How to Avoid Enforcement Actions for Unfair or Deceptive Acts and Practices
By Leonard N. Chanin, Morrison & Foerster
“Happy, Happy, Happy” is the phrase used by that towering philosopher Phil Robertson, from the TV show Duck Dynasty. You can be sure no bankers utter that phrase whenever a regulatory agency first breathes a word about possible Unfair or Deceptive Acts or Practices (UDAP) issues. But, you can be equally sure that federal agency enforcement attorneys and safety and soundness staff frequently use Phil’s phrase. After all, they “know” that banks want to quickly resolve UDAP issues and are unlikely to engage in litigation.
In light of recent settlements, we now know that the Office of the Comptroller of the Currency, and the Federal Deposit Insurance Corp. are examining large banks for compliance with a consumer protection law, UDAP. What happened? Wasn’t that supposed to be the job of the Consumer Financial Protection Bureau?
Well, we know what was supposed to happen. The CFPB would have UDAP authority (plus the added “A” for Abusive) for nondepository institutions and large depository institutions. The prudential regulators would have that authority for institutions with assets of $10 billion or less. Instead, we have both the CFPB and the prudential regulators applying UDAP for depository institutions with assets over $10 billion.
So why are the OCC and FDIC (word is still out on the Federal Reserve) examining and entering into consent orders with larger banks solely for UDAP matters, and for such bread-and-butter consumer issues as overdraft payments? (I’m referring, of course, to the recent $10 million settlement with RBS Citizens, N.A., and Citizens Bank of Pennsylvania, by the OCC and FDIC, respectively (84 DER EE-1, 5/1/13).
What is going on here? The truth is that agencies don’t like relinquishing any authority they have, even if another agency has primary responsibility. So, don’t count on the prudential regulators “deferring” to the CFPB on UDAP matters for large banks. Fuggedaboutit! Examination for UDAP is here to stay for the CFPB and the prudential regulators.
A Strong UDAP Compliance Program
So, what can an institution do?
Well, you could tell the CFPB or your prudential regulator to “sue me,” but we (and the regulators) know that is not likely to happen. More realistically, you need to have a strong UDAP compliance program. So, what does that mean? Just as you do for other laws, create detailed policies and procedures for complying with UDAP. Granted, a compliance program for UDAP is anything but simple (and there are few practical guidelines) because UDAP can apply to all products and services and every step of a customer relationship. But there are things an institution can do.
First, you need to be willing to engage your regulator in a discussion about its UDAP analysis. That is, there are legal standards for UDAP, and financial institutions should discuss why agencies believe that certain practices may violate those legal standards; agencies need to do more than simply assert that a practice is unfair or deceptive or identify practices that they don’t like and declare them unfair or deceptive.
Second, it is essential to develop a risk-based approach to examining practices for potential UDAP issues. This should include a review of any consumer complaints received and any patterns with complaints. Moreover, there are some touch points that have emerged from agency settlements and statements:
- First, what is the price of the product or service? Products, such as add-on services, that are perceived to be “high-cost” attract more attention.
- Second, new products or services will likely get another look, particularly if there is a significant amount of consumer selection of such products.
- Third, what are the consumer benefits of the service? If the benefits are seen as limited, or if there are many exceptions to receiving benefits, there are greater risks of attention.
- Fourth, are third parties involved with offering/selling, billing, processing, or other aspects of the product? That is, to what extent are third-party providers used?
- Fifth, how is marketing done? Are promotions carefully scripted? Do employees or third parties stick to scripts?
- Finally, are there any incentives for selling the product, or for consumer use of the product?
Needless to say, having policies and procedures are only the first step. Institutions need to monitor actual practices. Implementing these steps can help you understand the risks of UDAP and potentially avoid a long, personal relationship with an enforcement attorney.
But, in truth, you should not expect much of a “break” from regulatory agencies, regardless of the steps you take. That is, agencies expect you to have robust compliance systems and processes and to ensure your institution does not engage in anything resembling an unfair or deceptive (or abusive) practice. Agencies expect you to monitor practices and take remedial action if you see problems. Doing so may not always prevent agency action, but even agency staff are human.
Leonard Chanin is a partner at Morrison & Foerster and counsels financial institutions on consumer financial services law issues. Prior to rejoining the firm, Mr. Chanin served as Assistant Director of the Office of Regulation of the Consumer Financial Protection Bureau.
©2013 Bloomberg Finance L.P. All rights reserved. Bloomberg Law Reports ® is a registered trademark and service mark of Bloomberg Finance L.P.
This document and any discussions set forth herein are for informational purposes only, and should not be construed as legal advice, which has to be addressed to particular facts and circumstances involved in any given situation. Review or use of the document and any discussions does not create an attorney-client relationship with the author or publisher. To the extent that this document may contain suggested provisions, they will require modification to suit a particular transaction, jurisdiction or situation. Please consult with an attorney with the appropriate level of experience if you have any questions. Any tax information contained in the document or discussions is not intended to be used, and cannot be used, for purposes of avoiding penalties imposed under the United States Internal Revenue Code. Any opinions expressed are those of the author. Bloomberg Finance L.P. and its affiliated entities do not take responsibility for the content in this document or discussions and do not make any representation or warranty as to their completeness or accuracy.