UDAAP (Unfair and Deceptive Acts and Practices) continues to be an important topic for organizations under the scope of the Consumer Financial Protection Bureau (CFPB). Under the leadership of Director Rohit Chopra, there have been significant developments as it relates to UDAAP oversight compliance, including the recision of the Abusiveness Policy Statement in 2021 and the updated UDAAP examination manual that includes discrimination under the scope of "unfairness."
In a recent webinar, Tony Alexis, former Head of Enforcement at the CFPB and current Partner at Goodwin, shared his thoughts on the implications of the CFPB's recent work on UDAAP and how compliance programs will be affected across the board. Here’s a recap of the discussion.
Implications of Rescinded Abusiveness Policy
Back in 2020, the CFPB under Director Kathy Kraninger released a policy statement that provided a framework on how the Bureau intended to apply the “abusiveness” standard under UDAAP. But, in 2021 under a new administration and acting Director Uejio, the CFPB soon rescinded this same policy.
It’s likely that Acting Director Dave Uejio didn't want to be restrained on a going-forward basis by having guidelines in regard to how the Bureau plans to enforce the abusive standard, so he got rid of it, says Tony.
Even during the Bureau's most aggressive period(s), “abusive” was not cited as a regulatory violation very often—just a handful of times. Because of this, Tony’s impression is that the guidance was helpful to some, but not having the guidance likely isn’t all too risky.
However, Director Chopra has expressed interest in building up the abusive authority through litigation. At some particular point, says Tony, there will be a kind of system or body of knowledge that defines abusiveness in a consumer product environment.
Updated UDAAP Examination Manual
In March of this year, the CFPB announced that discrimination is now considered “unfair” under UDAAP and updated the examination model to reflect this change.
The CFPB likely saw a few challenges that led to this update. Most notably, the Equal Credit Opportunity Act (ECOA), which is the leading regulatory tool used for discrimination, especially in the fair lending world, only applies to credit products. Products like credit cards, mortgages, etc. already run the risk of being in violation of ECOA. However, for products that aren’t credit (like depository products), ECOA would not apply.
So, before Director Chopra, the CFPB did not have anything in its regulatory toolkit for non-credit products that could address the issue of discrimination since they fall out of ECOA, says Tony. Now, with the updated exam manual, depository products are subject to heavier scrutiny for discrimination and fair lending.
Tony specifically touched on the use of AI as it relates to fair lending and discrimination. Some organizations will be more socialized to managing discrimination in algorithms (like those offering credit products who have already been exposed to risk under ECOA), and others won't (such as those offering depository products) because they have not been cautioned or been given advice by examiners to know what's permissible and impermissible. Tony can see incredible risk for these companies, and some may find themselves in the regulatory cross-hairs.
Recent Enforcement Actions
Increased Abusive Claims
Tony talked about how he’s heard “abusive” cited now far more often than he has in the past in enforcement actions.
Why would the CFPB cite particular conduct as abusive, which is still a weak claim, as opposed to the stronger ones (like unfair and deceptive)? As mentioned above, it seems as though Director Chopra is working to litigate abusive claims to build up its authority.
Crackdown on Repeat Offenders
Tony also touched on the CFPB’s efforts to crack down on repeat offenders—”recidivists,” as Director Chopra put it.
As it relates to UDAAP, one can still be considered a repeat offender if they commit deception on the first enforcement, and then unfairness on the next, for example. It doesn't have to be the same exact prong under UDAAP to be considered a repeat offense.
The States + “Mini-CFPBs”
There are a few states who have created their own “mini-CFPBs,” as some call them, such as California’s Department of Financial Protection and Innovation (DFPI). One registrant asked how these regulatory bodies might interpret and enforce UDAAP.
Under Dodd-Frank, it’s already the case that a State Attorney General, after they give notice to the CFPB, can file a suit against an enterprise that's working within its borders and pursue them with any of the provisions of UDAAP or other rules and regulations that the CFPB has. It's not necessarily unusual to see a state have a UDAAP case, says Tony.
Given that, there are going to be some states that are going to be pro-UDAAP in the sense that they think that the best way to address consumer challenges in their jurisdiction is to be incredibly aggressive with enforcement.
On the other hand, there might be some states that find that aggressive enforcement is not necessarily the right way to address the problem and the notion of scaring businesses off has its own ramifications.
Coincidentally, the CFPB just announced that it has issued an interpretive rule to clarify the scope of States’ ability to enforce federal consumer financial protection laws, including UDAAP. This rule affirms:
- States can enforce the Consumer Financial Protection Act, including the provision making it unlawful for covered persons or service providers to violate any provision of federal consumer financial protection law
- States can pursue claims and actions against a broad range of entities
- CFPB enforcement actions do not put a halt to state actions
Compliance Programs are Critical
When it comes to navigating the complex UDAAP landscape, strong compliance programs are key.
Tony discussed how he’s heard about some institutions who have “laid off” on compliance or consider themselves to be in an environment in which compliance was not going to be a driver of the business necessarily. But now, given all the recent UDAAP developments and what’s to come, these organizations are “behind the eight ball” as they try to play catch up.
Compliance is very, very important to any particular financial service team and activities need to be monitored regularly, says Tony.
To wrap up the conversation, Tony shared a few pieces of his best advice to organizations who are looking to get out ahead of regulatory risk as it relates to UDAAP and other key consumer protection laws.
Tony referenced the movie Platoon when they’re going out on an ambush and the Sergeant said, “No matter what, if you get lost, don't shout out.” And that makes sense because you don’t want to raise your voice and let the enemy know where you’re at.
But, in this particular environment, compliance professionals need to shout out. Speak to your supervisors and other people that can help you, especially those who have had the same experience. Speak out to outside consultants, like PerformLine or other firms. Use your resources and reach out to the people who can give you an answer, or who can otherwise point you in the right direction to find your answer and provide other resources.
Watch the full webinar here.
Learn more about how PerformLine can help your organization optimize its compliance management program and be proactive in UDAAP and other regulatory compliance initiatives.