Skip to main content


The CFPB’s UDAAP Supervisory Highlights: Top Takeaways

Claire Milazzo
August 2, 2023
CFPB's UDAAP Supervisory Highlights takeaways

The Consumer Financial Protection Bureau (CFPB) recently published its 30th issue of its Supervisory Highlights, which specifically focuses on unfair, deceptive, and abusive acts or practices (UDAAP) across a wide range of consumer financial products.

These highlights include 35 pages full of supervisory observations, program developments, and enforcement actions (and are definitely worth an in-depth read), but here are some of the top takeaways for all organizations, no matter what kind of consumer finance products you offer.

CFPB continues to expand its scope of authority

One critical development from the highlights is the Bureau’s authority to examine and supervise nonbank entities who pose risk to consumers.

The CFPB has supervisory authority over nonbank covered persons it has reasonable cause to determine, by order, after notice and a reasonable opportunity to respond, based on complaints or information from other sources, that the person is engaging, or has engaged, in conduct that poses risks to consumers with regard to the offering or provision of consumer financial products or services.

The CFPB initially invoked this “dormant authority” back in April 2022, and finalized the updated rule in November 2022. 

While the CFPB only called out this specific development in this edition of their Supervisory Highlights, it’s not the first time that they’ve worked to expand their scope of authority in recent years. 

Most notably and specific to UDAAP, the CFPB announced in March 2022 that it will address discrimination as an unfair practice under its UDAAP authority, widening its reach well beyond its previous confines of the Equal Credit Opportunity Act (ECOA).

Continued expansion of authority is a common theme we’ve been seeing with the CFPB. 

The Takeaway: Don’t assume that you’re “too small” for the CFPB to take notice of your actions or that you’re exempt from CFPB scrutiny because you’re not considered a “bank.” 

No matter your size or industry, taking a consumer-first approach to compliance is critical to getting out ahead of potential scrutiny, and will leave you well-equipped to comply with any future regulatory updates or increased scope of authority from the CFPB or other regulators.

Increased attention on digital platforms and dark patterns 

The CFPB’s Supervisory Highlights also spotlight two developments concerning digital platforms and dark patterns.

First, they addressed pay-to-play digital mortgage comparison shopping platforms, which are a type of online service where mortgage lenders pay a fee to be featured, potentially influencing the visibility and ranking of their mortgage offers to consumers. We discussed the potential implications of the CFPB’s advisory in this blog, if you’re interested in learning more. 

Second, they addressed unlawful negative option marketing practices, which are deceptive tactics used by businesses to automatically enroll consumers into recurring purchases or subscriptions without their explicit consent or clear understanding of the terms. These are considered “dark patterns.” 

Both of these models often fail to provide consumers with the complete and objective information they need to make sound decisions about their financial products. 

It seems that the CFPB is increasing its focus on innovative business models within the consumer finance domain—and not just limited to mortgages. 

The Takeaway: Be proactive in understanding and addressing potential compliance risks arising from new and innovative business models—not only in the mortgage industry, but in other consumer finance domains. 

Proactive compliance is encouraged

For the first time, this edition of the CFPB’s Supervisory Highlights includes findings from the Supervision information technology program. 

A key aspect of the CFPB supervision program is benefitting supervised institutions by identifying compliance issues before they become significant. The supervision process is confidential in nature. This confidentiality promotes candid communication between supervised institutions and CFPB supervisory personnel concerning compliance and related matters.

By participating in this program, organizations can proactively identify and address compliance issues before they become bigger problems. The CFPB notes that some companies have voluntarily agreed to be supervised, signaling a growing trend of proactive compliance and consumer protection.

Adopting a proactive approach to compliance is not only a vital part of a strong overall compliance program, but it’s also now being encouraged by regulators—specifically, the CFPB. 

The Takeaway: Focus on proactive compliance review and monitoring of all content and consumer communications to catch potential issues in real-time and avoid potential bigger issues in the future.

Heightened focus on consumer protection 

This edition of the Supervisory Highlights was extensive, highlighting 11 different industries and 8 supervision developments, all focused on protecting consumers from unfair, deceptive, and abusive acts or practices.

All of these recent developments—including increased scope of authority, attention to digital platforms and dark patterns, and support of proactive compliance practices—highlight the CFPB’s increasing emphasis on protecting consumers from unfair and abusive practices. 

There is a clear intent, especially under CFPB Director Chopra, to hold financial entities accountable for actions that harm consumers. 

The Takeaway: Take note of these developments and utilize them to prioritize compliance efforts, adopt proactive compliance practices, and ensure that their actions are focused on protecting their consumers.

Next steps for compliance

Here are a few actionable next steps that your organization may consider taking in response to these Supervisory Highlights and the CFPB’s UDAAP priorities.

  • Read the full Supervisory Highlights: As we mentioned above, these highlights are worth an in-depth read to understand the full scope of UDAAP trends, updates, and priorities from the CFPB. This is particularly important for those operating in industries such as auto servicing, consumer reporting, mortgage, deposits, and others, as they are specifically mentioned in the highlights.
  • Review Supervision and Examination Manual: Review the CFPB’s Supervision and Examination Manual to familiarize yourself with what the Bureau focuses on when conducting exams and evaluating the effectiveness of an organization’s overall compliance practices. This way, you can ensure your compliance program is up to standards and make any updates or changes as needed.
  • Conduct a compliance audit: Perform a thorough compliance audit of your organization’s operations, marketing materials, and consumer communications, specifically focused on UDAAP to ensure that your practices align with the CFPB’s expectations and guidelines. Then, you can address any compliance gaps or issues discovered during the audit and implement corrective measures.
  • Read up on UDAAP compliance resources: Check out PerformLine’s robust UDAAP compliance resource library for expert insights, best practices, and helpful content on all things UDAAP compliance. It includes research reports, real-life examples of UDAAP violations, checklists, dos and don’ts lists, and more. 
  • Adopt an omni-channel compliance monitoring technology: Consider a comprehensive marketing compliance monitoring solution, like PerformLine, to proactively monitor marketing materials and consumer communications for potential compliance violations and get out ahead of risk. Schedule some time to chat with our team to learn more.
author avatar
Claire Milazzo Vice President of Marketing
Claire is the Vice President of Marketing at PerformLine.

Stay Updated

Join thousands of other industry professionals

Subscribe to receive the latest regulatory news and updates with a focus on marketing compliance via content offers, newsletters, blog posts, and more
This field is for validation purposes and should be left unchanged.

Connect with PerformLine and see what we can do for you.