Over the past four installments of this series, we have taken a quick look at how the consumer financial services industry ended up with a new regulator, the Consumer Financial Protection Bureau (CFPB). This new regulator is enforcing a set of new standards—unfair, deceptive or abusive acts or practices (UDAAP)—under a new statute, the Dodd-Frank Wall Street Reform and Consumer Protection Act. We examined the standards themselves and found that “unfair” is rife with subjectivity; “deceptive” does not require intent; and “abusive” is a largely a big unknown.

One thing that is (or should be) readily apparent at this point in the series is that the UDAAP standards are going to present significant compliance challenges and regulatory risks into the foreseeable future. In addition, it is highly likely that, as the CFPB continues to ramp up its UDAAP enforcement and pronouncements, UDAAP will spawn civil litigation under the so-called mini-Federal Trade Commission Acts of the majority of states that provide civil remedies for consumers damaged by unfair or deceptive acts or practices (Dodd-Frank does not have a civil remedy provision). 

The UDAAP problem can be expressed as a formula:

UDAAP = compliance challenges + regulatory risks + threat of civil litigation

The good news is that if you can eliminate either side of the equation, the other side disappears. If you can avoid engaging in unfair, deceptive or abusive acts or practices, you will avoid the associated compliance challenges, regulatory risks and threat of civil litigation. Attacking the problem from this side of the equation is, at this point in UDAAP's evolution, virtually impossible without much more robust guidance from the CFPB about what the UDAAP standards actually mean. 

What about the other side of the equation? Ah … that is where we can bring down the level of the challenges, risks and threats.  

There are seven main things you can do to focus yourself and your institution on the right side of the equation.

1. Look at the nature and structure of your products and services. Is profitability based on late fees or other penalties? Are there termination penalties? Do credit decision makers have wide discretion over setting terms? 

2. Examine the consumers to which you market. Are the consumers vulnerable in any way? Are you incentivizing the sale of high-cost products? Is your sales staff held accountable for things such as the default or attrition rates on the products they sell?

3. Scrutinize your marketing and advertising. Plain, simple transparent product and service offerings are what the CFPB wants from the industry, so you must make sure your advertising meets these standards. 

4. Check up on the management of your customer relationships. Do you have adequate policies and procedures in place so that customer service representatives entrusted with discretion do so uniformly? Are your customer service vendors evaluated on the basis of the service they provide?

5. Take a look at your board of directors and senior management. Have they adopted comprehensive UDAAP policies and standards? Does management regularly communicate its commitment to compliance? Does the board and management receive regular and meaningful reporting on consumer protection issues, compliance and complaints?

6. Study your institution's authority and accountability for compliance. Are sufficient resources allocated to compliance? Are you closely monitoring third parties that perform activities involving your consumers? Is compliance independent from the business lines? In product development, are compliance management and staff involved in product life cycle? Are they involved in structuring incentives and compensation? Are training programs regular and comprehensive? Are all employees encouraged to take responsibility for consumer compliance and to identify and correct issues?

7. Do you have an adequate consumer complaint management system? Do you track all types of complaints, including those found online? Do you track the time from complaint to resolution? Do you resolve complaints without the intervention of third parties, such as the CFPB or the Better Business Bureau?

The more you identify, focus on and eliminate these sorts of risks, the less likely you will have issues with the CFPB on UDAAP. 

So what about real, concrete solutions to manage the UDAAP challenges, risks and threats? There are many solutions, seven of which are detailed below.

1. Get lawyers and compliance officers versed in UDAAP into the room when the product brainstorming is occurring—not so they can say no early and often, but rather to allow these risk managers to gain a better understand of the development process and help the business lines make adjustments before the point of no return.

2. Find ways to incentivize compliance and ethical conduct. Although “trying” may not be enough to get you off the hook, it will go a long way toward mitigating the intensity of the UDAAP regulatory or judicial heat. 

3. Facilitate informed choices by your customers. Focus consumer attention on limitations, conditions and other key terms in your financing documents. As for readability and understandability, ask yourself: what would the CFPB do? It would be plain and simple; try to achieve that.

4. Seek input from your customers and your employees about the products and services you offer. This is precisely what the CFPB, other regulators and consumer advocates are doing. Get out in front of the issue, and make it safe for employees to raise questions or concerns, and easy for consumers to raise their issues. If possible, consolidate the review of customer complaints so that discernable complaint trends are not ignored. 

5. Conduct a UDAAP audit by engaging in appropriate due diligence on all existing and new service and product offerings. Couple your audit with comprehensive training, and reinforce the training with regular updates.

6. Monitor developments in the law and regulation of UDAAP. It is not as simple as just watching the CFPB. The CFPB is working and sharing information with state regulators and vice versa. The plaintiffs bar watches the regulators, and the regulators watch the plaintiffs bar. 

7. If you partner with vendors—whether it be for a service, an audit or on a product offering—demand that they have skin in the game. There is often no better regulator than a fiscal one. 

In the next and final installment of this series, we will discuss strategies for banding together as an industry to collaborate on UDAAP management.