Inside the Discover consent order: A sweeping audit, but no fines

Discover
Discover Financial Services agreed in a Federal Deposit Insurance Corp. consent order to perform a broad audit of its framework for consumer protections, but it escaped without any monetary penalties or fines.
JHVEPhoto - stock.adobe.com

Discover Financial Services disclosed late last week that it had agreed in a Federal Deposit Insurance Corp. consent order to perform a sweeping audit with a commitment to overhaul any gaps, and it appears the credit card company escaped without any monetary penalties or fines.

The document sheds light on internal compliance lapses around consumer protection laws and regulations that may have contributed to the ouster of Discover's longtime CEO Roger Hochschild in mid-August. John Owen, a board member and former top executive at Regions Financial, is acting as interim CEO while Discover conducts a search for a new leader.

The FDIC consent order, which Discover disclosed in July when reporting second-quarter results, is unrelated to a separate problem Discover revealed at that time, when it said it had been overcharging some merchants for credit card account fees dating back to 2007, to the tune of about $400 million. Discover vowed then to conduct an internal view of the company's compliance, risk management and governance.

Discover's earlier student-loan compliance issues, which date back several years, also are unrelated to the recent FDIC consent order, which pertains only to consumer banking products. Discover in 2015 reached a consent decree with the Consumer Financial Protection Bureau on student loan servicing lapses, and in 2020 Discover was ordered to pay $35 million in penalties for those violations. 

Discover recently said it has hired more than 200 new employees and increased its board of directors' oversight to improve its compliance and risk functions, and analysts say the consent order enables Discover to put the latest round of regulatory uncertainties behind it. Discover last month also added an ex-FDIC official to its board.

"We believe these recent events will be in the rearview mirror fairly soon, with the company resuming its share buyback in the near future," said analysts for Jefferies Research Services in a Monday note to investors. 

Discover's stock rose 5% in Monday trading in the wake of the FDIC consent-order news.

"Investors waited for two months fearing there would be something terrible in this release, and there is not," said Brian Foran, co-founder of Autonomous Research, in a Monday note to investors.

In the 29-page document, Discover itemized various requirements and recommendations the FDIC set out to correct regarding its failure to comply with banking laws.

Based on an October 2021 FDIC examination along with findings by the Consumer Financial Protection Bureau, the FDIC determined that Discover engaged in unsafe or unsound banking practices, including failing to establish and maintain a compliance management system to meet consumer protection laws and regulations.

Discover lacked appropriate board and bank management oversight and commitment and change management, along with systems to manage risk, take corrective action and maintain self-identification and third-party risk management with written policies. Discover also failed to meet standards and practices in training, monitoring and testing around its consumer complaint response programs, which fell short of requirements to prevent, identify and self-correct violations of all applicable consumer protection laws and regulations. 

In the consent order Discover agreed to add compliance officers, increase appropriate risk-management policies around third-party relationships and shore up information systems and procedures so the board receives regular updates and relevant data to conduct robust discussions on regulatory compliance and any exposure of consumers to risk or harm, which will be thoroughly documented for follow-up.

Discover agreed to hire an independent third party within 30 days — subject to FDIC approval — to assess whether the institution's corporate governance framework is appropriate to meet consumer protection rules and regulations. This assessment must be completed as a written report due 120 days after the FDIC approves Discover's third-party engagement letter.

The FDIC will be looking to ensure that Discover has set up appropriate internal organizational channels to meet and monitor consumer compliance rules and regulations, with supporting documents and ongoing procedures in place to identify risks, concerns, issues, potential violations and to take preventive and corrective actions.

The consent order also covers similar requirements for Discover to meet consumer compliance rules and regulations, including ensuring mechanisms are in place to appropriately handle consumer complaints. Discover also agreed to ensure that it has a compliance vendor management program meeting all regulatory requirements in place, with ongoing processes for maintaining due diligence, oversight, monitoring and testing. 

Discover has agreed to submit progress reports 45 days from the end of each calendar quarter going forward, which must be reviewed and approved by Discover's board.

For reprint and licensing requests for this article, click here.
Payments Regulation and compliance
MORE FROM AMERICAN BANKER