Fair lending foundation for UDAAP compliance

For inspiration to meet the challenge of UDAAP, Judy Cormier adapted the title from Robert Fulghum's All I Really Need to Know I Learned in Kindergarten. As she put it during a presentation at ABA's Regulatory Compliance Conference in June:

"All I ever needed to know about UDAAP I learned in fair lending."

Why "fair" goes beyond lending

Cormier told listeners during the panel discussion that UDAAP--Unfair, Deceptive, or Abusive Acts and Practices--has parallels in fair lending compliance. In fair lending, there is the potential for true abuse and there is also the potential for unintentional consequences of acts performed without discriminatory intent, said Cormier, senior vice-president and director of consumer compliance at TD Bank, Portland, Me. UDAAP poses similar challenges, she explained.

Cormier said banks had to start somewhere, to meet the UDAAP issue, and that fair-lending was a good foundation. At her company, what had been a fair lending compliance group expanded to become the Fair and Responsible Banking Group.

The actual function is now headed by a Fair and Responsible Banking Manager, she continued, and a newly hired UDAAP Manager reports to that officer. The fairness apparatus the bank has built up is complemented by a pre-existing Customer Experience Committee that includes members from the bank's senior management team.

UDAAP, UDAP, and fairness

Cormier spoke during a session called "Rebuilding Your UDAAP Program In The Post Dodd-Frank World," featuring her comments and those of fellow banker Nancy Sjogren of The Bancorp Inc. and Lynn Farrell of Treliant Risk Advisors, LLC.

UDAAP, the subject directly or indirectly of many sessions at the 2012 ABA conference, has proven to be an elusive target. It is an expansion of the original UDAP--Unfair and Deceptive Acts and Practices--that relied heavily on Federal Trade Commission dealings. It is part of the marching orders of the Consumer Financial Protection Bureau, which has done little to define it precisely beyond some verbiage in its examination manual.

But where do individual banking organizations fall in the scheme of things? One viewpoint is that banks over $10 billion in assets, and clearly under CFPB supervision and examination, are in the "land of UDAAP." However, while all banks fall under CFPB-created and CFPB-assumed regulations, the smaller institutions don't directly fall under UDAAP.

At least, that's the observation of some who have studied the status closely. For the smaller institutions, under the examination authority of the prudential banking regulators, the original UDAP remains the main item to watch, though the traditional regulators are applying even this UDAP rather broadly. For those banks that are covered by the newer UDAAP, some say that for the time being the bureau--extraordinarily busy with many pending tasks--isn't looking to "open a front on ‘abusive'," the new factor, at present.

However, there is a view among some industry experts that banks ought to build, or upgrade, their programs to explicitly recognize the risk of UDAAP, and to use it as a means of improving a bank's approach to consumer banking.

"The concept of fairness is different from customer service," consultant Lyn Farrell told the audience. She believes banks should establish enterprise-wide UDAAP policies and a "fairness mission statement," even if there is a customer service mission statement already in place.

"You've got to have someone looking at your products like a consumer," said Farrell. Bankers become so wrapped up in their own terminology and traditions, she explained, that they often can't see points in products and services that can expose the bank unintentionally to UDAAP-type risks. Such exposures will evolve and crop up over time, she warned, because the world outside the bank continues to change.

"You will want to revise your risk assessment as new issues come up," said Farrell. She added that UDAAP audits will require prioritization so banks can concentrate on areas of highest risk. "You don't have enough audit hours to throw at it all," said Farrell, so "scope it down."

Another risk banks face is lack of product understanding at the front line. Paradoxically, while bankers in oversight roles may be too wrapped up in their trade to get a clear reading on products and services, Farrell said that in her work she has found that often front-line personnel can't explain products very well.

The need for increased training is becoming clear. The Bancorp's Nancy Sjogren, vice-president and divisional compliance officer at the Minneapolis bank, believes consumer "suitability" for products and services offered will become an issue in some markets.

"We have to not only offer them the right products," said Sjogren, "we have to help them choose." She warned that bankers must begin to put themselves in customers' shoes even when it comes to product usage.

Frequent use of a product may once have connoted acceptance of terms and pricing, she said, but that may not be right. "It's not necessarily acceptance," Sjogren said. "Perhaps it indicates a misunderstanding, or simply a necessity."

Sjogren also suggested that banks begin to see themselves as bartenders. "We have to know when to cut people off," she said. She believes regulators will expect that, now.

She told listeners about the bank's efforts in the direct deposit advance product. Customer focus groups loved the concept, and the bank's disclosures made the costs and the limits of the program clear. "Cooling off" periods were established. Even so, some consumers fell into a cycle of over-use, and complained about the results. This prompted a review and revision of the program, and now the bank continuously reviews usage to avoid the potential for the program being seen as abusive.

Fairness and consumer complaints

Speakers emphasized the importance of listening to customer complaints. "You should embrace complaints management," said Farrell,  managing director at her firm, "because they are the canary in the coal mine for UDAAP."

TD Bank's Judy Cormier said part of the switchover to a fairness viewpoint was development of a centralized complaints database, encompassing not only regulatory complaints, but any delivered up through the bank's multiple delivery channels. Even complaints about the bank's collections process go into the database, as do complaints regarding third parties through whom the bank does some aspects of its business.

The new system assists the bank in determining root causes of complaints, and this plays into the UDAAP effort, Cormier explained. Managing complaints enables the bank to address issues that could later become UDAAP triggers, had they not been fixed.

"Reviewing consumer complaints has become an absolute must," said Bancorp's Nancy Sjogren. Even where full and accurate disclosures of products have been made, she said, they are no longer enough where it is perceived that consumer protection has not been achieved. And even model disclosures from regulators, once seen as a safe-harbor, may not stand up to a UDAAP challenge, suggested Sjogren.

"What are your complaints telling you about disclosures?" Sjogren said. "Even if the regulation doesn't require something, customer reaction might demand it." The banker said that unclear, overly legal terminology itself might wind up being considered "abusive." And services offering too many options can be confusing to customers, even when they are clear to product designers.

Sjogren gave an example of how complaints can lead to changes in a UDAAP context. The bank and marketing partner had been sending out personalized prepaid cards, and followed the rules for issuance of unsolicited access devices. One such rule is that they can't be activated in advance, so that if the recipient doesn't want to have a prepaid card, they can simply destroy it.

The rules weren't enough, Sjogren said. "Some people called to complain that they didn't want a credit card," she said, even though that wasn't what they'd received.

In the end, the bank and its partner revamped the offering, with new marketing standards that includes prominent opt-out instructions, full fee disclosures, and a review of the call center's scripts relating to the product. Sjogren said the bank has also crafted a UDAAP guide for its marketing partners.

Compliance has graduated from the traditional "checking of the boxes," said Sjogren. "Now there must be a cradle to grave view of our products." Regulars, she said, are increasingly looking at the entire customer experience and how everything--marketing, disclosure, pricing, and more--impacts that experience.