UDAAP is an important area of focus for compliance officers and financial institutions, and continues to make headlines. One of the most challenging areas is how to define unfair, deceptive, and abusive acts and practices for UDAAP compliance. If that's a challenge you're facing, this post is for you. In this post, you'll learn how to define UDAAP, and a few best practices for managing your UDAAP compliance risk.
As compliance professionals work to manage risk, one area of focus is UDAAP. But what is a UDAAP? UDAAP stands for "Unfair, Deceptive and Abusive Acts or Practices." A UDAAP is any act or practice that is considered to be unfair, deceptive, or abusive in banking.
Originally just UDAP, the Dodd-Frank Wall Street Reform Act of 2010 added the "abusive" concept and changed the acronym to "UDAAP." In today's compliance world, UDAAP continues to evolve. Last year, former Acting Director of the CFPB Mick Mulvaney said he would be focusing on UDAAP. In particular, he said his goal was to provide clearer definitions for "abusive," the term in UDAAP that is the newest and most subjective.
Each word in the UDAAP acronym has a very specific definition in banking compliance; you'll learn each of them in this post.
In spirit, the UDAAP regulations are designed to protect "vulnerable consumers" and ensure that financial institutions are working to protect their current customers in addition to consumers. We'll talk more about that later.
But let's start with "easy" parts: UDAAP definitions. Read on to learn the details of important UDAAP definitions, and some tips for avoiding risk exposure.
Defining "Unfair" for UDAAP Compliance
Below are the definitions for unfair, deceptive and abusive for UDAAP compliance, gathered from Section 1031 of 2010's Dodd-Frank Wall Street Reform Act. It's important to note that some of these definitions are subjective; that's part of what makes UDAAP potentially tricky.
Acts and practices are considered "unfair" if they:
Statements or omissions are considered "deceptive" if they are:
Here are a few additional points to remember about "deceptive" statements, omissions, acts or practices:
You may have noticed the phrase "likely to mislead" above in the definition of "deceptive." That can be a vague phrase, so for UDAAP compliance, it needs to be defined more clearly. An act or practice is likely to mislead when:
Another word, "material," leaves room for individual interpretation. Consider the following when determining whether an act, practice, representation or omission may be considered material:
“Although abusive acts also may be unfair or deceptive, examiners should be aware that the legal standards for abusive, unfair, and deceptive each are separate.”
- Richard Cordray, Director of the CFPB
Some experts have said that as much as 90 percent of UDAAP regulatory actions focus on deception.
Defining "Abusive" for UDAAP Compliance
In 2010, the Dodd-Frank Wall Street Reform Act introduced the concept of "abusive," which is often perceived as the most subjective of the three. Dodd-Frank defines an abusive act or practice as one that:
Abusive can be difficult to define, and is sometimes applied inconsistently. While at the ABA panel on UDAAP compliance, Eric Mogilnicki of Covington & Burling noted that a pattern is emerging; it appears that the Bureau brings "abusive" allegations when they don't consider a product valuable or they don't think a payment is necessary.
Before we conclude here, we wanted to answer a few other common questions that you may have:
A vulnerable consumer is often described in terms of consumer characteristics or demographics such as age, disability, gender, race/ethnicity, low or limited literacy, receipt of public assistance, and education level. It's similar to protected classes in Fair Lending compliance.
Read also: Is Your FI Complying with Fair Lending Laws? - Leverage Analytics
The first version of UDAAP, originally referred to as Section 5 of the FTC Act, was introduced in 1938. In 2004, the FTC expanded the section to include deceptive and unfair acts and practices, and UDAP was born.
2010's Dodd-Frank Wall Street Reform Act introduced the "abusive" statutory standard, changing UDAP to UDAAP, and refocused regulatory attention on this area of compliance. In addition, Dodd-Frank made the Consumer Financial Protection Bureau the primary enforcer of the law. In 2011, the CFPB began oversight of UDAAP compliance.
Even it isn't exactly new, UDAAP can be challenging to understand and comply with. This is due, in part at least, to the following factors:
We've seen how subjective UDAAP can be, particularly in great sessions at the ABA's Regulatory Compliance Conference in Orlando a few years ago.
In addition, UDAAP compliance also influences other areas of consumer compliance. UDAAP compliance is even changing the landscape of Fair Lending. Some experts are combining the two, and referring to them as "Fair and Responsible Banking." As you work to understand your UDAAP compliance requirements, keep in mind how UDAAP compliance relates to other areas of consumer compliance; this should make it a little easier to reduce your risks.
Given the potential for interpretation and changing regulatory guidance, it may be helpful to approach UDAAP compliance efforts with a little flexibility.
Unfair, deceptive and abusive acts and practices pose a great threat to your institution as regulators refocus attention on UDAAP compliance. While we are still learning how the regulators interpret UDAAP through regulatory news, lawsuits and enforcement actions, you can begin taking positive steps toward better UDAAP compliance today.