5 Best Practices Your Compliance Program Should Implement to Avoid UDAAP Violations

After the 2008 financial crisis, regulators put new laws in place in order to protect consumers and regain confidence in Financial Institutions. According to the Dodd-Frank Wall Street Reform and Consumer Protection Act created in 2010, UDAAPs (or unfair, deceptive, or abusive acts and practices) between those who offer financial products and services and their customers are illegal. In turn, regulators like the CFPB (Consumer Financial Protection Bureau) and the FTC (Federal Trade Commission) are keeping an eye on FIs, FinTechs, gig economy players and more, forcing them to protect current customers and other consumers against UDAAPs by monitoring their sales and marketing efforts.

Defining UDAAP Can Be Difficult

For compliance leaders, UDAAPs can be difficult to identify and comply with because of its very broad definition. At times they can also be difficult to understand because of overlap with other consumer protection laws and regulations. Adding even more complexity, there are many ways in which these rules can be interpreted, and previous regulatory standards aren’t always consistent. To help break this down, here’s a more in-depth look at each part of UDAAP according to Dodd Frank.

Unfair

An “unfair” practice is one that a consumer cannot avoid, that would put them in financial harm and where the benefits to the consumer don’t outweigh the injury sustained. Examples include lenders keeping liens on paid-off homes, car dealerships not disclosing fees in advertising or banks keeping connections with someone who's committed fraud.

Deceptive

A “deceptive” practice is one that misleads or has the intention to mislead. The intent does not come into play with these determinations, and often actual deception doesn’t need to occur as long as there can be an interpretation of deception.

Abusive

Acts and practices deemed “abusive” are essentially ones that don’t fall into unfair or deceptive but are still disliked by regulators. The definition of what is considered abusive is lengthier than the others because it was created to be broad and catch what would otherwise slip through the cracks. Since it is the most difficult to define, there have been inconsistent applications of it. A few guidelines to follow when determining if something is abusive are:

• Interferes with the consumer’s ability to understand the terms or conditions of a product or service
• Takes advantage of a consumer’s lack of understanding of risks, costs or conditions
• There is an inability to protect their own interests when selecting and/or using a product or service
• If there is a reliance on a covered person to act in their interests

Protecting Your Compliance Program by Avoiding UDAAPs

Compliance professionals are tasked with the burdensome responsibility of protecting their organizations and their customers by ensuring that they comply with consumer protection laws. 

To conclude, we offer the following five tips to consider when building and maintaining a strong compliance program to avoid UDAAP violations.

1. Organizations should constantly be reviewing their products, services, policies and procedures. Leverage RegTech and compliance solutions for help.
2. Learn from the mistakes of other FIs by staying up-to-date on the most recent UDAAP violations. 
3. Speak with consultants and seek internal/ external counsel before altering anything regarding your compliance program.
4. Take consumer complaints seriously, as they’re often an important and essential source for institutions and examiners like the CFPB and FTC.
5. Act with urgency: once an act is implicated to show UDAAP violations, the company should investigate and correct immediately. They should swiftly provide a solution to affected consumers.

It is crucial to understand that UDAAP violations can pose serious compliance risk to any organization. If you’d like to learn more about consumer compliance or PerformLine's automated sales and marketing compliance monitoring solution from one of our RegTech experts, let us know here.