ttsmedia.ttstrain.comttsmedia.ttstrain.com/UDAAPBoardHO1014.docx · Web viewConsider adding a...

UDAAP- for the Board of DirectorsTuesday, October 28, 2014

10:00 - 12:00 PM

Presented by:

Susan Costonis, C.R.C.M.Compliance Training & Consulting for Financial Institutions

E-mail: [email protected]

1 UDAAP for the Board of Directors© Susan Costonis, C.R.C.M.Compliance Training and Consulting

mailto:[email protected]

The material used in this webinar has been drawn from sources believed to be reliable. Every effort has been made to assure the accuracy of the material; however, the accuracy of this information is not guaranteed. The laws and regulatory guidance may be changed often so the user must verify whether or not the information remains current. The UDAAP-for the Board of Directors manual is sold with the understanding that the publisher and the editor are not engaging in the practice of law or accounting and are not responsible for the actions of your company's employees.

You will wish to consult with your compliance staff and/or attorney when you are not sure of an answer.

Published by:

Susan Costonis, C.R.C.MCompliance Training and Consulting for Financial Institutions

All rights reserved. This material may not be reproduced in whole or in part in any form or by any means without written permission from the publisher.

Printed in the United States of America.


TABLE OF CONTENTS

OVERVIEW FOR UDAAP .......................................................................................................... 4

WEBINAR OVERVIEW............................................................................................................5BIG PICTURE FOR UDAP VERSUS UDAAP.........................................................................6UDAP OVERVIEW....................................................................................................................7MANAGING RISKS TO AVOID UDAP VIOLATIONS.......................................................10THE STANDARDS FOR DECEPTIVE AND UNFAIR.........................................................13THE FOUR “P’S” OF DECEPTION FROM THE FTC...........................................................16UDAAP UNDER DODD-FRANK AND THE CFPB..............................................................17FDIC ENFORCEMENT ACTIONS AND CONSUMER HARM...........................................22CFPB ENFORCEMENT ACTIONS.........................................................................................25UDAAP PROGRAM AND RISK ASSESSMENT..................................................................27

UDAAP ISSUES ........................................................................................................................... 39

WHAT IS TAKING UNREASONABLE ADVANTAGE?.....................................................42WHAT IS UNFAIR, DECEPTIVE OR ABUSIVE?................................................................43UDAAP COMPLIANCE RECOMMENDATIONS.................................................................45

CONSUMER COMPLAINTS .................................................................................................... 46

CONSUMER COMPLAINTS ON THE REGULATOR WEBSITES.....................................47CFPB COMPLAINT PROJECT AND ENFORCEMENT ACTIONS.....................................48SAMPLE COMPLAINT POLICY............................................................................................53

UDAP AND UDAAP RESOURCES ......................................................................................... 60

FIVE LESSONS LEARNED FROM UDAAP VIOLATIONS................................................61FDIC GUIDANCE AND EXAM CHECKLISTS.....................................................................65FDIC RISK ASSESSMENT FOR UDAP.................................................................................67FDIC EXAMINER QUESTIONS FOR UDAP........................................................................72CFPB AND FTC RESOURCES...............................................................................................78INTERAGENCY GUIDANCE UNFAIR OR DECEPTIVE CREDIT PRACTICES..............79SUGGESTIONS........................................................................................................................80


Overview for UDAAP


WEBINAR OVERVIEW

What topics does your regulator expect will have been covered in training sessions for the Board of Directors? Do any of the regulations “require” annual or periodic training? This session covers one of the “hottest” compliance topics. UDAAP violations have been the source for many costly enforcement actions. Examiners have incorporated UDAAP into deposit exam procedures for overdraft and deposit account reward programs and vendor management issues for products ranging from credit cards “add-on” services to complaints on social media.

WHAT YOU WILL LEARN: The definition of UDAP and UDAAP , including examples of the standards for “unfair”,

“deceptive” and “abusive” acts or practices Learn five KEY points for UDAAP compliance to help avoid fines and maintain your

financial institutions good reputation. What should the board know about the CFPB complaint “process”? What do your

“frontline” employees need to know about UDAAP and handling complaints? Board oversight for managing Third Party Risks and UDAAP Helpful UDAAP compliance resources and regulatory guidance, including FDIC Abusive

Practices –Third Party Procedures ; there is a NEW exam procedures for “Evaluating Consumer Harm”

BONUS – Attendees will receive a template for a Complaint Policy, Procedures and tracking form in WORD that can be modified for your financial institution.

Who Should Attend?

This webinar will benefit Board members, Compliance Officers, Risk Managers, Senior Management, Branch Managers, Call Center Managers, Loan & Deposit Operation Managers, Marketing staff, and Product Development specialists.


BIG PICTURE FOR UDAP VERSUS UDAAP

The new UDAAP standards will apply to the consumer products and services of institutions. The long standing UDAP provisions cover both consumer AND commercial activities. To understand these changes, it’s helpful to look first at the basic definitions in UDAP and then some of the changes that have been created by Dodd-Frank and the CFPB.

UDAP UDAAP UNFAIR DECEPTIVE

UNFAIR DECEPTIVE ABUSIVE

Applies to commercial and consumer transactions

Applies to consumer transactions, products and services


UDAP -Unfair or Deceptive Acts or PracticesCodified in Section 5(a) of the FTC

Prohibits “unfair or deceptive acts or practices in or affecting commerce”Applies to any person or entity doing business, not just financial institutionsFTC doesn’t have direct enforcement, but the regulators have authority through the Federal Deposit Insurance ActMany states have their own versions of the federal statuteUDAP standards are broad, but there are standards for what is “unfair” or “deceptive”

UDAAP- Unfair, Deceptive and ABUSIVE Acts or PracticesIs part of the Dodd-Frank Act, Title 10

Section 1031(a) says that the CFPB “may take any action authorized under subtitle E to prevent a covered person or service provider from committing or engaging in an unfair, deceptive, or abusive

act or practice under Federal law in connection with any transaction with a consumer for a consumer financial product or service, or the offering of a consumer financial product or service

The CFPB has rulemaking authority and the Bureau and bank regulators will enforce the rulesAPPLIES TO CONSUMER ISSUES BUT INCLUDES THE “NEW” STANDARD OF

ABUSIVE

UDAP OVERVIEW

The Federal Reserve held a Webinar on March 5, 2013 called” UDAP – Analysis, Examinations, Case Studies and Emerging Risks. Here’s a link to the teleconference:

http://www.philadelphiafed.org/bank-resources/publications/consumer-compliance-outlook/outlook-live/

This was the Agenda for their teleconference:

•Legal Authority and Analysis •Case Studies •Emerging Risks •Holding Company Impact •Tips for Compliance •Resources •Questions

Legal Authority and Analysis

–Dodd-Frank Act (DFA) authority re unfair, deceptive or abusive acts or practices (UDAAP) –Federal Trade Commission Act (FTC Act) authority re unfair or deceptive acts or practices (UDAP) –Act or practice –Unfair act or practice –Deceptive act or practice –Relationship to other laws

Source of authority:

–Sections 1031 and 1036 of the DFA •Consumer Financial Protection Bureau (CFPB) authority: –CFPB has UDAAP rule writing authority – the UDAAP rules will be applicable to any person that engages in offering or providing a consumer financial product or service (covered person) and any service provider –CFPB has UDAAP supervision and enforcement authority for depository institutions above $10 billion and nonbank entities -Prudential regulators have UDAAP supervision and enforcement authority for depository institutions of $10 billion or less •Unfair (similar to Section 5 of the FTC Act) •Deceptive (similar to FTC Act guidance)




Abusive (new in the DFA) is defined as an act or practice that:

–Materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service; or –Takes unreasonable advantage of: •A lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service; •The inability of the consumer to protect the interests of the consumer in selecting or using a consumer financial product or service; or •The reasonable reliance by the consumer on a covered person to act in the interests of the consumer

FTC Act UDAP AuthoritySource of authority: –Section 5 of the FTC Act, Section 8 of the Federal Deposit Insurance Act •Authority of prudential regulators (but not the CFPB): –No rule writing authority –Supervision and enforcement for supervised entities (any asset size)

Act or Practice

Applies to all products and services •Applies to every stage and activity –Product development and rollout –Advertising –Direct marketing –Disclosures –Contracts –Account statements –Billing –Loan servicing/loss mitigation/collections –Third-party service providers

Unfair Act or Practice

An act or practice is unfair where it - –Causes or is likely to cause substantial injury to consumers, –Can not be reasonably avoided by consumers, and –Is not outweighed by countervailing benefits to consumers or to competition

•Public policy may be considered


Injury - Causes or is likely to cause substantial injury to consumers

–Injury: Usually involves monetary harm •May include other tangible harm •Does not include emotional or other subjective harm –Substantial: •Small amount of harm to a large number of people •Significant risk of concrete harm to small number of people •Not trivial or speculative harm

Not reasonably avoidable –Can not be reasonably avoided by consumers –The Federal Reserve will consider whether the act or practice: •Unreasonably creates or takes advantage of an obstacle to the free exercise of consumer decision making, •Interferes with the consumer’s ability to effectively make decisions, or •Subjects consumers to undue influence or coercion

Not outweighed by benefits - Is not outweighed by countervailing benefits to consumers or to competition –Offsetting benefits to consumers may include: •Lower prices •Wider availability of products and services –Also consider the offset of costs to remedy or prevent the injury, such as: •Cost to the bank to take preventive measures •Cost to society of any increased burden

Basic UDAP Concepts An act or practice may be:

Unfair Deceptive Or both

An act or practice DOES NOT have to violate any other law in order to be considered unfair or deceptive.

There is a three part test for “deceptive”.

1. Does it mislead? EXAMPLE: Offering pricing that isn’t actually available or is only available for a limited time. Also a web page where the disclosures are not conspicuous or easy to follow back to a specific feature.

2. Is it reasonable for this consumer? EXAMPLE: Is the offer targeting the elderly or an unsophisticated consumer that probably won’t fully understand the product or service?

3. Are the disclosures adequate? EXAMPLE: Disclosures should fully explain the costs, uses, and benefits of the product or service.


