uDAAP supervisory focus can come in the form of new regulations,
agency guidance, examination procedures, settlement agreements,
or specific notice to your bank about examination activities.
oPerationS
Bank operations will influence its consumer protection through the following paths: general operations, role of third parties, and compliance with
traditional regulations.
general operations
Regulators expect banks to have an effective enterprise-wide consumer
protection function. Banks will want to consider operational issues such as
compensation practices, employee turnover, and other similar factors, including:
■ ■ Do the bank’s standard terms require mandatory arbitration?
■ ■ Does the bank have a high rate of employee turnover in key areas such as
marketing, underwriting, or delivery?
■ ■ Are staff compensated by sales volume, interest rates, or other methods that
could encourage steering to specific product offerings or other unfair practices?
Compliance with Traditional Regulations
A violation of a traditional regulatory requirement can lead to a concurrent
UDAAP violation. As a result, when determining your inherent UDAAP risk,
you will need to factor in how well you comply with traditional consumer
protection regulations. Consider this:
■ ■ Has the bank had recent system weaknesses or violations of traditional
lending regulations?
■ ■ Has the bank had recent system weaknesses or violations of traditional
deposit regulations?
■ ■ Does the bank keep customer information safe from hackers?
Role of Third Parties
Under UDAAP, banks can be culpable for the actions of the third-party
vendors that accompany them on their UDAAP adventure. The greater the
number of third parties—broker/dealers, processors, and other vendors the
bank uses—the higher the level of associated inherent risk. Consider if the
company outsources any operational work:
■ ■ Are there frequent staff or customer complaints about third-party conduct,
including chargeback rates?
■ ■ Does the bank use third-party marketers or advertisers to develop programs
or scripts for any of its products or services?
udaaP enVironMent
Consider the environment of the UDAAP beast when you’re assessing risks.
How active are the regulators, what are consumers and consumer groups
saying about specific products or product features, and does the bank offer
products that have been receiving negative press? To assess this risk, consider
both supervisory focus and customer complaints.
Supervisory Focus
When analyzing inherent risk, one place to look is how the regulators are
viewing the rule. UDAAP supervisory focus can come in the form of new
regulations, agency guidance, examination procedures, settlement agreements, or specific notice to your bank about examination activities. Here
are some things to monitor:
■ ■ Are regulator publications emphasizing consumer issues that impact
your bank directly?
■ ■ Have your bank’s product and service types been the focus of news coverage?
■ ■ Has the bank been investigated by a regulatory agency for a consumer
protection violation?
Customer Complaints
Internal information is also a good source for evaluating the UDAAP environment. Complaints received directly from customers and through regulatory
agencies can raise UDAAP risk concerns. Litigation is another good litmus
test. For example:
■ ■ Is there litigation concerning products or services offered by the bank?
■ ■ What is the level of complaints for the bank, operating subsidiaries, or
third parties?
■ ■ What is the level of complaints as a percentage of product or service
volume?
SuMMary: inherent ri
After you have observed each of the natural risk sources in the
uDAAP inherent risk spectrum, summarize your results and
add any observations, findings, and individual conclusions.
Make sure to weigh each risk source so that you can deter-
mine your inherent risk level. Create a summary table that lists
each of the factors you have reviewed and your findings. You
will want to rate each source and its categories. Also, list any
compensating factors that you think are relevant to the analysis.
