Minimizing UDAAP Compliance Risk: Expert Insights

As the current economic environment poses financial challenges to consumers, both federal and state regulators have been increasing their scrutiny of UDAAP. 

In a recent webinar, we were joined by four industry experts—James Kim, Brian Serafin, Pia Thompson, and Rhonda McGill—who shared their unique insights into UDAAP compliance and offered tactical advice on how to mitigate risk.

Below is a recap of the discussion, which included topics like UDAAP enforcement trends, identifying and mitigating risk, and developing effective compliance programs.

What We’re Recapping

UDAAP Background + Emerging Compliance Risks

UDAAP has seen numerous transformations since the 2007-2008 financial crisis when Congress granted oversight authority to states, banking agencies, and the Consumer Financial Protection Bureau (CFPB).

Staying up-to-date with these shifts is not a nice-to-have, but a necessity for businesses. But, with the rapidity of change often outpacing the regulators themselves, we asked: how can companies ensure they’re staying on top of UDAAP regulations and emerging issues and trends?

Pia emphasized the importance of having outside counsel. A dedicated legal counsel isn’t just a safeguard against potential issues, but an extension of your in-house legal department. With an understanding of your business, they can keep you informed about regulatory developments relevant to your operations, preventing you from constantly being on the back foot.

Brian talked about the benefits of leveraging the CFPB’s Supervisory Highlights. These reports, detailing violations discovered during examinations, can help you identify common pitfalls and provide an indication of the CFPB’s future direction. Other resources, like guidance statements and blog posts on their website, can also offer valuable foresight. 

James added another layer to Brian’s point about the Supervisory Highlights, stating that they often foreshadow the CFPB’s more aggressive legal theories. He recommended viewing these highlights in conjunction with enforcement actions to get a more comprehensive understanding of the regulatory environment.

James also explained that UDAAP presents a lot of challenges, but not because of a lack of resources. There are so many guidances, enforcements, and bulletins, it can feel overwhelming for in-house teams. That’s where outside counsel can step in, helping you to understand how these regulatory elements translate to your business model or product, further echoing Pia’s earlier point.

CFPB Policy Statement on Abusive Acts or Practices

The CFPB recently issued a policy statement on abusiveness that explains the legal prohibition on abusive conduct under UDAAP. 

In Director Chopra’s remarks, he explains that “the abusive prohibition is more of a bright line and is focused on company conduct that obstructs people’s ability to digest information. Deception is more concerned with words, and abusive with actions, although both are relevant to both prohibitions.”

But how does this policy statement impact consumer finance organizations moving forward?

Brian noted that while the terms “unfair” and “deceptive” have been widely interpreted and understood, “abusive” is a newer addition to the regulatory language. He sees the policy statement as an effort to prevent organizations from taking advantage of consumers, particularly in circumstances that may impede their understanding of the product or services they’re signing up for.

He added that the CFPB seems to be growing skeptical of disclosures and fine print, especially those hidden or not readily accessible on websites. This is consistent with the goal of preventing obstruction to consumers’ ability to digest information.

Pia chimed in with a practical perspective she often shares with her clients: disclosures, terms, and conditions are primarily for regulators, not consumers. She stressed the importance of clear communication in marketing materials (versus just disclosures or fine print) to prevent customers from buying products they don’t fully understand. 

You don’t want people signing up for something without understanding what they’re getting. That’s not good for business, and it’s not good for consumers, she says.

James agreed with Pia, emphasizing that the benefit of these precautions is largely for regulators. 

James also explained how the CFPB is result-oriented, focusing on outcomes rather than processes. Even if a company has clear flows and disclosures, it could still face penalties if the outcomes are considered unfair or abusive.

The takeaway for companies, according to James, is that the CFPB expects a fiduciary duty from them. Although this term doesn’t officially appear in the CFPB’s literature (and never will, says James), it effectively captures the expectations placed on companies. 

In the context of consumer finance, this fiduciary duty requires companies to be not only honest and transparent, but to actively protect consumers’ interests and ensure fair outcomes.

UDAAP Enforcement Trends + Recent Happenings

The discussion also touched on enforcement trends and recent regulatory developments in the financial industry.

Regulation by Enforcement

James shared his experience working on an Amicus brief in New York involving a case brought by the CFPB with the NY Attorney General against an indirect auto company. Interestingly, the conduct at issue in the case was expressly permitted by the Truth in Lending Act (TILA) and not explicitly banned.

Instead of amending TILA (which is highly unlikely), regulators employ the UDAAP approach and litigate—a strategy often described as “regulation by enforcement.” Essentially, UDAAP is being used as a tool for regulators to enforce against any conduct they find objectionable in the name of consumer protection, even if that conduct is permitted or not explicitly banned by other regulations.

Add-On Products and Dark Patterns

Brian brought up the topic of “add-on” products as a subject of interest for the CFPB. These are offerings where customers, for example, sign up for a credit card and get insurance or protection added on, often for an ongoing monthly fee. 

The concern is that these products might be a way of imposing fees on consumers without offering much in return, or that consumers might be unintentionally signing up for ongoing payments. 

Such practices could be considered “dark patterns,” which use design tricks or other tactics to manipulate consumers into making choices they wouldn’t have made otherwise.

