternative but to defend ourselves fully.

“Over the last several years, and under the direction of new leadership, TransUnion has led the credit reporting industry in making significant changes aimed at benefitting consumers and increasing transparency in the credit reporting process.”