Sending a message: CFPB charges against TransUnion | Cadwalader, Wickersham & Taft LLP


For months, Director Rohit Chopra has warned that the Consumer Financial Protection Bureau (the “Bureau”) will put more emphasis on repeat offenders.[1] On April 12, 2022, the Bureau demonstrated its resolve by announcing charges against national credit reporting agency TransUnion, two of its subsidiaries and a longtime executive for violating a 2017 consent order that barred TransUnion from deceptively market credit scores and credit-related information. some products.[2]

In January 2017, the Bureau issued a consent order against TransUnion to address findings that the credit reporting agency violated the Consumer Financial Protection Act (“CFPA”) by deceptively marketing credit related products. The consent order required TransUnion to pay $13.93 million in restitution to consumers, pay a civil penalty of $3 million and comply with certain conduct provisions. However, the Bureau found more than a year later during a supervisory review that TransUnion was still using deceptive marketing practices, including website and app design features (“digital dark models ”) intended to induce consumers to purchase credit-linked subscriptions and make it difficult to cancel them. The Bureau alleges that he advised TransUnion on multiple occasions, beginning in 2019, that he was in breach of the 2017 consent order.

On April 12, 2022, the Bureau filed its complaint in federal district court for alleged violations of the CFPA, the Electronic Fund Transfer Act, and the Fair Credit Reporting Act, and their implementing regulations.[3] The Bureau is seeking consumer relief, restitution, injunctive relief and the imposition of monetary civil penalties for TransUnion’s violations.

On closer inspection, the Bureau’s action against TransUnion is particularly noteworthy, as it demonstrates Director Chopra’s commitment to strengthening enforcement in several important ways, including:

  • The Bureau will take aggressive action against those who delay or avoid implementing the terms of a consent order, as they can negatively impact business results.. Director Chopra recently expressed frustration that corporate recidivism has become normalized and calculated as the cost of doing business. He warned that the Bureau will be aggressively reaching out to repeat offenders to “change corporate behavior and make sure they realize it’s cheaper, and better for their bottom line, to obey the law than to violate it”.[4] TransUnion’s action reinforces this commitment. The Bureau has signaled it will seek millions of dollars in consumer relief and civil penalties, but the Bureau could also seek “structural” changes to TransUnion, such as bans on certain business activities.[5]
  • The Bureau will also charge people for “egregious” conduct, such as playing an active role in repeated offenses. In recent comments on corporate recidivism, Director Chopra indicated he can charge senior executives and executives and seek lifetime professional bans when they play a role in repeat offenses and breaches of orders. .[6] The Bureau’s complaint against TransUnion includes charges against a longtime executive for his role in breaching the 2017 consent order, in part based on allegations that he asked employees to delete a box check required by the consent order.
  • The Bureau will dedicate significant resources to identifying and addressing digital dark schemes that aim to mislead or trick consumers. In his remarks regarding the complaint, Director Chopra pointed out that many other companies use digital dark models to direct customers.[7] For example, TransUnion allegedly embedded colorful, misleading buttons and low-contrast fine print information on its website. Director Chopra said the Bureau will work with the Federal Trade Commission, Department of Justice, state attorneys general and international partners to combat these types of tactics.
  • The Bureau will leverage insider information to support its enforcement activities. In its announcement of TransUnion’s complaint, the Bureau specifically called on current and former employees with information about the company’s misconduct to report that information through the CFPB’s whistleblower program. Unlike other whistleblower programs, such as those of the SEC and the CFTC, the CFPB currently does not have the authority to award bounties. (Individuals who report information about possible consumer financial protection violations to the Bureau are protected from retaliation.) Even so, the Bureau’s request, which follows a separate call to action for employees of the IT for financial institutions,[8] suggests that the Bureau believes many industry insiders will nonetheless provide critical information about consumer financial protection violations.

[1] To see Prepared remarks, Dir. Rohit Chopra, “Reining in Repeat Offenders”: 2022 Distinguished Lecture on Regulation, University of Pennsylvania Law School (March 28, 2022),; Prepared remarks, Dir. Rohit Chopra, December NAAG meeting (December 7, 2021),; Press Release, CFPB, “CFPB Appoints New Chiefs for Oversight and Enforcement Positions” (October 29, 2021),; Director Rohit Chopra’s Opening Address to the Senate Banking, Housing, and Urban Affairs Committee (October 28, 2021),

[2] News Release, CFPB, CFPB Accuses TransUnion and Chief Executive John Danaher of Breaching Law Enforcement Order (April 12, 2022),

[3] Complaint, CFPB v. Trans UnionCase No. 1:22-cv-1880 (ND Ill. Apr. 12, 2022), available at

[4] Prepared remarks, Dir. Rohit Chopra, “Reining in Repeat Offenders”: 2022 Distinguished Lecture on Regulation, University of Pennsylvania Law School (March 28, 2022),

[5] Director Chopra recently stated that 12 USC § 5565, which allows the Bureau to request “limits on the activities or functions of [a] person” in court or administrative proceedings, can be used to make “structural” changes to financial services firms to prevent future violations. For example, another repeat offender, LendUp, was effectively “closed” in December 2021 after the Bureau obtained an injunction prohibiting the company from issuing new loans, collecting outstanding loans or selling information on consumers. The lawsuit filed against TransUnion seeks “an injunction against each of the defendants as the Court deems just and proper,” but it is unclear at this time what relief the Bureau will seek.

[6] Prepared remarks, Dir. Rohit Chopra, “Reining in Repeat Offenders”: 2022 Distinguished Lecture on Regulation, University of Pennsylvania Law School (March 28, 2022),

[7] Remarks prepared by Director Chopra on the repeat offender lawsuit against TransUnion and John Danaher (April 12, 2022),

[8] Erie Meyer, CFPB Blog“CFPB Calls Tech Workers to Action” (December 15, 2021),


About Author

Comments are closed.