ABA Bank Compliance - May/June 2013

For loans, you should review application, underwriting, closing,
and collections practices to ensure they remain customer friendly.
For deposits, you will want to review account opening and maintenance processes,
as well as controls in place for overdrafts, gift cards, and payroll cards.

Once summarized, you can rate the total inherent risk using the same standards you apply to other risk assessments.

riSk controlS and MitigationS

After you understand the natural environment of your UDAAP risk, you will want to review the traps you have laid to catch the beast. Consider both your general compliance program controls as well as UDAAP-specific controls.

general compliance Program controls

As with any risk assessment, consider the overall health of your compliance program and ask a lot of questions. For instance, do your board and senior management set the appropriate tone at the top? Do they firmly establish that each business line is responsible for its own compliance? Do you have solid policies, procedures, and training in place for UDAAP and other consumer protection requirements? Do you also have a monitoring and audit program to ensure the policies and procedures and training are working?

udaaP controls

Your program will also need to have controls to catch the more elusive UDAAP issues that can occur. They should encompass marketing, disclosures, customer service, vendor management, complaint response, and customer friendly features.

Let’s explore what kinds of traps to review as part of each element:

Marketing

The veracity and clarity of marketing materials lie at the heart of many traditional UDAAP issues. Your bank must set tight controls to ensure that its messaging isn’t misleading. It can do this by requiring that all pertinent information is located where customers can find it and that offer dates are clearly stated. You will also want to consider whether your compliance program supports these marketing controls:

■ ■ Most consumers receive the rates “up to” or “as low as” as advertised. ■ ■ All claims made, especially in regard to fees, can be substantiated. ■ ■ All bank testimonials or endorsements are genuine.

Disclosures

Disclosures have also been at issue in many traditional UDAAP cases. They must be clearly and accurately written and provide customers with all the information needed, regardless of whether it is specified by regulation. They should encompass all terms, benefits, and material limitations such as fees, penalties, interest, and prerequisites. Are controls in place to ensure:

■ ■ All disclosures are worded in a way that customers can understand.

■ ■ Complicated disclosures draw attention to key terms, including limitations and conditions.

■ ■ Disclosures clearly explain when product or service terms may be changed.

Customer Service Some UDAAP cases allege difficulties with customer service teams that steered customers to expensive products or were otherwise not clear about the products they were selling. You will want to document the controls your

■ ■ Does the bank ensure customers will obtain the specific product or service they have requested rather than a more expensive substitute?

■ ■ Do counteroffers provide a clear, prominent, and accurate explanation in the difference between the requested and offered product?

■ ■ Is clear and affirmative assent required before enrolling customers in a new product or service?

Vendor Management

Vendor management issues have caused banks to run afoul of UDAAP. Since a bank is responsible for any third party to whom it outsources, any needed bank control must also be present and monitored at the third party. Vendors should have the same or similar policies and procedures and training and monitoring programs that you would require of your in-house staff. And, they should be willing to let you review their compliance operations. Ask these questions:

■ ■ Do third parties have a complaint process? Is it clear who customers contact with questions?

■ ■ Will the bank discontinue using a third party that is treating customers unfairly?

■ ■ Are vendor chargeback rates tracked and escalated when that rate exceeds a certain percentage?

Complaint Response

Just as complaints are a key indicator of the UDAAP inherent risk, your bank’s response to those complaints sets the tone for its controls. Does your bank respond well to complaints? Is it timely? Is a root cause analysis performed? Is there a formal process for the escalation of possible UDAAP claims? You can also ask yourself:

■ ■ Is feedback from consumer response programs shared with managers to correct staff mistakes?

■ ■ Is social media monitored for statements regarding the bank, its subsidiaries, or the vendors it uses?

■ ■ Are customer appeals readily available, consistently provided, and clearly explained?

Customer Friendly Features

Last, but certainly not least, you will want to consider process- and product-specific controls that can snare problems. For loans, you should review application, underwriting, closing, and collections practices to ensure they remain customer friendly. Also, monitor the controls in place with credit cards, secured credit cards, mortgages, credit card add-on products, payday loans, and tax refund loans. For deposits, you will want to review account opening and maintenance processes, as well as controls in place for overdrafts, gift cards, and payroll cards. Samples of these requirements are: ■ ■ Loans