Home/Cases/Community Banks / Credit Unions/VyStar Credit Union

VyStar Credit Union

Jacksonville, FL 2022--2024 Community Banks / Credit Unions
CFPB NCUA Consumer Access Denial Unfair Deceptive Practices Technology Failure
Penalty
$1.5 million

Outcome

The CFPB ordered VyStar Credit Union to pay a $1.5 million civil money penalty in October 2024 for proceeding with a dysfunctional online and mobile banking platform conversion in May 2022 that blocked approximately 850,000 members from accessing their accounts and funds for weeks, with some features unavailable for more than six months.

Details

VyStar Credit Union — CFPB $1.5 Million Penalty for Banking System Failure (2024)

Outcome: The CFPB ordered VyStar Credit Union to pay a $1.5 million civil money penalty in October 2024, plus full member refunds, for proceeding with a botched online and mobile banking platform conversion in May 2022 that denied approximately 850,000 members access to their accounts and funds for weeks and left some features unavailable for more than six months.

VyStar Credit Union, headquartered in Jacksonville, Florida, with approximately 850,000 members, attempted to launch a new online and mobile banking platform in May 2022 by migrating to a new technology provider. The CFPB found that VyStar's planning and implementation of the conversion violated the Consumer Financial Protection Act of 2010 — specifically, that VyStar overlooked warning signs in its pre-launch testing and proceeded with the rollout despite clear indications that the new platform was not ready for member use.

The consequences for members were severe and prolonged. After the May 2022 launch, VyStar members found that the new platform made basic banking functions — checking balances, transferring funds, paying bills, and accessing account history — difficult or impossible to perform. The disruption lasted for weeks, with some features remaining unavailable for more than six months. Members were effectively blocked from accessing and using their own money during this period.

The CFPB's consent order required VyStar to pay the $1.5 million civil penalty, conduct a full audit to verify that all fees and costs incurred by members as a result of the outage had been refunded, establish a governance committee to ensure proper management oversight of future projects involving consumer-facing banking systems, and maintain documented procedures for managing major technology transitions. The NCUA, VyStar's primary regulator, also issued a statement supporting the enforcement action.

Primary Source: CFPB Enforcement Action — VyStar Credit Union (October 31, 2024)

How Crucible Prevents This

Crucible's pre-tool-check hook would enforce documented member-impact testing gates before any core banking system cutover. The instinct-observer would flag repeated system access complaint patterns in the days following a platform launch. The quality-gate would block production deployments without documented rollback procedures and member notification plans.

Source: CFPB Enforcement Action — VyStar Credit Union (October 31, 2024)

Don't let this happen to your organization. See how Crucible works.

See How Crucible Works