Discover Financial Services disclosed late last week that it had agreed in a Federal Deposit Insurance Corp. consent order to perform a sweeping audit with a commitment to overhaul any gaps, and it appears the credit card company escaped without any monetary penalties or fines.
The document sheds light on internal compliance lapses around consumer protection laws and regulations that may have contributed to the
The FDIC
Discover's earlier
Discover recently said it has
"We believe these recent events will be in the rearview mirror fairly soon, with the company resuming its share buyback in the near future," said analysts for Jefferies Research Services in a Monday note to investors.
Discover's stock rose 5% in Monday trading in the wake of the FDIC consent-order news.
"Investors waited for two months fearing there would be something terrible in this release, and there is not," said Brian Foran, co-founder of Autonomous Research, in a Monday note to investors.
In the 29-page document, Discover itemized various requirements and recommendations the FDIC set out to correct regarding its failure to comply with banking laws.
Based on an October 2021 FDIC examination along with findings by the Consumer Financial Protection Bureau, the FDIC determined that Discover engaged in unsafe or unsound banking practices, including failing to establish and maintain a compliance management system to meet consumer protection laws and regulations.
Discover lacked appropriate board and bank management oversight and commitment and change management, along with systems to manage risk, take corrective action and maintain self-identification and third-party risk management with written policies. Discover also failed to meet standards and practices in training, monitoring and testing around its consumer complaint response programs, which fell short of requirements to prevent, identify and self-correct violations of all applicable consumer protection laws and regulations.
In the consent order Discover agreed to add compliance officers, increase appropriate risk-management policies around third-party relationships and shore up information systems and procedures so the board receives regular updates and relevant data to conduct robust discussions on regulatory compliance and any exposure of consumers to risk or harm, which will be thoroughly documented for follow-up.
Discover agreed to hire an independent third party within 30 days — subject to FDIC approval — to assess whether the institution's corporate governance framework is appropriate to meet consumer protection rules and regulations. This assessment must be completed as a written report due 120 days after the FDIC approves Discover's third-party engagement letter.
The FDIC will be looking to ensure that Discover has set up appropriate internal organizational channels to meet and monitor consumer compliance rules and regulations, with supporting documents and ongoing procedures in place to identify risks, concerns, issues, potential violations and to take preventive and corrective actions.
The consent order also covers similar requirements for Discover to meet consumer compliance rules and regulations, including ensuring mechanisms are in place to appropriately handle consumer complaints. Discover also agreed to ensure that it has a compliance vendor management program meeting all regulatory requirements in place, with ongoing processes for maintaining due diligence, oversight, monitoring and testing.
Discover has agreed to submit progress reports 45 days from the end of each calendar quarter going forward, which must be reviewed and approved by Discover's board.