In 2023, the Consumer Financial Protection Bureau ordered USAA Federal Savings Bank to pay roughly $15.6 million after the bank reopened consumer deposit accounts without authorization and harvested fees from them. That enforcement action underscored a broader pattern visible in the CFPB’s Consumer Complaint Database: thousands of consumers file grievances each year about accounts closed or frozen without adequate explanation, many describing the same sequence of a single inbound deposit, an abrupt lockout, and weeks of silence.
What most people never learn is that the same legal framework allowing a bank to close an account overnight also leaves room for the customer to push back. A concise, written reversal request, submitted within roughly 30 days of the closure, forces the bank to document its response and can move the case from an automated rejection queue into a manual compliance review. That is not a guaranteed fix. But consumer attorneys say it is one of the few concrete steps available inside a system designed to operate in silence, and the approach works often enough that the National Association of Consumer Advocates lists written account-closure challenges among its recommended first responses for affected clients.
Why the bank will not explain what happened
When a deposit trips a bank’s internal risk model, the institution may be required to file a Suspicious Activity Report (SAR) with the Financial Crimes Enforcement Network (FinCEN). The obligation is spelled out in 31 CFR 1020.320, and the broader statutory authority sits in 31 U.S.C. 5318. SARs must be filed for transactions of at least $5,000 that the bank “knows, suspects, or has reason to suspect” involve illegal funds, are structured to evade reporting, or have no apparent lawful purpose.
Once a SAR is filed, a strict gag rule kicks in. FinCEN states that covered entities are prohibited from disclosing to any person involved in the transaction that a report has been made. That prohibition covers direct statements and indirect hints. The bank cannot say “we filed a SAR,” and it cannot say anything that would let the customer piece it together. The practical result: a vague closure notice, a dead login screen, and a customer-service representative who can only repeat scripted language.
Behind the scenes, the bank’s compliance algorithms weigh far more than the dollar amount of a single deposit. Transaction frequency, the identity of the sender, geographic risk indicators, and any prior alerts on the account all feed the model. Banks have a strong institutional incentive to err on the side of closing accounts because regulators can impose heavy penalties for missed suspicious activity. FinCEN and federal banking agencies did issue a 2014 joint statement cautioning banks against blanket “de-risking” that cuts off entire categories of customers. In practice, though, the risk calculus still favors closure over retention for any individual account that generates an alert.
What happens to your money during a closure
A frozen or closed account does not mean the funds vanish, but access can stall for weeks. Banks generally must return the remaining balance to the account holder, though they may first deduct outstanding fees or obligations. During the review period, direct deposits can bounce, automatic bill payments fail, and checks written against the account may be returned unpaid. For someone living paycheck to paycheck, even a two-week freeze can cascade into late fees, missed rent, and damaged credit.
If the bank ultimately closes the account, it typically mails a cashier’s check for the remaining balance. The timeline is not standardized. Consumer complaints submitted to the CFPB describe waits ranging from 30 to 90 days while a bank’s compliance team completes its internal review. During that window, calling the branch rarely accelerates anything because front-line staff generally have no visibility into SAR-related decisions.
Joint accounts, business accounts, and special cases
Joint account holders face an added complication: a SAR triggered by one account holder’s deposit can freeze the entire account, locking out a co-owner who had nothing to do with the flagged transaction. Both holders should submit separate written reversal requests, each documenting their own relationship to the deposit in question, because the bank’s compliance team may evaluate each party’s risk profile independently.
Business accounts operate under a different regulatory layer. Banks file SARs on business accounts using the same FinCEN thresholds, but the review process can take longer because compliance teams must also evaluate the business entity, its beneficial owners, and its transaction patterns. A written reversal request from a business should include formation documents, a current beneficial-ownership statement, and any licensing or tax records that establish the legitimacy of the flagged deposit. Small-business owners who rely on a single operating account should maintain a backup account at a separate institution to avoid a total cash-flow shutdown.
The line between a customer request and an unauthorized reopening
A critical legal distinction separates a customer asking a bank to restore a closed account from a bank quietly flipping the switch on its own. The CFPB drew that line in a 2023 compliance circular, warning that unilaterally reopening a consumer deposit account after the consumer closed it can constitute an unfair act under the Consumer Financial Protection Act, particularly when fees pile up and the consumer had no reasonable way to avoid the harm. The full guidance appears in Circular 2023-02.
