OneMain Financial Lawsuit: 13 State AGs Sue Over Loan Packing and Junk Fees — What Compliance Teams Must Learn Now
TL;DR
- On March 16, 2026, a bipartisan coalition of 13 state attorneys general sued OneMain Financial for secretly packing loans with add-on products borrowers didn’t want or understand — at an average cost of $826 per borrower.
- This is the second major enforcement action against OneMain for the same conduct. The CFPB already fined them $20 million in 2023.
- The case is a textbook example of what happens when add-on product controls, fee disclosure, and sales incentive governance break down. Every consumer lender — and every compliance officer — should be paying attention.
A subprime lender charged cash-strapped borrowers hundreds of dollars for products they didn’t ask for. Employees were trained not to take “no” for an answer until a borrower said it three times. The CFPB fined them $20 million in 2023 for nearly identical conduct.
Then 13 state attorneys general sued them anyway — in 2026.
The OneMain Financial lawsuit filed March 16 isn’t just a consumer protection story. It’s a compliance failure case study in slow motion. And the fact that it happened again, after a federal consent order, is exactly the kind of pattern that ends careers and triggers consent orders with remediation plans that stretch for years.
Here’s what actually happened, what the complaint says, and — more importantly — what your compliance program needs to do differently.
What the OneMain Financial Lawsuit Actually Alleges
On March 16, 2026, a bipartisan coalition of 13 state attorneys general filed a complaint in Manhattan federal court against OneMain Financial, one of the largest subprime installment lenders in the country. The suit was led by New York AG Letitia James and Pennsylvania AG David Sunday, with New Jersey AG Jennifer Davenport serving as a named plaintiff.
The core allegations:
- Loan packing: OneMain bundled expensive optional add-on products — credit insurance, term life insurance, and lifestyle/health membership plans (“Auto Plus”) — into loans without obtaining borrowers’ genuine informed consent.
- Buried disclosures: Add-ons were hidden in dense fine-print loan documents displayed in small, hard-to-read text.
- Rushed closings: Borrowers were pressured through in-person closings quickly, and given even less time to review documents in remote closings.
- The “three-no” rule: OneMain’s alleged internal policy instructed employees to continue pressing borrowers to accept add-ons until the borrower explicitly said “no” three separate times.
- “Pre-packing”: In some cases, employees added products to paperwork without telling borrowers at all — an internal practice employees referred to as “pre-packing.”
- Perverse incentives: Loan closers, branch managers, and district managers were rewarded with commissions and gift cards for add-on sales, creating direct financial pressure to pack loans.
In New Jersey alone, OneMain sold roughly $27 million in add-ons between 2021 and 2022. The average cost per New Jersey borrower: $826.
OneMain operates in all 50 states and has over 1,400 branches. The scale of potential exposure is significant.
This Is OneMain’s Second Major Enforcement Action for the Same Conduct
This is the part that should make every compliance officer sit up straight.
In May 2023, the CFPB ordered OneMain to pay $20 million — $10 million in consumer redress and $10 million in civil penalties — for nearly identical conduct: pressuring employees to meet add-on sales targets, tricking borrowers into buying add-ons they believed were required to obtain the loan, and failing to refund interest to borrowers who cancelled add-ons.
OneMain settled without admitting or denying the allegations.
Three years later, 13 state AGs are alleging the same pattern continued.
From a compliance standpoint, this is catastrophic. A prior consent order puts a company on notice. Regulators look at whether the company actually changed its behavior — or whether it just paid a fine and kept going. If the conduct continued, the second enforcement action almost always hits harder: more penalties, more remediation requirements, more reputational damage. And this time, the complaint specifically calls out that the conduct persisted after the CFPB order.
| Enforcement Action | Year | Regulator | Amount | Allegations |
|---|---|---|---|---|
| CFPB Consent Order | 2023 | CFPB | $20M ($10M redress + $10M penalty) | Deceptive add-on sales, failure to refund |
| Multi-State AG Lawsuit | 2026 | 13 State AGs | Pending (refunds + disgorgement + penalties) | Loan packing, hidden fees, “pre-packing” |
The 13 States in the Coalition
The coalition is bipartisan — which matters. This isn’t a partisan regulatory pile-on. It’s consumer protection enforcement that crosses party lines.
States participating in the lawsuit include New Jersey, New York, Pennsylvania, and 10 additional states. The breadth of the coalition signals that state AG offices are increasingly willing to act independently when federal enforcement has — or appears to have — left gaps.
What This Means for Add-On Product Controls
The OneMain case is a checklist of everything that can go wrong with add-on product programs. If your institution offers any type of optional product at loan origination — credit insurance, GAP, debt protection plans, membership programs, or ancillary services — you need to run this case against your own controls right now.
The four failure modes the complaint identifies:
1. Inadequate consent documentation. The complaint alleges borrowers were charged for products they never explicitly agreed to. If your consent process doesn’t create a clear, auditable record that the borrower affirmatively selected the product — separate from signing the loan agreement — you have a gap.
Control fix: Require a standalone, signed add-on election form separate from loan closing documents. For digital closings, require a distinct click-to-confirm step, logged with timestamp and IP, before the product is added to the loan.
2. Disclosure failures at the moment of sale. Burying add-on costs in fine print isn’t disclosure — it’s concealment. Regulators expect that material terms (cost, cancellation rights, what the product does and doesn’t cover) are presented clearly and before the borrower commits.
