The Dodd-Frank Act gives the Consumer Financial Protection Bureau (CFPB) broad authority to prosecute unfair, deceptive or abusive acts or practices (UDAAP) by banks and other financial providers. Early last year, the CFPB announced a new policy that gave institutions a reprieve from UDAAP enforcement actions. But in March 2021, it rescinded this policy, signaling a return to more aggressive enforcement.
UDAAP refresher
During the COVID-19 pandemic, many banks have changed the way they do business — for example, by reducing lobby hours, closing branches, and relying more on mobile banking apps and online transactions — and many of these changes may be here to stay. So, given the CFPB’s more aggressive enforcement stance, it’s a good idea for banks to review their UDAAP compliance policies and update them to reflect current business practices.
One reason UDAAP might be problematic is that its restrictions are quite broad and, in some cases, vague. Generally, an act or practice is unfair if it causes, or is likely to cause, substantial injury to consumers and such injury isn’t reasonably avoidable. Deceptive acts or practices are those that mislead or are likely to mislead consumers, provided the consumer’s interpretation is reasonable under the circumstances and the act or practice is material.
An act or practice is abusive if it materially interferes with a consumer’s ability to understand a product or service’s terms or conditions. Alternatively, abusive acts or practices may take unreasonable advantage of consumers’ 1) lack of understanding, 2) inability to protect their interests, or 3) reasonable reliance on banks to act in their interests.
CFPB guidance provides a nonexhaustive list of examples of conduct that may, depending on the facts and circumstances, constitute UDAAPs. They include:
- Collecting or assessing a debt or additional amounts in connection with a debt (for example, interest, fees or charges) not expressly authorized by the agreement or permitted by law,
- Failing to credit a consumer’s account with timely submitted payments and then imposing late fees,
- Taking possession of property without the legal right to do so,
- Revealing the consumer’s debt, without consent, to the consumer’s employer or coworkers,
- Falsely representing the character, amount or legal status of the debt, and
- Threatening any action that isn’t intended or authorized, including false threats of lawsuits, arrest, prosecution or imprisonment for nonpayment of debt.
Certain misrepresentations also may qualify as UDAAPs. For instance, a bank can’t falsely claim that a debt collection communication is from an attorney or government-affilitated source. Banks also can’t lie about whether information about a payment or nonpayment would be furnished to a credit reporting agency — or falsely promise to waive or forgive debts if consumers accept a settlement offer.
COVID-related updates
The COVID-19 pandemic has caused most businesses, including banks, to change the way they do things — so now’s a good time for a review. For example, have you permitted borrowers to skip loan payments under certain circumstances? Will that policy continue even after the pandemic ends? If so, you need to ensure that your policy is designed and communicated in a manner that isn’t unfair, deceptive or abusive to your customers.
During the pandemic, many banks have relied more heavily on electronic transactions in light of social distancing guidelines, a practice that may continue post-pandemic. If your bank permits customers to receive disclosures and other documents electronically, be sure that your policies and practices are fair, clearly communicated and don’t negatively impact customers without access to the necessary technology.
Even physical access and security practices may raise UDAAP concerns. For example, could reducing branch hours be perceived as unfair or abusive to specific customers? And what about masks or other face coverings? Ordinarily, banks prohibit them. But by necessity, exceptions have been made pursuant to mask mandates during the pandemic. In the absence of a mandate, what will your bank’s policy be going forward? Will you require customers to remove their masks, even if they’re at higher risk or simply feel more comfortable wearing one? Whatever your policy, it should be carefully designed and communicated to avoid UDAAP issues.
Training is key
Any time a bank changes its business practices or establishes new ones, it’s important to evaluate whether those changes raise UDAAP concerns. Even if your policies are fair on paper, they can still trigger UDAAP liability if they’re not put into practice properly. So be sure that bank staff or other representatives are adequately trained.
To ensure that your bank is still compliant after all of the recent changes, contact one of our financial institution experts today.
CFPB renews focus on UDAAP enforcement
In January 2020, the Consumer Financial Protection Bureau (CFPB) issued a policy statement providing some relief to banks for unfair, deceptive, or abusive acts or practices (UDAAP). Pursuant to the statement, the CFPB said it wouldn’t challenge conduct as abusive unless the harm to consumers outweighed the benefits. It also pledged to end “dual pleading” — that is, charging a bank with both abusiveness and unfairness or deception based on the same conduct — and to refrain from seeking monetary relief when a bank made a good-faith effort to comply with the law.
In March 2021, the CFPB rescinded the policy statement, finding it inconsistent with the CFPB’s mission. Going forward, it will exercise the “full scope” of its enforcement authority, although it will consider good faith and other relevant factors in using its prosecutorial discretion.
©2021