First, it might be helpful to put the recent UDAAP activity into context suitable for an explanation to senior management or the Board. Overall, in 2016 the Consumer Financial Protection Bureau (Bureau), Office of the Comptroller of the Currency (OCC), Federal Deposit Insurance Corporation (FDIC) and the Federal Reserve collectively published 35 consent orders citing UDAAP violations which cost the financial services industry upwards of $589 Million in penalties and restitution. (For those of you keeping track, while that’s still expensive, it’s a decrease from 2015’s 55 consent orders citing UDAAP violations of $1.7 Billion.) The processes most often cited were marketing, disclosures and collections, and these were spread across all product types.

Nine of these consent orders were addressed to banks, with regulators fines collectively totaling $247 million in civil money penalties and requiring an additional $83.16 Million in restitution.

Nearly half of the cases (four) touched
on deposit–related issues, including
overdraft protection. This is a new foray
for bankers, but deposit products and
overdraft protection in particular should
be carefully scrutinized for any indica-
tors that unfair or deceptive activity may
be occurring. Servicing issues were most
commonly cited from a process perspec-
tive, followed closely by sales and collec-
tions. As a result, these processes should
be considered high inherent UDAAP
risk for all banks.

These numbers are staggering and can be ticked off at any cocktail party to impress friends and relatives. It should also catch the attention of management when you explain why doing things the way they’ve always been done may not be enough anymore.

While it is important to understand the general context of the impression UDAAP has made in our industry’s wallets, it is also necessary to stay abreast of current issues. Here are some highlights of the recent cases you may have missed:

■ ■ ■ The Bureau took action against a federal credit union in October 2016 for its collection practices. The largest credit union in the country was cutting off its customers’ electronic account access shortly after a loan became overdue including shutting off debit and ATM cards as well as online access which was deemed unfair. Financial institutions need to give customers plenty of notice before removing any access. In addition,

it was taking actions previously declared to be deceptive such as:

• Threatening collection actions such as lawsuits, which it had no intention of taking–a big no-no under Fair Debt Collection Practices Act ( FD-CPA), which has been extended to first party collectors through several consent orders.

• Threatening customers in the military that they would contact their Commanding Officer–banks should not be putting military members at a disadvantage! (Note that the contract allowed this activity but the Bureau determined the customer could not consent to it because it was buried in the fine print and non-negotiable.)

• Suggesting that failure to pay the loan would lower the customer’s credit score–repeat with me, “Don’t reference credit scores lightly!” They are complicated algorithms that cannot be readily predicted.

■ ■ ■ The Federal Reserve cited a bank for failing to oversee its third party’s activities. The bank was working with a vendor that established student deposit accounts at the bank, however they failed to provide sufficient notice of its fees prior to the customer signing on the dotted line. All material account information, such as fees, should be provided to customers BEFORE they agree to open an account.

■ ■ ■ The Bureau took action against three reverse mortgage providers for their deceptive marketing practices. While most of the consent orders cite activity that applies strictly to reverse mortgages, there are still lessons to be learned. For example:

IN THE LAST ISSUE of the ABA Bank Compliance magazine, we featured the article Enforcement Actions & You—A Lovely Pair You Do Not Make. Authors Maggie Weir and Rick Freer stressed the need to stay on top of enforcement actions. In fact, they noted that regulators consider it compliance malpractice not to stay on top of these regular industry developments. UDAAP, in particular, is defined via enforcement actions, and it can be hard to keep up with all of the rules established in the consent orders. And that, dear reader, is what we’d like to help you do with this new column. Presenting (drum roll, please!): What’s New with U(DAAP)? We’ll provide a brief summary and call attention to points of particular interest to banks. We’ll also try to highlight key non-UDAAP consent agreements as they arise. We hope you find it useful!