This column is part of a series of articles on the new Consumer Financial Protection Bureau and the upcoming wave of regulations affecting the consumer financial industry.
For banks and other financial services companies, the Dodd-Frank Act’s prohibitions against unfair, deceptive, or abusive acts or practices (UDAAP) are suddenly a top compliance risk. Consumer financial products and services must now meet amorphous and, let’s face it, subjective standards that can easily be used by regulators and others to meet statutory and regulatory gaps, and to achieve policy goals, some of which may not yet be revealed.
It is a new world with new risks. Surmounting the UDAAP challenges on the horizon will ultimately require fundamental changes in the way we approach compliance. If you have any doubt, just ask yourself if your compliance functions are meant to ferret out consumer fairness. Like it or not, UDAAP is about fairness.
Because the law of UDAAP is so nebulous, unfortunately, it is virtually impossible to know, let alone eliminate, all of the risks that are out there. But all hope is not lost.
Conduct a UDAAP audit. Review program and product materials, disclosures, and customer lists for red flags such as a substantial number of customers receiving terms less favorable than those advertised. The audit should include a review of every consumer product and service (and related marketing activity) in the organization. Things such as deposit accounts, underwriting and data security are easily overlooked but nonetheless covered by UDAAP.
Incentivize compliance and ethical conduct. Affirmatively discourage troublesome conduct. Do not incentivize employees to make misleading statements. Scrutinize sales programs that reward extra charges.
Facilitate informed choices. Focus customer attention on limitations, conditions and other key terms. Make product and program documents readable and understandable. The bureau is focused like a laser on making disclosures simple. You should be, too.
Be proactive, not reactive. Seek out input from consumers and employees. Make it safe for employees to raise questions or concerns about products. Consolidate review of customer complaints so that discernable complaint trends are not just blown off because the products technically comply with black-letter law. If public controversy starts to develop around a product or service, scrutinize it rather than reactively defending it. Conduct adequate due diligence on all new products and third-party service providers.
Keep suitability considerations front-of-mind. If you do not, the regulators and courts might just do it for you.
Make no mistake about it: the paradigm has shifted with the passage of UDAAP. Where business lines could previously push back on compliance with, “Where does it say we cannot do that?,” the risk of capitulating to the absence of specific guidance has significantly increased even though there may be nothing for compliance to point to in response. Nothing, that is, except for UDAAP.
One may be tempted to put off getting ready for UDAAP. Do not wait. While there will certainly be struggles over the bureau’s power for the foreseeable future, and the bureau will undoubtedly issue regulatory guidance and some clarifications about what UDAAP means and how it will be enforced, that will not stop the potential for enforcement actions. Get out in front of that wave and proactively begin your UDAAP preparations and transformations today.