Responsive and Adaptive Mobile Web Design | Northeast …



UDAAP- for the Board of DirectorsTuesday, October 28, 2014 10:00 - 12:00 PMPresented by:Susan Costonis, C.R.C.pliance Training & Consulting for Financial InstitutionsE-mail: susancostonis@The material used in this webinar has been drawn from sources believed to be reliable. Every effort has been made to assure the accuracy of the material; however, the accuracy of this information is not guaranteed. The laws and regulatory guidance may be changed often so the user must verify whether or not the information remains current. The UDAAP-for the Board of Directors manual is sold with the understanding that the publisher and the editor are not engaging in the practice of law or accounting and are not responsible for the actions of your company's employees. You will wish to consult with your compliance staff and/or attorney when you are not sure of an answer. Published by:Susan Costonis, C.R.C.MCompliance Training and Consulting for Financial Institutions All rights reserved. This material may not be reproduced in whole or in part in any form or by any means without written permission from the publisher.Printed in the United States of America.TABLE OF CONTENTS TOC \h \z \t "SubChaptertitle,2,Chaptertitle,1" HYPERLINK \l "_Toc401746844" Overview for UDAAP PAGEREF _Toc401746844 \h 4WEBINAR OVERVIEW PAGEREF _Toc401746845 \h 5BIG PICTURE FOR UDAP VERSUS UDAAP PAGEREF _Toc401746846 \h 6UDAP OVERVIEW PAGEREF _Toc401746847 \h 7MANAGING RISKS TO AVOID UDAP VIOLATIONS PAGEREF _Toc401746848 \h 10THE STANDARDS FOR DECEPTIVE AND UNFAIR PAGEREF _Toc401746849 \h 13THE FOUR “P’S” OF DECEPTION FROM THE FTC PAGEREF _Toc401746850 \h 16UDAAP UNDER DODD-FRANK AND THE CFPB PAGEREF _Toc401746851 \h 17FDIC ENFORCEMENT ACTIONS AND CONSUMER HARM PAGEREF _Toc401746852 \h 22CFPB ENFORCEMENT ACTIONS PAGEREF _Toc401746853 \h 25UDAAP PROGRAM AND RISK ASSESSMENT PAGEREF _Toc401746854 \h 27UDAAP Issues PAGEREF _Toc401746855 \h 39WHAT IS TAKING UNREASONABLE ADVANTAGE? PAGEREF _Toc401746856 \h 42WHAT IS UNFAIR, DECEPTIVE OR ABUSIVE? PAGEREF _Toc401746857 \h 43UDAAP COMPLIANCE RECOMMENDATIONS PAGEREF _Toc401746858 \h 45Consumer Complaints PAGEREF _Toc401746859 \h 46CONSUMER COMPLAINTS ON THE REGULATOR WEBSITES PAGEREF _Toc401746860 \h 47CFPB COMPLAINT PROJECT AND ENFORCEMENT ACTIONS PAGEREF _Toc401746861 \h 48SAMPLE COMPLAINT POLICY PAGEREF _Toc401746862 \h 53UDAP AND UDAAP Resources PAGEREF _Toc401746863 \h 60FIVE LESSONS LEARNED FROM UDAAP VIOLATIONS PAGEREF _Toc401746864 \h 61FDIC GUIDANCE AND EXAM CHECKLISTS PAGEREF _Toc401746865 \h 65FDIC RISK ASSESSMENT FOR UDAP PAGEREF _Toc401746866 \h 67FDIC EXAMINER QUESTIONS FOR UDAP PAGEREF _Toc401746867 \h 72CFPB AND FTC RESOURCES PAGEREF _Toc401746868 \h 78INTERAGENCY GUIDANCE UNFAIR OR DECEPTIVE CREDIT PRACTICES PAGEREF _Toc401746869 \h 79SUGGESTIONS PAGEREF _Toc401746870 \h 80Overview for UDAAP WEBINAR OVERVIEWWhat topics does your regulator expect will have been covered in training sessions for the Board of Directors? Do any of the regulations “require” annual or periodic training? This session covers one of the “hottest” compliance topics. UDAAP violations have been the source for many costly enforcement actions. Examiners have incorporated UDAAP into deposit exam procedures for overdraft and deposit account reward programs and vendor management issues for products ranging from credit cards “add-on” services to complaints on social media.WHAT YOU WILL LEARN:The definition of UDAP and UDAAP , including examples of the standards for “unfair”, “deceptive” and “abusive” acts or practicesLearn five KEY points for UDAAP compliance to help avoid fines and maintain your financial institutions good reputation.What should the board know about the CFPB complaint “process”? What do your “frontline” employees need to know about UDAAP and handling complaints?Board oversight for managing Third Party Risks and UDAAPHelpful UDAAP compliance resources and regulatory guidance, including FDIC Abusive Practices –Third Party Procedures ; there is a NEW exam procedures for “Evaluating Consumer Harm” BONUS – Attendees will receive a template for a Complaint Policy, Procedures and tracking form in WORD that can be modified for your financial institution.Who Should Attend?This webinar will benefit Board members, Compliance Officers, Risk Managers, Senior Management, Branch Managers, Call Center Managers, Loan & Deposit Operation Managers, Marketing staff, and Product Development specialists. BIG PICTURE FOR UDAP VERSUS UDAAPThe new UDAAP standards will apply to the consumer products and services of institutions. The long standing UDAP provisions cover both consumer AND commercial activities. To understand these changes, it’s helpful to look first at the basic definitions in UDAP and then some of the changes that have been created by Dodd-Frank and the CFPB.UDAPUDAAPUNFAIRDECEPTIVEUNFAIR DECEPTIVEABUSIVEApplies to commercial and consumer transactionsApplies to consumer transactions, products and servicesUDAP -Unfair or Deceptive Acts or PracticesCodified in Section 5(a) of the FTCProhibits “unfair or deceptive acts or practices in or affecting commerce”Applies to any person or entity doing business, not just financial institutionsFTC doesn’t have direct enforcement, but the regulators have authority through the Federal Deposit Insurance ActMany states have their own versions of the federal statuteUDAP standards are broad, but there are standards for what is “unfair” or “deceptive”A practice does not have to be both “unfair” and “deceptive” to be a violationThe “deceptive” standard was cited more often than the “unfair” standardAPPLIES TO COMMERCIAL AND CONSUMER ISSUES ActUDAAP- Unfair, Deceptive and ABUSIVE Acts or PracticesIs part of the Dodd-Frank Act, Title 10Section 1031(a) says that the CFPB “may take any action authorized under subtitle E to prevent a covered person or service provider from committing or engaging in an unfair, deceptive, or abusive act or practice under Federal law in connection with any transaction with a consumer for a consumer financial product or service, or the offering of a consumer financial product or serviceThe CFPB has rulemaking authority and the Bureau and bank regulators will enforce the rulesAPPLIES TO CONSUMER ISSUES BUT INCLUDES THE “NEW” STANDARD OF ABUSIVE UDAP OVERVIEWThe Federal Reserve held a Webinar on March 5, 2013 called” UDAP – Analysis, Examinations, Case Studies and Emerging Risks. Here’s a link to the teleconference: was the Agenda for their teleconference:?Legal Authority and Analysis ?Case Studies ?Emerging Risks ?Holding Company Impact ?Tips for Compliance ?Resources ?Questions Legal Authority and Analysis –Dodd-Frank Act (DFA) authority re unfair, deceptive or abusive acts or practices (UDAAP) –Federal Trade Commission Act (FTC Act) authority re unfair or deceptive acts or practices (UDAP) –Act or practice –Unfair act or practice –Deceptive act or practice –Relationship to other laws Source of authority: –Sections 1031 and 1036 of the DFA ?Consumer Financial Protection Bureau (CFPB) authority: –CFPB has UDAAP rule writing authority – the UDAAP rules will be applicable to any person that engages in offering or providing a consumer financial product or service (covered person) and any service provider –CFPB has UDAAP supervision and enforcement authority for depository institutions above $10 billion and nonbank entities -Prudential regulators have UDAAP supervision and enforcement authority for depository institutions of $10 billion or less ?Unfair (similar to Section 5 of the FTC Act) ?Deceptive (similar to FTC Act guidance) Abusive (new in the DFA) is defined as an act or practice that: –Materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service; or –Takes unreasonable advantage of: ?A lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service; ?The inability of the consumer to protect the interests of the consumer in selecting or using a consumer financial product or service; or ?The reasonable reliance by the consumer on a covered person to act in the interests of the consumer FTC Act UDAP AuthoritySource of authority: –Section 5 of the FTC Act, Section 8 of the Federal Deposit Insurance Act ?Authority of prudential regulators (but not the CFPB): –No rule writing authority –Supervision and enforcement for supervised entities (any asset size) Act or PracticeApplies to all products and services ?Applies to every stage and activity –Product development and rollout –Advertising –Direct marketing –Disclosures –Contracts –Account statements –Billing –Loan servicing/loss mitigation/collections –Third-party service providers Unfair Act or PracticeAn act or practice is unfair where it - –Causes or is likely to cause substantial injury to consumers, –Can not be reasonably avoided by consumers, and –Is not outweighed by countervailing benefits to consumers or to competition ?Public policy may be considered Injury - Causes or is likely to cause substantial injury to consumers –Injury: Usually involves monetary harm ?May include other tangible harm ?Does not include emotional or other subjective harm –Substantial: ?Small amount of harm to a large number of people ?Significant risk of concrete harm to small number of people ?Not trivial or speculative harm Not reasonably avoidable –Can not be reasonably avoided by consumers –The Federal Reserve will consider whether the act or practice: ?Unreasonably creates or takes advantage of an obstacle to the free exercise of consumer decision making, ?Interferes with the consumer’s ability to effectively make decisions, or ?Subjects consumers to undue influence or coercion Not outweighed by benefits - Is not outweighed by countervailing benefits to consumers or to competition –Offsetting benefits to consumers may include: ?Lower prices ?Wider availability of products and services –Also consider the offset of costs to remedy or prevent the injury, such as: ?Cost to the bank to take preventive measures ?Cost to society of any increased burden Basic UDAP Concepts An act or practice may be:UnfairDeceptiveOr bothAn act or practice DOES NOT have to violate any other law in order to be considered unfair or deceptive.There is a three part test for “deceptive”. Does it mislead? EXAMPLE: Offering pricing that isn’t actually available or is only available for a limited time. Also a web page where the disclosures are not conspicuous or easy to follow back to a specific feature.Is it reasonable for this consumer? EXAMPLE: Is the offer targeting the elderly or an unsophisticated consumer that probably won’t fully understand the product or service?Are the disclosures adequate? EXAMPLE: Disclosures should fully explain the costs, uses, and benefits of the product or service. MANAGING RISKS TO AVOID UDAP VIOLATIONSThe areas with the greatest potential for unfair or deceptive acts or practices include: Advertising and solicitationsAccount and loan disclosuresServicing and collectionsManaging and monitoring of third-party service providers (BIG focus with the FDIC)Consumer ComplaintsAdvertising and SolicitationsAll forms of advertising should be reviewed including materials from third partiesTarget audiences should be consideredMaterial should be complete, accurate and help the consumer make an informed decisionFTC Recommendations for AdvertisingDODO NOTFormat ads to direct attention to key informationUse small font to hide costs, critical terms or conditionsPresent information clearly and conspicuouslyUse pop-up windows or hyperlinks to display key informationDisclose all decision impacting information near most highly promoted features and place any qualifiers near claim it is qualifyingBury information at the end of a long webpageUse a fast moving “scroll” on websitesAccount and Loan DisclosuresBanks and financial institutions should:Monitor compliance with applicable laws and regulationsCompare disclosures to actual practices and marketing materialsConsider additional levels of review for accuracy and readabilityServicing and CollectionsMonitor scripts for compliance with applicable laws and regulations and to ensure the product or service is accurately describedProvide frequent compliance and product/service trainingMonitor correspondence and listen to customer callsEvaluate debt collection practicesReview payment processing practicesReview fee practicesManaging and Monitoring Third-Party Service ProvidersA bank’s responsibility for third-party IS THE SAME as an activity handled directly by the bankThird-party activities should be integrated into the bank’s Compliance Management SystemEffective third-party management programs incorporate: 1) Risk Assessment 2) Due Diligence 3) Contract Structuring and review 4) OversightDoes NOT rely solely on the claims made by third-party vendorsConsumer ComplaintsMaintain procedures for consumer