The Consumer Finance Protection Bureau (CFPB) has telegraphed its intention to return to broad enforcement of the “abusive acts and practices” element of UDAAP, rescinding a January 2020 policy statement on how it applies the “abusiveness” standard in supervision and enforcement.
What does this mean for your financial institution? Read on to find out.
As written in the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, an abusive act or practice as one that:
It’s a definition that has challenged the financial industry for years, with many describing it as vague and subjective.
In January 2020, the CFPB narrowed its approach towards identifying abusive practices. The Bureau said it would:
This 2020 change in policy was expected to result in lower civil money penalties.
No financial institution wants to injure consumers, but with the CFPB prepared to “enforce the full scope of Congress’s definition of an abusive practice,” FIs may want to take a closer look at internal controls guarding against potentially abusive behavior.
Here are some key action items:
Make sure compliance focuses on protecting both the institution and consumers. Compliance typically has an internal focus, ensuring that policies and procedures are being properly implemented and followed. Because UDAAP risk is increasing, it’s also important for compliance and legal to focus on what the institution is doing to ensure it’s doing right by customers and that all decisions are defensible. They are essentially protecting the institution by protecting consumers (not just customers or members).
Are your fees clear? Does the institution follow through on special promotions? Are programs convoluted or easy to understand? The answer to all these questions should be yes. (See: 2 Key Elements of a Successful Compliance Management System from the CFPB)
Review credit denials. Can your FI’s denials stand on their own when compared to approved loans? Make sure the documents explaining why customers are denied are easy to understand. Also, make sure the denial reason given to the consumer matches the reason in the loan file. (See: Is Your FI Complying with Fair Lending Laws? - Leverage Analytics)
Review marketing. When Dodd-Frank first introduced UDAAP, a common discussion point was ensuring that marketing materials were simple enough to be understood by any customer. Review advertising materials with a fine-tooth comb. Make sure your language is as clear and simple as possible.
That doesn’t just include new advertising materials. Many mortgage lenders create a central repository for ads and flyers that mortgage brokers can use. These materials should be revisited to make sure they can stand up to stricter UDAAP enforcement. (See: 3 Tips for Avoiding UDAAP Violations)
Also, make sure you’re taking care when marketing to limited-proficiency English speakers (LEP). The CFPB recently released principles and guidelines to help FIs comply with UDAAP and other laws when providing products and services. (See: Lending Compliance & Non-English Speakers: What You Need to Know)
Pay attention to complaints. Complaints are an early indicator of a potential issue. Ignore them at your own peril. (See: How Many Complaints Did Your Institution Get Last Year?)
Revisit vendor management. If a third-party vendor working on your behalf violates UDAAP, you’ve violated UDAAP. Now is a good time to double check your vendor management program to ensure there are strong internal controls ensuring vendor compliance with UDAAP. (See: Vendor Management Resources)
Want to learn more about UDAAP? Download our on-demand webinar Mastering UDAAP Vendor Risk: Understanding the Do’s and Don'ts.