FinTech firm LendingClub has agreed to pay $18 million in a settlement with the Federal Trade Commission (FTC) for deceiving loan applicants about hidden fees that its compliance department allegedly warned it about.

The settlement, announced Wednesday, resolves a case brought by the FTC in 2018. Commissioners voted 4-0-1 to approve the final order, with new Chair Lina Khan not participating.

The details: LendingClub promised prospective borrowers “no hidden fees” but deducted “hundreds or even thousands of dollars” worth of concealed up-front fees from consumers’ loan proceeds, according to the FTC. This alleged deception was flagged by the company’s internal compliance department, which warned the concealment of the fees was “likely to mislead the consumer,” the FTC stated in its original complaint.

Specifically, a compliance review at the company, as explained by the FTC, noted, “‘The origination fee is disclosed on the offer page tooltip, but is not readily apparent unless an applicant clicks on the tooltip. This omission could be perceived as deceptive as it is likely to mislead the consumer.’” The FTC further cited an investor’s legal counsel that advised the company that the “relative obscurity” of its wording could make it susceptible to legal action.

“Defendant has ignored these warnings,” the FTC alleged in its complaint. “Rather than improving over time, Defendant’s violations have become more egregious over the years: when redesigning the application flow in the winter of 2014, Defendant increased the prominence of the ‘No hidden fees’ representation and decreased the prominence of the tooltip.”

The FTC additionally alleged LendingClub violated the privacy rule of the Gramm-Leach-Bliley Act by failing to require customers to acknowledge receipt of a privacy notice before sharing nonpublic personal information.

“In order to reach the privacy notice that Defendant was required to provide to customers, a customer would need to click on a link that did not indicate it was related to privacy, and then further find a link to Defendant’s privacy policy within the lengthy document to which the link led,” the FTC stated. “Customers were not provided a clear and conspicuous privacy notice before they submitted nonpublic personal information to Defendant.”

This was amended in 2016, though internal compliance had flagged the issue “in the years prior,” according to the FTC.

LendingClub response: “While we have never agreed with the FTC’s allegations, we appreciate the important role the FTC plays to protect consumers and are pleased to have reached an agreement that resolves the agency’s concerns,” said LendingClub Chief Administrative Officer Brandon Pace in a company statement. “We look forward to continuing our mission to empower our members on their path to financial health.”