Skip to main content


UDAAP and Deceptive Advertising: Expert Insights & Best Practices

Gianna Kennedy
June 20, 2024
Get expert insights and best practices on navigating UDAAP regulations and avoiding deceptive advertising practices to ensure compliance and build customer trust.

In recent years, regulatory agencies have significantly increased their focus on deceptive advertising practices under UDAAP. 

As we’re seeing increased enforcement actions for misleading “free” and “instant” offers and an increased focus on misleading FDIC insurance representation, understanding these issues becomes essential for compliance.

We sat down with industry experts Jonathan Pompan at Venable LLP and Brian Serafin at Weiner Brodsky Kider PC to take a deep dive into UDAAP, deceptive advertising, and best practices for staying ahead of risks.

The CFPB’s crackdown on UDAAP 

Earlier this year, the CFPB published a circular discussing deceptive marketing practices about the speed or cost of sending a remittance transfer, citing terms like “free,” “no fee,” and “instant” as particular compliance issues. Even more recently, we saw commentary around a fintech for false advertising, marketing loans as “no interest” and having “0% APR,” which proved to not be true.

Companies must be careful about what they claim, says Brian, as the CFPB views anything paid by the consumer as either a fee or interest. Misleading terms can lead to significant regulatory actions.

In the eyes of the CFPB, they tend to view anything paid by the consumer as either a fee or interest. So, even if your company calls it a donation, a tip, a convenience charge, or something like that—just because you don’t literally use the word “fee” or you don’t literally define something as a finance charge doesn’t mean the CFPB is going to see it that way.

– Brian Serafin

The CFPB is raising the standards for transparency and accuracy in marketing, says Jonathan. Organizations must ensure their marketing claims are truthful and not misleading. Clear and conspicuous disclosures about fees, rates, and material terms are essential and cannot be hidden or buried. 

The CFPB’s circular and its actions serve as a critical reminder to organizations about the importance of transparency and accuracy in their marketing practices. Terms like free, no fee, and instant have to reflect actual experiences that customers or applicants will have.

– Jonathan Pompan

Impact of the Supreme Court’s decision 

On May 16th, the U.S. Supreme Court upheld the CFPB’s funding system.  

Almost immediately after the decision was announced, the CFPB subsequently pushed out several actions, including:

  • Three enforcement actions
  • Deemed buy now, pay later loans will be regulated as credit cards
  • Launched an inquiry into junk fees in mortgage closing costs
  • Created a registry to detect repeat offenders
  • Issued a circular warning of deception in contracts
  • Launched a process to recognize open banking standards
  • Proposed a ban on medical bills from medical reports

All of this emphasizes that the CFPB is not backing down, says Brian.

I think we’re going to continue to see very aggressive enforcement action and very close scrutiny of practices that people have historically thought were okay. Certainly, with the upcoming election, they’re going to have a lot of incentive to generate good headlines for the agency and, by extension, the administration. So, they’re certainly not going anywhere.

– Brian Serafin

The Supreme Court’s decision solidifies the Bureau’s authority and mandate to regulate and enforce the consumer protection laws, says Jonathan. He echos Brian’s statement and says that we can reasonably anticipate an increase in CFPB regulatory activity, particularly around UDAAP. 

I think we’re going to see a step up in public regulatory and enforcement actions. This may include more frequent issuance of circulars, proposed rules, and other things, using UDAAP as the justification.

– Jonathan Pompan

The CFPB is going to continue and likely intensify its use of enforcement actions and consent orders using UDAAP. There are a number of non-public confidential investigations taking place, and we can expect them to come to a close publicly in the next several months. With the upcoming election and potential change in administration, the CFPB is looking to wrap up as much as possible prior to January.

While exams for individual companies are confidential, the CFPB publishes their Supervisory Highlights a few times a year, which list examples of violations found in exams without naming companies.

These highlights are a great tool to see what particular trends they’re looking at, what new violations they found, and, in some cases, what new legal theories they’re pushing.

Preparing for potential CFPB examinations

To best prepare for a potential exam, organizations benefit from a multi-pronged approach, says Jonathan. Just like the CFPB uses a combination of tools— regulatory exams, circulars, rulemaking, guidance to consumers, speeches from the bully pulpit, etc.—companies need to do the same thing. Think products, services, and people.