However, Brian pointed out that the challenge lies in the CFPB’s approach to regulating these practices. He used the metaphor of a “hatchet versus a scalpel,” suggesting that the CFPB is not distinguishing between harmful and potentially helpful add-on products. 

Instead, a more nuanced approach might be beneficial. He believes that there’s an opportunity to improve disclosures and education for consumers. This could include regular reminders about the add-on products and their fees — a move that would not only be good marketing but also foster trust with consumers.

Pia also highlights the potential conflict in value propositions, particularly in the subprime space. For example, credit insurance might be beneficial for sub-prime consumers without much savings. However, given their financial circumstances, should all their money go towards paying off their obligations instead of insurance premiums? This scenario illustrates the complexities and potential UDAAP issues related to add-on products.

Avoiding UDAAP Compliance Pitfalls

Navigating the ever-evolving regulatory landscape requires constant vigilance and a proactive approach. Our speakers shared insights on how to safeguard against regulatory challenges, specifically the CFPB’s “hatchet,” as Brian described earlier. 

Regularly update policies and procedures

Brian emphasized that compliance is an ongoing process—you can’t just set it and forget it. He explains that, in his experience, while many clients have UDAAP compliance policies and procedures in place, they often believe that a lack of regulatory updates means their policies don’t require updating. 

This mindset can be a pitfall. Despite the UDAAP statute and regulation remaining unchanged, interpretations can shift due to guidance, news, consent orders, and more. Brian advises regularly reviewing and updating your UDAAP policies and procedures to reflect these changes.

Communicate (and deliver) value to consumers

James underscores the importance of effectively conveying the value of a product or service to the consumer. Not only should the value proposition be clear, but it should also be genuinely accessible to consumers. If a company makes it difficult for consumers to use or access the value of a product or service, it could invite UDAAP problems. 

Beyond initial UDAAP due diligence before product launch, James emphasizes the need for ongoing monitoring of product usage and outcomes. For example, if the actual usage rate of an add-on product is only 5%, it could raise a red flag for the CFPB.

Mitigating UDAAP Risks

We recently put together a UDAAP report that dives into some of the most commonly flagged terms and phrases based on the thousands of marketing assets we ingest into our platform on a daily basis.  

Some of our top finds highlighted in the report were exaggerated claims, subjective language, no barrier to entry, and false sense of urgency.  

With the many layoffs in many of the spaces of the financial services industry, we’ve seen some instances where marketing teams have been taking over some of the marketing compliance responsibilities from shrinking compliance teams. 

We asked panelists what advice they would give companies trying to scale their business during these times.

Invest in compliance upfront

Brian warns that companies should be very careful when scaling back compliance departments. While it may appear to be a cost-saving measure in the short term, the long-term financial implications of a potential enforcement action could outweigh any immediate savings. 

He points out that the CFPB isn’t concerned about economic fluctuations; their focus remains unwaveringly on consumer protection. 

Brian encourages companies to invest in their compliance management systems upfront. By collecting necessary information on a rolling basis, companies can avoid the end-of-year scramble and potential cost overruns.

Use already-approved marketing materials

Pia provides an in-house perspective, suggesting practical measures to minimize risk. 

One approach she shared is to use advertising materials that have already been vetted, approved,and published—without making any changes. 

Although this doesn’t eliminate risk entirely, it does lower it compared to creating new ads and marketing materials. 

Her advice: “Stick with what you got.”

Keep it simple

James ties the discussion back to the business’s growth objectives. He notes that scaling often means growth in volume, and the key to balancing that growth while managing risk is to reduce complexity. 

If both the product and marketing strategies are complex, the risk is amplified. Thus, to achieve scaling milestones without inviting undue risk, James recommends simplifying wherever possible.

Developing Effective UDAAP Compliance Programs

Building a sound compliance program is more than just updating policies and conducting training; it’s also about diligent monitoring and documentation. Our panelists share their recommendations on where companies might want to focus more of their attention.

Brian highlights the importance of leveraging technology in compliance programs. With an array of software available, businesses can automate many processes, such as tracking employee training completion or issuing notifications when employees are falling behind. While there may be an upfront investment, the long-term savings in employee time and reduced compliance risk can be significant.

Pia agrees with Brian’s sentiment, noting that resources extend beyond financial investment; they also include people and time. In this regard, technology can be a real asset.

James brings up the challenge of educating non-compliance personnel about UDAAP risks due to its subjectivity. 

He suggests a simple, practical tool to help: ask, “can we explain, defend, and feel comfortable about whatever we’re considering doing? If it was blasted in mass media, would my grandmother, a judge, etc. understand it?” 

By framing compliance as a consumer protection issue rather than a legal issue, it aligns more closely with how the CFPB views it, which can facilitate understanding and acceptance across the organization.

Use PerformLine for UDAAP Compliance

PerformLine is the only technology that provides an omni-channel compliance solution across six marketing channels, including documents, the web, social media, emails, calls, and messages. 

This proprietary technology, paired with ready-to-use and expertly-crafted UDAAP rulebooks, takes the guesswork out of compliance and provides a solution that’s automated, efficient, and scalable. 
Schedule a demo today to learn how PerformLine can help your organization find and remediate these common UDAAP compliance violations and more.