Credit unions must review for unfair, deceptive or abusive acts or practices
Historically, credit unions have used a member-focused approach in their operations with products, services and an overall strategic plan designed to serve members’ needs. This business model has served credit unions (and their members) incredibly well. However, recent UDAAP penalties – including a CFPB action requiring $2.9 million in refunds and a $200,000 fine for deceptive advertising of “Free Checking” – means credit unions need to take actions to understand, monitor and reduce UDAAP risks.
Credit unions have historically been subject to the National Credit Union Administration (and the Federal Trade Commission) interpretation of “unfair or deceptive acts or practices” (UDAP). Over the years, there have been very few situations where credit union practices were brought into question under the UDAP tests.
However, the Dodd-Frank Act changed the landscape and added a new “abusive” test – expanding the acronym to “unfair, deceptive or abusive acts or practices (UDAAP). This expansion – along with UDAAP being named a priority of the CFPB – has required credit unions to conduct a comprehensive review of their products and services.
Importantly, a particular act or practice does not need to be a regulatory violation for it to be considered a UDAAP violation. Thus, credit unions must have a strong risk management program to review, analyze and mitigate potential UDAAP risks.
Draft a UDAAP Policy
A UDAAP policy should be the starting point for all credit unions. A policy outlines the credit union’s commitment to refrain from acts or practices that could be considered unfair, deceptive or abusive. The policy should also discuss the steps the credit union will take to review and prevent UDAAP concerns. For example, the UDAAP policy should provide a general outline of how the credit union will address steps 3 through 7 below.
The policy does not need to go into the details. Rather, your existing procedures – vendor management or addressing member complaints, for example – will explain the precise steps the credit union is taking. The UDAAP policy highlights those existing practices and reiterates the credit union’s commitment to offer products and services that are understandable and fair to members.
Review Marketing Content
A key component in reducing UDAAP risk is clear, understandable marketing language. This goes beyond the technical advertising disclosure requirements and extends to the overall message conveyed to members and potential members. Credit unions should set up consistent procedures to review marketing and advertising content to ensure regulatory compliance and review for potential UDAAP concerns. Additionally, credit unions should monitor members’ actual usage of the product or service and determine if the usage matches how the product or service was described in the advertisement.
Review the Fine Print
In most UDAAP situations, the financial institution’s practice differed from their written disclosure or contract. And, in most cases, the marketing of the product or service differed as well. Credit unions need to ensure their marketing language matches their disclosures and that both of these are consistent with their actual practices.
The easiest way to increase UDAAP risk is to market a product or service in a manner that is inconsistent with the credit union’s full disclosures or practices. Credit unions that consistently review their actual contractual terms and existing procedures will be able to easily identify situations where the marketing approach is inconsistent and take actions to align all three aspects: marketing, disclosures and practices.
Monitor Your Vendors
A common theme in UDAAP violations is unmonitored third-party service providers. Your credit union’s reputation is on the line every time a member conducts a transaction with you – and your third party partners. A credit union’s vendor management program should include a UDAAP risk assessment and there should be ongoing monitoring of the relationship over time.
Member complaints are the number one way regulators learn of potential UDAAP violations. Therefore, robust member complaint procedures should be a part of the credit union’s overall UDAAP policy. Complaints (both formal and informal – such as Facebook and Twitter) are the perfect place to determine if there is something about the product or service that is not straightforward or clear. And, rather than just address the complaints and fix the errors credit unions should track the information and monitor the trends over time. Are certain third-party service providers generating more complaints? If so, that is a clear indicator that additional monitoring is required.
When it comes to UDAAP, there are not black and white regulatory requirements. The issues are more subjective and open to interpretation. This only heightens the need for staff training so that employees are aware of UDAAP risks and are empowered to speak up if they identify an area that needs to be reviewed more thoroughly to ensure the credit union’s marketing, disclosures and practices are properly aligned.