In the summer of 2019, we discussed UDAAP and setting up a program in your bank to avoid trouble in this important area. Our title admonished you, “Don’t Let UDAAP Spook You, Take Control.” If you have not yet taken control of UDAAP compliance, you may have been spooked by developments over the past 12 months or so.
There have been three big UDAAP enforcement actions involving three financial service providers of all sizes during that time.
Section 5 of the Federal Trade Commission (FTC) Act has been around for over 70 years and prohibits “unfair or deceptive acts or practices” (UDAP), the predecessor to UDAAP. Banking regulators have had the responsibility to enforce bank and thrift compliance with UDAP rules, while the FTC had the authority to interpret the statute and write any rules. The Federal Reserve Board (FRB) was given interpretive and rule-writing authority when this part of the FTC Act was amended in 1975 but continued largely to defer to the FTC.
Title X of the Dodd-Frank Act (DFA) codified UDAP law specifically for financial institutions, eliminated the FRB’s rule-writing authority, added an “abusive” standard and moved rule-writing authority to the CFPB. The acronym became UDAAP – unfair, deceptive, or abusive acts or practices.
What are we dealing with?
All of these standards or characteristics are quite subjective. The elements of unfairness and deception have been established by statute and interpretation over the years by the FTC in various enforcement actions and interpretive documents. The element of being abusive was established, in general terms, in statute by the DFA.
To be unfair, an act or practice must cause or be likely to cause substantial injury to consumers that the consumers cannot reasonably avoid or that is not outweighed by countervailing benefits. Substantial harm usually involves monetary harm, including small monetary harm to each of a large number of consumers.
A three-part test is used to determine whether a representation, omission, act, or practice is deceptive. First, the representation, omission, act, or practice must mislead or be likely to mislead the consumer. Second, the consumer’s interpretation of the deception must be reasonable under the circumstances. And, lastly, the misleading representation, omission, act, or practice must be material. “Material” means that it is likely to affect a consumer’s decision regarding a product or service.
An abusive act or practice materially interferes with the ability of the consumer to understand a term or condition of a consumer financial product or service. Such an act or practice also includes one that takes unreasonable advantage of:
- the consumer’s lack of understanding of material risks, costs, or conditions of a product or service;
- the consumer’s inability to protect his interests in selecting or using a financial product or service;
- the consumer’s reasonable reliance on the “covered person” (including a banker) to act in the interests of the consumer.
Recent UDAAP enforcement actions
In about the year 2000, banks first saw significant enforcement of UDAP (now UDAAP) from the banking agencies when the Office of the Comptroller of the Currency (OCC) took the lead. The OCC concluded that it had authority to address a violation of the FTC Act even regarding a challenged practice that was not specifically prohibited by regulation. The three bank-related UDAAP enforcement actions to which we referred above are:
- The Consumer Financial Protection Bureau (CFPB) has issued a Consent Order to Discover Bank (Greenwood, DE) and two subsidiaries ordering Discover to pay at least $10 million in consumer redress and a civil money penalty (CMP) of $25 million for violating a 2015 CFPB Order, the Electronic Fund Transfer Act, and the Consumer Financial Protection Act of 2010.
The 2015 Order was based on the CFPB’s finding that Discover misstated the minimum amounts due on billing statements as well as tax information consumers needed to get federal income tax benefits. The agency also found that Discover engaged in illegal debt collection practices. The 2015 Order required Discover to refund $16 million to consumers, pay the penalty, and fix its unlawful practices servicing and collection practices.
However, recently the CFPB found that Discover violated the 2015 Order’s requirements in several ways – misrepresenting minimum loan payments owed, amount of interest paid, and other material information. Discover also did not provide all consumer redress the 2015 Order required.
In addition, the CFPB found that Discover engaged in unfair acts and practices by withdrawing payments from more than 17,000 consumers’ accounts without valid authorization and by canceling or not withdrawing payments for more than 14,000 consumers without notifying them. The agency also found that Discover engaged in deceptive acts and practices in violation of the CFPA by misrepresenting the minimum payment owed to more than 100,000 consumers and the amount of interest paid to more than 8,000 consumers. Some consumers ended up paying more than they owed, others became late or delinquent because they could not pay the overstated amount, while others may have filed inaccurate tax returns.
- The Federal Deposit Insurance Corporation (FDIC) issued an order to Umpqua Bank (Roseburg, OR) to pay a CMP of $1,800,000 following the FDIC’s determination that the bank engaged in violations. Those violations were from Section 5 of the Federal Trade Commission Act in the commercial finance and leasing products issued by its wholly-owned subsidiary, Financial Pacific Leasing, Inc. According to the FDIC, these violations included engaging in deceptive and/or unfair practices related to certain collection fees and collection practices involving excessive or sequential calling, disclosure of debt information to nonborrowers, and failure to abide by requests to cease and desist continued collection calls.
- The FDIC has issued an order to pay a CMP of $129,800 to Bank of England (England, AR). The bank consented to the order without admitting or denying the violations of law or regulation.
The FDIC determined that the bank violated Section 5 of the Federal Trade Commission Act because bank loan officers located in the Bloomfield, MI loan production office (LPO) misrepresented that certain Veterans Administration (VA) refinance loan terms were available. However, the loans were not available, and the bank’s misrepresentations at the Bloomfield LPO regarding terms for VA refinancing loans were deceptive, in violation of Section 5.
How to deal with these issues?
As we advised in our previous article, banks and thrifts should be proactive in addressing areas prone to UDAAP issues. You can anticipate potential problems by, in part, tracking enforcement actions as indicators of where regulators are looking for issues (and finding them).
The steps we spelled out to help in this proactive approach are:
- Establish a specific compliance culture using positive words, actions, and attitudes from the top down.
- Enforce compliance performance coupled with the overt support from the top, making it clear to all at the bank that this is a crucial element in the success of the bank and any related rewards (bonuses, raises, promotions, etc.).
- Involve compliance early in product design, marketing planning, and so forth.
- Focus on vulnerable customers — including the young, less educated, immigrants, elderly, etc. — within your community, paying particular attention to how your marketing, product recommendations, and disclosures are directed to such populations.
It is much easier — and less expensive — to plan and lay the appropriate groundwork to avoid problems than to repair damages after inappropriate and illegal actions blow up. The reactive approach can cause the bank immeasurable reputation harm, which is much more costly than monetary penalties and from which it is much more difficult to recover.
William J. Showalter, CRCM, CRP, is a Senior Consultant with Young & Associates, Inc. (younginc.com), with over 35 years of experience in compliance consulting, advising and assisting financial institutions on consumer compliance and compliance management issues. He can be reached at email@example.com.