complaintsComplaints can be received from other sources such as the Better Business Bureau, website blogs or social networking sitesAllegations or claims the might indicate possible UDAPs include:Misleading or false statementsUndue or excessive feesInability to reach customer servicePreviously undisclosed or unauthorized chargesHOT TIP!!See the sample Complaint Policy and Procedures in the Complaint Section of the manual!UDAP CasesRewards CheckingCredit Card PracticesThird Party or Affinity Relationships (i.e. Rent –a-BIN)Insurance Related PracticesNegative Amortization ARM loans/ARM loan pricingError Resolution ProcessOverdraft Programs and ServicesThe Dodd-Frank Act Impact on UDAPThe CFPB is assigned rule making authority for unfair, deceptive or abusive acts or practicesThe rules may include requirements for the purpose of PREVENTING unfair, deceptive, or abusive acts or practicesUNFAIR is defined in the Dodd-Frank Act and is similar to the FTC Act.Deceptive is NOT defined in the Dodd-Frank Act and the definition remains the FTC’s definition until the CFPB makes a ruleNew standard of “abusive acts or practices” that will be defined by the CFPB.THE STANDARDS FOR DECEPTIVE AND UNFAIRThe FTC rule (15 USC 45(a)1)) begins with this statement: “Unfair or deceptive acts or practices in or affecting commerce are hereby declared unlawful.” This portion of Section 5 of the FTC Act gives bank regulators the authority to city institutions for practices that are considered unfair or deceptive. The Dodd-Frank Act added another “hammer” or standard for “abusive practices”. THE “DECEPTIVE” STANDARDDuring the past 30 years regulators have found these acts or practices to be deceptive if they have these three conditions present:The representation, omission or practice is likely to mislead consumersWho are acting reasonably in the circumstances presented, andThe representation, omission, or practice is material.The fact that the first standard only requires that it’s LIKELY to mislead opens a large door for the regulators. The consumer doesn’t actually have to have BEEN misled by the act or practice.THE “DECEPTIVE” STANDARD EXAMPLESNOTE: Section 1031 of Dodd-Frank does not expressly define what would make a practice “deceptive”.The representation, omission or practice is likely to mislead consumers – EXAMPLE: Offering pricing, fee structures, or benefits that aren’t really available or not disclosing critical factors for qualification. Even if all the important information is included with the correct wording, if the way it’s communicated or the layout is misleading because it directs the consumer away from important information. A “reasonable” consumer would be misled. EXAMPLE: The standard is based on the target audience and gauges their likely response. If a product is marketed to the elderly or a group of customers with limited financial expertise there is a great potential for confusion and deception. What matters is how the consumer sees the information, not what the institution intended or assumed would be understood in the message. A disclosure can’t “fix” this misleading impression with lots of fine print and asterisks. The harder it is to find the disclosure, the greater the risk of deception. The representation, omission, or practice is material. EXAMPLE: It will be considered material if it’s likely to affect the consumer’s ability to make an informed decision and choice. Pricing information will always be considered material so any inaccurate claims in this area are deceptive. The same is true when crucial information is omitted and it would impact the ability to make an informed decision.PRACTICES THAT HAVE BEEN FOUND DECEPTIVEGeneralMarketing practices that didn’t convey the WHOLE truth or explain requirements to qualify for a benefit, or contacted claims that weren’t validPromises that weren’t keptRates “as low as” or as “high as” weren’t available to the majority of consumersFine print with asterisks that are hard to follow; “buried” disclosuresTeaser rates that didn’t disclose the duration of the initial offerUsing the term “free” when fees were possible Credit cardsSecurity deposits for secured cards that consumed most of the credit lineHome LoansHidden terms, like balloon paymentsDeposit ProductsGift cards without pre-sale disclosures, especially that reduced the balanceATM balances that included overdraft protectionTHE “UNFAIR” STANDARDThere is an unfairness standard that regulators have used that defines an unfair practice under both the FTC and the UDAAP standards under Dodd-Frank. These are the three “unfair” practices:Causes or is likely to cause substantial consumer injury, whereThe injury cannot be reasonably avoided andThe injury is not outweighed by benefits to the consumer or competition.NOTE: Public Policy may be consideredTHE “UNFAIR” STANDARD EXAMPLESThere is three factors for unfairness under both the FTC and the UDAAP standards under Dodd-Frank. The practice causes or is likely to cause substantial consumer injury. EXAMPLE: This term of “substantial injury” means monetary harm or loss. But doesn’t mean that each consumer must individually loose a great deal of money. Think about class action suits against credit card companies where the recovery was just pennies for the individual. It can also be considered substantial if it simply raises a risk of harm.The injury cannot be reasonably avoided EXAMPLE: If the practice interferes with the consumer’s ability to make an informed decision it be considered “unavoidable”. If important information is missing in advertising and solicitations, for example the ad doesn’t mention the minimum deposit required to open the account or avoid the imposition of fees then the consumer never gets a chance to make an informed decision.The injury is not outweighed by benefits to the consumer or competition. EXAMPLE: The net impact (or bottom line) of the practice harms the consumer. Dodd-Frank uses the term “countervailing benefit”. If an advertisement highlights “no annual fee” but there are so many other charges that offset the annual fee there really isn’t a true benefit and consumer is harmed. NOTE: Public Policy may be considered- This means that existing laws, regulations, and case law of judicial decisions may also be factors in determining if a practice is unfair. For example, a direct violation of Reg Z or Reg DD makes it easier to substantiate that a practice was unfair. The ECOA and Reg B prohibit discrimination in any aspect of a credit transaction and the Fair Housing Act supports the same approach for residential transactions on a prohibited basis. If there is a disparate impact on a protected class it will also be considered unfair. FAIR LENDING ISSUES HAVE THE POTENTIAL TO BE THE CHIEF UDAAP CONCERNS IN THE FUTURE.Several practices have been found unfair in the predatory lending activity that was prevalent in 2003-2008. Several regulations have been implemented as a result of these abuses and are contained in Dodd-Frank. See the Table below for details.PRACTICES THAT HAVE BEEN FOUND UNFAIRPredatory Lending – Servicing and collection issues due to the lack of choices in servicersPosting late fees for on-time paymentsCollecting unauthorized fees (insurance that is already in place, for example)Not quoting payoff amounts or misrepresenting the amount owedFees that are too high for the services receivedTHE FOUR “P’S” OF DECEPTION FROM THE FTCPROMINENCEIs it BIG enough for consumers to notice and read?PRESENTATIONIs the wording and format easy for consumers to understand?* PLACEMENT:Is it where the consumers will look?PROXIMITYIs it near the claim that it qualifies? Compare your financial institution’s advertising in print, in product brochures, and the website to test for the four “P’s” of deception. *(Think about all the forms revisions to the tabular format of Privacy Policy and Reg Z payment disclosures and the format of the GFE, HUD comparison charts to the GFE fees, tabular format of the credit card statements and font size, and other recent disclosure changesUDAAP UNDER DODD-FRANK AND THE CFPBThe CFPB has outlined UDAAP exam procedures on their website; a link for this information is in the CFPB resources page in the last section of this manual. There are many possible concerns that financial institutions may have as a result of the CFPB and regulatory focus on UDAAP. The “old” standards of UDAP have been litigated in the court system and there is a certain amount of case law that can be reviewed to help determine the level of compliance risk involved in current or future products and services. Based on some of the recent enforcement actions and the posture of the CFPB it seems likely that financial institutions will need to ask at least two basic questions about every aspect of their products and services to manage UDAAP risk.KEY QUESTIONS FOR UDAAP COMPLIANCEQUESTION: POSSIBLE CONCERNS & SOLUTIONS Does the consumer have ALL the information they need to make an informed choice about a product or service?The “model” disclosures have been provided, but do they provide sufficient information?Consider adding a “fact sheet” or conversation logs and steering acknowledgement forms (careful with RESPA GFE’s – they can’t be modified)Is the consumer in the “right” product or service?Is there a “better” product for the consumer?How do you document that the consumer made the “right” choice if a more expensive product or service is selected? Consider a suitability “profile” documentation process. Has the ability to repay been clearly proven?Look for the CFPB or your regulator to issue standards and guidanceWhat’s “unfair”?Refusing to release lien after consumer makes final payment on a mortgage. The FTC brought an enforcement action against a mortgage company based on allegations, described below, that repeatedly failed to release liens after consumers fully paid the amount due on their mortgages.Substantial injury. Consumer’s sustained economic injury when the mortgage servicer did not release the liens on their properties after the consumers had repaid the total amount due on the mortgages.Not outweighed by benefits. Countervailing benefits to competition or consumers did not result from the servicer’s alleged failure to appropriately service the mortgage loan and release the lien promptly.Not reasonably avoidable. Consumers had no way to know in advance of obtaining the loan that the mortgage servicer would not release the lien after full payment. Moreover, consumers generally cannot avoid the harm caused by an improper practice of a mortgage servicer because the servicer is chosen by the owner of the loan, not the borrower. Thus, consumers cannot choose their loan servicer and cannot change loan servicers when they are dissatisfied with the quality of the loan servicing.Dishonoring credit card convenience checks without notice. The OTS and FDIC brought enforcement actions against a credit card issuer that sent convenience checks with stated credit limits and expiration dates to customers. For a significant percentage of consumers, the issuer reduced credit lines after the checks were presented, and then the issuer dishonored the consumers’ checks.Substantial injury. Customers paid returned-check fees and may have experienced a negative impact on credit history.Not outweighed by benefits. The card issuer later reduced credit limits based on credit reviews. Based on the particular facts involved in the case, the harm to consumers from the dishonored convenience checks outweighed any benefit of using new credit reviews.Not reasonably avoidable. Consumers reasonably relied on their existing credit limits and expiration dates on the checks when deciding to use them for a payment. Consumers had received no notice that the checks they used were being dishonored until they learned from the payees. Thus, consumers could not reasonably have avoided the injury.Processing payments for companies engaged in fraudulent activities. The OCC brought an enforcement action in a case involving a bank that maintained deposit account relations with telemarketers and payment processors, based on the following allegations. The telemarketers regularly deposited large numbers of remotely created checks drawn against consumers’ accounts. A large percentage of the checks were not authorized by consumers. The bank failed to establish appropriate policies and procedures to prevent, detect, or remedy such activities.Substantial injury. Consumers lost money from fraudulent checks created remotely and drawn against their accounts.Not outweighed by benefits. The cost to the bank of establishing a minimum level of due diligence, monitoring, and response procedures sufficient to remedy the problem would have been far less than the amount of injury to consumers that resulted from the bank’s avoiding those costs.Not reasonably avoidable. Consumers