It’s important to stay on top of regulatory developments and understand how they intersect with the products and services of the business the company is working with. These developments include not just the obvious ones, like new rules or guidance published by the Bureau, but also those highlighted in enforcement actions and consent orders.

The language of the UDAAP statute hasn’t changed since it was passed in 2010. It’s been about 14 years now, but just because the language of the statute hasn’t changed doesn’t mean the way it’s interpreted hasn’t changed.

– Brian Serafin

It’s also important to have a comprehensive compliance management system—processes, internal training, ongoing monitoring, technology, tracking consumer complaints, and so on. 

The difference in UDAAP for the FTC and CFPB

The FTC has also been very active over the last six months, with four separate enforcement actions against companies for deceptively using the terms discussed above—things like “free” and “instant”—in their marketing materials.

The difference between the UDAAP of the CFPB and the FTC is the second “A”—abusive, says Jonathan.

At the CFPB, it’s not enough to ensure that something is not unfair or deceptive—it also has to be not abusive. Abusive can run not just to the advertising and marketing but also to the core product or service all the way through the lifecycle. It gives the CFPB a much more expansive ability to look at a product or service, or an entire company or business model than the FTC has historically looked at. 

The FTC has historically examined deception and unfairness through a much more facial lens. In this case, terms like “free” and “instant” are particularly problematic in financial services advertising but are not inherently violating any statutes, regulations, or guidance. It’s just that they often aren’t compatible with the financial product or service with which they’re being paired. 

Terms like “free” and “instant” have some meaning to consumers and create expectations. When that doesn’t match the product or service that’s ultimately going to be provided, there’s an issue.

– Jonathan Pompan

Historically, companies could get away with what they called “puffery,” says Brian—the idea of using superlative explanations for the product with the expectation that consumers won’t take it literally. That may be the case, but nowadays, there’s a much greater focus on accuracy. 

When you’re trying to figure out how to understand these terms, you shouldn’t be looking at necessarily what a “reasonably prudent person” would use. The trend is more to look at how the least sophisticated consumer might look at the issue.

– Brian Serafin

Jonathan also notes that in some respects, regulators don’t care whether an individual consumer has actually seen an advertisement or not—reliance is not necessary for them to demonstrate that there’s been a misleading or deceptive statement. Companies can have statements on a website in one place, and even if a consumer comes in through an entirely different channel, the FTC and the CFPB could still build a case around that. 

Other terms and phrases to be aware of for UDAAP

Terms like “affordable” or “low cost” could have different meanings to different people. If consumers consistently misunderstand a term or phrase, then that creates a lot of risk.

Other terms like “guaranteed” and claims of “guaranteed approval” or “pre-approval” can be problematic if that’s not truly what’s happening. 

In the lending world, “no credit check” is used often. In some cases, products and services truly don’t require a credit check, but in some cases, they might, which would cause compliance issues.

Get insights into the top UDAAP compliance issues in marketing materials. Download the latest report here.

Internal collaboration is important to avoid UDAAP

It’s crucial for all the different departments of the company to be interconnected, says Brian. 

Collaboration among the product design, marketing, and compliance teams is essential for a clear understanding of each other’s roles. The marketing team needs to understand how the product functions in real-life consumer experiences in order to make accurate claims about its features and pricing. 

Just because the consumer may not be charged a fee at one point in the transaction, it doesn’t mean there won’t be other charges later. The key is to ensure everyone is on the same page, addressing important questions and meeting compliance requirements instead of operating in isolated silos without much communication as the product moves from one department to another.

The implications of misleading FDIC insurance claims

We’ve seen several cease and desist letters to non-banks for misrepresenting FDIC insurance coverage. It’s been a very hot topic, especially over the last year or so. And, the FDIC finalized updates to its rules governing the use of the official FDIC signs and advertising statements and clarified its regulations regarding false advertising, misrepresentations of deposit insurance coverage, and misuse of the FDIC’s name or logo.

