UDAAP: A New Standard for Consumer Compliance Protection in Banks

UDAAP: A New Standard for Consumer Compliance Protection in Banks

Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank Act) prohibits conduct that constitutes an unfair, deceptive or abusive act or practice (UDAAP). Under federal law, an act or practice is considered unfair when the act or practice causes or is likely to cause substantial injury to consumers, which is not reasonably avoidable by consumers, and the injury is not outweighed by countervailing benefits to consumers or to competition. A “substantial injury” generally is defined as a monetary harm that is usually a result of additional fees, costs or other financial loss due to the unfair act but need not always be monetary.

On March 11, 2021, under the Biden administration, the Consumer Financial Protection Bureau (CFPB) redefined the interpretation of the “abusiveness” standard of UDAAP by rescinding the prior administration’s 2020 order that had greatly reduced the enforcement of abusive practices in conjunction with other facets of UDAAP.

How we got here and what it means

An act or practice is considered deceptive under Dodd-Frank when the act or practice misleads or is likely to mislead the consumer, the consumer’s interpretation is reasonable under the circumstances, and the misleading act or practice is material. Under the Act an abusive practice:

  • materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service, or
  • takes unreasonable advantage of a lack of understanding on the part of the consumer of the material risks, costs or conditions of the product or service, and
  • takes advantage of the consumer’s inability to protect their interests in selecting or using a consumer financial product or service or relies on a covered person to act in the interests of the consumer.

The “abusiveness” standard is different from the above standards as it solely concerns itself with the conduct of service providers and is indeed a congressional expansion of the CFPB’s regulatory power. Additionally, the legislative record behind the Dodd-Frank Act establishes that the CFPB should construe the term “abusive” in a broad manner for the benefit of the consumers. While Donald Trump’s 2016 campaign promises included cutting regulation and his transition team suggested that Trump would dismantle the Dodd-Frank Act, the reality of his presidency has been less than fatal to the Act and its UDAAP provisions.

On April 20, 2018, the CFPB settled with Wells Fargo, a large national bank, for violations of Title X of the Dodd-Frank Act’s UDAAP prohibition with one of the largest fines imposed in the Bureau’s history. The Bureau found that Wells Fargo was in non-compliance of the mortgage-interest-rate-lock process and operated its Force-Placed Insurance program in an unfair manner, and that disclosures to some borrowers were inadequate. Wells Fargo unfairly failed to follow its mortgage-interest-rate-lock process when it inconsistently applied its extension fee, causing the borrower to pay fees that should have been absorbed by the lender, even in circumstances where the Bank had requested the extension. Wells Fargo engaged in the charging of fees, which caused monetary harm and loss for its consumers. Fees were assessed inconsistently and even when the Bank itself was responsible as per its explanation to its own clients, the consumers would have no reasonable way of avoiding such a fee. Additionally, within days of unveiling its policy in 2013, Wells Fargo acknowledged its guidelines for its loan officers were inadequate in an internal correspondence without amending its guidelines to account for the inadequacy. If Wells Fargo wished to mitigate its culpability, the bank should have immediately redressed the inadequacy by amending the guidelines. Likewise, there simply was no benefit to the consumer, thus rendering it unfair under the UDAAP provision. CFPB, in its joint action with the Office of the Comptroller of the Currency (OCC), assessed a $1 billion penalty against the bank.

During the Obama administration, the Bureau rarely pursued its enforcement actions against banks in federal court. As a matter of course, bank oversight occurred in the Bureau’s administrative proceedings as opposed to in court before a federal judge. In fact, only one such instance occurred during the Obama administration in a case filed in federal court in Minnesota. Regulation through litigation was the norm under the Trump administration’s leadership.

In 2016, the CFPB found that Citibank N.A. had engaged in abusive practices in violation of Dodd Frank’s UDAAP provision. Citibank had undertaken a scheme of selling credit card debt with inflated interest rates to debt buyers, which materially interfered with the consumer’s ability to understand a condition of the debt and took advantage of that inability to understand the rates of the debts as they truly were for the bank’s own profit. Such a practice led to the continued collection of debts on accounts that had since, in fact, been fully paid off. Furthermore, Citibank had utilized documents to alter court documents in furtherance of its scheme.

Additionally, despite now former Director Mulvaney’s statement that the CFPB would no longer “push the envelope” in terms of advancing novel theories of law or relying on broad UDAAP theories, the Bureau did just that. In its October 2018 consent order with Bluestem Companies, the CFPB, even under the Trump administration, pursued new theories in the application of UDAAP to hold one party liable for its omission for the harmful action of another, such as a bank’s liability for its actions or omissions that assisted in the misconduct by debt buyers.