could not avoid the harm because the harm resulted principally from transactions to which the consumers had not consented.What’s “deceptive”?Inadequate disclosure of material lease terms in television advertising. The FTC brought actions against vehicle leasing companies alleging that their television advertisements represented that consumers could lease vehicles for “$0 down” when advertising a monthly lease payment. However, the FTC alleged that the “blur” of “unreadable fine print” that flashed on the screen at the end of the advertisement disclosed costs of at least $1,000. The settlements prohibited the vehicle leasing companies from misrepresenting the amount consumers must pay when signing the lease.In addition, the FTC required that if the companies make any representation about the amounts due at lease signing, or that there is “no down payment,” the companies must make an equally prominent (readable and audible) disclosure of the total amount of all fees due when consumers sign the lease.Representation or omission likely to mislead: The television advertisements featured prominent statements of “no money down” or “$0 down” at lease signing. The advertisement also contained, at the bottom of the screen, a “blur” of small print in which disclosures of various costs required by Regulation M (the Consumer Leasing Act) were made. The FTC alleged that the disclosures were inadequate because they were not clear, prominent, or audible to consumers.Reasonable consumer perspective. A reasonable consumer would believe that he did not have to put any money down and that all he owed was the regular monthly payment.Material representation. The stated “no money down” or “$0 down” plus the low monthly lease payment were material representations to consumers. The fact that the additional, material costs were disclosed at signing of the lease did not cure the deceptive failure to disclose in the television advertising, the FTC claimed.Misrepresentation about loan terms. In 2004, the FTC sued a mortgage broker advertising mortgage refinance loans at “3.5% fixed payment 30-year loan” or “3.5% fixed payment for 30 years,” implying that the offer was for a 30-year loan with a 3.5% fixed interest rate. Instead, the FTC claimed that the broker offered adjustable rate mortgages (ARMs) with an option to pay various amounts, including a minimum monthly payment that represented only a portion of the required interest. As a result, unpaid interest was added to the principal of the loan, resulting in negative amortization.Practice likely to mislead. The FTC claimed that the advertisements were misleading because they compared payments on a mortgage that fully amortized to payments on a non-amortizing loan with payments that increased after the first year. In addition, the FTC claimed that after application, the broker provided Truth in Lending Act (TILA) disclosures that misstated the annual percentage rate (APR) and that failed to state that the loan was a variable rate loan.Reasonable consumer perspective. It was reasonable for consumers to believe that they would obtain fixed-rate mortgages, based on the representations.Material representation. The representations were material because consumers relied on them when making the decision to refinance their fully amortizing 30-year fixed loans. As a result, the consumers ended up with adjustable rate mortgages that would negatively amortize if they made payments at the stated 3.5% payment rate.What’s “abusive”?The Dodd-Frank Act makes it unlawful for any covered person or service provider to engage in an “abusive act or practice.”1 An abusive act or practice:Materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service orTakes unreasonable advantage of –A lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service;The inability of the consumer to protect its interests in selecting or using a consumer financial product or service; orThe reasonable reliance by the consumer on a covered person to act in the interests of the consumer.What are potential areas for Transaction Testing?Through a high-level assessment of the entity’s products, services, and customer base, identify areas for potential transaction testing. This process should determine whether:The entity does not underwrite a given credit product on the basis of ability to repay.A product’s profitability depends significantly on penalty fees or “back-end” rather than upfront fees.A product has high rates of re-pricing or other changes in terms.A product combines features and terms in a manner that can increase the difficulty of consumer understanding of the overall costs or risks of the product and the potential harm.Penalties are imposed on a customer when he terminates his relationship with the entity.Fees or other costs are imposed on a consumer to obtain information about their account.A product is targeted to particular populations, without appropriate tailoring of marketing, disclosures, and other materials designed to ensure understanding by the consumers.Analyzing ComplaintsAnalysis of consumer complaints may assist in the identification of potential unfair, deceptive, or abusive practices. Examiners should consider the context and reliability of complaints; every complaint does not indicate violation of law. When consumers repeatedly complain about an institution’s product or service, however, examiners should flag the issue for possible further review. Moreover, even a single substantive complaint may raise serious concerns that would warrant further review. Complaints that allege, for example, misleading or false statements, or missing disclosure information, may indicate possible unfair, deceptive, or abusive acts or practices needing review.Another area that could indicate potential unfair, deceptive, or abusive acts or practices is a high volume of charge-backs or refunds for a product or service. While this information is relevant to the consumer complaint analysis, it may not appear in the institution’s complaint recordsAnother source of concern would be ANY complaint from a service or product offered by a THIRD PARTY that alleges: Misrepresentation of any terms or costsEnrolled without consentBenefits were not received, did not justify the expense, were not fully explained, were difficult to obtain.FDIC ENFORCEMENT ACTIONS AND CONSUMER HARMSource: Release, September 29 2014The Federal Deposit Insurance Corporation (FDIC) today announced a settlement with Merrick Bank, South Jordan, Utah, (Bank) for unfair and deceptive practices related to marketing and servicing of credit card "add-on products," in violation of Section 5 of the Federal Trade Commission (FTC) Act.This action results from a review of the Bank's credit card products by the FDIC. As part of the settlement, the Bank stipulated to the issuance of a Consent Order, Order for Restitution, and Order to Pay Civil Money Penalty (collectively, FDIC Order). The FDIC Order requires the Bank to pay a civil money penalty (CMP) of $1.1 million, and restitution of approximately $15 million to harmed consumers. Consumers who are eligible for relief under the settlement are not required to take any action to receive compensation. The Bank marketed the "PAYS Plan," a payment protection credit card add-on product that was sold from 2008 to 2013 to consumers who had a Bank credit card. The PAYS Plan provided a benefit payment towards a consumer's monthly credit card payment following certain life events such as involuntary unemployment, disability, and hospitalization. The FDIC determined that the Bank violated federal law prohibiting unfair and deceptive practices by, among other things:misrepresenting that the PAYS Plan "Monthly Benefit" would equal the consumer's "Minimum Payment Due"; misrepresenting that the PAYS Plan would protect the consumer's credit rating; misrepresenting that PAYS Plan payments would be made automatically;failing to adequately disclose material conditions and restrictions related to the PAYS Plan; failing to adequately disclose the terms and conditions for accessing the PAYS Plan hospitalization benefit; andrequiring permanently disabled consumers to recertify their disabled status each month. Below are some highlights of the consent decree requirementsCorrect Violations of LawBoard & Senior Management OversightCompliance ProgramCompliance OfficerCompliance CommitteeAuditOversight of Third-Party Agreements and ServicesOrder for Restitution which includes how to provide refunds, credit reporting, recordkeeping, independent certified accounting firmOrder to Pay Civil Money PenaltyNotification and Reporting Requirements, Savings ClauseNOTE: This is an ENTIRELY NEW SECTION OF THE FDIC EXAM MANUAL for “Evaluating Consumer Harm Source: II-2.1-2.4 June 2014This is the link, followed by some highlights: is Consumer Harm?CFPB ENFORCEMENT ACTIONSThese are recent enforcement actions from the CFPBCFPB on October 9, 2014, CFPB took action against M&T Bank for deceptively advertising free checking accounts. CFPB – September 29, 2014 -Orders Flagstar to pay $27.5 million to victims and $10 million fineCFPB and OCC – September 25, 2014 order U.S. Bank to pay $48 million for illegal billing practicesCFPB on June 19, 2014 orders GE Capital to pay $225 million for UDAP credit card practicesCFPB SUMMARIES:October 9, 2014 . – Today the Consumer Financial Protection Bureau (CFPB) took action against M&T Bank for deceptively advertising free checking accounts. The CFPB found that M&T lured in consumers with promises of “no strings attached” free checking, without disclosing key eligibility requirements. When consumers failed to meet the requirements, M&T automatically switched them to checking accounts with fees. M&T will provide $2.9 million in refunds to the approximately 59,000 consumers deceived into paying fees and it will pay a $200,000 penalty for the violations.September 29, 2014 – Flagstar Enforcement Action - Today the Consumer Financial Protection Bureau is taking its first enforcement action under the Bureau’s new mortgage servicing rules. We are entering an order against Michigan-based Flagstar Bank for violating those rules by failing borrowers and illegally blocking them from trying to save their homes. Flagstar took excessive time to process borrowers’ applications, did not tell them when their applications were incomplete, denied loan modifications to qualified borrowers, and illegally delayed finalizing permanent loan modifications. These unlawful practices caused many consumers to lose the homes they had been trying to save. That is wrong and it is unacceptable.September 25, 2014— Today, the Consumer Financial Protection Bureau (CFPB) is ordering U.S. Bank to provide an estimated $48 million in relief to consumers harmed by illegal billing practices. U.S. Bank consumers were unfairly charged for certain identity protection and credit monitoring services that they did not receive. These services were sold as “add-on products” for credit cards and other bank products such as mortgage loans and checking accounts. U.S. Bank will pay a $5 million civil money penalty to the CFPB and a $4 million penalty to the Office of the Comptroller of the Currency (OCC)June 19, 2014 - The Consumer Financial Protection Bureau (CFPB) is ordering GE Capital Retail Bank (GE Capital), now known as Synchrony Bank, to provide an estimated $225 million in relief to consumers harmed by illegal and discriminatory credit card practices. GE Capital must refund $56 million to approximately 638,000 consumers who were subjected to deceptive marketing practices. As part of the joint enforcement action by the CFPB and Department of Justice, GE Capital must also provide an additional $169 million to about 108,000 borrowers excluded from debt relief offers because of their national origin. This order represents the federal government’s largest credit card discrimination settlement in history. TO DO:Read the enforcement actions; circulate them to managementAre there any “red flags” that you learned from the actions that could be a problem at YOUR next exam?Have you implemented a process for monitoring complaints?Is there a complete review of new products and services prior to implementation? This review is particularly critical for any third party servicesAre the board minutes documented to reflect that UDAP issues are being discussed?Are the board minutes documented to show that adequate due diligence is being conducting for third party relationships in the initial selection, for contract structure, and for contract renewal and ongoing due diligence regarding complaints and performance?UDAAP PROGRAM AND RISK ASSESSMENT Inherent Risk IndicatorsRisk Sources - Overview:Retail FootprintCustomer demographicsProduct and service offeringsComplexity of products and servicesDelivery channelsStrategic DirectionMarketing