MANAGING RISKS TO AVOID UDAP VIOLATIONS

The areas with the greatest potential for unfair or deceptive acts or practices include: 1. Advertising and solicitations

2. Account and loan disclosures

3. Servicing and collections

4. Managing and monitoring of third-party service providers (BIG focus with the FDIC)

5. Consumer Complaints

Advertising and Solicitations All forms of advertising should be reviewed including materials from third parties Target audiences should be considered Material should be complete, accurate and help the consumer make an informed decision

FTC Recommendations for Advertising

DO DO NOT Format ads to direct attention to key

information Use small font to hide costs, critical

terms or conditions Present information clearly and

conspicuously Use pop-up windows or hyperlinks to

display key information Disclose all decision impacting

information near most highly promoted features and place any qualifiers near claim it is qualifying

Bury information at the end of a long webpage

Use a fast moving “scroll” on websites

Account and Loan DisclosuresBanks and financial institutions should:

Monitor compliance with applicable laws and regulations Compare disclosures to actual practices and marketing materials Consider additional levels of review for accuracy and readability

Servicing and Collections


Monitor scripts for compliance with applicable laws and regulations and to ensure the product or service is accurately described

Provide frequent compliance and product/service training Monitor correspondence and listen to customer calls Evaluate debt collection practices Review payment processing practices Review fee practices

Managing and Monitoring Third-Party Service Providers A bank’s responsibility for third-party IS THE SAME as an activity handled directly by

the bank Third-party activities should be integrated into the bank’s Compliance Management

System Effective third-party management programs incorporate:

o 1) Risk Assessmento 2) Due Diligence o 3) Contract Structuring and review o 4) Oversight

Does NOT rely solely on the claims made by third-party vendors

Consumer Complaints Maintain procedures for consumer complaints Complaints can be received from other sources such as the Better Business Bureau,

website blogs or social networking sites Allegations or claims the might indicate possible UDAPs include:

o Misleading or false statementso Undue or excessive feeso Inability to reach customer serviceo Previously undisclosed or unauthorized charges

HOT TIP!!

See the sample Complaint Policy and Procedures in the Complaint Section of the manual!


UDAP Cases Rewards Checking Credit Card Practices Third Party or Affinity Relationships (i.e. Rent –a-BIN) Insurance Related Practices Negative Amortization ARM loans/ARM loan pricing Error Resolution Process Overdraft Programs and Services

The Dodd-Frank Act Impact on UDAP The CFPB is assigned rule making authority for unfair, deceptive or abusive acts or

practices The rules may include requirements for the purpose of PREVENTING unfair, deceptive,

or abusive acts or practices UNFAIR is defined in the Dodd-Frank Act and is similar to the FTC Act. Deceptive is NOT defined in the Dodd-Frank Act and the definition remains the FTC’s

definition until the CFPB makes a rule New standard of “abusive acts or practices” that will be defined by the CFPB.


THE STANDARDS FOR DECEPTIVE AND UNFAIR

The FTC rule (15 USC 45(a)1)) begins with this statement: “Unfair or deceptive acts or practices in or affecting commerce are hereby declared unlawful.” This portion of Section 5 of the FTC Act gives bank regulators the authority to city institutions for practices that are considered unfair or deceptive. The Dodd-Frank Act added another “hammer” or standard for “abusive practices”.

THE “DECEPTIVE” STANDARDDuring the past 30 years regulators have found these acts or practices to be deceptive if they have these three conditions present:

1. The representation, omission or practice is likely to mislead consumers2. Who are acting reasonably in the circumstances presented, and3. The representation, omission, or practice is material.

The fact that the first standard only requires that it’s LIKELY to mislead opens a large door for the regulators. The consumer doesn’t actually have to have BEEN misled by the act or practice.

THE “DECEPTIVE” STANDARD EXAMPLESNOTE: Section 1031 of Dodd-Frank does not expressly define what would make a practice “deceptive”.

1. The representation, omission or practice is likely to mislead consumers – EXAMPLE: Offering pricing, fee structures, or benefits that aren’t really available or not disclosing critical factors for qualification. Even if all the important information is included with the correct wording, if the way it’s communicated or the layout is misleading because it directs the consumer away from important information.

2. A “reasonable” consumer would be misled. EXAMPLE: The standard is based on the target audience and gauges their likely response. If a product is marketed to the elderly or a group of customers with limited financial expertise there is a great potential for confusion and deception. What matters is how the consumer sees the information, not what the institution intended or assumed would be understood in the message. A disclosure can’t “fix” this misleading impression with lots of fine print and asterisks. The harder it is to find the disclosure, the greater the risk of deception.

3. The representation, omission, or practice is material. EXAMPLE: It will be considered material if it’s likely to affect the consumer’s ability to make an informed decision and choice. Pricing information will always be considered material so any inaccurate claims in this area are deceptive. The same is true when crucial information is omitted and it would impact the ability to make an informed decision.


PRACTICES THAT HAVE BEEN FOUND DECEPTIVEGeneral

Marketing practices that didn’t convey the WHOLE truth or explain requirements to qualify for a benefit, or contacted claims that weren’t valid

Promises that weren’t kept Rates “as low as” or as “high as” weren’t available to the majority of consumers Fine print with asterisks that are hard to follow; “buried” disclosures Teaser rates that didn’t disclose the duration of the initial offer Using the term “free” when fees were possible

Credit cards Security deposits for secured cards that consumed most of the credit line

Home Loans Hidden terms, like balloon payments

Deposit Products Gift cards without pre-sale disclosures, especially that reduced the balance ATM balances that included overdraft protection

THE “UNFAIR” STANDARDThere is an unfairness standard that regulators have used that defines an unfair practice under both the FTC and the UDAAP standards under Dodd-Frank. These are the three “unfair” practices:

1. Causes or is likely to cause substantial consumer injury, where2. The injury cannot be reasonably avoided and3. The injury is not outweighed by benefits to the consumer or competition.NOTE: Public Policy may be considered

THE “UNFAIR” STANDARD EXAMPLESThere is three factors for unfairness under both the FTC and the UDAAP standards under Dodd-Frank.

1. The practice causes or is likely to cause substantial consumer injury. EXAMPLE: This term of “substantial injury” means monetary harm or loss. But doesn’t mean that each consumer must individually loose a great deal of money. Think about class action suits against credit card companies where the recovery was just pennies for the individual. It can also be considered substantial if it simply raises a risk of harm.

2. The injury cannot be reasonably avoided EXAMPLE: If the practice interferes with the consumer’s ability to make an informed decision it be considered “unavoidable”. If important information is missing in advertising and solicitations, for example the ad doesn’t mention the minimum deposit required to open the account or avoid the imposition of fees then the consumer never gets a chance to make an informed decision.

3. The injury is not outweighed by benefits to the consumer or competition. EXAMPLE:


The net impact (or bottom line) of the practice harms the consumer. Dodd-Frank uses the term “countervailing benefit”. If an advertisement highlights “no annual fee” but there are so many other charges that offset the annual fee there really isn’t a true benefit and consumer is harmed.

NOTE: Public Policy may be considered- This means that existing laws, regulations, and case law of judicial decisions may also be factors in determining if a practice is unfair. For example, a direct violation of Reg Z or Reg DD makes it easier to substantiate that a practice was unfair. The ECOA and Reg B prohibit discrimination in any aspect of a credit transaction and the Fair Housing Act supports the same approach for residential transactions on a prohibited basis. If there is a disparate impact on a protected class it will also be considered unfair. FAIR LENDING ISSUES HAVE THE POTENTIAL TO BE THE CHIEF UDAAP CONCERNS IN THE FUTURE.

Several practices have been found unfair in the predatory lending activity that was prevalent in 2003-2008. Several regulations have been implemented as a result of these abuses and are contained in Dodd-Frank. See the Table below for details.

PRACTICES THAT HAVE BEEN FOUND UNFAIRPredatory Lending – Servicing and collection issues due to the lack of choices in servicers Posting late fees for on-time payments Collecting unauthorized fees (insurance that is already in place, for example) Not quoting payoff amounts or misrepresenting the amount owed Fees that are too high for the services received


THE FOUR “P’S” OF DECEPTION FROM THE FTC

PROMINENCE Is it BIG enough for consumers to notice and read?

PRESENTATION Is the wording and format easy for consumers to understand?*

PLACEMENT: Is it where the consumers will look?

PROXIMITY Is it near the claim that it qualifies?

Compare your financial institution’s advertising in print, in product brochures, and the website to test for the four “P’s” of deception.

*(Think about all the forms revisions to the tabular format of Privacy Policy and Reg Z payment disclosures and the format of the GFE, HUD comparison charts to the GFE fees, tabular format of the credit card statements and font size, and other recent disclosure changes


UDAAP UNDER DODD-FRANK AND THE CFPB

The CFPB has outlined UDAAP exam procedures on their website; a link for this information is in the CFPB resources page in the last section of this manual. There are many possible concerns that financial institutions may have as a result of the CFPB and regulatory focus on UDAAP. The “old” standards of UDAP have been litigated in the court system and there is a certain amount of case law that can be reviewed to help determine the level of compliance risk involved in current or future products and services.

Based on some of the recent enforcement actions and the posture of the CFPB it seems likely that financial institutions will need to ask at least two basic questions about every aspect of their products and services to manage UDAAP risk.

KEY QUESTIONS FOR UDAAP COMPLIANCEQUESTION: POSSIBLE CONCERNS &

SOLUTIONS

1. Does the consumer have ALL the information they need to make an informed choice about a product or service?

The “model” disclosures have been provided, but do they provide sufficient information?

Consider adding a “fact sheet” or conversation logs and steering acknowledgement forms (careful with RESPA GFE’s – they can’t be modified)

2. Is the consumer in the “right” product or service?

Is there a “better” product for the consumer?

How do you document that the consumer made the “right” choice if a more expensive product or service is selected? Consider a suitability “profile”


documentation process. Has the ability to repay been clearly proven?

Look for the CFPB or your regulator to issue standards and guidance


What’s “unfair”?

Refusing to release lien after consumer makes final payment on a mortgage. The FTC brought an enforcement action against a mortgage company based on allegations, described below, that repeatedly failed to release liens after consumers fully paid the amount due on their mortgages.

Substantial injury. Consumer’s sustained economic injury when the mortgage servicer did not release the liens on their properties after the consumers had repaid the total amount due on the mortgages.

Not outweighed by benefits. Countervailing benefits to competition or consumers did not result from the servicer’s alleged failure to appropriately service the mortgage loan and release the lien promptly.

Not reasonably avoidable. Consumers had no way to know in advance of obtaining the loan that the mortgage servicer would not release the lien after full payment. Moreover, consumers generally cannot avoid the harm caused by an improper practice of a mortgage servicer because the servicer is chosen by the owner of the loan, not the borrower. Thus, consumers cannot choose their loan servicer and cannot change loan servicers when they are dissatisfied with the quality of the loan servicing.

Dishonoring credit card convenience checks without notice. The OTS and FDIC brought enforcement actions against a credit card issuer that sent convenience checks with stated credit limits and expiration dates to customers. For a significant percentage of consumers, the issuer reduced credit lines after the checks were presented, and then the issuer dishonored the consumers’ checks.

Substantial injury. Customers paid returned-check fees and may have experienced a negative impact on credit history.

Not outweighed by benefits. The card issuer later reduced credit limits based on credit reviews. Based on the particular facts involved in the case, the harm to consumers from the dishonored convenience checks outweighed any benefit of using new credit reviews.

Not reasonably avoidable. Consumers reasonably relied on their existing credit limits and expiration dates on the checks when deciding to use them for a payment. Consumers had received no notice that the checks they used were being dishonored until they learned from the payees. Thus, consumers could not reasonably have avoided the injury.

