ABA Banking Journal Home

“Adaapting” to new UDAAP risks

UDAAP readiness must spread throughout a bank’s operations 

  • |
  • Written by  Thomas Grundy, Wolters Kluwer Financial Service
  • |
  • Comments:   DISQUS_COMMENTS
“Adaapting” to new UDAAP risks

Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) is one of the most talked-about compliance issues today. With the passage of Dodd-Frank, UDAP expanded to incorporate a new standard—adding the term “Abusive”—and thrust this consumer protection issue further into mainstream consciousness. This has created a heightened regulatory concern for banks, particularly due to a lack of certainty of how “abusive” will be incorporated into financial services supervision.

The best practice for creating a UDAAP-conscious organization: Establish the tone for compliance at the top. Banks should review what’s communicated downward through various means, particularly in the form of policies, procedures, and training materials.

Always strive for fairness and transparency when communicating product features, terms, and costs to customers, and apply the same standard in delivery, support, and servicing. Following are the high-risk areas to focus on when reviewing your bank’s compliance efforts, with respect to UDAAP.

Advertising and solicitations

An advertising review by legal and compliance or advisors for internally generated marketing messages, sales training, and ad content, plus ad and sales messaging created by third parties, is critical. Meet with marketing, ad, and product managers for each business unit or product line to understand product development, marketing, ad, and customer solicitation activities.

Compliance can explain the impact and importance of UDAAP, the heightened regulatory focus and expectations, and what product managers and marketers need to consider when creating messaging and content to drive new business.

Where the message is delivered by individuals acting in a cross-selling, customer service capacity, look closely at the training and level of scripting provided to customer-facing personnel. Communication must maintain consistency and accuracy of presentation, with respect to terms and conditions. Ad content must be complete; accurately represent the product or service; and be designed to help consumers make informed decisions.

Loan and account disclosures

First, meet with representatives of each business and product line to review loan and account disclosures for compliance with applicable laws and regulations. It’s important to compare the information disclosed to actual practices and to the associated ad and solicitation materials to assess overall alignment of product, product delivery, and support activities, as well as how each is disclosed and presented to the public.

It is paramount to stress absolute transparency in all aspects of the product lifecycle, and for each business line and product group to continuously review, for technical accuracy, alignment to actual practices, and clarity and ease of understanding for consumers.

Servicing and collections

Whether you service and collect on your own loans or perform this function for others, understand that how established accounts are handled from a servicing and collections perspective is of great interest to regulators—particularly with respect to fairness and transparency.

In promoting UDAAP compliance, servicing and collections management should review scripts used by department personnel to confirm they comply with applicable laws and regulations, and that personnel receive proper training and support.

To ensure servicing and collections activities are accurately fulfilled, monitor customer calls and correspondence to ensure payments are processed correctly, allowable fees are collected, and debt collection practices are in accordance with legal requirements, as appropriate.

Third-party provider oversight

Work performed on behalf of your company by third-party service providers should be viewed no differently than work performed by your employees when it comes to UDAAP, or any other legal or regulatory requirement. It is important to fully integrate oversight into your compliance management system.

Each business and functional unit must be held accountable for following standards for risk assessment, due diligence, contracting and onboarding, and continuous monitoring of third-party providers once the relationship is up and running.

Complaint management

With CFPB actively soliciting complaints from consumers and using that data to support its supervisory activities, look closely at your complaint data management and response processes. Pay attention to:

• Your definition of a complaint.

• How complaints are categorized and classified internally.

• How they are routed for analysis and identification, and analysis of root cause, formal response, and ultimate resolution.

Generally, a complaint is a written expression of dissatisfaction with, or allegation of wrongdoing by, a provider of any financial product or service or any entity subject to regulation or supervision by the bureau or a prudential regulator that is made by a consumer (or representative acting on behalf of a consumer).

Furthermore, it can be an allegation by or on behalf of an individual, group of individuals, or other entity that a particular act or practice of a regulated entity is unfair or deceptive, or in violation of a regulation or any other act or regulation under which a bank must operate.

Effective complaint management must receive and process complaints from all sources—from those made directly to the bank to those from external sources, such as regulators, attorneys, Better Business Bureau, consumer protection groups, and web-based sources and social media.

Complaints, while often troubling, are an opportunity to detect and address UDAAP issues, such as false or misleading statements; inaccuracies in disclosures; excessive and/or previously undisclosed fees; misunderstandings around product benefits or rewards; issues with customer services; or other problems.

Third-party providers should have conforming processes in place that mirror your own complaint handling processes. Complaint management should be integrated as part of your ongoing third-party provider oversight and performance monitoring activities.

Risk assessments

For years, banks have conducted risk assessments based on traditional risk disciplines—credit risk, operational risk, reputation risk. They’ve asked: What’s the risk to the institution if a compliance violation occurs?

CFPB’s consumer-centric approach has turned this model upside down, and now focuses on the inherent risk to the consumer for any process or product. This is a major shift in how institutions are being asked to examine risk—essentially creating a new risk discipline.

Expect CFPB to focus examinations on processes and products that have an ability to harm consumers. Financial institutions subject to CFPB supervision are advised to have a consumer risk assessment as part of the supervisory process. CFPB has provided a template for consumer risk assessment in the appendix to the Supervision and Examination Manual. (Download it at

Managing UDAAP going forward

Ask if your compliance management system allows you to:

Establish compliance responsibility and accountability for UDAAP compliance at all organization levels.

Communicate to all employees, as appropriate, their responsibility for UDAAP compliance through training and regular updates.

Ensure UDAAP requirements are incorporated into the everyday business processes, as well as the procedures followed by contractors and third-party providers.

Review operations for compliance with UDAAP requirements.

Require corrective action when non-compliance or a potential weakness is identified.

If you haven’t taken a hard look at where your organization stands on such questions, it’s time. Understanding how to manage UDAAP compliance isn’t easy, due to its highly subjective nature. Determining where you stand requires analysis of how your organization communicates internally and externally, and understanding whether it’s fair, transparent, and accurate in all dealings with consumers.

By Thomas Grundy, Wolters Kluwer Financial Service, Thomas Grundy, CRCM, is senior regulatory consultant, Wolters Kluwer Financial Services.

back to top


About Us

Connect With Us