strategyNew product and service developmentAdvertisements and solicitationsPricing and profitabilityOperationsGeneralRole of third partiesCompliance with traditional regulationsUnfair, Deceptive or Abusive Acts or Practices (UDAAP) EnvironmentExternal: Supervisory focusInternal: Customer complaints4(b) Internal -- Consumer ComplaintsIs there any pending litigation regarding any of the bank’s product or service offerings?Is there litigation activity concerning products or services similar to what your bank offers?What is the level of consumer complaints related to consumer protection or UDAAP issues by bank, operating subsidiaries, or third parties? Are there specific areas or specific customer demographics within the bank’s retail footprint with higher levels of consumer complaints than other areas? What is the level of complaints as a percentage of product or service volume?Can any bank employee handle and resolve consumer complaints on their own initiative?Quality of UDAAP Risk Management (Risk Controls and Mitigation)Control Sets -- Overview:General: Compliance Management ProgramBoard of Directors and Senior Management OversightCompliance ProgramGeneralPolicies and ProceduresTrainingMonitoring and Corrective ActionCompliance AuditUDAAP SpecificMarketing DisclosuresCustomer serviceVendor managementComplaint responseCustomer friendly featuresControl Set I: Compliance Management Program (2 sub-factors)1(a) Board of Directors and Senior Management OversightHas the board adopted clear consumer protection policies and operating procedures appropriate for the size and complexity of the bank’s operations?Does the board foster a strong consumer protection compliance culture with clear and demonstrated compliance expectations and bank fairness objectives for the bank and third party vendors it uses? Do business line staff and managers understand that “they own” their unit’s consumer protection and “harm to consumers” risks and are responsible for managing it?Does senior management incorporate bank enterprise-wide consumer protection risk and performance reports in their business decisions and ongoing corporate strategies?Is there appropriate communication or reporting across board, senior management, business lines, and compliance groups to enable each to perform their roles and be accountable for their performance? Are there specific consumer protection compliance and “harm to consumers” requirements written into job descriptions of line management and staff, and is the compliance unit consulted to obtain feedback when performance reviews are done or before bonuses or other compensation are paid? Does management respond promptly to consumer protection and UDAAP regulatory examination findings? Are root causes determined for any weaknesses or violations found and are appropriate program changes implemented?Has senior management communicated the importance of compliance and commitment to consumer fairness throughout the organization?Do the board and senior management receive regular and ongoing reports of consumer compliance adherence, including compliance audits?Does the board or a board committee follow up on significant consumer protection issues?Does management have a process in place to anticipate changes in the market, consumer needs, or regulatory requirements?Has the board appointed an appropriately qualified and experienced chief compliance officer to manage its compliance and consumer protection program? (In smaller or less complex entities where staffing is limited, a full-time compliance officer may not be necessary.)Has the board appointed staff and allocated resources to the compliance function commensurate with the size and complexity of its operations and practices, the federal consumer financial laws and regulations to which the entity is subject, and necessary to avoid potential consumer harm associated with violations of such laws and regulations.Has senior management addressed consumer compliance issues and associated risks of “harm to consumers” throughout product development, marketing, and account administration, and through the entity’s handling of consumer complaints and inquiries?Does the board require audit coverage of compliance matters and review the results of periodic compliance audits?Does the board annually review the consumer protection and UDAAP risk management program effectiveness?Does the board incorporate consumer protection and UDAAP requirements in its strategic planning process?1(b) Compliance Program (5 elements) 1(b)(i) Compliance Risk ManagementDoes the compliance department have sufficient authority to carry out its mission, including monitoring, testing, and performing self-assessments?Is compliance sufficiently independent of the business lines?Does the compliance officer have direct access to the board or to any governance units or committees?Are all employees held responsible for compliance and “harm to consumers?”Is the compliance program tailored to the size and complexity of the institution and consistent with adopted board policies related to compliance?Does the program promptly address potential consumer protection or UDAAP issues?Does the program ensure corrective action for all identified system weaknesses and violations reported?Is compliance involvement included throughout the product life cycle?Are telephone and advertising scripts developed with compliance staff involvement and periodically monitored?Does the bank have processes for assimilating legislative and regulatory changes, and are new compliance hot topics being emphasized by regulatory agencies that affect its operations?1(b)(ii) Policies and ProceduresRegarding consumer protection policies, guidelines, or standards: Are they clear and objectively determined? Are they easy to incorporate into daily employee tasks?Do they clearly and objectively guide employee discretion, including for referrals to other products or lending channels? Are they maintained to remain current? Are they amended when exceptions become the norm? Have there been any recent changes? Are changes clearly communicated to all appropriate personnel? Do they incorporate applicable regulatory guidance? Are they designed to detect and prevent violations and other “harm to consumers?”Do policies and procedures cover processes for development and implementation of new consumer financial products, services, or other activities; distribution channels; and strategies to determine the degree of compliance function participation?Are there well-defined standards that can be applied to each consumer product, service, or activity?Are there well-defined parameters for bank staff regarding exceptions to offering products, services, or activities?Do customer files have complete documentation showing the application and transaction history covering loan or deposit products or services requested and provided to the consumer?1(b)(iii) TrainingAre the compliance officer and other bank compliance staff provided training opportunities to stay current with changing regulatory requirements and industry compliance challenges?Does the compliance officer or other compliance staff participate in compliance working groups with other local bank compliance officers or with state association compliance efforts?Is there a regular, ongoing documented compliance training program that covers all staff to ensure all federal rules are followed? Are training courses developed for specific staff audiences and are they compliant with bank policies and procedures? Are review tests used to certify that staff has gained the compliance knowledge necessary to perform their jobs? Does bank staff involved in product and service development and delivery activities have the consumer protection and UDAAP knowledge necessary for their jobs?Are all employees trained to take customer complaints seriously?Is there a formal new hire training program that includes existing employees with new roles?1(b)(iv) Monitoring and Corrective ActionDoes the compliance function sample transactions of relevant product types and decision centers, including sales, processing, underwriting, collections, and servicing to ensure that policies are being followed on a day-to-day basis? Are the following monitored and tracked:Product, service, and servicing activity volume and solutions by customer demographics?Consumer acceptance rates for loan solicitations or pre-screened offers? Policy or procedural exceptions?Call center volume?Recorded telemarketer calls for consistency with product features and compliance with bank policy and regulatory requirements? Advertising reviews? Customer satisfaction with products?Are servicing activities handled in an adequate control environment, including policies and procedures, quality assurance, ongoing monitoring, training, automation and management oversight, billing, call handling, automated dialers, payoffs, lien releases, and payment processing?Has the bank conducted UDAAP mystery shopping?Are UDAAP risk issues reviewed by severity and frequency of occurrence? Are UDAAP control factors reviewed to determine strength?Are follow-up reviews performed for all identified UDAAP issues?Does management monitor the timeliness and accuracy of established consumer protection and UDAAP management information systems?1(b)(v) Compliance Audit Is the compliance audit work performed consistent with the established audit plan and scope?Are the frequency and depth of audit coverage and review appropriate for the size and complexity of the bank and the nature and extent of its activities?Is employee practice in complying with consumer protection compliance consistent with bank policies and procedures and regulatory requirements?Do compliance auditors determine the root causes for operational weaknesses, violations of law, or other deficiencies?Does management take corrective action to follow-up on any identified weaknesses or violations of laws and regulations?Are recommended and corrective actions tracked and follow-up reviews performed to ensure appropriate changes have been implemented?Does the compliance audit scope include a review of potential UDAAP issues?Does the audit assess UDAAP compliance throughout the product or service life cycle?Control Set II: UDAAP Specific Controls (6 sub-factors)2(a) Advertisements and Solicitations:Does the compliance program support the following marketing controls: Bank policy ensures that all marketing materials will be consumer friendlyMessages aren’t misleading All pertinent and asterisked information is in a location where customers can easily locate itThe specific offer dates for a product or service are specifically and clearly notedFor pre-approved offers at a specific rate or at a specific cost, the bank guarantees that customers will get that rate or cost if they applyA significant majority of consumers who accept solicitations for rates ‘up to’ or ‘as low as’ actually obtain the product or service advertisedThe bank can substantiate all claims made, especially in regard to feesIf customers must affirmatively act to cancel a service following any “free trial period” to avoid being billed for it, the bank explains how to do that both at sign up and as the trial period is endingCustomers may close accounts that have been guaranteed without incurring any fees or penaltiesAds do not contain any word play (e.g., “no annual fees.” Instead use monthly fees or credit life insurance)If the bank offers products and services such as insurance, travel services, credit protection, and consumer report update services with a credit product, it is clear whether they are optional or requiredAll marketing pictures are reflective of what customers can expectAll testimonials or endorsements are genuineAny TV or radio advertisement disclosures are placed in a way that customers can reasonably understand all of themContact information is always provided so customers can reach someone if they have questions or complaintsThe bank immediately stop solicitations when a customer requests itThe bank can actually deliver all the features of its products and servicesAdvertising is tracked and monitored to ensure it is not just in media serving specific customer demographics and to ensure that advertisements reflect a diversity of consumersAll persons who review marketing materials also review complaints to ensure they understand the customer’s point of view2(b) DisclosuresDoes the compliance program support the following disclosure controls: Bank policy ensures that disclosures are clearly written and provide customers with the information they need, regardless of whether it is required by regulationAll disclosures clearly and accurately describe terms, benefits, and material limitations, such as limits on interest rates, expiration dates, pre requisites, and cancellation requirements, both affirmatively