Since its inception, it’s clear the Consumer Financial Protection Bureau (CFPB) has proven that it takes UDAAP seriously. All providers of consumer financial products and services need to be just as serious about this regulation. The same holds true for its counterpart UDAP.
So, what’s the difference between Unfair, Deceptive or Abusive Acts or Practices (UDAAP) and Unfair or Deceptive Acts or Practices (UDAP)? This is a common question, and it’s an important one to answer—especially since it may affect the outcome of your next compliance examination.
What is UDAP?
Let’s take it from the top. UDAP with one ‘A’ stems from the Federal Reserve’s Regulation AA, and section 5 of the Federal Trade Commission’s FTC Act. In 1938, Congress expanded the FTC Act to not only prohibit unfair methods of competition but also prohibit “unfair or deceptive acts or practices” in or affecting commerce to allow the FTC to directly protect consumers from dishonest, deceptive or unfair practices.
Regulation AA outlined the process for submitting consumer complaints to the Federal Reserve, and defined certain unfair or deceptive acts or practices that are unlawful in connection with extensions of credit to consumers.
Regulation AA and the FTC Act generally prohibit:
- The use of certain provisions in consumer contracts such as confessions of judgment and security interests in household goods (other than purchase money security interests).
- Misrepresenting the nature and extent of a cosigner’s liability and failing to inform a cosigner of the nature of such liability prior to becoming obligated.
- Pyramiding late fees.
In 2016, the Federal Reserve Board repealed Regulation AA, as the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) transferred the Board’s authority to write rules that address UDAP practices to the Consumer Financial Protection Bureau (CFPB). The CFPB has since issued several interagency guidance documents, working with all other banking regulators to clarify that just because Regulation AA was repealed, the practices outlined within are still considered not permissible.
What Constitutes an UDAP Violation?
While the FTC does not have enforcement authority over financial institutions, and even though Regulation AA has been repealed, it is still possible for financial institutions to be cited for violations related to the prohibited credit practices that Regulation AA—and the still in effect FTC Act—outline.
Banking regulators reserve the right to take appropriate action when it comes to unfair or deceptive acts or practices, and acts or practices that violate the FTC Act may also violate other federal or state statues.
Some examples of practices that could constitute a UDAP violation include:
- Failure to provide sufficient information to allow consumers to understand the terms of the product or service being offered without being misled.
- Failure to adequately disclose when significant fees or similar material prerequisites applied in order to obtain the particular product or service being offered.
- Failure to adequately disclose material limitations affecting the product or service being offered.
What is UDAAP?
Title X under the Dodd-Frank Act gives the CFPB UDAAP supervisory and enforcement authority and prohibits “covered persons or service providers” from committing unfair, deceptive or abusive acts or practices, thus the term UDAAP. UDAAP, with two ‘A’s goes beyond extensions of credit and introduces an enterprise-wide focus on all the products and services offered by your institution.
An act or practice is deemed “unfair” if: (1) it causes or is likely to cause substantial injury to consumers; (2) the injury is not reasonably avoidable by consumers; and (3) the injury is not outweighed by countervailing benefits to consumers or to competition.
An act or practice is deemed “deceptive” if: (1) it is likely to mislead the consumer; (2) the consumer’s interpretation of the representation is reasonable under the circumstances; and (3) the misleading representation is material.
An act or practice is deemed “abusive” if: (1) it materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service; or (2) it takes unreasonable advantage of: (a) a lack of understanding on the part of the consumer of the material risks, costs or conditions of the product or service; (b) the inability of the consumer to protect the interests of the consumer in selecting or using a consumer financial product or service; or (c) the reasonable reliance by the consumer on a covered person to act in the interests of the consumer.
What Constitutes a UDAAP Violation?
UDAAP/UDAP enforcement has seen a great uptick over the past several years, with civil money penalties reaching well over $200 million in 2023. Examples of UDAAP violations include:
- Making misleading cost or price claims
- Offering to provide a product or service that is not in fact available
- Using bait-and-switch techniques
- Omitting material limitations or conditions from an offer
- Failing to provide a promised service
In its Supervisory Highlights published in 2023, the CFPB reviewed “certain fees related to deposit accounts to assess whether supervised entities have engaged in any unfair, deceptive, or abusive acts or practices (UDAAPs).” Particularly, examiners focused on non-sufficient funds and overdraft fees. Other UDAAP violations include automobile loan servicing, mortgage servicing or deposits.
How to Avoid UDAAP Violations
Adopting sound policies is a good strategy for managing the evolving compliance landscape, no matter which way the regulatory winds blow. Review your lending policies regularly to identify anything that could allow discriminatory practices and ensure you have a strong written record of your commitment to fair lending.
Your institution should also complete a fair lending audit and remediate any findings to avoid discrimination. Further, ensure your institution has established channels for consumers to register complaints, as well as a process for documenting, investigating and responding to them. These are a few steps your institution can take to mitigate your risk of violating fair lending laws or UDAAP.
Managing UDAP and UDAAP Risks
You should expect that bank examiners will require you to comply with the intent of both UDAP and UDAAP during exams, so it is imperative that your institution have policies in place that adequately discuss the components of both regulations.
Utilize guidance and resources provided by banking regulators and review recent enforcement actions for trends. Focus your efforts around the “unfair” definition as well as fee practices, as both areas have seen multiple recent violations. Lastly, ensure you have a handle on your vendor relationships. Your institution is still ultimately responsible for vendors’ actions when it comes to your customers, and citations have recently been focused in this area.
Learn more about how CSI partners with institutions to streamline compliance and secure financial operations.
Learn more
Amber Goodrich, Senior Compliance Analyst
Amber Goodrich has more than 15 years of financial industry experience. She is a Certified Anti-Money Laundering Specialist (CAMS) and a Certified Regulatory Compliance Manager (CRCM).