The Bureau found that Bluestem unfairly delayed the forwarding of 18,000 payments for a period of 31 days with 3,500 of these payments being delayed for more than a year. Such delays were found to have likely subjected its customers to misleading activity by debt collectors and collections agency, which may have included accounts that customers had already paid off. As the delay was purely the fault of the company, there was little that any consumer could do to avoid the issue. Likewise, there was no benefit to the consumer whatsoever. As a condition of their consent order, Bluestem was not only ordered to improve their processes and remedy the issue that caused the delay but also to pay a civil penalty of $200,000 dollars.

On Jan. 24, 2020, the CFPB announced that the Bureau intended to avoid permitting the use of the same or nearly the same facts for both abusiveness and unfairness or deception violations also known as “dual pleading.” The Bureau announced it also would only seek to obtain monetary relief for abusiveness when a lack of good faith effort to comply with the law had been proven, except in the case of injured consumers for whom restitution would be sought regardless of how a company acted.

This recent policy, however, was rescinded just over a year later on March 11, 2021 under the new Biden Administration. This Biden-era policy now permits the Bureau to once again use the same set of facts that was previously used to plead a UDAAP violation under an unfairness or deception standard, as well as under an abusiveness claim. The policy has wide implications regarding the viability of abusiveness claims. From the inception of the Bureau until June 2019, only four of the 31 UDAAP claims with abusiveness claims also possessed standalone abusiveness claims. Of those claims, only one claim relied solely on its abusiveness claim. Thus, the remaining 27 UDAAP claims that contained abusiveness claims in addition to a deceptiveness or unfairness claim would have had abusiveness stricken from their claim under the general policy to avoid double pleading had they been brought under the duration of the 2020 Trump-era policy. For further context, had the 2020 policy been in effect since the Bureau’s inception, it would have affected the viability in part of around 12% of the 222 enforcement cases brought by the Bureau.

Implications of this change in interpretation

For banks and financial services firms seeking to avoid enforcement actions by the Bureau, it is incumbent on the institution in question that they act, first, to prevent circumstances from which such actions could arise. While the majority of enforcement actions arise from non-compliance with or violation of the Bank Secrecy Act or Section Five of the Federal Trade Commission Act, which forbids unfair, deceptive acts or practices, any financial institution interested in keeping itself immunized from UDAAP violations can benefit from continually reviewing regulations as they are updated regularly for the purpose of remaining in compliance with any new regulations.

Diligence in detecting and remediating potentially unfair, deceptive, abusive acts or practices that become problems is critical in ensuring that such risks do not blossom into full-scale enforcement actions. This can be accomplished by seeking the services of subject matter experts to conduct regular UDAAP reviews to identify potential non-compliant acts or practices. Such a review will assess the risk of an institution’s compliance risk and management systems, from internal controls to procedures, for avoiding UDAAP violations. Brochures, advertisements, call-center scripts, sales communications and any other documents used by the institution would similarly be assessed, as even inadequate guidelines given to employees, such as loan officers as seen with Wells Fargo, could result in findings of UDAAP non-compliance. This review process is instrumental in highlighting potentially non-compliant behavior and ensuring its correction prior to incidents occurring that would rise to the notice of regulatory agencies such as the CFPB.

In spite of Trump’s anti-regulatory stance, the Bureau continued to break new ground in terms of legal theory and pursued oversight in federal court at a higher rate than the previous administration. UDAAP as a legal standard is vague and relatively fluid; its requirements shift in conjunction with the relative sophistication of consumers and the complexity of financial products and services that they consume. In-house compliance officers and independent audit leadership will need to stay on guard throughout the entire product and service life cycle and work with their business partners. They must review customer disclosures and provide guidelines to front-line staff to ensure that all communication to customers and staff are clear and unambiguous. It is imperative that banks and financial firms vigilantly audit and keep abreast of regulatory changes and changing levels of sophistication with products and consumers to ensure that the institutions remain in compliance with UDAAP.


The author, Victor Samuel, is an attorney and founder of NV Global Ventures, a consultancy providing business strategy, innovation, fintech, blockchain, compliance and regulatory advisory for firms in the financial services industry. You can reach Victor directly at victor.samuel@nvglobalventures.com

UDAAP: A New Standard for Consumer Compliance Protection in Bankshttps://www.cbiz.com/Portals/0/BFS Docs/Banking UDAAP.jpg?ver=2021-04-07-171922-670The Dodd-Frank Act prohibits conduct that constitutes an unfair, deceptive or abusive act or practice (UDAAP). On March 11, 2021, under the Biden administration, the Consumer Financial Protection Bureau (CFPB) redefined the interpretation of the “abusiveness” standard of UDAAP.2021-04-07T19:00:00-05:00The Dodd-Frank Act prohibits conduct that constitutes an unfair, deceptive or abusive act or practice (UDAAP). On March 11, 2021, under the Biden administration, the Consumer Financial Protection Bureau (CFPB) redefined the interpretation of the “abusiveness” standard of UDAAP.NoneFinancial InstitutionsNo