and by lack of omissionAll fees, penalties, and other charges are disclosed transparentlyAll disclosures are worded in a way that customers can understand (i.e., without jargon and legalese and written at an 8th grade level or below)All disclosures are periodically reviewed to ensure they are current, clear, and transparentComplicated disclosures draw attention to key terms, including limitations and conditionsThe bank clearly states when product or service terms may be changedCustomers are informed before any less favorable rate takes effect2(c) Customer ServiceDo procedures articulate bank expectations on providing consistent and good consumer assistance in daily banking activities?Does the bank ensure customers will obtain the specific product or service that they have requested rather than a more expensive alternative?Does the bank have friendly, consistent, and knowledgeable staff that talks to customers in a way they can understand?Do counter-offers clearly, prominently, and accurately explain the difference between the requested product and the product that is offered?Are employees required to obtain clear and affirmative assent before enrolling customers in a new product or service?2(d) Vendor ManagementIs there a policy in place to ensure that customers are treated fairly by all vendors and brokers? Do all third parties contracts and agreements incorporate consumer protection compliance, employee training, and audit reporting to compliance?Could compensation arrangements or performance evaluation criteria create incentives to treat customers unfairly?Are all vendors vetted to ensure they are legitimate and that their products are useful and of value before offering them to customers?Is there a formal re-approval and risk assessment process to consider third-party performance over the past period (year, quarter, etc.) to ensure that the relationship with the bank and its customers is satisfactory on an overall basis?Are regulatory agency guidelines considered in managing third-party relationships?Does the bank approve all marketing or advertising scripts developed and used by third parties for its products and services?Do third parties use the bank’s name in their advertisements even without an express agreement? Are vendors using the bank’s name or supposed bank letterhead without receiving consent?Does the bank offer or provide compliance training to third party vendors it uses or does the third party otherwise provide compliance training to their staff?Do third parties have a process to receive complaints? Is it clear to customers who to contact with any questions or problems? Are weaknesses in third-party operations corrected promptly?Is it bank policy to discontinue using a third party if the third party is treating customers unfairly?Does the bank perform periodic compliance reviews of the third-party vendors that it uses to provide or service products or services on its behalf?Does the bank monitor third-party compliance with state or federal consumer protection and UDAAP laws and regulations, and its policies or procedures?Does the bank track chargeback rates for its vendors and escalate concerns to senior management when that rate exceeds a certain percentage?2(e) Consumer Complaint ResponseIs there a process to respond to consumer complaints in a timely manner and determine whether consumer complaints raise potential UDAAP concerns?Are customer concerns or questions about their experiences with bank products, services, activities, or custom service recorded and evaluated by management for UDAAP red flags?Are consumer complaints and inquiries defined and differentiated and is staff knowledgeable about the differences? Are they handled differently?Does complaint staff have the ability to escalate issues of concern to management apart from normal complaint monitoring and reporting processes? Are these efforts documented and reviewed for resolution? Are UDAAP complaints and outcomes tracked to ensure that bank staff is adhering to bank policies and procedures, following regulatory requirements, and treating customers consistent with bank customer service standards?Are complaints assessed for the following: Information that may result in changes to products, services, marketing activities, policies, procedures, or customer service standards to reduce issues? Regulatory concerns that could result in violations of law or regulations such as discouraging applicants, discriminatory practices, unfair and deceptive acts and practices, or abusive or predatory practices?Is feedback from consumer response programs shared with managers so they can correct staff mistakes?Does management monitor complaints for response back to the customer and provide appropriate resolution as possible?Is social media monitored for consumer statements regarding your bank, subsidiaries, or third-party vendors?Are remedies implemented to resolve consumer complaint root causes?Are processes for customer appeals readily available, consistently provided, and clearly explained? Are complaints and inquiries categorized by type?Are there enough employees responding to complaints so that customers will receive a timely response?Is there a policy to ensure that complaints will be escalated to the appropriate level of management?Are similar complaints or inquiries aggregated to see if there are systemic problems or the potential for violating the law?2(f) Customer Friendly FeaturesDoes the compliance program support the following product controls: LoansApplication ProcessingLoan applications are straightforward, easy to understand, and requests only personal and creditworthiness information relevant to the credit productIf it will cost customers to apply for a loan, it is clear what those fees will be before the application processThe following loan features are fully explained to customers:Negative amortizationBalloon paymentsAll loan costsUnderwritingAll requests for information are clearCustomers receive clear communication through the process so that they know what to expectCustomers receive clear and un-contradictory information about closing costsUnderwriting relies on ability to repay rather than collateral value Bank employees work consistently with all customers who have a low credit score or problems identified in their credit bureau that can be explainedMarginal applicants that could be approved receive the same treatment as other more qualified applicantsClosingCustomers receive all disclosure documentation in advance of their closing date Bank employees are available to answer any questions that a customer may haveServicingPayments are promptly postedThe bank reports good payment history to the credit bureau, including for both joint applicantsThe bank explains how it applies monthly payments and any fees or penalties It is simple and clear for customers to determine their account balanceIt is simple and clear to obtain a payoff amountCollectionsNothing the bank does could be perceived as harassingCollections practices are clearly spelled out such that customers will be treated objectively and consistently Credit CardsThe amount of usable credit customers can expect is clearly spelled outFees and charges are low enough that customers have available credit on their cardsAvailable credit is verified before any convenience checks are mailedCustomers can rely on the “please pay by date” to make timely paymentsThe bank clearly explains what will happen if customers pay the minimum amount or less than the minimum amountSecured Credit CardsWhen customers obtain a secured credit card, they have access to the majority of their credit lineThe bank’s secured card program provides customers with an opportunity to “graduate” to a higher credit line—and, eventually, to an unsecured card—through incremental credit line increases when they repay the cardSince the credit card is cash-secured, the interest rate is reasonably lower than an unsecured cardThe bank avoids marketing with terms like “refundable account holds”MortgagesIf refinances are a large part of the bank’s portfolio, the customers are receiving a benefitLending personnel regularly explain how to reduce the interest rate with pointsIf ‘no closing costs’ are advertised, then no closing costs are chargedCredit InsuranceIf there are upfront fees for this product, then all benefits and downsides are explained before signing the customer up for itIt is clear whether this product is included with a loan or required to obtain oneIf customers must pay in advance for credit insurance, any unearned amounts are refunded if the customer pre-pays their loanPayday LoansThe bank sets limits to prevent customers from getting into a cycle of debtCustomers may cancel payday loan transactions within one dayThe bank can explain all the costs and fees associated with this product before selling it and provides customers with a way to compare the fees with other similar productsTax Refund LoanThe product is marketed as a loan rather than as an advance of a tax refundAll costs are explained before a sail of this productDepositsAccount OpeningDeposit products are explained in a simple and straightforward mannerThe costs of each product are explained clearly and in a way that allows customers to reasonably compare productsAll fees and penalties are clearly explained before they could be chargedAccount MaintenanceAll fees and penalties that apply in customer periodic statements are clearly labeledOverdraftsMore than one overdraft is product availableThe bank is clear about when it will charge fees and when it will pay overdraftsThe bank is clear about what it guarantees with regard to overdraftsThe bank clearly and neutrally explains the consequences of opting in to overdraft protection, including what transactions will be covered The bank clearly informs customers when terms are changingThe bank does not advertise an account as “free” if there could be overdraft chargesGift CardsThe bank is clear about any charges before a customer obtains a gift card including any monthly maintenance, dormancy, or usage feeThe bank explains what will happen if a card is lost or stolen and who to call if this happensThe bank explains what can happen if the card is used at gas stations, hotels, restaurants, or other locations that may seek payment authorizationThe bank explains when it may or may not authorize payments on a gift cardThe bank explains how customers can redeem de minimis balancesCustomers understand how to obtain balance informationUDAAP IssuesNEW STANDARD OF ABUSIVE IN UDAAPSection 1031 of Title X of the Dodd Frank Act gives the CFPB broad powers to issue rules for consumer protection. These powers allow the CFPB to:Consider the costs and benefits to consumers and covered persons (including financial institutions)Issue rules that prohibit “unfair, deceptive, or abusive acts or practices or UDAAPThe CFPB has the power to issue civil investigation demands, conduct joint investigations (including investigations with HUD and/or DOJ for Fair Lending), issue subpoenas, conduct hearings and begin civil actions for violations of federal consumer protection laws and regulations. POTENTIAL IMPACTS: There is a possibility that certain types of fees could be prohibited or restricted if a financial institution has taken “unreasonable advantage” of the consumer. A financial institution’s product choices could be significantly modified.POTENTIAL COSTS: The CFPB will have the authority to levy civil money penalties of $1million per day or more, to order restitution, rescind contracts, order the surrender of profits and gains deemed to be unjust enrichment, order public notices and other actions.There is a three year statute of limitations for the CFPB from the discovery of a violation, but no private right of actionThe new standards under the Dodd-Frank Title X creates the standard of “abusive” practices in Section 1036 and give the CFPB the power of enforcement in Section 1031. The CFPB can declare an act or practice abusive if it:Materially interferes with the ability of the consumer to understand a term or condition of a consumer financial product or service, orTakes unreasonable advantage of a lack of understanding on the part of the of the consumer of the material risks, costs, or conditions of the product or servicethe inability of the consumer to protect his or her interests in selecting or using the financial product or servicethe reasonable reliance by the consumer on a covered person to act in the interests of the consumer.WHAT IS MATERIAL INTERFERENCE?This concept focuses on the consumer ability to fully understand a term or condition of a product or service which heightens the importance of meaningful disclosures. Can a consumer clearly understand the representations in the advertising and disclosures to make an educated decision?