Processing payments for companies engaged in fraudulent activities. The OCC brought an enforcement action in a case involving a


bank that maintained deposit account relations with telemarketers and payment processors, based on the following allegations. The telemarketers regularly deposited large numbers of remotely created checks drawn against consumers’ accounts. A large percentage of the checks were not authorized by consumers. The bank failed to establish appropriate policies and procedures to prevent, detect, or remedy such activities.

Substantial injury. Consumers lost money from fraudulent checks created remotely and drawn against their accounts.

Not outweighed by benefits. The cost to the bank of establishing a minimum level of due diligence, monitoring, and response procedures sufficient to remedy the problem would have been far less than the amount of injury to consumers that resulted from the bank’s avoiding those costs.

Not reasonably avoidable. Consumers could not avoid the harm because the harm resulted principally from transactions to which the consumers had not consented.

What’s “deceptive”?

Inadequate disclosure of material lease terms in television advertising. The FTC brought actions against vehicle leasing companies alleging that their television advertisements represented that consumers could lease vehicles for “$0 down” when advertising a monthly lease payment. However, the FTC alleged that the “blur” of “unreadable fine print” that flashed on the screen at the end of the advertisement disclosed costs of at least $1,000. The settlements prohibited the vehicle leasing companies from misrepresenting the amount consumers must pay when signing the lease.

In addition, the FTC required that if the companies make any representation about the amounts due at lease signing, or that there is “no down payment,” the companies must make an equally prominent (readable and audible) disclosure of the total amount of all fees due when consumers sign the lease.

Representation or omission likely to mislead: The television advertisements featured prominent statements of “no money down” or “$0 down” at lease signing. The advertisement also contained, at the bottom of the screen, a “blur” of small print in which disclosures of various costs required by Regulation M (the Consumer Leasing Act) were made. The FTC alleged that the disclosures were inadequate because they were not clear, prominent, or audible to consumers.


Reasonable consumer perspective. A reasonable consumer would believe that he did not have to put any money down and that all he owed was the regular monthly payment.

Material representation. The stated “no money down” or “$0 down” plus the low monthly lease payment were material representations to consumers. The fact that the additional, material costs were disclosed at signing of the lease did not cure the deceptive failure to disclose in the television advertising, the FTC claimed.

Misrepresentation about loan terms. In 2004, the FTC sued a mortgage broker advertising mortgage refinance loans at “3.5% fixed payment 30-year loan” or “3.5% fixed payment for 30 years,” implying that the offer was for a 30-year loan with a 3.5% fixed interest rate. Instead, the FTC claimed that the broker offered adjustable rate mortgages (ARMs) with an option to pay various amounts, including a minimum monthly payment that represented only a portion of the required interest. As a result, unpaid interest was added to the principal of the loan, resulting in negative amortization.

Practice likely to mislead. The FTC claimed that the advertisements were misleading because they compared payments on a mortgage that fully amortized to payments on a non-amortizing loan with payments that increased after the first year. In addition, the FTC claimed that after application, the broker provided Truth in Lending Act (TILA) disclosures that misstated the annual percentage rate (APR) and that failed to state that the loan was a variable rate loan.

Reasonable consumer perspective. It was reasonable for consumers to believe that they would obtain fixed-rate mortgages, based on the representations.

Material representation. The representations were material because consumers relied on them when making the decision to refinance their fully amortizing 30-year fixed loans. As a result, the consumers ended up with adjustable rate mortgages that would negatively amortize if they made payments at the stated 3.5% payment rate.

What’s “abusive”?

The Dodd-Frank Act makes it unlawful for any covered person or service provider to engage in an “abusive act or practice.”1 An abusive act or practice:

Materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service or

Takes unreasonable advantage of –


A lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service;

The inability of the consumer to protect its interests in selecting or using a consumer financial product or service; or

The reasonable reliance by the consumer on a covered person to act in the interests of the consumer.

What are potential areas for Transaction Testing?

Through a high-level assessment of the entity’s products, services, and customer base, identify areas for potential transaction testing. This process should determine whether:

The entity does not underwrite a given credit product on the basis of ability to repay.

A product’s profitability depends significantly on penalty fees or “back-end” rather than upfront fees.

A product has high rates of re-pricing or other changes in terms. A product combines features and terms in a manner that can increase

the difficulty of consumer understanding of the overall costs or risks of the product and the potential harm.

Penalties are imposed on a customer when he terminates his relationship with the entity.

Fees or other costs are imposed on a consumer to obtain information about their account.

A product is targeted to particular populations, without appropriate tailoring of marketing, disclosures, and other materials designed to ensure understanding by the consumers.

Analyzing Complaints

Analysis of consumer complaints may assist in the identification of potential unfair, deceptive, or abusive practices. Examiners should consider the context and reliability of complaints; every complaint does not indicate violation of law. When consumers repeatedly complain about an institution’s product or service, however, examiners should flag the issue for possible further review. Moreover, even a single substantive complaint may raise serious concerns that would warrant further review. Complaints that allege, for example, misleading or false statements, or missing disclosure information, may indicate possible unfair, deceptive, or abusive acts or practices needing review.

Another area that could indicate potential unfair, deceptive, or abusive acts or practices is a high volume of charge-backs or refunds for a product or


service. While this information is relevant to the consumer complaint analysis, it may not appear in the institution’s complaint records

Another source of concern would be ANY complaint from a service or product offered by a THIRD PARTY that alleges:

1. Misrepresentation of any terms or costs2. Enrolled without consent3. Benefits were not received, did not justify the expense, were not fully

explained, were difficult to obtain.


FDIC ENFORCEMENT ACTIONS AND CONSUMER HARM

Source: https://www.fdic.gov/news/news/press/2014/pr14080.html

Press Release, September 29 2014

The Federal Deposit Insurance Corporation (FDIC) today announced a settlement with Merrick Bank, South Jordan, Utah, (Bank) for unfair and deceptive practices related to marketing and servicing of credit card "add-on products," in violation of Section 5 of the Federal Trade Commission (FTC) Act.This action results from a review of the Bank's credit card products by the FDIC. As part of the settlement, the Bank stipulated to the issuance of a Consent Order, Order for Restitution, and Order to Pay Civil Money Penalty (collectively, FDIC Order). The FDIC Order requires the Bank to pay a civil money penalty (CMP) of $1.1 million, and restitution of approximately $15 million to harmed consumers. Consumers who are eligible for relief under the settlement are not required to take any action to receive compensation. The Bank marketed the "PAYS Plan," a payment protection credit card add-on product that was sold from 2008 to 2013 to consumers who had a Bank credit card. The PAYS Plan provided a benefit payment towards a consumer's monthly credit card payment following certain life events such as involuntary unemployment, disability, and hospitalization. The FDIC determined that the Bank violated federal law prohibiting unfair and deceptive practices by, among other things:

misrepresenting that the PAYS Plan "Monthly Benefit" would equal the consumer's "Minimum Payment Due"; misrepresenting that the PAYS Plan would protect the consumer's credit rating; misrepresenting that PAYS Plan payments would be made automatically;

failing to adequately disclose material conditions and restrictions related to the PAYS Plan; failing to adequately disclose the terms and conditions for accessing the PAYS Plan hospitalization benefit; and

requiring permanently disabled consumers to recertify their disabled status each month. Below are some highlights of the consent decree requirements

1. Correct Violations of Law2. Board & Senior Management

Oversight3. Compliance Program4. Compliance Officer5. Compliance Committee

6. Audit7. Oversight of Third-Party Agreements and

Services8. Order for Restitution which includes how to

provide refunds, credit reporting, recordkeeping, independent certified accounting firm

9. Order to Pay Civil Money Penalty10. Notification and Reporting Requirements,

Savings Clause


https://www.fdic.gov/news/news/press/2014/pr14080.html

NOTE: This is an ENTIRELY NEW SECTION OF THE FDIC EXAM MANUAL for “Evaluating Consumer Harm Source: II-2.1-2.4 June 2014This is the link, followed by some highlights:

https://www.fdic.gov/regulations/compliance/manual/index.html

What is Consumer Harm?


https://www.fdic.gov/regulations/compliance/manual/index.html

CFPB ENFORCEMENT ACTIONS

These are recent enforcement actions from the CFPB

CFPB on October 9, 2014, CFPB took action against M&T Bank for deceptively advertising free checking accounts.

CFPB – September 29, 2014 -Orders Flagstar to pay $27.5 million to victims and $10 million fine

CFPB and OCC – September 25, 2014 order U.S. Bank to pay $48 million for illegal billing practices

CFPB on June 19, 2014 orders GE Capital to pay $225 million for UDAP credit card practices

CFPB SUMMARIES:October 9, 2014 . – Today the Consumer Financial Protection Bureau (CFPB) took action against M&T Bank for deceptively advertising free checking accounts. The CFPB found that M&T lured in consumers with promises of “no strings attached” free checking, without disclosing key eligibility requirements. When consumers failed to meet the requirements, M&T automatically switched them to checking accounts with fees. M&T will provide $2.9 million in refunds to the approximately 59,000 consumers deceived into paying fees and it will pay a $200,000 penalty for the violations.

September 29, 2014 – Flagstar Enforcement Action - Today the Consumer Financial Protection Bureau is taking its first enforcement action under the Bureau’s new mortgage servicing rules. We are entering an order against Michigan-based Flagstar Bank for violating those rules by failing borrowers and illegally blocking them from trying to save their homes. Flagstar took excessive time to process borrowers’ applications, did not tell them when their applications were incomplete, denied loan modifications to qualified borrowers, and illegally delayed finalizing permanent loan modifications. These unlawful practices caused many consumers to lose the homes they had been trying to save. That is wrong and it is unacceptable.

September 25, 2014— Today, the Consumer Financial Protection Bureau (CFPB) is ordering U.S. Bank to provide an estimated $48 million in relief to consumers harmed by illegal billing practices. U.S. Bank consumers were unfairly charged for certain identity protection and credit monitoring services that they did not receive. These services were sold as “add-on products” for credit cards and other bank products such as mortgage loans and checking accounts. U.S. Bank will pay a $5 million civil money penalty to the CFPB and a $4 million penalty to the Office of the Comptroller of the Currency (OCC)

June 19, 2014 - The Consumer Financial Protection Bureau (CFPB) is ordering GE Capital Retail Bank (GE Capital), now known as Synchrony Bank, to provide an estimated $225 million in relief to consumers harmed by illegal and discriminatory credit card practices. GE Capital


must refund $56 million to approximately 638,000 consumers who were subjected to deceptive marketing practices. As part of the joint enforcement action by the CFPB and Department of Justice, GE Capital must also provide an additional $169 million to about 108,000 borrowers excluded from debt relief offers because of their national origin. This order represents the federal government’s largest credit card discrimination settlement in history.