This issue has been predominantly in the cryptocurrency space and the fintech space, where companies are making claims about being FDIC insured, even though that company is not actually FDIC insured. 

From their perspective, these organizations think they can claim FDIC insurance since the bank holding the funds is insured. But, the company the consumer is dealing with is not actually the FDIC insured institution. That’s what’s giving the FDIC some pause and leading them to send out these letters to make sure companies are being very clear in their representations. 

If you are dealing with another bank, you have to be very clear about who that bank is and what their role in the process is. There are also issues with companies that might offer a mix of products or services, where some are FDIC insured and some are not. You can’t conflate the two; you have to be very clear that this one is insured and this one is not insured.

– Brian Serafin

It’s important to note that in the cease and desist letters that were sent out, many problematic ads or statements were on social media, where space is limited. It’s crucial to be aware of the medium you’re using for advertising. If you have limited space, you need to be very careful about the specificity of your claims, ensuring that they’re accurate and not misleading.

There are different compliance implications for non-banks and banks. For banks, we’ll likely see increased pressure to monitor third-party service providers. For non-banks, there’s potential for increased scrutiny from sponsoring banks and their regulators, including the CFPB and FTC.

Fintechs need to closely examine compliance requirements and understand that these requirements apply not just to their product or service, but to the broader world in which their sponsoring bank operates. They need to clearly understand which deposits are insured under what conditions and what needs to be done to perfect that critical coverage.

– Jonathan Pompan

Working with third parties and partners

Just as it’s important to ensure appropriate disclosures and language are used on owned and operated sites, it’s just as important to ensure partners—like influencers, networks, or affiliates—maintain compliance, too.

The standard operating procedure of an organization should be that any claims, advertising, or marketing practices by third-party vendors are essentially the same as if they’re being made by the company itself, says Jonathan. 

To do so, organizations have to know who those partners are, understand what their activities are, and factor that into the compliance program.

It’s not enough to monitor your own advertising and marketing if it turns out that 50% or more of the advertising and marketing is happening by third parties. Those third parties are going to need to be reviewed, examined, monitored, and in some cases, if not disciplined, opted out from as vendors.

– Jonathan Pompan

Part of the process is educating your third-party vendors, says Brian. Larger and more established companies likely won’t need much education, but individuals or smaller companies likely won’t have much experience with compliance or have a compliance department working with them.

The other part of this education is making sure that these vendors really understand what they’re marketing and advertising. They have to understand what they can and cannot say in their marketing materials to stay compliant.

Best practices for transparent communication in marketing materials

Transparent marketing materials start with understanding the product or service being promoted, says Jonathan. If advertising and marketing don’t match the product, it won’t work from a regulatory standpoint, or for consumer satisfaction and reputation. 

Those involved in marketing campaigns must understand the product or service deeply and have compliance and legal teams involved early in the process. Active monitoring and periodic audits are also important to mitigate issues—it’s essential to have involvement on the front end to offset potential risks on the back end.

It’s also important to look at the product from the consumer’s perspective, says Brian. Understand what the consumer is seeing and doing when they sign up, especially since scrutiny of dark patterns are on the rise. 

Tracking consumer complaints is a critical part of this, as they provide insight into the exact issues that consumers are facing. 

This process of understanding the consumer’s perspective should be shared responsibility among the compliance team, marketing team, and website design team. Compliance departments need to take a holistic view of the product presentation, ensuring that everyone is aware of potential issues from the start,including training marketing people on compliance issues so that potential problems are caught early.

Get more expert insights

As the regulatory environment becomes increasingly challenging, companies need to be a step ahead, understanding where regulators stand on issues and factoring that into compliance discussions. Keeping compliance in the forefront is cricital, and companies must ensure it’s part of an integrated team when putting products and advertising together.

Access more expert insights on UDAAP compliance and best practices here

author avatar
Gianna Kennedy Content Marketing Manager
Gianna is a Content Marketing Manager at PerformLine.

Stay Updated

Join thousands of other industry professionals

Subscribe to receive the latest regulatory news and updates with a focus on marketing compliance via content offers, newsletters, blog posts, and more
This field is for validation purposes and should be left unchanged.

Connect with PerformLine and see what we can do for you.