A Different Perspective on UDAAP Risk Review

Compliance

Managing unfair, deceptive, abusive acts or practices (UDAAP) risk is made challenging because of the lack of legal definition. What is required are informal guidance and enforcement actions to develop risk management and compliance management systems that address UDAAP. Understanding “unfair”, “deceptive” and “abusive” is the first step to preventing millions of dollars in damages in addition to significant reputational damage. Regulators have expanded their exams beyond disclosures and advertising, so a comprehensive compliance program is necessary to identify and correct issues before future examinations.

What is UDAAP?

UDAAP applies to all financial institutions no matter their size and to other entities regulated by the Consumer Financial Protection Bureau (CFPB). These include mortgage companies, collection agencies and payday lenders. UDAAP actions were a major focus of regulators in 2016 (particularly the CFPB) with more than 30 actions taken and more than $3 billion in total fines from the CFPB. While there may be UDAAP laws at the state level, the Dodd-Frank Act grants the CFPB the authority to enforce the law at the federal level. In addition to fines and penalties brought by the CFPB and other major federal banking agencies, actions can result in costly changes to business practices and compliance programs.

Examiners have increasingly focused on nonbank institutions, and risk and compliance leaders should identify all high-risk products, services and activities. These areas are typically tied to credit and include credit card add-ons, predatory lending practices, debt collection and advertising misrepresentations. Mortgage servicing and debt collection are unique in that they have had all three types of violations: unfair, deceptive and abusive. Root causes of many violations include a lack of focus on third-party relationships and consumer complaints as well as inadequate training and monitoring programs.

What should you do to prepare?

There are many actions that organizations can take to address and mitigate their UDAAP risk such as:

  • Strengthen the complaint management process to look beyond apparent violations and identify patterns of unfair, deceptive or abusive practices
  • Review advertising to verify the accuracy of claims
  • Conduct a comprehensive third-party review that can strengthen contracts
  • Audit third parties who service consumers on behalf of the organization

UDAAP should be reviewed with a wide-angle lens and firms should consider having reviews performed by external parties. This is valuable to help identify UDAAP risk that may not be recognized internally. Mindcrest can leverage its UDAAP experience and legal acumen to provide UDAAP insight and assurance to protect against punishing regulatory actions.

COMMENTS

Subscribe to our blog