TO DO: Read the enforcement actions; circulate them to management Are there any “red flags” that you learned from the actions that could be a problem at

YOUR next exam? Have you implemented a process for monitoring complaints? Is there a complete review of new products and services prior to implementation? This

review is particularly critical for any third party services Are the board minutes documented to reflect that UDAP issues are being discussed? Are the board minutes documented to show that adequate due diligence is being

conducting for third party relationships in the initial selection, for contract structure, and for contract renewal and ongoing due diligence regarding complaints and performance?


UDAAP PROGRAM AND RISK ASSESSMENT

Inherent Risk Indicators

Risk Sources - Overview:1. Retail Footprint

a. Customer demographics

b. Product and service offerings

c. Complexity of products and services

d. Delivery channels2. Strategic Direction

a. Marketing strategy

b. New product and service development

c. Advertisements and solicitations

d. Pricing and profitability3. Operations

a. General

b. Role of third parties

c. Compliance with traditional regulations4. Unfair, Deceptive or Abusive Acts or Practices (UDAAP) Environment

a. External: Supervisory focus

b. Internal: Customer complaints

4(b) Internal -- Consumer Complaints

Is there any pending litigation regarding any of the bank’s product or service offerings?

Is there litigation activity concerning products or services similar to what your bank offers?

What is the level of consumer complaints related to consumer protection or UDAAP issues by

bank, operating subsidiaries, or third parties?


Are there specific areas or specific customer demographics within the bank’s retail footprint with

higher levels of consumer complaints than other areas?

What is the level of complaints as a percentage of product or service volume?

Can any bank employee handle and resolve consumer complaints on their own initiative?

Quality of UDAAP Risk Management (Risk Controls and Mitigation)

Control Sets -- Overview:

1. General: Compliance Management Program

a. Board of Directors and Senior Management Oversight

b. Compliance Program

i. General

ii. Policies and Procedures

iii. Training

iv. Monitoring and Corrective Action

v. Compliance Audit

2. UDAAP Specific

a. Marketing

b. Disclosures

c. Customer service

d. Vendor management

e. Complaint response

f. Customer friendly features


Control Set I: Compliance Management Program (2 sub-factors)

1(a) Board of Directors and Senior Management Oversight

Has the board adopted clear consumer protection policies and operating procedures appropriate for the size and complexity of the bank’s operations?Does the board foster a strong consumer protection compliance culture with clear and demonstrated compliance expectations and bank fairness objectives for the bank and third party vendors it uses? Do business line staff and managers understand that “they own” their unit’s consumer protection and “harm to consumers” risks and are responsible for managing it?Does senior management incorporate bank enterprise-wide consumer protection risk and performance reports in their business decisions and ongoing corporate strategies?Is there appropriate communication or reporting across board, senior management, business lines, and compliance groups to enable each to perform their roles and be accountable for their performance? Are there specific consumer protection compliance and “harm to consumers” requirements written into job descriptions of line management and staff, and is the compliance unit consulted to obtain feedback when performance reviews are done or before bonuses or other compensation are paid? Does management respond promptly to consumer protection and UDAAP regulatory examination findings? Are root causes determined for any weaknesses or violations found and are appropriate program changes implemented?Has senior management communicated the importance of compliance and commitment to consumer fairness throughout the organization?Do the board and senior management receive regular and ongoing reports of consumer compliance adherence, including compliance audits?Does the board or a board committee follow up on significant consumer protection issues?

Does management have a process in place to anticipate changes in the market, consumer needs, or regulatory requirements?Has the board appointed an appropriately qualified and experienced chief compliance officer to manage its compliance and consumer protection program? (In smaller or less complex entities where staffing is limited, a full-time compliance officer may not be necessary.)Has the board appointed staff and allocated resources to the compliance function commensurate with the size and complexity of its operations and practices, the federal consumer financial laws and regulations to which the entity is subject, and necessary to avoid potential consumer harm associated with violations of such laws and regulations.Has senior management addressed consumer compliance issues and associated risks of “harm to consumers” throughout product development, marketing, and account administration, and through the entity’s handling of consumer complaints and inquiries?Does the board require audit coverage of compliance matters and review the results of periodic compliance audits?Does the board annually review the consumer protection and UDAAP risk management program effectiveness?

Does the board incorporate consumer protection and UDAAP requirements in its strategic planning process?


1(b) Compliance Program (5 elements) 1(b)(i) Compliance Risk Management

Does the compliance department have sufficient authority to carry out its mission, including monitoring, testing, and performing self-assessments?Is compliance sufficiently independent of the business lines?Does the compliance officer have direct access to the board or to any governance units or committees?Are all employees held responsible for compliance and “harm to consumers?”Is the compliance program tailored to the size and complexity of the institution and consistent with adopted board policies related to compliance?Does the program promptly address potential consumer protection or UDAAP issues?Does the program ensure corrective action for all identified system weaknesses and violations reported?Is compliance involvement included throughout the product life cycle?Are telephone and advertising scripts developed with compliance staff involvement and periodically monitored?Does the bank have processes for assimilating legislative and regulatory changes, and are new compliance hot topics being emphasized by regulatory agencies that affect its operations?

1(b)(ii) Policies and Procedures

Regarding consumer protection policies, guidelines, or standards:

Are they clear and objectively determined?

Are they easy to incorporate into daily employee tasks?

Do they clearly and objectively guide employee discretion, including for referrals to other products or lending channels?

Are they maintained to remain current?

Are they amended when exceptions become the norm?

Have there been any recent changes?

Are changes clearly communicated to all appropriate personnel?

Do they incorporate applicable regulatory guidance?

Are they designed to detect and prevent violations and other “harm to consumers?”

Do policies and procedures cover processes for development and implementation of new consumer financial products, services, or other activities; distribution channels; and strategies to determine the degree of compliance function participation?Are there well-defined standards that can be applied to each consumer product, service, or activity?Are there well-defined parameters for bank staff regarding exceptions to offering products, services, or activities?Do customer files have complete documentation showing the application and transaction history covering loan or deposit products or services requested and provided to the consumer?


1(b)(iii) Training

Are the compliance officer and other bank compliance staff provided training opportunities to stay current with changing regulatory requirements and industry compliance challenges?Does the compliance officer or other compliance staff participate in compliance working groups with other local bank compliance officers or with state association compliance efforts?Is there a regular, ongoing documented compliance training program that covers all staff to ensure all federal rules are followed? Are training courses developed for specific staff audiences and are they compliant with bank policies and procedures? Are review tests used to certify that staff has gained the compliance knowledge necessary to perform their jobs? Does bank staff involved in product and service development and delivery activities have the consumer protection and UDAAP knowledge necessary for their jobs?Are all employees trained to take customer complaints seriously?Is there a formal new hire training program that includes existing employees with new roles?

1(b)(iv) Monitoring and Corrective Action

Does the compliance function sample transactions of relevant product types and decision centers, including sales, processing, underwriting, collections, and servicing to ensure that policies are being followed on a day-to-day basis? Are the following monitored and tracked:

Product, service, and servicing activity volume and solutions by customer demographics?

Consumer acceptance rates for loan solicitations or pre-screened offers?

Policy or procedural exceptions?

Call center volume?

Recorded telemarketer calls for consistency with product features and compliance with bank policy and regulatory requirements?

Advertising reviews?

Customer satisfaction with products?

Are servicing activities handled in an adequate control environment, including policies and procedures, quality assurance, ongoing monitoring, training, automation and management oversight, billing, call handling, automated dialers, payoffs, lien releases, and payment processing?

Has the bank conducted UDAAP mystery shopping?

Are UDAAP risk issues reviewed by severity and frequency of occurrence? Are UDAAP control factors reviewed to determine strength?Are follow-up reviews performed for all identified UDAAP issues?

Does management monitor the timeliness and accuracy of established consumer protection and


UDAAP management information systems?

1(b)(v) Compliance Audit

Is the compliance audit work performed consistent with the established audit plan and scope?Are the frequency and depth of audit coverage and review appropriate for the size and complexity of the bank and the nature and extent of its activities?Is employee practice in complying with consumer protection compliance consistent with bank policies and procedures and regulatory requirements?Do compliance auditors determine the root causes for operational weaknesses, violations of law, or other deficiencies?Does management take corrective action to follow-up on any identified weaknesses or violations of laws and regulations?Are recommended and corrective actions tracked and follow-up reviews performed to ensure appropriate changes have been implemented?Does the compliance audit scope include a review of potential UDAAP issues?Does the audit assess UDAAP compliance throughout the product or service life cycle?

Control Set II: UDAAP Specific Controls (6 sub-factors)

2(a) Advertisements and Solicitations:

Does the compliance program support the following marketing controls:

Bank policy ensures that all marketing materials will be consumer friendly

Messages aren’t misleading

All pertinent and asterisked information is in a location where customers can easily locate it

The specific offer dates for a product or service are specifically and clearly noted

For pre-approved offers at a specific rate or at a specific cost, the bank guarantees that customers will get that rate or cost if they applyA significant majority of consumers who accept solicitations for rates ‘up to’ or ‘as low as’ actually obtain the product or service advertisedThe bank can substantiate all claims made, especially in regard to fees

If customers must affirmatively act to cancel a service following any “free trial period” to avoid being billed for it, the bank explains how to do that both at sign up and as the trial period is endingCustomers may close accounts that have been guaranteed without incurring any fees or penalties

Ads do not contain any word play (e.g., “no annual fees.” Instead use monthly fees or credit life insurance)


If the bank offers products and services such as insurance, travel services, credit protection, and consumer report update services with a credit product, it is clear whether they are optional or requiredAll marketing pictures are reflective of what customers can expect

All testimonials or endorsements are genuine

Any TV or radio advertisement disclosures are placed in a way that customers can reasonably understand all of themContact information is always provided so customers can reach someone if they have questions or complaintsThe bank immediately stop solicitations when a customer requests it

The bank can actually deliver all the features of its products and services

Advertising is tracked and monitored to ensure it is not just in media serving specific customer demographics and to ensure that advertisements reflect a diversity of consumersAll persons who review marketing materials also review complaints to ensure they understand the customer’s point of view

2(b) Disclosures

Does the compliance program support the following disclosure controls:

Bank policy ensures that disclosures are clearly written and provide customers with the information they need, regardless of whether it is required by regulationAll disclosures clearly and accurately describe terms, benefits, and material limitations, such as limits on interest rates, expiration dates, pre requisites, and cancellation requirements, both affirmatively and by lack of omissionAll fees, penalties, and other charges are disclosed transparently

All disclosures are worded in a way that customers can understand (i.e., without jargon and legalese and written at an 8th grade level or below)All disclosures are periodically reviewed to ensure they are current, clear, and transparent

Complicated disclosures draw attention to key terms, including limitations and conditions

The bank clearly states when product or service terms may be changed

Customers are informed before any less favorable rate takes effect

2(c) Customer Service

Do procedures articulate bank expectations on providing consistent and good consumer assistance in daily banking activities?Does the bank ensure customers will obtain the specific product or service that they have


requested rather than a more expensive alternative?Does the bank have friendly, consistent, and knowledgeable staff that talks to customers in a way they can understand?Do counter-offers clearly, prominently, and accurately explain the difference between the requested product and the product that is offered?Are employees required to obtain clear and affirmative assent before enrolling customers in a new product or service?

