Post written by
CEO Bonova Advisory, helping clients in Financial Services for Enterprise Risk Management, Regulatory and Digital transformations.
The prohibition of “unfair or deceptive acts and practices” by federal banking regulators is not new. First introduced via the 1938 Wheeler–Lea Act, with a significant expansion in 2004, the concept has long been baked into American lending practices.
But the Dodd-Frank Wall Street Reform Act of 2010 saw another significant expansion of the governing model — adding “abusive acts” and creating the current acronym UDAAP, for “unfair, deceptive, or abusive acts and practices.” This change has created new challenges to managing risk.
Almost a decade later, managing operations and not running afoul of the new standards still requires considerable effort. Regulators have broad powers of interpretation regarding what meets the UDAAP designations. This is especially true in the case of the term “abusive acts,” since there is no precedent in case law or established rules. Regulators are still exercising broad powers in defining legal parameters on an ongoing basis.
Additionally, the 2010 act created a new monitoring watchdog, the Consumer Financial Protection Bureau. While adapting to a new work-in-progress bureaucracy, historical precedent is of limited use. The CFPB hit the ground running and has not been shy about using its new authority in UDAAP cases. Just last year, Wells Fargo was hit with a $1 billion fine centered on its home and auto loan practices.
Therefore, an ongoing issue for financial institutions is reducing UDAAP compliance risk by instituting best practices for lending. What follows is a brief checklist of UDAAP controls. But it must be stressed that, given the expansive latitude regulators have, compliance is a matter of not only strenuously following through on basic procedures, but also continually monitoring both internal controls and CFPB decisions and directives.
Given the difficulty and complexity of the current compliance environment, it’s imperative that institutions have key players who specialize in this field and that they examine any and all lending activities. Consumer products should be initially evaluated for risk factors and then regularly revisited by the core compliance team.
Build The Culture
Meeting UDAAP realities must be embraced by the entire culture of the firm. Systemic reporting on compliance should go all the way to the board of directors, which acts as the apex of a fully integrated compliance management system.
Recognize Susceptible Borrowers, And Act Accordingly
There is broad recognition that one underlying aspect of the Dodd-Frank Wall Street Reform Act was to protect “vulnerable consumers.” Widely known demographic characteristics can help define such consumers. Once identified, providing them help options and programs specifically geared toward their needs is a proactive step that can help avoid UDAAP compliance issues down the road. One area that has seen noticeable attention is financial products aimed at elderly consumers. Likewise, demographic targeting of products should be analyzed with potential UDAAP violations in mind.
Prioritize Consumer Complaints
It’s become clear that consumer complaints are something that the CFPB is paying close attention to — and your internal control team should, as well. In fact, complaints have become one of CFPB’s primary ways to detect practices that fall under the broad parameters of questionable UDAAP practices. Recognizing this, institutions should invest heavily in heading problems off at the pass — before they escalate. The entire chain of customer relationship management should be analyzed to see where consumers are making plain there are problems.
A strong regimen of policies, procedures and training should be established and maintained to help employees understand UDAAP issues and act accordingly. Likewise, safety controls based on vigorous internal monitoring, reporting and data analysis should be supported in all cases. Compensation incentives, especially bonus packages, should be geared to not incentivize activities that run up to — or cross — UDAAP lines. Finally, internal legal counsel should always be consulted when policy changes are proposed, and in some cases, lawyers from outside the institution should also be brought in.
If significant planning to meet UDAAP regulatory needs has not already occurred, or if procedures haven’t been updated for a significant amount of time, then bringing in a firm that specializes in the field could be a wise investment. Especially since the regulatory parameters are in flux, working with professionals who stay on top of recent decisions and expected trends can be valuable.
Regulators can take developing written UDAAP policies but failing to act on them in a timely manner as an admission of knowledge of possible violations and a refusal to act accordingly. This can lead to more negative findings and higher fines.
The definitions guiding the enforcement operations of the CFPB with regard to UDAAP are still developing, even while the department is being aggressive in executing its rulings. This combination makes it imperative to establish functional UDAAP controls.