March 29, 2018
I just attended the Consumer Compliance Conference at the Federal Reserve Bank of Dallas this week. The UDAP presentation had some very helpful takeaways. Here is what stuck with me!
The formal presentation referenced the Fed’s CA 04-2, CA 05-2, CA 14-5 and the 2016 Exam Procedures (CA 16-4). These are documents that lay out the elements of “unfair and deceptive acts and practices” for banks. Remember that Reg AA (Credit Practices Rule) was repealed. That leaves bankers with these basic statements regarding the FTC Act, Section 5 and UDAP principles. Although the Dodd Frank Act gave the CFPB authority over UDAAP (adding “abusive” to the scheme), the primary regulators still have authority to identify UDAP violations as part of a compliance examination. Be aware that a serious UDAP violation can result in a downgrade of a CRA or even compliance exam rating!
As case studies, two overdraft protection programs (i.e. automated ODP) were called out. In one, among other problems the bank discouraged customers from opting out of debit card coverage and did not monitor for excessive usage. In the other, the posting system used for POS debit resulted in multiple fees. The presenter noted that products that incentivize or encourage consumers to make poor choices are high UDAP risk!
Emerging risks for UDAP and ODP have been identified in the following areas:
- New sources of fee income
- Third party vendor management.
A number of tips were presented to the attendees. These include:
- Be concerned if a product requires a consumer to make poor choices.
- Be sure that disclosures are consistent/match up to actual practices.
- Embed UDAP reviews into the entire life cycle of the product/service.
- Follow the money. Increased non-interest fee income should trigger a review to determine whether the fee income increase is due to potential UDAP issues.
- Conduct training with appropriate staff and board.
- Be sure that there is proper board oversight—with documentation!
- Use these to spot trends.
- Also, review consumers who have the same product but do not complain. Are they also unhappy with a product that is receiving complaints? You may need to remediate as to them as well.
- How are terms and alternatives presented?
- Are the advertised terms actually available?
- This includes both the selection process and managing the relationship.
- Review compensation of the bank versus third parties. Is the comp method incentivizing “bad” behavior?
- Identify activities that could create UDAP risk.
- Monitor complaint notices received from the vendor on the product.
- Perform an independent assessment of the vendor activity.
- If UDAP activity is found, take ACTION!
Bottom line: automated overdraft programs MUST be reviewed for UDAP risk. Meanwhile, the CFPB has declined to follow up on writing overdraft rules or guidance. This leaves banks with the 2005 Best Practices, the 2010 FDIC Guidance and the amendments to Regs DD and E as providing the regulatory framework explicitly addressing ODP. Now, banks really must evaluate the UDAP risk as well. Remember that compliance with regulations is not enough to insulate a bank from a UDAP finding but violation of regs could trigger UDAP concerns!
Kennedy Sutherland, LLP