(Think of how you feel when trying to read a new regulation and understand it – clear as mud?)There are some obvious roadblocks to a consumer being able to gain a clear understanding if a product has multiple features and some may be more meaningful to a consumer than other features. If a product frequently changes terms it will be difficult to meet the standard of material interference unless the disclosures are extremely clear and succinct.While bankers are encouraged to rely on the model disclosures, these may not be adequate for complex products and satisfy the “new normal” of UDAAP.WHAT IS TAKING UNREASONABLE ADVANTAGE?This concept is similar to the second standard of deceptive practices because it focuses on the consumer’s perception and considers the level of sophistication of the target audience. Simply offering complex products to consumers who have limited financial experience is an example of abuse.This concept is limited to the marketing and disclosure process. A consumer can fall prey to unreasonable advantage if the overuse a service that generates excessive fee income for the financial institution. The “poster child” of this concept is the OVERDRAFT product scrutiny that has been a particular focus of the FDIC. The FDIC suggests that when “a customer overdraws his or her account on more than six occasions where a fee is charged in a rolling twelve-month period [the institution is to] undertake meaningful and effective follow-up action.” While it may not be abusive ‘per se to fail to take this follow-up action, it’s not a stretch to imagine that the CFPB will issue ODP rules that make this failure an abusive act and violation of law.WHAT IS UNFAIR, DECEPTIVE OR ABUSIVE?What’s “unfair”?Refusing to release lien after consumer makes final payment on a mortgage. The FTC brought an enforcement action against a mortgage company based on allegations, described below, that repeatedly failed to release liens after consumers fully paid the amount due on their mortgages.Substantial injury. Consumer’s sustained economic injury when the mortgage servicer did not release the liens on their properties after the consumers had repaid the total amount due on the mortgages.Not outweighed by benefits. Countervailing benefits to competition or consumers did not result from the servicer’s alleged failure to appropriately service the mortgage loan and release the lien promptly.Not reasonably avoidable. Consumers had no way to know in advance of obtaining the loan that the mortgage servicer would not release the lien after full payment. Moreover, consumers generally cannot avoid the harm caused by an improper practice of a mortgage servicer because the servicer is chosen by the owner of the loan, not the borrower. Thus, consumers cannot choose their loan servicer and cannot change loan servicers when they are dissatisfied with the quality of the loan servicing.What’s “deceptive”?Inadequate disclosure of material lease terms in television advertising. The FTC brought actions against vehicle leasing companies alleging that their television advertisements represented that consumers could lease vehicles for “$0 down” when advertising a monthly lease payment. However, the FTC alleged that the “blur” of “unreadable fine print” that flashed on the screen at the end of the advertisement disclosed costs of at least $1,000. The settlements prohibited the vehicle leasing companies from misrepresenting the amount consumers must pay when signing the lease.In addition, the FTC required that if the companies make any representation about the amounts due at lease signing, or that there is “no down payment,” the companies must make an equally prominent (readable and audible) disclosure of the total amount of all fees due when consumers sign the lease.Representation or omission likely to mislead: The television advertisements featured prominent statements of “no money down” or “$0 down” at lease signing. The advertisement also contained, at the bottom of the screen, a “blur” of small print in which disclosures of various costs required by Regulation M (the Consumer Leasing Act) were made. The FTC alleged that the disclosures were inadequate because they were not clear, prominent, or audible to consumers.Reasonable consumer perspective. A reasonable consumer would believe that he did not have to put any money down and that all he owed was the regular monthly payment.Material representation. The stated “no money down” or “$0 down” plus the low monthly lease payment were material representations to consumers. The fact that the additional, material costs were disclosed at signing of the lease did not cure the deceptive failure to disclose in the television advertising, the FTC claimed.This part of the definition is critical to understanding the new standard because an act or practice can be considered abusive (defined in Section 1031(d)) if it takes unreasonable advantage of the consumer. The unreasonable advantage is based on:a lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service;the inability of the consumer to protect the interests of the consumer in selecting or using a consumer financial product or service; orThe “reasonable reliance by the consumer on a covered person to act in the interests of the consumer.(NOTE: a covered person is the bank or financial institution)What does it mean to take “unreasonable advantage of a consumer? It’s anticipated that the interpretation of “taking unreasonable advantage” will be linked to the second part of a deceptive practice that considers the target market or target audience’s interpretation of information.This standard isn’t confined to the disclosure process but takes into account the level of sophistication of a consumer. A financial institution may be viewed as taking “unreasonable advantage” when they fail to prevent a consumer from the overuse of a service that generates significant fee income. (The recent focus, enforcement activity and guidance on ODP products are evidence of this stance). The FDIC guidance to “undertake meaningful and effective follow-up action” when a consumer exceeds the six overdraft limit in a rolling twelve-month period is a clear directive of the agency’s stance on monitoring for abusive acts and practices. It’s not hard to imagine a series of rules that the CFPB may draft to declare the failure of effective monitoring as an abusive practice a clear violation of law and subject to fines. Will this mean that profitability will be the “cost” of consumer protection? At a minimum, an institution must have increased vigilance about providing clear disclosures and avoiding “steering” customers to inappropriate products or services when a suitable product that is more economical is available. If a consumer selects a more costly product it will critical to document that all the alternatives were presented and the consumer selected a more expensive option. It remains to be seen if the financial institution will have an adequate defense in these cases.UDAAP COMPLIANCE RECOMMENDATIONSThe following are some possible proactive steps to help manage UDAP or UDAAP compliance in 2013-2014. Review consumer complaints. Develop a complaint policy and monitor complaints. Look for any trends that could be considered unfair, deceptive, or abusive. WOULD YOU SELL THIS TO YOUR GRANMOTHER? Are the terms and conditions clear? Is the product useful and beneficial to the consumer? (See the Consumer Complaint Section for more information and a sample policy/procedure) If you receive complaints that have these phrases make sure that the complaints receive a top priority for resolution:It was misleadingIt was unfairIt’s not what I expectedI didn’t get what was advertisedI didn’t get what the financial institution employee told me I’d receiveIt was more expensive than I expected it to beI don’t understand all the charges and feesNo one listened to my complaintI couldn’t find anyone to talk to about my problemEvaluate your income streams. If a consumer is overusing a product or service (think ODP), and the financial institution is receiving high fee income the regulators will not find that it’s “in the best interest of the consumer”. Look at the suitability of products for your consumers. The concept of suitability should be part of the compliance oversight function. Public policy is putting more emphasis on the accountability of financial institutions and less emphasis on consumer responsibility. Understand the target audience for your institution’s products and services. Can you quantify their level of education, sophistication about financial products, risk tolerance, net worth, and long-range financial needs? How will you document the choices presented to consumers and their rationale for making informed choices? Pay particular attention to products and services that are targeted to low-income groups and those who have experienced financial hardships, the elderly and non-English speaking groups.Potential targets for the CFPB may include these items:Credit card add-on products increase potential UDAAP risk. These products should be subject to additional monitoring & auditing.Vendor Management is a target for regulatory scrutiny. Make sure adequate controls & oversight are in place..Overdrafts remain a high UDAAP risk. Regulators have provided some guidance, particularly the FDIC. Monitor the fees, especially for vulnerable customers. Review all pricing practices. Consumer ComplaintsCONSUMER COMPLAINTS ON THE REGULATOR WEBSITESAll the regulators have added substantial sections to their websites to help consumers file various types of complaints, including fair lending complaints. This page is from the OCC website. COMPLAINT PROJECT AND ENFORCEMENT ACTIONSThe CFPB submitted an semi-annual report to Congress for 2013 on March 31, 2014. Here are a few of the comments about the complaint project that were found in prior reports and the most recent 39 page “Consumer Response Annual Report”.Here’s a link: has an Office of Consumer Response, they have received over 175,000 consumer complaintsIn July 2013 the CFPB added debt collection complaints to the range of products and Payday loans on November 6, 2013Complaint process is explained on pages 10The CFPB has received 309,700 consumer complaints since the agency began accepting complaints on July 21, 2011 SNAPSHOT OF COMPLAINT PROCESSPROCESSCOMPLAINTS BY PRODUCTFrom January 1, 2013 and December 31, the CFPB received 163,700 consumer complaints. Here’s a snapshot:Types of Mortgage ComplaintsPage 17 – Types of Debt Collection ComplaintsPage 20 – Types of Credit Reporting ComplaintsSub-issuesIn addition to actions by the regulators, there have been civil lawsuits regarding the accuracy of credit reports. On January 29, 2014 a federal judge today reduced the $18.6 million a jury had awarded an Oregon woman who spent years battling with Equifax down to $1.62 million.Atlanta-based Equifax had appealed the jury’s bountiful award in December, asking the judge to vastly reduce the punitive damages so they would match the $180,000 the plaintiff had received in compensatory damages.The court concludes Equifax engaged in reprehensible conduct that caused real harm to Miller.The original amount, which totaled $18.6 million with punitive and compensatory damages combined, was handed down in late July and was considered one of the largest granted to a consumer in a case against one of the nation's major credit bureaus. U.S. District Court Judge Anna J. Brown’s order today wasn’t surprising as courts have generally been moving toward punitive damages within a single-digit ratio of what was awarded in compensatory damages.“We were expecting a reduction but we are disappointed by the result,” said Justin Baxter of the Portland firm Baxter & Baxter who represented plaintiff Julie Miller. He added it’s “unclear at this point” what the firm’s next move will be.Still, Judge Brown’s order pointed out that her reduction still represented “the highest single-digit ratio accepted within constitutional limits” at 9-to-1.