That circular was not hypothetical. The CFPB pointed to its enforcement action against USAA Federal Savings Bank, which resulted in a 2023 consent order totaling roughly $15.6 million ($12 million in consumer redress and a $3.6 million civil penalty). According to the bureau’s news release, USAA had reopened deposit accounts that consumers previously closed, without authorization or adequate notice, then used those zombie accounts to process transactions and collect fees.
The relevance for someone trying to get a legitimately closed account restored: the same rules that give banks broad authority to shut accounts for suspicious activity also limit what they can do afterward without the customer’s clear consent. A bank cannot quietly reopen your account to harvest overdraft charges. But if you affirmatively request a review and the bank’s compliance team determines the risk no longer justifies the closure, the institution can restore access with your documented agreement. Your written request is what separates a legitimate reopening from the kind of conduct the CFPB sanctioned.
How the 30-day written request works
No federal statute codifies a formal 30-day right to request account restoration. The 30-day figure is a practical guideline, not a legal entitlement. Consumer attorneys, including practitioners affiliated with the National Association of Consumer Advocates, point to it because most banks’ internal compliance review periods run 30 to 45 days. A written challenge that arrives while the review is still open stands a better chance of influencing the outcome than one that lands months later. Acting quickly also preserves the customer’s ability to escalate to regulators with a clean, documented timeline.
The request itself should be specific and factual. Banking attorneys and consumer-law organizations such as the National Consumer Law Center generally recommend including:
- The date the account was closed or frozen and any reference number from the bank’s notice.
- A clear statement that you are requesting a review and reversal of the closure.
- Documentation of the legitimate source of the flagged deposit: pay stubs, a settlement letter, a gift letter, or a wire confirmation from the sender.
- A description of any concrete hardship the closure has caused, such as bounced rent payments or disrupted payroll direct deposits.
- A request for a written response within a stated timeframe, typically 15 business days.
Send the letter through the bank’s secure message portal (so it is timestamped in their system) and by certified mail to the compliance or legal department. The SAR nondisclosure rule prevents the bank from explaining its original reasoning, but nothing in that rule prevents the bank from reversing a decision after further review. A written request forces the institution to create an internal record of the challenge, which compliance officers must address. That alone can move a case out of an automated queue and into a manual review by someone with the authority to restore the account.
This approach applies to credit unions as well. Credit unions are subject to similar SAR-filing obligations under National Credit Union Administration (NCUA) regulations, and their compliance review processes follow a comparable timeline. Customers of online-only banks should note that certified mail may need to go to a corporate headquarters address rather than a local branch, making the secure-message-portal copy especially important as a backup timestamp.
When the request fails and where to escalate
Not every written request results in a reopened account. Consumer attorneys caution that success depends heavily on the strength of the documentation and the nature of the flagged transaction. When the customer can show a clear, legitimate source for the deposit and no prior compliance flags on the account, the reversal request is more likely to succeed. When the underlying activity is genuinely ambiguous or the account has a history of alerts, the bank is far less likely to reverse course.
If the bank declines or does not respond, the paper trail becomes the foundation for a formal complaint. The CFPB accepts complaints through its online portal, and the agency forwards them to the bank with a requirement to respond, typically within 15 days. Customers can also file complaints with the Office of the Comptroller of the Currency (for national banks) or the relevant state banking regulator.
There is another downstream consequence that catches many people off guard. When a bank closes an account for suspicious activity, it may report the closure to ChexSystems, a consumer reporting agency that most banks check before opening new accounts. According to ChexSystems’ own disclosure, negative records can remain on file for up to five years, making it difficult to open a checking account anywhere else during that period. Consumers have the right to request a free copy of their ChexSystems report annually and to dispute inaccurate entries under the Fair Credit Reporting Act. If the original closure is reversed, the customer should confirm in writing that the bank has updated or removed the ChexSystems record.
How a certified letter shifts the bank’s regulatory math
Banks operate under competing pressures. On one side, regulators penalize institutions that miss genuinely suspicious transactions. On the other, the CFPB and state attorneys general have shown increasing willingness to act against banks that close accounts recklessly or handle closures in ways that harm consumers. A dated, specific, well-documented reversal request raises the cost of keeping an account closed without justification, because it creates a record that regulators and examiners can review.
That does not mean the system is fair. Secrecy is mandatory, algorithms drive the initial decision, and the burden of proof falls almost entirely on the customer. But converting a silent, one-sided process into a recorded exchange shifts the bank’s calculation about whether the closure is worth the regulatory and reputational exposure of a formal complaint. For the thousands of consumers locked out of their own money each year, that shift is worth the cost of a certified letter.
