cial suicide. Along with the word “abusive,” the DFA-updated version of the UDAAP regulation gives the CFPB and all other regulatory agencies vast powers to study the actions of institutions and widely interpret them as unfair, deceptive or abusive to consumers. It is quite possible to be compliant with such other regulations as Regulation CC or Regulation E, but non-compliant with UDAAP in regulators’ eyes. Keeping a tight rein on your third-party vendors, and holding them to the same compliance standards as you, will aid in mitigating risk. Jennifer Hamby is marketing project manager for Data Facts. She may be reached by phone at (901) 685-7599 or email jenniferh@datafacts.com.
Ways to stay compliant l Get to know the CFPB: It is imperative to keep a close watch on the events going on at, and the announcements being made by, the CFPB, in particular those related to UDAAP and the CFPB’s enforcement actions. l Review and review your Web site: The CFPB is now responsible for administering many regulations that govern website content, including Truth-in-Savings (Regulation DD) and Truth-inLending (Regulation Z), among others. Content and online disclosures that were compliant with these regulations pre-Dodd Frank Act are being closely evaluated by the CFPB to discern if the language itself or the practices described by them are in any way unfair, deceptive or abusive to consumers. If you have not reviewed your Web site recently, you must make it a priority to thoroughly review every page, link and disclosure on it. Your institution also needs to set up a schedule for regular, ongoing Web site reviews. Depending on the size of your site, this can be a monumental task. l Test your marketing and advertising materials: In addition to your Web site, your institution needs to review all of its other marketing collateral and advertising materials. This includes everything from brochures to branch signage and, of course, paper-based disclo-
67
TagQuest Timeline 2004 • TagQuest was Born offering data for marketing campaigns 2005 • Opened the first call center • First time to offer Credit Data 2007 • First to offer Guaranteed Direct Mail 2013 • Recognized by NMP Magazine as a “Visionary Organization” showcased in NMP’s Inside Look • Launched our online mail portal • Launched Proprietary Data Merging Software 2014 • Developing our own internet lead distribution system with integrated ping post • Celebrating 10 Years In Business Thanks To Our Customers
n Pennsylvania Mortgage Professional Magazine n JUNE 2014
These events make clear that UDAAP is a top priority for the CFPB, and this focus is filtering to other regulatory and law enforcement agencies as well. Several of the CFPB’s enforcement actions were issued jointly, with such other agencies as the Office of the Comptroller of the Currency (OCC), the FDIC, state agencies and state attorneys general. The other eye-opening fact to note is that while all of the CFPB’s enforcement actions cited UDAAP, none of them claimed “abusive” practices, leaving this amorphous term’s definition still elusive to institutions. One does wonder, though—given the charges in the CFPB’s enforcement actions—if the expansion of UDAAP with the word
“abusive” added weight to the origisures. As you test your materials, nal two—unfair and deceptive. pay close attention to those prodThe CFPB released a study in ucts and services whose inherent December of 2013 on the impact of nature puts them at particular risk compliance costs in the mortgage for perceived deceptive practices banking industry since the onslaught such as mortgage loans. of rules and regulations over the past l Train, train and train your staff: It five-plus years. According to their is vital that you train your staff and study, the industry has seen a 13 perany third-party providers on all cent increase (on average) of costs products and services that they only associated with compliance. sell, manage or service, as well as So what does this mean? It means on your UDAAP policy and proceimmediate actions must be taken to dures—and that your staff adheres minimize your risk of UDAAP and to the policy and procedures. ensure compliancy for your institution, as well as the vendors who pro- Remember: Policies + vide, manage or service your con- Processes + Training + sumer products. It is imperative that Actual Actions = you require all third party vendors Compliance have the same compliance standards To deny the impact that UDAAP is havas you require. ing on the industry is potential finan-
NationalMortgageProfessional.com
cardholders, and charging fees that were not clearly disclosed.” Note that the bank was held more liable than the third-party service provider, as its civil money penalty was $600,000, while the latter’s was $100,000. Both agreed to jointly pay restitution of approximately $1.1 million to affected customers. l June 27, 2013–CFPB filed fourth enforcement action: The CFPB cited a large institution and its non-bank partner for misrepresenting the true cost and coverage of its add-on products. Between the two entities, they are responsible for returning $6.5 million to customers affected by the situation. Remember, misrepresentation falls under UDAAP’s definition for deceptive, as it encompasses any material representation, act, practice or omission that misleads or is likely to mislead consumers. l Sept. 19, 2013–CFPB issued fifth enforcement action: The CFPB’s fifth enforcement action was settled with a major financial institution for unfairly billing customers for an identity theft protection product supplied by a third-party vendor. The institution was ordered to refund $309 million to its customers. Never before has the assurance that your thirdparty vendor is going above and beyond all that is necessary to practice compliant policies, procedures and actions, been more important than now.