2(d) Vendor Management

Is there a policy in place to ensure that customers are treated fairly by all vendors and brokers?

Do all third parties contracts and agreements incorporate consumer protection compliance, employee training, and audit reporting to compliance?Could compensation arrangements or performance evaluation criteria create incentives to treat customers unfairly?Are all vendors vetted to ensure they are legitimate and that their products are useful and of value before offering them to customers?Is there a formal re-approval and risk assessment process to consider third-party performance over the past period (year, quarter, etc.) to ensure that the relationship with the bank and its customers is satisfactory on an overall basis?

Are regulatory agency guidelines considered in managing third-party relationships?

Does the bank approve all marketing or advertising scripts developed and used by third parties for its products and services?

Do third parties use the bank’s name in their advertisements even without an express agreement? Are vendors using the bank’s name or supposed bank letterhead without receiving consent?Does the bank offer or provide compliance training to third party vendors it uses or does the third party otherwise provide compliance training to their staff?Do third parties have a process to receive complaints? Is it clear to customers who to contact with any questions or problems? Are weaknesses in third-party operations corrected promptly?

Is it bank policy to discontinue using a third party if the third party is treating customers unfairly?

Does the bank perform periodic compliance reviews of the third-party vendors that it uses to provide or service products or services on its behalf?

Does the bank monitor third-party compliance with state or federal consumer protection and UDAAP laws and regulations, and its policies or procedures?

Does the bank track chargeback rates for its vendors and escalate concerns to senior management when that rate exceeds a certain percentage?


2(e) Consumer Complaint Response

Is there a process to respond to consumer complaints in a timely manner and determine whether consumer complaints raise potential UDAAP concerns?Are customer concerns or questions about their experiences with bank products, services, activities, or custom service recorded and evaluated by management for UDAAP red flags?Are consumer complaints and inquiries defined and differentiated and is staff knowledgeable about the differences? Are they handled differently?Does complaint staff have the ability to escalate issues of concern to management apart from normal complaint monitoring and reporting processes? Are these efforts documented and reviewed for resolution? Are UDAAP complaints and outcomes tracked to ensure that bank staff is adhering to bank policies and procedures, following regulatory requirements, and treating customers consistent with bank customer service standards?Are complaints assessed for the following:

Information that may result in changes to products, services, marketing activities, policies, procedures, or customer service standards to reduce issues?

Regulatory concerns that could result in violations of law or regulations such as discouraging applicants, discriminatory practices, unfair and deceptive acts and practices, or abusive or predatory practices?

Is feedback from consumer response programs shared with managers so they can correct staff mistakes?

Does management monitor complaints for response back to the customer and provide appropriate

resolution as possible?

Is social media monitored for consumer statements regarding your bank, subsidiaries, or third-party

vendors?

Are remedies implemented to resolve consumer complaint root causes?

Are processes for customer appeals readily available, consistently provided, and clearly explained?

Are complaints and inquiries categorized by type?

Are there enough employees responding to complaints so that customers will receive a timely response?

Is there a policy to ensure that complaints will be escalated to the appropriate level of management?

Are similar complaints or inquiries aggregated to see if there are systemic problems or the potential for

violating the law?


2(f) Customer Friendly Features

Does the compliance program support the following product controls:

Loans

Application Processing

Loan applications are straightforward, easy to understand, and requests only personal and creditworthiness information relevant to the credit productIf it will cost customers to apply for a loan, it is clear what those fees will be before the application processThe following loan features are fully explained to customers:

Negative amortization

Balloon payments

All loan costs

Underwriting

All requests for information are clear

Customers receive clear communication through the process so that they know what to expect

Customers receive clear and un-contradictory information about closing costs

Underwriting relies on ability to repay rather than collateral value

Bank employees work consistently with all customers who have a low credit score or problems identified in their credit bureau that can be explainedMarginal applicants that could be approved receive the same treatment as other more qualified applicantsClosing

Customers receive all disclosure documentation in advance of their closing date

Bank employees are available to answer any questions that a customer may have

Servicing

Payments are promptly posted

The bank reports good payment history to the credit bureau, including for both joint applicants

The bank explains how it applies monthly payments and any fees or penalties

It is simple and clear for customers to determine their account balance

It is simple and clear to obtain a payoff amount


Collections

Nothing the bank does could be perceived as harassing

Collections practices are clearly spelled out such that customers will be treated objectively and consistently Credit Cards

The amount of usable credit customers can expect is clearly spelled out

Fees and charges are low enough that customers have available credit on their cards

Available credit is verified before any convenience checks are mailed

Customers can rely on the “please pay by date” to make timely payments

The bank clearly explains what will happen if customers pay the minimum amount or less than the minimum amountSecured Credit Cards

When customers obtain a secured credit card, they have access to the majority of their credit line

The bank’s secured card program provides customers with an opportunity to “graduate” to a higher credit line—and, eventually, to an unsecured card—through incremental credit line increases when they repay the cardSince the credit card is cash-secured, the interest rate is reasonably lower than an unsecured card

The bank avoids marketing with terms like “refundable account holds”

Mortgages

If refinances are a large part of the bank’s portfolio, the customers are receiving a benefit

Lending personnel regularly explain how to reduce the interest rate with points

If ‘no closing costs’ are advertised, then no closing costs are charged

Credit Insurance

If there are upfront fees for this product, then all benefits and downsides are explained before signing the customer up for itIt is clear whether this product is included with a loan or required to obtain one

If customers must pay in advance for credit insurance, any unearned amounts are refunded if the customer pre-pays their loanPayday Loans

The bank sets limits to prevent customers from getting into a cycle of debt

Customers may cancel payday loan transactions within one day

The bank can explain all the costs and fees associated with this product before selling it and provides customers with a way to compare the fees with other similar products


Tax Refund Loan

The product is marketed as a loan rather than as an advance of a tax refund

All costs are explained before a sail of this product

Deposits

Account Opening

Deposit products are explained in a simple and straightforward manner

The costs of each product are explained clearly and in a way that allows customers to reasonably compare productsAll fees and penalties are clearly explained before they could be charged

Account Maintenance

All fees and penalties that apply in customer periodic statements are clearly labeled

Overdrafts

More than one overdraft is product available

The bank is clear about when it will charge fees and when it will pay overdrafts

The bank is clear about what it guarantees with regard to overdrafts

The bank clearly and neutrally explains the consequences of opting in to overdraft protection, including what transactions will be covered The bank clearly informs customers when terms are changing

The bank does not advertise an account as “free” if there could be overdraft charges

Gift Cards

The bank is clear about any charges before a customer obtains a gift card including any monthly maintenance, dormancy, or usage feeThe bank explains what will happen if a card is lost or stolen and who to call if this happens

The bank explains what can happen if the card is used at gas stations, hotels, restaurants, or other locations that may seek payment authorizationThe bank explains when it may or may not authorize payments on a gift card

The bank explains how customers can redeem de minimis balances

Customers understand how to obtain balance information


UDAAP Issues


NEW STANDARD OF ABUSIVE IN UDAAP

Section 1031 of Title X of the Dodd Frank Act gives the CFPB broad powers to issue rules for consumer protection. These powers allow the CFPB to:

Consider the costs and benefits to consumers and covered persons (including financial institutions)

Issue rules that prohibit “unfair, deceptive, or abusive acts or practices or UDAAP

The CFPB has the power to issue civil investigation demands, conduct joint investigations (including investigations with HUD and/or DOJ for Fair Lending), issue subpoenas, conduct hearings and begin civil actions for violations of federal consumer protection laws and regulations.

POTENTIAL IMPACTS: There is a possibility that certain types of fees could be prohibited or restricted if a financial institution has taken “unreasonable advantage” of the consumer. A financial institution’s product choices could be significantly modified.

POTENTIAL COSTS:

The CFPB will have the authority to levy civil money penalties of $1million per day or more, to order restitution, rescind contracts, order the surrender of profits and gains deemed to be unjust enrichment, order public notices and other actions.

There is a three year statute of limitations for the CFPB from the discovery of a violation, but no private right of action

The new standards under the Dodd-Frank Title X creates the standard of “abusive” practices in Section 1036 and give the CFPB the power of enforcement in Section 1031. The CFPB can declare an act or practice abusive if it:

1. Materially interferes with the ability of the consumer to understand a term or condition of a consumer financial product or service, or

2. Takes unreasonable advantage of a a. lack of understanding on the part of the of the consumer of the material risks,

costs, or conditions of the product or serviceb. the inability of the consumer to protect his or her interests in selecting or using

the financial product or servicec. the reasonable reliance by the consumer on a covered person to act in the

interests of the consumer.


WHAT IS MATERIAL INTERFERENCE?

This concept focuses on the consumer ability to fully understand a term or condition of a product or service which heightens the importance of meaningful disclosures. Can a consumer clearly understand the representations in the advertising and disclosures to make an educated decision?

(Think of how you feel when trying to read a new regulation and understand it – clear as mud?)

There are some obvious roadblocks to a consumer being able to gain a clear understanding if a product has multiple features and some may be more meaningful to a consumer than other features. If a product frequently changes terms it will be difficult to meet the standard of material interference unless the disclosures are extremely clear and succinct.

While bankers are encouraged to rely on the model disclosures, these may not be adequate for complex products and satisfy the “new normal” of UDAAP.


WHAT IS TAKING UNREASONABLE ADVANTAGE?

This concept is similar to the second standard of deceptive practices because it focuses on the consumer’s perception and considers the level of sophistication of the target audience. Simply offering complex products to consumers who have limited financial experience is an example of abuse.

This concept is limited to the marketing and disclosure process. A consumer can fall prey to unreasonable advantage if the overuse a service that generates excessive fee income for the financial institution. The “poster child” of this concept is the OVERDRAFT product scrutiny that has been a particular focus of the FDIC. The FDIC suggests that when “a customer overdraws his or her account on more than six occasions where a fee is charged in a rolling twelve-month period [the institution is to] undertake meaningful and effective follow-up action.” While it may not be abusive ‘per se to fail to take this follow-up action, it’s not a stretch to imagine that the CFPB will issue ODP rules that make this failure an abusive act and violation of law.


WHAT IS UNFAIR, DECEPTIVE OR ABUSIVE?

What’s “unfair”?

Refusing to release lien after consumer makes final payment on a mortgage. The FTC brought an enforcement action against a mortgage company based on allegations, described below, that repeatedly failed to release liens after consumers fully paid the amount due on their mortgages.

Substantial injury. Consumer’s sustained economic injury when the mortgage servicer did not release the liens on their properties after the consumers had repaid the total amount due on the mortgages.

Not outweighed by benefits. Countervailing benefits to competition or consumers did not result from the servicer’s alleged failure to appropriately service the mortgage loan and release the lien promptly.