“The court concludes Equifax engaged in reprehensible conduct that caused real harm to Miller,” Judge Brown wrote. “Equifax should be punished financially for that wrongful conduct; and the amount of the punitive-damages award, although within constitutional limits, nevertheless, should be enough to deter Equifax and others similarly situated from repeating this type of conduct in the future.”In her lawsuit, Miller had shared how she had attempted to contact Equifax eight times between 2009 and 2011 in an effort to correct inaccuracies, including erroneous accounts and collection attempts, as well as a wrong Social Security number and birthday. Yet over and over, the lawsuit had alleged, the credit reporting agency failed to correct its mistakes.The company’s lack of action not only hurt Miller’s credit report, her lawyers had asserted, but also had more personal and emotional effects. Miller’s brother is disabled and couldn’t get credit on his own. Miller wanted to help him, her lawyers had said, but couldn't because of the damage done by Equifax's mistakes and its lack of response to her complaints.SAMPLE COMPLAINT POLICYIn addition to a normally scheduled exam, it’s possible for examiners to contact the financial institution for an investigation. Investigations are conducted primarily to follow-up on particular consumer inquiries or complaints, including fair lending complaints. The investigation of consumer complaints has become an INCREASED FOCUS for all regulators and is a central concern of the new Consumer Financial Protection Bureau (CFPB) under Dodd Frank. Additional discussion is included in the Fair Lending section.It’s a prudent practice to have a complaint policy so that all employees understand the difference between Mrs. Jones complaining that the free coffee was cold or implying that she was denied credit on a prohibited basis or that a disputed transaction wasn’t handled within the allowed time limits. Employees should also understand that the bank is required to place comments or complaints about the bank’s CRA performance in the Public File. Any complaint that contains these phrases should receive immediate attention:I experienced unfair treatmentI experienced discriminationI experienced these issues regarding a product or service:It was misleadingIt was unfairIt’s not what I expectedI didn’t get what was advertisedI didn’t get what the financial institution employee told me I’d receiveIt was more expensive than I expected it to beI don’t understand all the charges and feesNo one listened to my complaintI couldn’t find anyone to answer questions about my problemAny complaint that states a law or regulation was not followed.SAMPLE COMPLAINT AND INQUIRY POLICY ANYBANKSubject: Complaints and InquiresItem Number: CP-106Effective Date: 04-01-13Revision Date: 04-01-13Page Number: I. PURPOSEThis is to establish a formal and centralized system of response to complaints and inquiries (C&I) which may have compliance consequences. Regulations E and Z establish required procedures for debit and credit card disputed or unauthorized transactions. This policy and the procedures are not intended to apply to the Reg E and Reg Z disputes which have already been established. The Community Reinvestment Act (CRA) requires pertinent documents to be placed in the bank's Public File. The bank’s Fair Lending Policy requires immediate attention to any allegations of discrimination or violations of the ECOA (Equal Credit Opportunity Act), the Fair Housing Act (FHA) and related consumer protection laws. Any complaints regarding UDAAP (Unfair, Deceptive or Abusive acts and Practices) will require immediate investigation and notification to Senior Management. The Real Estate Settlement and Procedures Act (RESPA) have established requirements for handling complaints pertaining to mortgage servicing. The FACT ACT data integrity rules require that the bank responds to inquiries about incorrect information that may have been reported to a credit reporting agency. The following will all but ensure that time constraints are adhered to and that the cause of a problem is sought and corrected. As an internal control, the inquiry will be handled by someone other than the person involved in the area of the inquiry. Managed through one central point, any frequency, pattern and practice of C&I's can be monitored and responses will be consistent.Management will be informed immediately of any complaint or inquiry that alleges a violation of law or act of discrimination. This type of complaint requires immediate action.DEFINITION OF A “COMPLAINT” AT OUR FINANCIAL INSTITUTION:‘Any expression of dissatisfaction, whether oral or written, and whether justified or not, from or on behalf of an eligible complainant about the financial institution’s provision of, or failure to provide, a financial service or product’.II. STATEMENT OF POLICYWe will adhere to C&I procedures prescribed by regulations. When not prescribed, we will use our resources to investigate and satisfy all C&I's in as timely a manner as possible. All complaints and inquiries regarding compliance and regulatory issues will be sent through one central point either after it is resolved or for the resolution process. The Bank President has the option of resolving the complaint and notifying the Compliance Officer or of having him/her handle the resolution. Because the Compliance Officer maintains the CRA file and oversees the compliance audits, (s)he will be the repository for all C&I correspondence. The officer handling the C&I will direct it to areas of responsibility and insure that proper individuals are involved in the resolution, that it is timely and that the source of the problem is examined and corrected.III. PROCEDUREA.All employees will be advised in routine training that C&I's will be handled only by specific persons. Types of C&I's will be explained so as to avoid needlessly directing complaints not deemed significant or compliance related through these persons.B.C&I's received in a department will be date stamped for verification of receipt. They will immediately be sent to the Compliance Officer for handling or a copy will be sent with a notation of the original complaint’s routing for resolution, with the approval of the Compliance Officer. If any delay is anticipated in forwarding the C&I, a telephone call to the Compliance Officer should be made so as to inform him/her of the C&I.C.The Compliance Officer will review the inquiry to determine:? the customer's name, address, telephone number and account number(s)?the nature of the complaint? if a regulation requires a specific response time? whether it was directed to or came from a regulatory body (which automatically requires notification to the President of that center)? required research? resolution requested by the customer?if legal counsel should be involved due to potential liability/litigation? whether it is transactional or operational in nature(An example of a transactional complaint is a customer who writes to complain that we reported their credit in error. An operational complaint is a customer who says we paid them a lower than published interest rate on a savings account.)D.The Compliance Officer will establish an internal time frame for a response considering the following:?research?minimum time frames established by regulation? if needed, review by management and/or counselE.The reviewer (and management or counsel, if involved) will determine if a verbal, written or combination response is required.? Written responses will be composed as though they will be read in court or by a regulator.? Responses should be stand alone documents summarizing the facts or circumstances of the inquiry, our investigation and resolution.? Verbal responses are less desirable than written. If a response is verbal, it should be completely documented and notes retained with the original complaint. A follow-up letter may be advised.? If more information is required, the reply should be sent back to the compliance officer.F.The Compliance Officer will determine if this problem could recur. If so, additional internal controls will be developed along with appropriate training. Any corrective actions will be documented and reported to the Board of Directors. G.The Compliance Officer will insure that all C&I's and responses are retained in accordance with applicable procedures and are properly maintained, such as in the CRA Public File. A central file will be maintained for regulatory review. See the Appendix on the last page of the policy for a tracking PLAINT AND INQUIRY LOGDATE OF C&ICUSTOMER NAME AND INFONATURE OF C&IDETERMINATION AND CORRECTIVE ACTION REQUIREDDATE COMPLETEDCOMPLAINT TRACKING FORMDate Complaint Received:___/__/___Complaint was given to:Date Complaint was given to managementCustomer NameCustomer AddressCustomer Contact informationCustomer Account HistoryComplaint was written; see copyComplaint was oral, see summaryComplaint was on social media, see copyCustomer requested informationCustomer requested refundCustomer requested apologyDid customer make any of these claims? EXPLAINThe information I received was misleadingIt was unfairIt’s not what I expectedI didn’t get what was advertisedI didn’t get what the bank employee told me I’d receiveIt was more expensive than I expected it to beI don’t understand all the charges and feesNo one listened to my complaintI couldn’t find anyone to answer questions about my problemI experienced discriminatory practicesI had a problem with making payments and didn’t receive helpI didn’t get approved for a loan/renewal/increaseMy payment wasn’t credited properlyMy interest rate was increased in errorI was charged late fees, service fees in errorI didn’t receive disclosures, agreements, statementsMy funds weren’t available as expectedMy debit card was declinedMy balance transfer wasn’t processedMy dispute wasn’t processedI had a problem with online banking/ATM/wire/bill payI had problems with overdrafts/bounced checksI had a problem with my credit report informationI was harassed by the collectorMy property was repossessed in errorI’ve contacted an attorneyI’ve filed a complaint with a government agencyDid the complaint involve a particular product or service; what was it?Did the complaint involve a product or service offered by a vendor?Did the complaint involve an employee who is not longer with the bank?Does the complaint involve the Community Reinvestment Act?URGENT – REPORT any claims of discrimination to your supervisor immediately!Did the complaint involve potential SAR activity?Summary of oral complaint or additional informationEMPLOYEE NAMESignatureE-mailCOMPLIANCE REVIEW COMMENTS:Referred to Legal Counsel: UDAP AND UDAAP ResourcesFIVE LESSONS LEARNED FROM UDAAP VIOLATIONS Almost a year to the date that the Consumer Financial Protection Bureau became an active federal regulatory agency, it issued its first enforcement action against a financial institution. That action was followed by two more consent agreements issued within the next 90 days. These enforcement actions were significant in a couple of ways. First, the size of the penalties and required reimbursements were larger than nearly any other consumer-protection-related actions issued in the past. Second, at their core, all three actions are based primarily on UDAAP issues, i.e., Unfair, Deceptive or Abusive Acts or Practices--although the "abusive" standard is not specifically mentioned in any of them. Most of the practices and products called into question in have been in use by financial institutions for quite a while. Note that none of the institutions that were the subject of these orders admitted any wrongdoing. A careful review of these consent orders yields lessons to be learned and action steps to be taken to avoid UDAAP issues. Although it's early in the life of the Bureau, and more enforcement actions are undoubtedly on the way, there are five key points for compliance officers and executive leadership to understand: 1. Marketing and sales practices are especially prone to UDAAP violations. Much of the alleged wrongdoing described in these enforcement actions involved sales practices and marketing strategies. If a consumer is "deceived" in the purchase of a financial product, that's the stage where it will likely occur. These areas are high risk for UDAAP problems and need strong risk-management controls. For example, outbound telephone marketing calls specifically came under fire in two of the orders. Criticism centered on allegations that the bank's agent did not fully explain the product nor highlight the required disclosures. Specific advertising was called out as being deceptive by promising more than would be delivered. It is critical in all cases to surround an institution's marketing strategy and sales practices with effective and proactive controls. Every institution should subject its marketing strategy to a compliance review periodically, and especially every time a material change is made. These reviews should focus on UDAAP--specifically on the fairness and transparency of the marketing philosophy, strategy, and practices. A best practice is to have Compliance represented in the room as the marketing strategy is being formulated and as advertising pieces are being created. Having Compliance sign off at the end of the process is no longer considered adequate. In addition, Compliance and legal should review advertising copy every time--even if the same ad has been approved in the past. Overkill? No--the regulatory environment is so volatile that no one can count on the language being acceptable today just because it passed muster yesterday. Sales