The Consumer Financial Protection Bureau (CFPB) celebrated Halloween in 2012 by releasing its updated Supervision and Examination Manual (version 2.0). The manual includes updated examination procedures for assessing compliance with Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) rules. The updated examination procedures give bankers a guide for what their examiners will be looking for in terms of UDAAP compliance, including the then-new “abusive” standard.
Section 5 of the Federal Trade Commission (FTC) Act has been around for over 70 years and prohibits “unfair or deceptive acts or practices” (UDAP), the predecessor to UDAAP. Banking regulators have had the responsibility to enforce bank and thrift compliance with UDAP rules, while the FTC had the authority to interpret the statute and write any rules. The Federal Reserve Board (FRB) was given interpretive and rule-writing authority when this part of the FTC Act was amended in 1975 but continued largely to defer to the FTC.
It was not until the year 2000 that banks saw significant enforcement of UDAP from the banking agencies when the Office of the Comptroller of the Currency (OCC) took the lead. The OCC concluded that it had authority to address a violation of the FTC Act even regarding a challenged practice that was not specifically prohibited by regulation.
Then, Title X of the Dodd-Frank Act (DFA) codified UDAP law specifically for financial institutions, eliminated the FRB’s rule-writing authority, added the “abusive” standard, and moved rule-writing authority to the CFPB.
What is UDAAP?
All of these standards or characteristics are quite subjective. The elements of unfairness and deception have been established by statute, as well as interpretation over the years by the FTC in various enforcement actions and interpretive documents. The element of being abusive was established, in general terms, in statute by the DFA.
In brief, these standards are:
- Unfair. To be unfair, an act or practice must cause or be likely to cause substantial injury to consumers, harm that the consumers cannot reasonably avoid or that is not outweighed by countervailing benefits. Substantial harm usually involves monetary harm, including a small monetary harm to each of a large number of consumers.
- Deceptive. A three-part test is used to determine whether a representation, omission, act, or practice is deceptive. First, the representation, omission, act, or practice must mislead or be likely to mislead the consumer. Second, the consumer’s interpretation of the representation, omission, act, or practice must be reasonable under the circumstances. And lastly, the misleading representation, omission, act, or practice must be material. “Material” means that it is likely to affect a consumer’s decision regarding a product or service.
- Abusive. An abusive act or practice materially interferes with the ability of the consumer to understand a term or condition of a consumer financial product or service. Such an act or practice also includes one that takes unreasonable advantage of: the consumer’s lack of understanding of material risks, costs, or conditions of a product or service; the consumer’s inability to protect his interests in selecting or using a financial product or service; or the consumer’s reasonable reliance on the banker (or other “covered person”) to act in the interests of the consumer.
How to Handle UDAAP
Banks and thrifts need to make sure their consumer compliance programs are proactive in addressing areas prone to UDAAP issues. Anticipate potential problems; do not wait for problems to arise because by then it may be too late to prevent serious consequences.
A few steps that can help establish a proactive compliance regime are:
- Establish a positive compliance culture. Senior management and the board need to make it clear that compliance is a fundamental element of the institution’s business – both compliance with the technical requirements (disclosures, computations, etc.) and, at least equally important, with the underlying spirit or fundamental principles of the consumer protection laws.
- Enforce compliance performance. To succeed, the bank needs to make compliance important to its officers and staff – by not only ensuring overt support from the top, but also by making it an integral part of how employees’ performance is measured and rewarded (or not). For example, an officer with high loan production with high compliance error rates or fairness issues, should not be rewarded for one (production) without being penalized for the other (compliance failures).
- Involve compliance early. Compliance cannot be an exercise in looking for violations and other problems after the fact. To be truly effective and efficient, compliance must be integrated into the business processes – involved in product design, marketing planning, etc., at the ground level.
- Focus on vulnerable customers. An important way to avoid UDAAP problems is to pay particular attention to those customers, or potential customers, who might be more vulnerable to unfair, deceptive, or abusive acts or practices. Examples of such potentially vulnerable populations might include the young, less educated, immigrants, elderly, and so forth. The bank should be particularly sensitive to how it couches its marketing, product recommendations, disclosures, etc., to such populations.
Such a positive, proactive compliance regime can help the bank prevent most UDAAP (and other compliance) problems before they even arise. This approach is much more cost-efficient than running what a compliance officer I knew years ago called a “fix-it shop,” having to try to fix compliance problems after they have occurred. Years ago, such an approach was not desirable, but might have been survivable. However, today, it could prove disastrous – especially with the rise of UDAAP.
For more information on this article or how Young & Associates can assist your organization with UDAAP compliance, contact Dave Reno at 330.422.3455 or [email protected].