Cadwalader Logo Cabinet News & Views - Informed analysis for the financial services industry
Sending a Message: The CFPB's Charges Against TransUnion
Profile photo of contributor Kendra Wharton
Associate | White Collar Defense and Investigations
Profile photo of contributor Sara Skutch
Associate | White Collar Defense and Investigations

For months, Director Rohit Chopra warned that the Consumer Financial Protection Bureau (the “Bureau”) would sharpen its focus on repeat offenders.[1] On April 12, 2022, the Bureau demonstrated its resolve, announcing charges against national credit reporting agency TransUnion, two of its subsidiaries, and a long-time executive for violating a 2017 consent order that prohibited TransUnion from deceptively marketing credit scores and credit-related products.[2]

In January 2017, the Bureau issued a consent order against TransUnion to address findings that the credit reporting agency violated the Consumer Financial Protection Act (“CFPA”) by deceptively marketing credit-related products. The consent order required TransUnion to pay $13.93 million in restitution to consumers, to pay a $3 million civil penalty, and to abide by certain conduct provisions. However, the Bureau found more than a year later during a supervisory exam that TransUnion was still using deceptive marketing practices, including website and app design features (“digital dark patterns”) intended to trick consumers into purchasing credit-related subscriptions and to make it difficult to cancel them. The Bureau alleges that it informed TransUnion repeatedly, beginning in 2019, that it was in violation of the 2017 consent order.

On April 12, 2022, the Bureau filed its complaint in federal district court for alleged violations of the CFPA, the Electronic Fund Transfer Act, and the Fair Credit Reporting Act, as well as their implementing regulations.[3] The Bureau is seeking consumer redress, disgorgement, injunctive relief, and the imposition of civil money penalties for TransUnion’s violations.

Taking a closer look, the Bureau’s action against TransUnion is particularly noteworthy, as it demonstrates Director Chopra’s commitment to stepping up enforcement in several significant ways, including:

  • The Bureau will take aggressive action against those who stall or avoid implementing the terms of a consent order because they may negatively impact the company’s bottom line. Director Chopra recently expressed frustration that corporate recidivism has become normalized and calculated as the cost of doing business. He warned that the Bureau will forcefully address repeat offenders to “alter company behavior and ensure they realize it is cheaper, and better for their bottom line, to obey the law than to break it.”[4] The TransUnion action reinforces this commitment. The Bureau has signaled it will seek millions in consumer redress and civil money penalties, but the Bureau may also seek “structural” changes at TransUnion, such as prohibitions against certain business activities.[5]
  • The Bureau will also charge individuals for “egregious” conduct, such as taking an active role in repeat offenses. In recent comments about corporate recidivism, Director Chopra indicated that it may charge senior managers and executives and seek lifetime occupational bans when they play a role in repeat offenses and order violations.[6] The Bureau’s complaint against TransUnion includes charges against a long-time executive for his role in violating the 2017 consent order, based in part on allegations that he instructed employees to remove an opt-in check-box required by the consent order.
  • The Bureau will dedicate significant resources to identify and address digital dark patterns that are intended to trick or trap consumers. In remarks regarding the complaint, Director Chopra emphasized that many other companies are using digital dark patterns to steer customers.[7] For example, TransUnion is alleged to have integrated colorful, deceptive buttons and low-contrast, fine-print disclosures into its website. Director Chopra stated that the Bureau will be working with the Federal Trade Commission, the Department of Justice, state attorneys general, and international partners to combat these types of tactics.
  • The Bureau will leverage insider information to support its enforcement activities. In its announcement of the TransUnion complaint, the Bureau specifically called on current and former employees with information about the company’s misconduct to report that information through the CFPB’s whistleblower program. Unlike other whistleblower programs, such as those of the SEC and CFTC, the CFPB does not currently have authority to award bounties. (Individuals who report information about possible consumer financial protection violations to the Bureau are protected against retaliation.) Even so, the Bureau’s request, which follows a separate call to action for IT employees at financial institutions,[8] suggests that the Bureau believes many industry insiders will nonetheless come forward with critical information about consumer financial protection violations.


[1] See Prepared Remarks, Dir. Rohit Chopra, “Reining in Repeat Offenders”: 2022 Distinguished Lecture on Regulation, University of Pennsylvania Law School (Mar. 28, 2022),; Prepared Remarks, Dir. Rohit Chopra, December NAAG Meeting (Dec. 7, 2021),; Press Release, CFPB, “CFPB Names New Chiefs for Supervision and Enforcement Positions” (Oct. 29, 2021),; Opening Statement of Director Rohit Chopra before the Senate Committee on Banking, Housing, and Urban Affairs (Oct. 28, 2021),

[2] Press Release, CFPB, CFPB Charges TransUnion and Senior Executive John Danaher with Violating Law Enforcement Order (Apr. 12, 2022),

[3] Complaint, CFPB v. TransUnion, Case No. 1:22-cv-1880 (N.D. Ill. Apr. 12, 2022), available at

[4] Prepared Remarks, Dir. Rohit Chopra, “Reining in Repeat Offenders”: 2022 Distinguished Lecture on Regulation, University of Pennsylvania Law School (Mar. 28, 2022),

[5] Director Chopra recently stated that 12 U.S.C. § 5565, which allows the Bureau to seek “limits on activities or functions of [a] person” in court or administrative proceedings, can be used to make “structural” changes at financial services firms to forestall future violations. For example, another repeat offender, LendUp, was effectively “shuttered” in December 2021 after the Bureau obtained injunctive relief prohibiting the firm from making new loans, collecting on outstanding loans or selling consumer information. The complaint filed against TransUnion requests “injunctive relief against each of the Defendants as the Court deems just and proper,” but it isn’t clear at this time what relief the Bureau will seek.

[6] Prepared Remarks, Dir. Rohit Chopra, “Reining in Repeat Offenders”: 2022 Distinguished Lecture on Regulation, University of Pennsylvania Law School (Mar. 28, 2022),

[7] Director Chopra’s Prepared Remarks on the Repeat Offender Lawsuit Against TransUnion and John Danaher (Apr. 12, 2022),

[8] Erie Meyer, CFPB Blog, “CFPB Calls Tech Workers to Action” (Dec. 15, 2021),

April 14, 2022 | Issue No. 6
© 2024 | Notices | Manage Subscription | Contacts