practices should have UDAAP risk management controls that are commensurate with their risk. Selling bank products and services in a branch environment in response to consumer inquiries or posting sales information on the bank's internet site are fairly low risk methods. However, even in these cases, branch personnel need training specific to the products and services being sold and they need UDAAP training so they know what "deceptive" behavior looks like. 2. Formal UDAAP compliance programs are necessary. Traditionally banks have not maintained formal UDAP nor UDAAP compliance programs; however, they are now necessary. Simply tacking UDAAP onto a list of regulations the bank monitors, and hoping that the bank stays out of trouble, won't suffice. Unfair, deceptive, or abusive practices cannot be easily avoided like technical compliance errors. (UDAP--Unfair or Deceptive Acts and Practices--was expanded into UDAAP by the Dodd-Frank Act.) UDAAP compliance requires strategic and proactive planning and thoughtful structuring of compliance resources. UDAAP applies broadly throughout the bank--throughout the life cycle of every product and service offered or sold to consumers. Building an effective program requires collaboration between Compliance and the lines of business. No one can manage UDAAP compliance alone. It takes a team of marketing, compliance, risk management, and lines of business leadership to effectively build and sustain a fairness program. Bank executive leadership must provide an effective tone at the top in order to effectively influence the bank's culture for customer fairness in a positive way.3. Comprehensive complaint management programs are no longer optional. Clearly consumer complaints are the primary channel the regulatory agencies have used to find the most egregious UDAAP problems. In most situations if regulators find a UDAAP problem, the bank has received complaints on the product or practice. Complaints are the "canary in the coal mine" for UDAAP violations. An institution that does not have a comprehensive, first-rate complaint management program is literally flying blind to potential UDAAP risks. In the Dodd-Frank era, this is not optional--not for banks that want to find potential UDAAP issues before examiners do. Complaint management is more than just resolving complaints that are escalated to the bank president, the bank's regulatory agency, the state attorney general, or the Better Business Bureau. A good compliance management system clearly defines what a "complaint" is so that everyone in the institution has a clear understanding of which customer communications comprise complaints. Complaint data should be gathered and documented from the lowest level (including oral complaints) and root cause analysis must be conducted on high-risk complaints to determine their cause--especially those related to fairness. The businesses, marketing, or operational areas must be held accountable to fix problems once the root cause is identified.4. Internal Audit must officially include UDAAP in its scope. Each of CFPB's enforcement actions mentions Internal Audit and its role in UDAAP risk management. Such auditing has, in the past, been limited to technical compliance--such as Regulation AA compliance. Auditing for "fairness" is much harder--but it has become necessary. Regulatory agencies will consider internal audit functions to be deficient if they omit UDAAP from their compliance audits. UDAAP compliance must be treated like any other high-risk area and included in internal audit testing plans and schedules. UDAAP auditing presents special challenges. First, UDAAP audits are hard to scope. Because UDAAP laws cover the entire bank, there is much to choose from. Scoping the audit requires knowledge of the institution, including its products and services and its compliance history. Second, the number of audit hours that can be assigned to UDAAP auditing must be sufficient to the task--but, realistically, no one can audit the entire organization for UDAAP every year. Effective UDAAP auditing takes a great deal of thoughtful planning, assessing risks, assigning resources. ?How do you get it right? Internal audit teams can approach a UDAAP audit in a number of ways. The audit could encompass just high risk areas--such as mortgage servicing, or credit card add-on products. Alternatively, it could focus on the entire life cycle of a product or service. For example, if the audit scope was consumer loans, the lifecycle audit would start with the marketing and solicitation of consumer loans, and then the rest of the stages, including the application, underwriting, closing, servicing, and collections. Another challenge with UDAAP auditing is that the UDAAP issues are quite subjective. Auditors must walk a line between independence and the need to be careful not to make too many subjective judgments and unnecessarily provide a roadmap for the bank's regulators in targeting issues to criticize. The audit questions must be carefully written to make sure that they are objective and include only well settled concepts of fairness and transparency. 5. Third-party management is essential to effective UDAAP compliance. The actions of third parties played a large role in the CFPB enforcement actions. Third parties often manage consumer products and services, from telemarketing and fulfillment to collections. Third-party contractors who interface with consumers will be treated like the bank for UDAAP purposes by regulators. Therefore, the same level of risk controls used at the bank should be applied by the bank to third parties that have contact with the bank's consumer customers. In order to protect itself the bank must conduct effective due diligence before engaging a third party. Reviewing policies and procedures, contacting references, requiring proof of insurance, determining how training is delivered, and how incentives are structured all play a role in determining if the third party will put a premium on treating the customer fairly and transparently. Once the relationship is established, monitoring the behavior and practices of the third party is necessary. The contract with the third party should allow the bank to cancel if any unfair or deceptive behavior is noted. Complaints sent to the bank or the third party should be monitored as part of the bank's complaint management program.FDIC GUIDANCE AND EXAM CHECKLISTSFDIC IssuancesFDIC Supervisory Insights, Winter 2008, Vol. 5, Issue 2, From the Examiner’s Desk existence of Unfair and Deceptive Acts and Practices (UDAPs) is not always obvious, which makes compliance and compliance supervision particularly challenging. Each violation determination is based on a careful consideration of the specific facts of each case. This article reviews and analyzes examples of UDAP issues that were the subject of the FDIC's examination-consultation process during a recent 18-month period. It also shares the methodology used by FDIC staff as they perform the sometimes difficult compliance analyses required under Section 5 of the Federal Trade Commission ActFDIC Supervisory Insights, Winter 2006, Vol. 3, Issue 2, Chasing the Asterisk: A Field Guide to Caveats, Exceptions, Material Misrepresentations, and Other Unfair or Deceptive Acts or Practices the vast majority of FDIC-supervised institutions adhere to a high level of professional conduct, the FDIC has seen an increase in violations of Section 5 of the Federal Trade Commission Act (FTC Act), which prohibits unfair or deceptive practices in or affecting commerce. The Act applies to all aspects of financial products and services, and this increase in violations may be the result of increased competition among financial institutions, along with a growing dependence on fee income, expansion into the subprime market, and the increase in the number of products with complex structures and pricing. This article outlines how examiners identify and address acts or practices that may violate the prohibition against unfair or deceptive acts or practices, and it provides information to help financial institutions assess their products and services and develop a plan to avoid violations of Section 5 of the FTC ActFDIC and Federal Reserve Board Attachment: Unfair or Deceptive Acts or Practices by State-Chartered Banks March 11, 2004 Specifically, the guidance explains: the standards used to assess whether an act or practice is unfair or deceptive; the interplay between the FTC Act and other consumer protection statutes; and guidelines for managing risks related to unfair and deceptive practices Guidance on Unfair or Deceptive Acts or Practices, FIL-57-2002: Unfair or Deceptive Acts or Practices: Applicability of the Federal Trade Commission Act Unfair or Deceptive Acts or Practices, March 11, 2004, FIL-26-2004, Third Party Risk: Guidance on ODP, FIL-11-2005 Overdraft Protection Programs Joint Agency Guidance, FIL-81-2010: Overdraft Payment Programs and Consumer Protection: Final Overdraft Payment Supervisory Guidance Overdraft Payment Program Supervisory Guidance Frequently Asked Questions Compliance Exam Manual (There were many UPDATES in 2014) (See the NEW SECTION on CONSUMER HARM added in June 2014), including the section VII on ABUSIVE PRACTICES, updated June 2014IICompliance Examinations?II-1.1Overview of Compliance Examinations06/2014?II-2.1Evaluating Consumer Harm06/2014VIIAbusive Practices ?VII-1.1Federal Trade Commission Act, Section 5 Unfair or Deceptive Acts or Practices06/2014?VII-2.1FTC Rule - Preservation of Claims and Defenses05/2014?VII-3.1Fair Debt Collection Practices01/2014?VII-4.1Third Party Risk01/2014FDIC RISK ASSESSMENT FOR UDAPFDIC EXAMINER QUESTIONS FOR UDAPCFPB AND FTC RESOURCESThis is a link to the CFPB section on UDAAP. CFPB “narrative” includes an introduction to UDAAP and their examination procedures. FTC (Federal Trade Commission) FTC Policy Statement on Deception FTC Policy Statement on Unfairness FTC’s Dot Com Disclosures: Information about online advertising FTC Advertising Guidance INTERAGENCY GUIDANCE UNFAIR OR DECEPTIVE CREDIT PRACTICESThis is the link: FDIC, the Board of Governors of the Federal Reserve System (Board), the Consumer Financial Protection Bureau (CFPB), the National Credit Union Administration (NCUA), and the Office of the Comptroller of the Currency (OCC) (collectively, the Agencies) are issuing guidance regarding certain consumer credit practices. The authority to issue credit practices rules for banks, savings associations, and federal credit unions was repealed as a consequence of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act); however, institutions should not construe the repeal to indicate that the unfair or deceptive practices described in these former regulations are permissible. These practices remain subject to Section 5 of the Federal Trade Commission (FTC) Act.Statement of Applicability to Institutions Under $1 Billion in Total Assets: This Financial Institution Letter applies to all FDIC-supervised financial institutions.Highlights:The Agencies' credit practices rules generally prohibited (1) the use of certain provisions in consumer credit contracts, (2) the misrepresentation of the nature or extent of cosigner liability, and (3) the pyramiding of late fees.In 2010, the Dodd-Frank Act repealed the rulemaking authority of the Board, the NCUA, and the Office of Thrift Supervision (formerly the Federal Home Loan Bank Board) under the FTC Act (the FDIC had no such rulemaking authority). As such, the specific credit practices rule once applicable to FDIC-supervised institutions no longer exists.The credit practices described in these former regulations remain subject to Section 5 of the FTC Act. The Agencies believe that, depending on the facts and circumstances, if banks engage in the unfair or deceptive practices described in the former credit practices rules, such conduct may violate the prohibition against unfair or deceptive practices in Section 5 of the FTC Act and Sections 1031 and 1036 of the Dodd-Frank Act.Related Topics:Federal Trade Commission Act, 15 U.S.C. § 45 (unfair or deceptive acts or practices)Dodd-Frank Wall Street Reform and Consumer Protection Act, 12 U.S.C. §§ 5531 and 5536 (unfair, deceptive, or abusive acts or practices)FTC Credit Practices Rule, 16 C.F.R. §§ 444.1-.5SUGGESTIONSMonitor any NEW guidance from your regulatorMake UDAAP risk assessment and oversight part of your compliance programMonitor and analyze the ROOT cause of complaints, make changes as needed.Perform a UDAAP assessment of any new products or services Document UDAAP discussion in Board minutesDevelop an audit program for UDAAP issuesProvide effective TRAINING Implement an effective complaint management programATTEND MORE SESSIONS WITH TTS IN 2015! ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download