Does your organization offer ‘add-on’ products to customers of your mainstream product lines? Is your compliance management program absent comprehensive reviews for Unfair, Deceptive, or Abusive Acts or Practices Act (UDAAP) compliance in every aspect of your products, services, and operations? If the answer to either of these questions is, “Yes,” “Not sure,” or a shrug, please read on.
From UDAP to “NUDAAP”
Prior to the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank), unfair or deceptive practices in financial services were generally covered by Regulation AA – Unfair or Deceptive Acts or Practices Act (UDAP). UDAP had a limited scope and primarily targeted the requirements of Notices to Cosigners and prohibited credit practices, such as pyramiding of late charges and confessions of judgment. Dodd-Frank created the Unfair, Deceptive, or Abusive Acts or Practices Act (UDAAP) by transforming the legal standards for ‘unfair and deceptive’ practices and adding the legal standard for abusive practices. One important aspect of UDAAP compliance is the need to determine not only what is said or done, but, to also determine what was not said or done that is potentially harmful to consumers. Implementation of UDAAP fostered renewed initiatives to pursue enforcement by all of the federal financial regulators (regulators).
Regulatory Enforcement
The Consumer Financial Protection Bureau (CFPB) has assertively enforced UDAAP independently and in concert with the other regulators. The CFPB published additional guidance (CFPB Bulletin 2012-06) in 2012 to further describe its expectations with regard to ‘add-on’ products that may be offered by financial institutions in a manner that does not protect consumers from harm. Add-on products might include debt protection, identity theft protection, credit score tracking, and other products that are supplementary to the credit provided by the financial institution. It is important to note that, although the bulletin is directed at credit card add-on products, a footnote to the first page of the bulletin expands the coverage significantly by stating, “Although this bulletin focuses on credit card add- on products, institutions should take the guidance that it provides into consideration when they offer similar products in connection with other forms of credit or deposit services.”
UDAAP has very broad coverage in the bank or nonbank financial institution. It applies to all products and services at every stage of each, including, but not limited to:
Product development and rollout;
Advertising and direct marketing;
Contracts, disclosures, and notices;
Account statements and billing;
Loan servicing, loss mitigation, and collections; and,
Third-party service providers.
Since the implementation of UDAAP under Dodd-Frank and the CFPB bulletin, several significant actions for reimbursements, penalties, and mandatory compliance enhancements have been enforced under the rules, including:
July 2012 – Capital One Bank, N.A. , $140 million in reimbursements + penalties;
September 2012 – Discover, $ 200 million + penalties;
October 2012 – American Express, $85 million in refunds + penalties;
September 2013 – JPMorgan Chase, $309 million in refunds + penalties;
December 2013 – GE Capital Retail Bank and CareCredit, $34.1 million in reimbursements;
December 2013 – Ocwen Financial Corporation, $125 million restitution to foreclosure victims, $2 billion relief to current homeowners, and $2.3 million administrative costs;
December 2013 – American Express, $59.5 million restitution + penalties;
March 2014 – World’s Foremost Bank, $10.1 million in restitution + penalties; and,
April 2014 – Bank of America, N.A. and FIA Card Services, N.A., $727 million restitution + penalties.
Compliance Trends and Emerging Issues
You may be thinking, “We’re not Discover or Bank of America,” “We don’t have credit cards,” or “We’re not a bank,” and you’d be right. If you are thinking UDAAP compliance and the guidance in the CFPB bulletin for add-on products could not be enforced in your bank or nonbank institution, you’d be wrong.
The examination scope of the regulators now includes UDAAP compliance. Examination results from community banks, large banks, and nonbank lenders and servicers have already evidenced UDAAP comments and violations. Additionally, UDAAP is sometimes cited duplicitously with citations from other consumer protection regulations, especially if the error or omission potentially harms consumers by the tenets of UDAAP, adding fuel to the overall results of examinations as the number of violations grows.
Compliance Action: Lenders and servicers should take steps to identify any ‘add-on’ products or services offered to mortgage loan customers. The financial institution’s compliance management program should include such products and services for UDAAP compliance and the specific requirements of the CFPB’s bulletin addressing add-on products and consumer protection. To mitigate risk, the application of UDAAP oversight should extend to all areas, including, but not limited to:
Advertising, disclosures, notices, Internet website, social media, business development
Policies, procedures, and underwriting standards
Complaint management process
Collection activities – scripts, letters
Virtually any information that may be viewed/obtained by the public or customers
Scope of monitoring, internal audit, and external review engagements with third parties
Training for employees and third-party service providers
The post UDAAP Compliance and Add-on Products Continue to Draw Fire appeared first on Mortgage Compliance Magazine.