Not reasonably avoidable. Consumers had no way to know in advance of obtaining the loan that the mortgage servicer would not release the lien after full payment. Moreover, consumers generally cannot avoid the harm caused by an improper practice of a mortgage servicer because the servicer is chosen by the owner of the loan, not the borrower. Thus, consumers cannot choose their loan servicer and cannot change loan servicers when they are dissatisfied with the quality of the loan servicing.

What’s “deceptive”?

Inadequate disclosure of material lease terms in television advertising. The FTC brought actions against vehicle leasing companies alleging that their television advertisements represented that consumers could lease vehicles for “$0 down” when advertising a monthly lease payment. However, the FTC alleged that the “blur” of “unreadable fine print” that flashed on the screen at the end of the advertisement disclosed costs of at least $1,000. The settlements prohibited the vehicle leasing companies from misrepresenting the amount consumers must pay when signing the lease.

In addition, the FTC required that if the companies make any representation about the amounts due at lease signing, or that there is “no down payment,” the companies must make an equally prominent (readable and audible) disclosure of the total amount of all fees due when consumers sign the lease.


Representation or omission likely to mislead: The television advertisements featured prominent statements of “no money down” or “$0 down” at lease signing. The advertisement also contained, at the bottom of the screen, a “blur” of small print in which disclosures of various costs required by Regulation M (the Consumer Leasing Act) were made. The FTC alleged that the disclosures were inadequate because they were not clear, prominent, or audible to consumers.

Reasonable consumer perspective. A reasonable consumer would believe that he did not have to put any money down and that all he owed was the regular monthly payment.

Material representation. The stated “no money down” or “$0 down” plus the low monthly lease payment were material representations to consumers. The fact that the additional, material costs were disclosed at signing of the lease did not cure the deceptive failure to disclose in the television advertising, the FTC claimed.

This part of the definition is critical to understanding the new standard because an act or practice can be considered abusive (defined in Section 1031(d)) if it takes unreasonable advantage of the consumer. The unreasonable advantage is based on:

(A)a lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service;

(B) the inability of the consumer to protect the interests of the consumer in selecting or using a consumer financial product or service; or

(C) The “reasonable reliance by the consumer on a covered person to act in the interests of the consumer.

(NOTE: a covered person is the bank or financial institution)

What does it mean to take “unreasonable advantage of a consumer?

It’s anticipated that the interpretation of “taking unreasonable advantage” will be linked to the second part of a deceptive practice that considers the target market or target audience’s interpretation of information.

This standard isn’t confined to the disclosure process but takes into account the level of sophistication of a consumer. A financial institution may be viewed as taking “unreasonable advantage” when they fail to prevent a consumer from the overuse of a service that generates significant fee income. (The recent focus, enforcement activity and guidance on ODP products are evidence of this stance). The FDIC guidance to “undertake meaningful and effective follow-up action” when a consumer exceeds the six overdraft limit in a rolling twelve-month period is a clear directive of the agency’s stance on monitoring for abusive acts and practices. It’s not hard to imagine a series of rules that the CFPB may draft to declare the failure of effective monitoring


as an abusive practice a clear violation of law and subject to fines. Will this mean that profitability will be the “cost” of consumer protection? At a minimum, an institution must have increased vigilance about providing clear disclosures and avoiding “steering” customers to inappropriate products or services when a suitable product that is more economical is available. If a consumer selects a more costly product it will critical to document that all the alternatives were presented and the consumer selected a more expensive option. It remains to be seen if the financial institution will have an adequate defense in these cases.

UDAAP COMPLIANCE RECOMMENDATIONS

The following are some possible proactive steps to help manage UDAP or UDAAP compliance in 2013-2014.

1. Review consumer complaints . Develop a complaint policy and monitor complaints. Look for any trends that could be considered unfair, deceptive, or abusive. WOULD YOU SELL THIS TO YOUR GRANMOTHER? Are the terms and conditions clear? Is the product useful and beneficial to the consumer? (See the Consumer Complaint Section for more information and a sample policy/procedure) If you receive complaints that have these phrases make sure that the complaints receive a top priority for resolution:

a. It was misleading b. It was unfair c. It’s not what I expected d. I didn’t get what was advertised e. I didn’t get what the financial institution employee told me I’d receive f. It was more expensive than I expected it to be g. I don’t understand all the charges and fees h. No one listened to my complaint i. I couldn’t find anyone to talk to about my problem

2. Evaluate your income streams . If a consumer is overusing a product or service (think ODP), and the financial institution is receiving high fee income the regulators will not find that it’s “in the best interest of the consumer”.

3. Look at the suitability of products for your consumers . The concept of suitability should be part of the compliance oversight function. Public policy is putting more emphasis on the accountability of financial institutions and less emphasis on consumer responsibility. Understand the target audience for your institution’s products and services. Can you quantify their level of education, sophistication about financial products, risk tolerance, net worth, and long-range financial needs? How will you document the choices presented to consumers and their rationale for making informed choices? Pay particular attention to products and services that are targeted to low-income groups and those who have experienced financial hardships, the elderly and non-English speaking groups.

4. Potential targets for the CFPB may include these items :


Credit card add-on products increase potential UDAAP risk. These products should be subject to additional monitoring & auditing.

Vendor Management is a target for regulatory scrutiny. Make sure adequate controls & oversight are in place..

Overdrafts remain a high UDAAP risk. Regulators have provided some guidance, particularly the FDIC. Monitor the fees, especially for vulnerable customers. Review all pricing practices.

Consumer Complaints


CONSUMER COMPLAINTS ON THE REGULATOR WEBSITES

All the regulators have added substantial sections to their websites to help consumers file various types of complaints, including fair lending complaints. This page is from the OCC website. http://www.helpwithmybank.gov/complaints/index-file-a-bank-complaint.html


CFPB COMPLAINT PROJECT AND ENFORCEMENT ACTIONS

The CFPB submitted an semi-annual report to Congress for 2013 on March 31, 2014. Here are a few of the comments about the complaint project that were found in prior reports and the most recent 39 page “Consumer Response Annual Report”.Here’s a link: http://www.consumerfinance.gov/reports/2013-consumer-response-annual-report/

HIGHLIGHTS CFPB has an Office of Consumer Response, they have received over 175,000 consumer

complaints In July 2013 the CFPB added debt collection complaints to the range of products and

Payday loans on November 6, 2013 Complaint process is explained on pages 10 The CFPB has received 309,700 consumer complaints since the agency began accepting

complaints on July 21, 2011

SNAPSHOT OF COMPLAINT PROCESS

PROCESS


http://www.consumerfinance.gov/reports/2013-consumer-response-annual-report/

COMPLAINTS BY PRODUCTFrom January 1, 2013 and December 31, the CFPB received 163,700 consumer complaints. Here’s a snapshot:

Types of Mortgage Complaints


Types of Debt Collection Complaints


Types of Credit Reporting Complaints

Sub-issues


In addition to actions by the regulators, there have been civil lawsuits regarding the accuracy of credit reports. On January 29, 2014 a federal judge today reduced the $18.6 million a jury had awarded an Oregon woman who spent years battling with Equifax down to $1.62 million.

Atlanta-based Equifax had appealed the jury’s bountiful award in December, asking the judge to vastly reduce the punitive damages so they would match the $180,000 the plaintiff had received in compensatory damages.

The court concludes Equifax engaged in reprehensible conduct that caused real harm to Miller.The original amount, which totaled $18.6 million with punitive and compensatory damages combined, was handed down in late July and was considered one of the largest granted to a consumer in a case against one of the nation's major credit bureaus. U.S. District Court Judge Anna J. Brown’s order today wasn’t surprising as courts have generally been moving toward punitive damages within a single-digit ratio of what was awarded in compensatory damages.“We were expecting a reduction but we are disappointed by the result,” said Justin Baxter of the Portland firm Baxter & Baxter who represented plaintiff Julie Miller. He added it’s “unclear at this point” what the firm’s next move will be.

Still, Judge Brown’s order pointed out that her reduction still represented “the highest single-digit ratio accepted within constitutional limits” at 9-to-1.

“The court concludes Equifax engaged in reprehensible conduct that caused real harm to Miller,” Judge Brown wrote. “Equifax should be punished financially for that wrongful conduct; and the amount of the punitive-damages award, although within constitutional limits, nevertheless, should be enough to deter Equifax and others similarly situated from repeating this type of conduct in the future.”

In her lawsuit, Miller had shared how she had attempted to contact Equifax eight times between 2009 and 2011 in an effort to correct inaccuracies, including erroneous accounts and collection attempts, as well as a wrong Social Security number and birthday. Yet over and over, the lawsuit had alleged, the credit reporting agency failed to correct its mistakes.

The company’s lack of action not only hurt Miller’s credit report, her lawyers had asserted, but also had more personal and emotional effects. Miller’s brother is disabled and couldn’t get credit on his own. Miller wanted to help him, her lawyers had said, but couldn't because of the damage done by Equifax's mistakes and its lack of response to her complaints.


SAMPLE COMPLAINT POLICY

In addition to a normally scheduled exam, it’s possible for examiners to contact the financial institution for an investigation. Investigations are conducted primarily to follow-up on particular consumer inquiries or complaints, including fair lending complaints. The investigation of consumer complaints has become an INCREASED FOCUS for all regulators and is a central concern of the new Consumer Financial Protection Bureau (CFPB) under Dodd Frank. Additional discussion is included in the Fair Lending section.

It’s a prudent practice to have a complaint policy so that all employees understand the difference between Mrs. Jones complaining that the free coffee was cold or implying that she was denied credit on a prohibited basis or that a disputed transaction wasn’t handled within the allowed time limits. Employees should also understand that the bank is required to place comments or complaints about the bank’s CRA performance in the Public File.

Any complaint that contains these phrases should receive immediate attention:1. I experienced unfair treatment2. I experienced discrimination3. I experienced these issues regarding a product or service:

a. It was misleading b. It was unfair c. It’s not what I expected d. I didn’t get what was advertised e. I didn’t get what the financial institution employee told me I’d receive f. It was more expensive than I expected it to be g. I don’t understand all the charges and fees h. No one listened to my complaint i. I couldn’t find anyone to answer questions about my problem

4. Any complaint that states a law or regulation was not followed.


SAMPLE COMPLAINT AND INQUIRY POLICY

ANYBANK

Subject : Complaints and InquiresItem Number : CP-106 Effective Date : 04-01-13Revision Date : 04-01-13 Page Number :

I. PURPOSE

This is to establish a formal and centralized system of response to complaints and inquiries (C&I) which may have compliance consequences. Regulations E and Z establish required procedures for debit and credit card disputed or unauthorized transactions. This policy and the procedures are not intended to apply to the Reg E and Reg Z disputes which have already been established. The Community Reinvestment Act (CRA) requires pertinent documents to be placed in the bank's Public File. The bank’s Fair Lending Policy requires immediate attention to any allegations of discrimination or violations of the ECOA (Equal Credit Opportunity Act), the Fair Housing Act (FHA) and related consumer protection laws. Any complaints regarding UDAAP (Unfair, Deceptive or Abusive acts and Practices) will require immediate investigation and notification to Senior Management. The Real Estate Settlement and Procedures Act (RESPA) have established requirements for handling complaints pertaining to mortgage servicing. The FACT ACT data integrity rules require that the bank responds to inquiries about incorrect information that may have been reported to a credit reporting agency. The following will all but ensure that time constraints are adhered to and that the cause of a problem is sought and corrected. As an internal control, the inquiry will be handled by someone other than the person involved in the area of the inquiry. Managed through one central point, any frequency, pattern and practice of C&I's can be monitored and responses will be consistent.

