By Suzie Higbee
We know that a blog post about Unfair, Deceptive, or Abusive Acts or Practices may not be everybody’s idea of good time. But that doesn’t diminish the importance of keeping up to speed on the prohibited practices that could land your institution in hot water. With the recent excitement about the upcoming reboot of the Star Wars franchise, we thought a few familiar film references might help make an overview of the basics of UDAAP go down just a little bit easier.
Not so long ago, in a galaxy that is actually pretty close, attention to UDAAP heated up like a summer blockbuster. The prohibition against unfair, deceptive, or abusive acts or practices is considered by many to be an overly broad and impressively vague area of compliance. That can make preparing for UDAAP a challenge, but never fear (because, as you may know, fear is the path to the dark side). And your regulator may find your lack of faith disturbing. Don’t worry; there is a new hope.
First of all, it’s critical to remember that the ban against UDAAP doesn’t only apply to financial products and services, but to every activity at your institution. So set your deflector shields to maximum. UDAAP impacts advertising, initial and subsequent disclosures, servicing, collections, credit card disclosures and bills, third-party vendors, employee interactions with consumers, and more. Not to mention that the CFPB is openly soliciting for complaints. Furthermore, UDAAP is increasingly being cited in conjunction with other regulations to “boost” their impact.
So, what’s an institution to do? Use the force, of course.

Stay on Target: UNFAIR

Let’s begin by reviewing the basic tenets of UDAAP, starting with the definition of “unfair.”
The agencies view an act or practice as unfair when it causes, or is likely to cause, an asteroid field of substantial injury to consumers; which is not reasonably avoidable by consumers themselves; and is not outweighed by countervailing benefits to consumers or to competition.
That last part can be a little confusing. A countervailing benefit to consumers might be that this product or service is only available to consumers by experiencing the injury. In other words, the customers may have to pay a fee, but in return, they get something of greater value. A countervailing benefit to competition means that if the injury were not incurred, the institution would stop offering the product or service altogether, which would limit the institution’s opportunity to compete in the market.

These aren’t the droids you’re looking for: DECEPTIVE

Let’s move on to the definition of deceptive. The agencies’ standards for deception are based on case law and guidance. Under these standards, an act or practice is deceptive when the following three items are present:

  1. There is a representation or omission of information;
  2. The representation or omission is likely to mislead consumers acting reasonably under the circumstances; and
  3. The information is material to consumers.

Basically, a representation or omission would be considered deceptive if the overall net impression made is likely to mislead consumers. Before you make the jump to hyper drive, it is important to remember that even if there could be multiple interpretations to a potentially deceptive statement, if just one of the reasonable interpretations is misleading, then that statement would be considered deceptive.

It’s a trap: ABUSIVE

And finally, let’s take a look at the definition of “abusive.” Dodd-Frank defined abusive as an act or practice that:

  • Materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service. Is that a moon or a space station?
  • Takes unreasonable advantage of a lack of understanding on the part of the consumer of the material risks, costs or conditions of the product or service.
  • Takes advantage of the inability of the consumer to protect the interests of the consumer in selecting or using a consumer financial product or service.
  • Takes advantage of the reasonable reliance by the consumer on a covered person to act in the interests of the consumer.

So, those are the basics of UDAAP. Although simply hearing the definitions may give off the impression that compliance with UDAAP is cut-and-dried, the agencies have said that determinations of violations are fact-specific and better suited for case-by-case application. Moreover, UDAAP’s vague aspects render it highly flexible in application, making it seem like a catchall weapon that the bounty hunters/agencies can use when they see something they don’t like.

This is some rescue!

So given its vagueness, what can an institution do to minimize the chances it will get the UDAAP card played in its next examination? After all, the odds are only slightly better than possibility of successfully navigating an asteroid field (approximately 3,720 to 1.) You may have a bad feeling about this, but there is always a light side. We suggest that institutions take a proactive stance to demonstrate to regulators that they are fully aware of the principles of UDAAP and are committed to clear and open communications with their customers and members. It’s not necessarily easy to do, but here’s how that might look at your institution.

  • Integrate UDAAP into all phases of compliance.
  • Review your institution’s policies, procedures, and training through the lens of UDAAP (because examiners will) to discover which areas present the highest risk.
  • Proactively provide and promote a phone number/address for complaints/inquiries.
  • Institute strong complaint management monitoring systems.
  • Uphold the tenets of UDAAP when responding to any complaints received.
  • Display significant management involvement in new products and services and changes of existing products and services.
  • Think beyond technical requirements of an internal audit to assess the more vague elements of UDAAP.
  • Pay close attention to marketing promotional material review, especially when using terms like “pre-approved,” “guaranteed,” “fixed rates,” or terms not likely to be given to most applicants.
  • Because UDAAP involves the financial impact on consumers, you’ll need to actively review products and services that involve consumer payments that they clearly and accurately portray lending program disclosures, and insure that fees, penalties, and charges are reasonably understood.
  • Make sure UDAAP aspects are included in contracts with third parties for any phase of the lending process.
  • Train employees so that they avoid making statements or taking actions that might be unfair, deceptive, or abusive.
  • Actively monitor employees and third parties for potential UDAAP violations.
  • Review applicable state versions of UDAP, which may have additional limitations and requirements.
  • Analyze lending compensation patterns for employees and third parties with respect to incentives that could lead to steering.
  • Always let the wookie win.

That list can sound like a tall order, but the goal here is not to institute a separate program to address UDAAP, but to make UDAAP a part of existing programs, policies, and practices. And remember, the force will be with you, always.