As published in WesternBanker by Heidi Wier and Karen Cullen, September/October 2018
While most banking professionals have developed a basic understanding of the concepts of unfair, deceptive, or abusive acts or practices (“UDAAP”), operationalizing and controlling UDAAP risk continues to be a challenge. In part, the challenge stems from the lack of implementing regulations. More so, the real challenge is the broad applicability of UDAAP throughout the organization and across the customer experience including products, pricing, marketing and advertising, customer service, and servicing.
What is UDAAP?
Understanding the meaning of an unfair, deceptive, or abusive act or practice as outlined by the Consumer Financial Protection Bureau is an important first step:
Unfair:
- Causes or likely to cause substantial injury, usually involving monetary harm
- Injury is not reasonably avoidable, i.e,. did the act or practice hinder a consumer’s decision; was material information modified or withheld
- The injury is not outweighed by a benefit to the consumer
Deceptive:
- Representation, practice, or omission, misleads or is likely to mislead the consumer when evaluated in context of the entire transaction. Consider the regulator’s “four Ps” test, including prominence, presentation, placement, and proximity for important information
- A consumer’s understanding of the representation, practice, or omission is reasonable
- The impact is material in nature. Information that is presumed material includes costs, benefits, or restrictions on use
Abusive:
- Materially interferes with the consumer’s ability to understand a term or condition of the product or service
- Takes unreasonable advantage of a consumer’s lack of understanding, inability to protect its interests, or reliance on a covered person to act in the consumer’s interest
Building a Strong Foundation to Control UDAAP Risk
Compliance Management:
UDAAP compliance is dependent upon the effectiveness and strength of each component in the compliance management process. Below are some steps to help build a strong UDAAP foundation for your institution.
Policies and Procedures:
Implement policies and procedures that ensure the institution does not engage in unfair, deceptive, or abusive acts or practices. Develop a fair and responsible banking policy that provides guidance and sets clear expectations for personnel. Implement sales scripts, checklists, and desk top reference charts to help maintain consistency. Ensure staff have clear, documented procedures and are following them consistently. Also, consider incentive plans and ensure incentives are not aligned to unrealistic production goals.
Training:
Provide regular and ongoing UDAAP training to personnel in all areas of the bank. Tailor training to meet individual job responsibilities and encourage personnel to think about and identify UDAAP risk within their specific roles. Update training materials regularly based on changes in your products and services, customer feedback, and lessons learned from enforcement actions from other institutions.
Customer Service:
A culture of customer service and strong customer advocacy will help avoid UDAAP issues. Product benefits, or requirements to avoid fees should not be so complicated that the consumer cannot easily understand them or achieve the benefits promised. Information should be clear and concise. Consider who you are marketing products to, (young people, elderly, financially distressed people) and how they will be received by those segments. Solicit customer feedback, both positive and negative, to affirm or refute the effectiveness of your efforts.
Complaint Escalation and Management:
Understand and manage negative feedback and complaint data as this information are key to understanding potential UDAAP issues. Be sure personnel is well trained to recognize complaints and do not rely solely on formal complaints that are made to regulators. Less formal complaints, made on social media, or to customer service or branch personnel can also provide valuable insights. If customers regularly complain about a fee, indicating they were surprised or did not understand why they were charged, it may be indicative of unfair or deceptive marketing. Be sure management is aware of what complaints are trending, what products, fees, or services are being complained about, and consider the impact of those trends on UDAAP risk.
Third-Party Management:
Manage third-party vendors to mitigate UDAAP risk. Ensuring services are provided as expected, and fees are charged only as allowed by contract will help to limit your risk. Obtain copies of vendor policies and procedures, and if contractually allowed, assert your right to audit third-party vendors if needed. Create risk-based criteria to perform due diligence and monitor third parties whose activities pose increased UDAAP risk.
Monitoring and Audit:
Implement a robust audit and monitoring process to help identify and remediate UDAAP risk before it escalates. Testing should be comprehensive and include sufficient transactional analysis. Among other things, testing should include ensuring systems are assessing fees and charges as intended and in accordance with contracts; marketing materials and disclosures are clear and concise; listening to recorded calls for telemarketing, collections, and customer service; and reviewing complaints for timely and appropriate resolution. Many recent UDAAP-related enforcement actions are centered around loan servicing activities, collections, and the sale of add-on products from which the customer receives little or no benefit. Pay particular attention to these areas, if applicable, at your bank.
Corrective Action:
Take appropriate corrective action for any issues noted in monitoring or audits. Corrective action should consider not only particular instances of non-compliance but should encompass a comprehensive evaluation of the associated policies, operational procedures, system interactions, customer interactions, employee training, etc. that may need to be changed to fully remediate any underlying issue or root cause.
Board Reporting and Oversight:
Ensure the board and senior management provide strong oversight and guidance regarding UDAAP. UDAAP compliance should be included in new product development committees and consumer-related initiatives. The board and senior management should insist on receiving regular status reporting on the progress of the bank’s UDAAP compliance risk and efforts to mitigate that risk.
UDAAP compliance is complex and touches all consumer products and services. Building a strong foundation of policies, procedures, and controls within the institution will help make compliance more manageable and help mitigate UDAAP risk.