Management will be informed immediately of any complaint or inquiry that alleges a violation of law or act of discrimination. This type of complaint requires immediate action.

DEFINITION OF A “COMPLAINT” AT OUR FINANCIAL INSTITUTION:‘Any expression of dissatisfaction, whether oral or written, and whether justified or not, from or on behalf of an eligible complainant about the financial institution’s provision of, or failure to provide, a financial service or product’.

II. STATEMENT OF POLICY

We will adhere to C&I procedures prescribed by regulations. When not prescribed, we will use our resources to investigate and satisfy all C&I's in as timely a manner as possible. All complaints and inquiries regarding compliance and regulatory issues will be sent through one central point either after it is resolved or for the resolution process. The Bank President has the option of resolving the complaint and notifying the Compliance Officer or of having him/her


handle the resolution. Because the Compliance Officer maintains the CRA file and oversees the compliance audits, (s)he will be the repository for all C&I correspondence.

The officer handling the C&I will direct it to areas of responsibility and insure that proper individuals are involved in the resolution, that it is timely and that the source of the problem is examined and corrected.

III. PROCEDURE

A. All employees will be advised in routine training that C&I's will be handled only by specific persons. Types of C&I's will be explained so as to avoid needlessly directing complaints not deemed significant or compliance related through these persons.

B. C&I's received in a department will be date stamped for verification of receipt. They will immediately be sent to the Compliance Officer for handling or a copy will be sent with a notation of the original complaint’s routing for resolution, with the approval of the Compliance Officer. If any delay is anticipated in forwarding the C&I, a telephone call to the Compliance Officer should be made so as to inform him/her of the C&I.

C. The Compliance Officer will review the inquiry to determine:

• the customer's name, address, telephone number and account number(s)• the nature of the complaint• if a regulation requires a specific response time• whether it was directed to or came from a regulatory body (which automatically

requires notification to the President of that center)• required research• resolution requested by the customer• if legal counsel should be involved due to potential liability/litigation• whether it is transactional or operational in nature

(An example of a transactional complaint is a customer who writes to complain that we reported their credit in error. An operational complaint is a customer who says we paid them a lower than published interest rate on a savings account.)

D. The Compliance Officer will establish an internal time frame for a response considering the following:

• research• minimum time frames established by regulation• if needed, review by management and/or counsel


E. The reviewer (and management or counsel, if involved) will determine if a verbal, written or combination response is required.

• Written responses will be composed as though they will be read in court or by a regulator.

• Responses should be stand alone documents summarizing the facts or circumstances of the inquiry, our investigation and resolution.

• Verbal responses are less desirable than written. If a response is verbal, it should be completely documented and notes retained with the original complaint. A follow-up letter may be advised.

• If more information is required, the reply should be sent back to the compliance officer.

F. The Compliance Officer will determine if this problem could recur. If so, additional internal controls will be developed along with appropriate training. Any corrective actions will be documented and reported to the Board of Directors.

G. The Compliance Officer will insure that all C&I's and responses are retained in accordance with applicable procedures and are properly maintained, such as in the CRA Public File. A central file will be maintained for regulatory review. See the Appendix on the last page of the policy for a tracking log.


COMPLAINT AND INQUIRY LOGDATE OF

C&ICUSTOMER NAME AND

INFO

NATURE OF C&I DETERMINATION AND CORRECTIVE ACTION REQUIRED

DATE COMPLETED


COMPLAINT TRACKING FORM

Date Complaint Received:___/__/___

Complaint was given to: Date Complaint was given to management

Customer Name Customer Address Customer Contact information

Customer Account HistoryComplaint was written; see copy Complaint was oral, see summary Complaint was on social media, see

copyCustomer requested information Customer requested refund Customer requested apologyDid customer make any of these claims? EXPLAIN

a. The information I received was misleading b. It was unfair c. It’s not what I expected d. I didn’t get what was advertised e. I didn’t get what the bank employee told me I’d receive f. It was more expensive than I expected it to be g. I don’t understand all the charges and fees h. No one listened to my complaint i. I couldn’t find anyone to answer questions about my problem j. I experienced discriminatory practices k. I had a problem with making payments and didn’t receive help l. I didn’t get approved for a loan/renewal/increase m. My payment wasn’t credited properly n. My interest rate was increased in error o. I was charged late fees, service fees in error p. I didn’t receive disclosures, agreements, statements q. My funds weren’t available as expected r. My debit card was declined s. My balance transfer wasn’t processed t. My dispute wasn’t processed u. I had a problem with online banking/ATM/wire/bill pay v. I had problems with overdrafts/bounced checks w. I had a problem with my credit report information x. I was harassed by the collector y. My property was repossessed in error z. I’ve contacted an attorney aa. I’ve filed a complaint with a government agency

Did the complaint involve a particular product or service; what was it?

Did the complaint involve a product or service offered by a vendor?

Did the complaint involve an employee who is not longer with the bank?

Does the complaint involve the Community Reinvestment Act?

URGENT – REPORT any claims of discrimination to your supervisor immediately!

Did the complaint involve potential SAR activity?

Summary of oral complaint or additional information60

UDAAP for the Board of Directors© Susan Costonis, C.R.C.M.Compliance Training and Consulting

EMPLOYEE NAME Signature E-mailCOMPLIANCE REVIEW COMMENTS:

Referred to Legal Counsel:


UDAP AND UDAAP Resources


FIVE LESSONS LEARNED FROM UDAAP VIOLATIONS

Almost a year to the date that the Consumer Financial Protection Bureau became an active federal regulatory agency, it issued its first enforcement action against a financial institution. That action was followed by two more consent agreements issued within the next 90 days. These enforcement actions were significant in a couple of ways. First, the size of the penalties and required reimbursements were larger than nearly any other consumer-protection-related actions issued in the past. Second, at their core, all three actions are based primarily on UDAAP issues, i.e., Unfair, Deceptive or Abusive Acts or Practices--although the "abusive" standard is not specifically mentioned in any of them.

Most of the practices and products called into question in have been in use by financial institutions for quite a while. Note that none of the institutions that were the subject of these orders admitted any wrongdoing. A careful review of these consent orders yields lessons to be learned and action steps to be taken to avoid UDAAP issues. Although it's early in the life of the Bureau, and more enforcement actions are undoubtedly on the way, there are five key points for compliance officers and executive leadership to understand:

1. Marketing and sales practices are especially prone to UDAAP violations.

Much of the alleged wrongdoing described in these enforcement actions involved sales practices and marketing strategies. If a consumer is "deceived" in the purchase of a financial product, that's the stage where it will likely occur. These areas are high risk for UDAAP problems and need strong risk-management controls. For example, outbound telephone marketing calls specifically came under fire in two of the orders. Criticism centered on allegations that the bank's agent did not fully explain the product nor highlight the required disclosures. Specific advertising was called out as being deceptive by promising more than would be delivered. It is critical in all cases to surround an institution's marketing strategy and sales practices with effective and proactive controls. Every institution should subject its marketing strategy to a compliance review periodically, and especially every time a material change is made. These reviews should focus on UDAAP--specifically on the fairness and transparency of the marketing philosophy, strategy, and practices.

A best practice is to have Compliance represented in the room as the marketing strategy is being formulated and as advertising pieces are being created. Having Compliance sign off at the end of the process is no longer considered adequate. In addition, Compliance and legal should review advertising copy every time--even if the same ad has been approved in the past.

Overkill? No--the regulatory environment is so volatile that no one can count on the language being acceptable today just because it passed muster yesterday. Sales practices should have UDAAP risk management controls that are commensurate with their risk. Selling bank products and services in a branch environment in response to consumer inquiries or posting sales information on the bank's internet site are fairly low risk methods. However, even in these cases,


branch personnel need training specific to the products and services being sold and they need UDAAP training so they know what "deceptive" behavior looks like.

2. Formal UDAAP compliance programs are necessary.

Traditionally banks have not maintained formal UDAP nor UDAAP compliance programs; however, they are now necessary. Simply tacking UDAAP onto a list of regulations the bank monitors, and hoping that the bank stays out of trouble, won't suffice. Unfair, deceptive, or abusive practices cannot be easily avoided like technical compliance errors. (UDAP--Unfair or Deceptive Acts and Practices--was expanded into UDAAP by the Dodd-Frank Act.)

UDAAP compliance requires strategic and proactive planning and thoughtful structuring of compliance resources. UDAAP applies broadly throughout the bank--throughout the life cycle of every product and service offered or sold to consumers. Building an effective program requires collaboration between Compliance and the lines of business. No one can manage UDAAP compliance alone. It takes a team of marketing, compliance, risk management, and lines of business leadership to effectively build and sustain a fairness program. Bank executive leadership must provide an effective tone at the top in order to effectively influence the bank's culture for customer fairness in a positive way.

3. Comprehensive complaint management programs are no longer optional.

Clearly consumer complaints are the primary channel the regulatory agencies have used to find the most egregious UDAAP problems. In most situations if regulators find a UDAAP problem, the bank has received complaints on the product or practice. Complaints are the "canary in the coal mine" for UDAAP violations. An institution that does not have a comprehensive, first-rate complaint management program is literally flying blind to potential UDAAP risks. In the Dodd-Frank era, this is not optional--not for banks that want to find potential UDAAP issues before examiners do.

Complaint management is more than just resolving complaints that are escalated to the bank president, the bank's regulatory agency, the state attorney general, or the Better Business Bureau.

A good compliance management system clearly defines what a "complaint" is so that everyone in the institution has a clear understanding of which customer communications comprise complaints. Complaint data should be gathered and documented from the lowest level (including oral complaints) and root cause analysis must be conducted on high-risk complaints to determine their cause--especially those related to fairness. The businesses, marketing, or operational areas must be held accountable to fix problems once the root cause is identified.


4. Internal Audit must officially include UDAAP in its scope.

Each of CFPB's enforcement actions mentions Internal Audit and its role in UDAAP risk management. Such auditing has, in the past, been limited to technical compliance--such as Regulation AA compliance. Auditing for "fairness" is much harder--but it has become necessary. Regulatory agencies will consider internal audit functions to be deficient if they omit UDAAP from their compliance audits. UDAAP compliance must be treated like any other high-risk area and included in internal audit testing plans and schedules. UDAAP auditing presents special challenges.