Control fix: Build a mandatory verbal or written summary of each add-on product into the closing script, covering: (1) the product is optional, (2) exact monthly and total cost, (3) what it covers, and (4) how to cancel. Supervisors should spot-check recordings or screen captures to verify this is actually happening.
3. Sales incentive structures that create pressure to pack. When employees earn commissions or gifts for add-on sales, you’ve built a financial incentive that competes directly with your obligation to act in the borrower’s interest. This isn’t just an ethics problem — it’s a regulatory liability.
Control fix: Review your sales incentive plan with your Chief Compliance Officer and General Counsel. The OCC and CFPB have both been clear that incentive compensation structures that reward product penetration without consumer harm safeguards are a supervisory priority. If employees earn more by getting to “yes,” your compliance controls are fighting uphill.
4. No effective “cooling off” or opt-out controls. The “three-no rule” isn’t a compliance control — it’s a sales script. A genuine opt-out process gives borrowers time and a clear path to decline or cancel without pressure.
Control fix: Document a clear, pressure-free cancellation period for all add-on products (many states require this by law). Prohibit re-offering a declined product during the same closing. Track opt-out requests and monitor whether branch-level opt-out rates look reasonable.
State AG Enforcement Is Filling the Gap — and That’s Not Going Away
Federal consumer protection enforcement has been volatile. The CFPB has been pulled back under different administrations. State AG offices have responded by coordinating multistate actions more aggressively — and the OneMain case is a prime example.
Thirteen AGs. Bipartisan. Federal court. Full disgorgement of profits sought.
This is the enforcement environment financial institutions are operating in right now. A few trends compliance teams need to track:
- Multistate coalitions are faster and harder to navigate than single-state actions. When 13 states file together, you face 13 sets of discovery, 13 potential remediation plans, and penalties that compound across jurisdictions.
- Prior federal consent orders don’t create immunity from state enforcement. OneMain’s defense that the CFPB already resolved these issues is exactly what the complaint pushes back on — the states allege the conduct continued after the federal order.
- State privacy and consumer protection statutes have broader reach than federal law in some areas. State AGs can bring actions under state UDAP (Unfair, Deceptive, and Abusive Practices) statutes that have different standards and remedies than federal law.
If your compliance monitoring program isn’t tracking state AG enforcement trends — not just CFPB and OCC actions — you have a blind spot.
So What? The Compliance Checklist After the OneMain Financial Lawsuit
Here’s what to do with this information.
This week:
- Pull your add-on product inventory. List every optional product offered at loan origination, renewal, or refinancing. Include credit insurance, debt protection, GAP, memberships, and any product bundled with the loan.
- Review your consent documentation for each product. Is there a separate, signed affirmative election — or is it buried in the loan agreement?
- Check your sales incentive plan. Do employees earn more by selling add-ons? Flag it for a CCO and legal review.
This month:
- Conduct a mystery-shop or call recording review of your closing process. Are loan officers actually explaining that products are optional? Are they providing cost disclosures?
- Review your complaint data for complaints related to add-on products, unexpected charges, or difficulty cancelling. Complaint trends are often the first signal.
- Add state AG enforcement tracking to your regulatory monitoring program. Follow the National Association of Attorneys General (NAAG) alerts and set up news monitoring for multistate enforcement coalitions.
This quarter:
- If you have a prior consent order (federal or state) related to any consumer product sales practices — treat it as the highest-priority item on your compliance roadmap. The OneMain case makes clear that “resolved” doesn’t mean “forgotten.” Regulators will come back to check.
- Run a risk assessment on your add-on product program end-to-end: from how products are developed and priced, to how they’re disclosed at closing, to how post-sale cancellation requests are handled.
- Document your findings, gaps, and remediation steps in your issues management system. If a regulator asks what you did after this enforcement action, you want a paper trail.
FAQ: OneMain Financial Lawsuit and Add-On Product Compliance
Q: OneMain Financial is a subprime lender — is this only a concern for institutions that serve subprime borrowers?
No. Loan packing and add-on disclosure failures aren’t limited to subprime lending. The regulatory scrutiny is higher in subprime lending because the consumer harm is more acute, but UDAP requirements and consent/disclosure standards apply across all loan products and all borrower segments. If your institution offers any optional product at origination, the same compliance expectations apply.
Q: The CFPB already fined OneMain in 2023. Does that mean state AGs can’t sue for the same conduct?
Federal enforcement doesn’t preempt state consumer protection actions. State AGs can — and do — bring independent actions under state law even when a federal regulator has already settled. The OneMain case illustrates this explicitly: the states are arguing the conduct continued after the CFPB consent order, which makes their independent action both legally viable and politically justifiable.
Q: What’s the difference between “loan packing” and a legitimate add-on product program?
Legitimate add-on programs are built on: (1) genuine informed consent from the borrower, obtained separately from the core loan agreement; (2) clear, upfront cost disclosure before the borrower commits; (3) a pressure-free environment at closing; and (4) an easy, meaningful opt-out and cancellation process. Loan packing is what happens when any of those elements are absent — when products are added without consent, costs are buried, employees are pressured to sell, or cancellation is made difficult. The line is bright in regulation; the failure is usually in execution and monitoring.
If you’re tracking enforcement actions and trying to stay ahead of regulators asking hard questions, the Issues Management Tracker & Guide gives you a system for logging issues, tracking remediation, and documenting your program’s response to cases exactly like this one.
Rebecca Leung
Rebecca Leung has 8+ years of risk and compliance experience across first and second line roles at commercial banks, asset managers, and fintechs. Former management consultant advising financial institutions on risk strategy. Founder of RiskTemplates.