Skip to main content


Best Practices for UDAAP Compliance [GUIDE]

November 5, 2019
Best Practices for UDAAP Compliance [GUIDE]

After the 2008 financial crisis, regulators put new laws in place to protect consumers and help them regain confidence in Financial Institutions. According to the Dodd-Frank Wall Street Reform and Consumer Protection Act created in 2010, UDAAPs (unfair, deceptive, or abusive acts and practices) by those who offer financial products and services to customers are illegal. In turn, regulators like the CFPB (Consumer Financial Protection Bureau) and the FTC (Federal Trade Commission) are keeping an eye on financial institutions, fintechs, gig economy players and more, forcing them to protect current customers and other consumers against UDAAPs by monitoring their sales and marketing efforts. Understanding and complying with the complete UDAAP policy can be a challenge, but failing to do so can lead to costly penalties and damaged reputations.

What is UDAAP?

In simplest terms, UDAAPs are unfair, deceptive, and abusive acts or practices by financial institutions or any other organization that offers financial products or services to consumers. Under Dodd-Frank, UDAAPs are illegal and non-compliance can lead to serious consequences. Its purpose is to ensure that consumers have access to the information they need in order to choose the best product or service for their individual situations and needs.

Defining UDAAP Can Be Difficult

For compliance leaders, UDAAP can be difficult to identify and comply with because of its very broad definition. At times, it can also be difficult to understand because of overlap with other consumer protection laws and regulations. Adding even more complexity, there are many ways in which these rules can be interpreted, and previous regulatory standards aren’t always consistent. To help break this down, here’s a more in-depth look at each part of UDAAP according to Dodd Frank:


An “unfair” practice is one that a consumer cannot avoid, that would put them in financial harm and where the benefits to the consumer don’t outweigh the injury sustained. Examples include lenders keeping liens on paid-off homes, car dealerships not disclosing fees in advertising or banks keeping connections with someone who’s committed fraud.


A “deceptive” practice is one that misleads or has the intention to mislead. The intent does not come into play with these determinations, and often actual deception doesn’t need to occur as long as there can be an interpretation of deception.


Acts and practices deemed “abusive” are essentially ones that don’t fall into unfair or deceptive but are still disliked by regulators. The definition of what is considered abusive is lengthier than the others because it was created to be broad and catch what would otherwise slip through the cracks. Since it’s the most difficult to define, there have been inconsistent applications of it. A few guidelines to follow when determining if something is abusive are:

  • Interferes with the consumer’s ability to understand the terms or conditions of a product or service
  • Takes advantage of a consumer’s lack of understanding of risks, costs or conditions
  • There is an inability to protect their own interests when selecting and/or using a product or service
  • If there is a reliance on a covered person to act in their interests

Protecting Your Company by Avoiding UDAAP Violations

Compliance professionals are tasked with the burdensome responsibility of protecting their organizations and their customers by complying with consumer protection laws. With all of this complexity, ensuring that your organization is complying with UDAAP can be a bit tricky.

Here are 8 steps your company can take right now to help avoid UDAAP compliance violations.

If you need more help avoiding UDAAP and other common compliance violations or have more questions, our experts are ready to help.

Stay Updated

Join thousands of other industry professionals

Subscribe to receive the latest regulatory news and updates with a focus on marketing compliance via content offers, newsletters, blog posts, and more
This field is for validation purposes and should be left unchanged.

Connect with PerformLine and see what we can do for you.