First, UDAAP audits are hard to scope. Because UDAAP laws cover the entire bank, there is much to choose from. Scoping the audit requires knowledge of the institution, including its products and services and its compliance history. Second, the number of audit hours that can be assigned to UDAAP auditing must be sufficient to the task--but, realistically, no one can audit the entire organization for UDAAP every year. Effective UDAAP auditing takes a great deal of thoughtful planning, assessing risks, assigning resources.

How do you get it right? Internal audit teams can approach a UDAAP audit in a number of ways. The audit could encompass just high risk areas--such as mortgage servicing, or credit card add-on products. Alternatively, it could focus on the entire life cycle of a product or service. For example, if the audit scope was consumer loans, the lifecycle audit would start with the marketing and solicitation of consumer loans, and then the rest of the stages, including the application, underwriting, closing, servicing, and collections.

Another challenge with UDAAP auditing is that the UDAAP issues are quite subjective. Auditors must walk a line between independence and the need to be careful not to make too many subjective judgments and unnecessarily provide a roadmap for the bank's regulators in targeting issues to criticize. The audit questions must be carefully written to make sure that they are objective and include only well settled concepts of fairness and transparency.

5. Third-party management is essential to effective UDAAP compliance.

The actions of third parties played a large role in the CFPB enforcement actions. Third parties often manage consumer products and services, from telemarketing and fulfillment to collections. Third-party contractors who interface with consumers will be treated like the bank for UDAAP purposes by regulators. Therefore, the same level of risk controls used at the bank should be applied by the bank to third parties that have contact with the bank's consumer customers.

In order to protect itself the bank must conduct effective due diligence before engaging a third party. Reviewing policies and procedures, contacting references, requiring proof of insurance, determining how training is delivered, and how incentives are structured all play a role in determining if the third party will put a premium on treating the customer fairly and transparently.


Once the relationship is established, monitoring the behavior and practices of the third party is necessary. The contract with the third party should allow the bank to cancel if any unfair or deceptive behavior is noted. Complaints sent to the bank or the third party should be monitored as part of the bank's complaint management program.


FDIC GUIDANCE AND EXAM CHECKLISTS

FDIC Issuances

FDIC Supervisory Insights, Winter 2008, Vol. 5, Issue 2, From the Examiner’s Deskhttp://www.fdic.gov/regulations/examinations/supervisory/insights/siwin08/index.htmlThe existence of Unfair and Deceptive Acts and Practices (UDAPs) is not always obvious, which makes compliance and compliance supervision particularly challenging. Each violation determination is based on a careful consideration of the specific facts of each case. This article reviews and analyzes examples of UDAP issues that were the subject of the FDIC's examination-consultation process during a recent 18-month period. It also shares the methodology used by FDIC staff as they perform the sometimes difficult compliance analyses required under Section 5 of the Federal Trade Commission Act

FDIC Supervisory Insights, Winter 2006, Vol. 3, Issue 2, Chasing the Asterisk: A Field Guide to Caveats, Exceptions, Material Misrepresentations, and Other Unfair or Deceptive Acts or Practiceshttp://www.fdic.gov/regulations/examinations/supervisory/insights/siwin06/index.htmlAlthough the vast majority of FDIC-supervised institutions adhere to a high level of professional conduct, the FDIC has seen an increase in violations of Section 5 of the Federal Trade Commission Act (FTC Act), which prohibits unfair or deceptive practices in or affecting commerce. The Act applies to all aspects of financial products and services, and this increase in violations may be the result of increased competition among financial institutions, along with a growing dependence on fee income, expansion into the subprime market, and the increase in the number of products with complex structures and pricing. This article outlines how examiners identify and address acts or practices that may violate the prohibition against unfair or deceptive acts or practices, and it provides information to help financial institutions assess their products and services and develop a plan to avoid violations of Section 5 of the FTC Act

FDIC and Federal Reserve Board Attachment: Unfair or Deceptive Acts or Practices by State-Chartered Banks March 11, 2004

Specifically, the guidance explains:

the standards used to assess whether an act or practice is unfair or deceptive; the interplay between the FTC Act and other consumer protection statutes; and guidelines for managing risks related to unfair and deceptive practices

http://www.fdic.gov/news/news/financial/2004/fil2604.html

FDIC Guidance on Unfair or Deceptive Acts or Practices, FIL-57-2002: Unfair or Deceptive Acts or Practices: Applicability of the Federal Trade Commission Act





http://www.fdic.gov/news/news/financial/2004/fil2604a.html

http://www.fdic.gov/news/news/financial/2004/fil2604a.html

http://www.fdic.gov/regulations/examinations/supervisory/insights/siwin06/index.html

http://www.fdic.gov/regulations/examinations/supervisory/insights/siwin06/article02_chasing.html



http://www.fdic.gov/regulations/examinations/supervisory/insights/siwin08/index.html


FDIC Unfair or Deceptive Acts or Practices, March 11, 2004, FIL-26-2004http://www.fdic.gov/news/news/financial/2004/fil2604.html

FDIC, Third Party Risk: Guidance on ODP, FIL-11-2005 Overdraft Protection Programs Joint Agency Guidancehttp://www.fdic.gov/news/news/financial/2005/fil1105.html

FDIC, FIL-81-2010: Overdraft Payment Programs and Consumer Protection: Final Overdraft Payment Supervisory Guidancehttp://www.fdic.gov/news/news/financial/2010/fil10081.html

FDIC Overdraft Payment Program Supervisory Guidance Frequently Asked Questionshttp://www.fdic.gov/news/conferences/overdraft/FAQ.html

FDIC Compliance Exam Manual (There were many UPDATES in 2014) (See the NEW SECTION on CONSUMER HARM added in June 2014), including the section VII on ABUSIVE PRACTICES, updated June 2014

II Compliance Examinations

II-1.1Overview of Compliance Examinations

06/2014

II-2.1 Evaluating Consumer Harm 06/2014

VII Abusive Practices

VII-1.1

Federal Trade Commission Act, Section 5 Unfair or Deceptive Acts or Practices

06/2014

VII-2.1

FTC Rule - Preservation of Claims and Defenses

05/2014

VII-3.1

Fair Debt Collection Practices 01/2014

VII-4.1 Third Party Risk 01/2014


https://www.fdic.gov/regulations/compliance/manual/pdf/VII-4.1.pdf









https://www.fdic.gov/regulations/compliance/manual/pdf/tab-VII.pdf

https://www.fdic.gov/regulations/compliance/manual/pdf/II-2.1.pdf





https://www.fdic.gov/regulations/compliance/manual/pdf/tab-II.pdf

http://www.fdic.gov/news/conferences/overdraft/FAQ.html









FDIC RISK ASSESSMENT FOR UDAP


FDIC EXAMINER QUESTIONS FOR UDAP


CFPB AND FTC RESOURCES

This is a link to the CFPB section on UDAAP.

http://www.consumerfinance.gov/guidance/supervision/manual/udaap-narrative/

The CFPB “narrative” includes an introduction to UDAAP and their examination procedures.

FTC (Federal Trade Commission)

FTC Policy Statement on Deception

http://www.ftc.gov/bcp/policystmt/ad-decept.htm

FTC Policy Statement on Unfairness

http://www.ftc.gov/bcp/policystmt/ad-unfair.htm

FTC’s Dot Com Disclosures: Information about online advertising

http://business.ftc.gov/documents/bus41-dot-com-disclosures-information-about-online- advertising

FTC Advertising Guidance

http://www.ftc.gov/bcp/guides/guides.shtm


http://www.ftc.gov/bcp/guides/guides.shtm

http://business.ftc.gov/documents/bus41-dot-com-disclosures-information-about-online-advertising

http://business.ftc.gov/documents/bus41-dot-com-disclosures-information-about-online-advertising

http://www.ftc.gov/bcp/policystmt/ad-unfair.htm

http://www.ftc.gov/bcp/policystmt/ad-decept.htm

http://www.consumerfinance.gov/guidance/supervision/manual/udaap-narrative/

INTERAGENCY GUIDANCE UNFAIR OR DECEPTIVE CREDIT PRACTICES

This is the link: https://www.fdic.gov/news/news/financial/2014/fil14044.html

Summary:The FDIC, the Board of Governors of the Federal Reserve System (Board), the Consumer Financial Protection Bureau (CFPB), the National Credit Union Administration (NCUA), and the Office of the Comptroller of the Currency (OCC) (collectively, the Agencies) are issuing guidance regarding certain consumer credit practices. The authority to issue credit practices rules for banks, savings associations, and federal credit unions was repealed as a consequence of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act); however, institutions should not construe the repeal to indicate that the unfair or deceptive practices described in these former regulations are permissible. These practices remain subject to Section 5 of the Federal Trade Commission (FTC) Act.Statement of Applicability to Institutions Under $1 Billion in Total Assets: This Financial Institution Letter applies to all FDIC-supervised financial institutions.Highlights:

The Agencies' credit practices rules generally prohibited (1) the use of certain provisions in consumer credit contracts, (2) the misrepresentation of the nature or extent of cosigner liability, and (3) the pyramiding of late fees.

In 2010, the Dodd-Frank Act repealed the rulemaking authority of the Board, the NCUA, and the Office of Thrift Supervision (formerly the Federal Home Loan Bank Board) under the FTC Act (the FDIC had no such rulemaking authority). As such, the specific credit practices rule once applicable to FDIC-supervised institutions no longer exists.

The credit practices described in these former regulations remain subject to Section 5 of the FTC Act. The Agencies believe that, depending on the facts and circumstances, if banks engage in the unfair or deceptive practices described in the former credit practices rules, such conduct may violate the prohibition against unfair or deceptive practices in Section 5 of the FTC Act and Sections 1031 and 1036 of the Dodd-Frank Act.

Related Topics:

Federal Trade Commission Act, 15 U.S.C. § 45 (unfair or deceptive acts or practices) Dodd-Frank Wall Street Reform and Consumer Protection Act, 12 U.S.C. §§ 5531 and

5536 (unfair, deceptive, or abusive acts or practices) FTC Credit Practices Rule, 16 C.F.R. §§ 444.1-.5


https://www.fdic.gov/news/news/financial/2014/fil14044.html

SUGGESTIONS

Monitor any NEW guidance from your regulator

Make UDAAP risk assessment and oversight part of your compliance program

Monitor and analyze the ROOT cause of complaints, make changes as needed.

Perform a UDAAP assessment of any new products or services

Document UDAAP discussion in Board minutes

Develop an audit program for UDAAP issues

Provide effective TRAINING

Implement an effective complaint management program

ATTEND MORE SESSIONS WITH TTS IN 2015!


ttsmedia.ttstrain.comttsmedia.ttstrain.com/UDAAPBoardHO1014.docx · Web viewConsider adding a...

Documents

Transcript of ttsmedia.ttstrain.comttsmedia.ttstrain.com/UDAAPBoardHO1014.docx · Web viewConsider adding a...