UDAAP: Unfair, Deceptive, or Abusive Acts or Practices Policy. Among all the changes the Dodd-Frank Act brought, many believe UDAAP will turn out to have the most significant impact on the banking industry, and all third party vendors supplying mortgage lending services to the banking industry. Given the impact and significance of other Dodd Frank Act changes, combined with UDAAP’s broad and vague scope, it could potentially be the most dangerous weapon in the Bureau’s arsenal.
Recently a number of significant UDAAP developments have elevated the importance of mitigating UDAAP risk in both the banking industry and all third party banking vendors. These include the formation of the Consumer Financial Protection Bureau (CFPB), regulatory agency focus on compliance examinations, high profile UDAAP cases, increased litigation related to mortgage servicers’ loan modification activities, and more. Like fair lending problems, UDAAP issues can result in a downgrading of the CRA rating and monetary penalties as well as negatively impact the financial institution’s strategic plan.
In July 2012, the CFPB issued its first enforcement action, citing a major institution for deceptive marketing tactics and slapping it with a $25 million civil money penalty plus $140 million in customer refunds. Three months later in its second case, the CFPB leveled a $27.5 million civil money penalty against another large institution, again for deceptive marketing tactics, and ordered it to refund $85 million to customers. Rounding out the year was the most lenient case, with a $5,000 civil money penalty issued and $100,000 due in restitution for unfair telemarketing acts.
Moving into 2013, the cases continued, as did the message that UDAAP is serious business and we must do everything we can to ensure compliance.
Here is a look at some high profile incidents:
- May 31, 2013–FDIC Settled Case of UDAAP Violations: A bank and the third-party service provider through which it was offering a prepaid debit card were both cited by the FDIC for engaging in deceptive and unfair practices. The FDIC specified that, “a number of the representations and omissions on (the third party’s) website were deceptive, such as advertising free online bill pay, promoting certain features and services of the (third party’s) Card that were not available to cardholders, and charging fees that were not clearly disclosed.” Note that the bank was held more liable than the third-party service provider, as its civil money penalty was $600,000, while the latter’s was $100,000. Both agreed to jointly pay restitution of approximately $1.1 million to affected customers.
- June 27, 2013–CFPB Filed Fourth Enforcement Action: The CFPB cited a large institution and its non-bank partner for misrepresenting the true cost and coverage of its add-on products. Between the two entities, they are responsible for returning $6.5 million to customers affected by the situation. Remember, misrepresentation falls under UDAAP’s definition for deceptive, as it encompasses any material representation, act, practice or omission that misleads or is likely to mislead consumers.
- Sept. 19, 2013–CFPB Issued Fifth Enforcement Action: The CFPB’s fifth enforcement action was settled with a major financial institution for unfairly billing customers for an identity theft protection product supplied by a third party vendor. The institution was ordered to refund $309 million to its customers. Never before has the assurance that your third party vendor is going above and beyond all that is necessary to practice compliant policies, procedures and actions, been more important than now.
These events make clear that UDAAP is a top priority for the CFPB, and this focus is filtering to other regulatory and law enforcement agencies as well. Several of the CFPB’s enforcement actions were issued jointly, with such other agencies as the Office of the Comptroller of the Currency, the FDIC, state agencies and state attorneys general. The other eye-opening fact to note is that while all of the CFPB’s enforcement actions cited UDAAP, none of them claimed “abusive” practices, leaving this amorphous term’s definition still elusive to institutions. One does wonder, though—given the charges in the CFPB’s enforcement actions—if the expansion of UDAAP with the word “abusive” added weight to the original two–-unfair and deceptive.
The CFPB released a study in December of 2013 on the impact of Compliance costs in the mortgage banking industry since the onslaught of rules and regulations over the past 5+ years. According to their study, our industry has seen a 13% increase (on average) of costs ONLY associated with Compliance.
So what does this mean? It means immediate actions must be taken to minimize your risk of UDAAP and ensure compliancy for your institution, as well as the vendors who provide, manage or service your consumer products. It is imperative that you require all third party vendors have the same compliance standards as you require.