inform. educate. connect.
#1 - December 2011
Your Bank Should Take to Comply with the Tricky UDAAP
By Stan Mattice, AuditOne
The Dodd-Frank Act added the
word “abusive” to the UDAP regulation making it UDAAP (Unfair, Deceptive,
Abusive Acts or Practices). This is a change regulators are watching
closely, so bankers need to pay attention and take appropriate action.
“Abusive” was added to
provide a wider and more subjective standard for bank compliance. This new
subjective standard may increase the likelihood of a UDAAP violation. Abusive
practice is basically a representation, omission, or practice that misleads or
is likely to mislead the consumer. Banks must now be certain that customers
understand everything, and the liability for customers’ bad choices can fall
upon the bank.
UDAAP intends to ensure that
all consumer financial products and services are fair. It covers just about
everything banks do, including marketing materials, pricing notices,
disclosures, loan products, credit cards, fees of any kind, and information
reporting and sharing.
To give you a better sense of
its broad scope, some (but not all) of the areas of the bank impacted by UDAAP
Truth in Lending Act (TILA)
Equal Credit Opportunity
Act (ECOA) and Regulation B
Fair Debt Collection
Truth in Savings Act
Mortgage Loan Originator
Mortgage loan products
Credit card programs and
Debit card practices and
Fees of any kind
Information reporting and
sharing: FCRA to Privacy Act
Here are 10 steps your bank
should take to ensure compliance with this tricky regulation.
Update your current UDAP
policy to reflect UDAAP. Be sure to include the new sections pertaining to
Unfairness: (a) cause substantial harm to consumer, (b) not reasonably
avoidable by consumer, and (c) a practice not outweighed by benefits to
consumers or competition; and Deception: (a) representation, omission, act
or practice that is likely to mislead, (b) act or practice would be
deceptive from the perspective of a reasonable consumer, (c) representation,
omission, act or practice that is material.
Include UDAAP as a
regular agenda item for your Compliance Committee to provide the necessary
level of scrutiny and oversight.
Review your loan policy
and procedures to ensure any loan or other compensation incentives are
clearly communicated to lending and other affected personnel.
As part of the review
process of advertisements and current/new consumer agreements, include your
in-house compliance officer as part of the approval process.
Also, utilize the
Compliance Committee and compliance officer as control points to perform due
diligence reviews for third-party vendors who provide, but are not limited
to, advertisement copy, loan agreements, product development and/or debt
Implement immediate and
periodic training to make sure all employees are familiar with the new
provisions of UDAAP, and perform periodic monitoring to ensure compliance
and their understanding and application of the regulation.
efforts to identify possible customer complaints, and implement controls to
ensure they are timely and appropriately addressed, including periodic
Have your Compliance
Committee (with assistance from the compliance officer) review all current
and prospective consumer disclosures, products and services to make sure
they address and conform with all areas of UDAAP. The review must ascertain
that customers are fairly guided in their choice of products or services.
Analyze the loan
application process and sales delivery systems to identify any conflicts
with unfairness, deception or abusive treatment of consumer rights.
resources to ensure and demonstrate your bank embraces the regulation.
Document your activity with more than adequate Compliance Committee minutes
and documentation of products, services, advertisements analyses. Provide
evidence of training/review/monitoring and periodic independent testing of
the control environment (including timely action taken of deficiencies).
In the coming months, we'll
be following how regulators interpret these requirements and will share with you
any concerns or warnings that may help you prepare to comply with UDAAP.
to December 2011 Compliance Digest>
Mattice is compliance practice director for AuditOne LLC (www.audit-one.com).
His expertise covers the full range of lending and operations compliance;
BSA/AML; deposit and lending operations and controls; and SOX and
FDICIA controls and testing. He can be reached at Stan.Mattice@audit-one.com.