Expect 2014 to be a banner year for enforcement actions under the Unfair or Deceptive Acts or Practices law (UDAP) and the new Unfair, Deceptive or Abusive Acts and Practices law (UDAAP). While predicting regulatory trends can be difficult, we believe this to be a safe bet in light of the trends in 2013 and early indications in bank examinations already this year.
Below are some of the enforcement trends from last year and tips highlighting what can be done to reduce the risks of UDAP and UDAAP enforcement actions in 2014.
In 2013, the FDIC imposed civil money penalties against banks in 89 instances, 16 of which were for UDAP violations and many of those also required consumer restitution. The only compliance area triggering more civil money penalties in 2013 was the Flood Disaster Protection Act, accounting for 27 of the 89 cases, which is roughly consistent with the percentages in that area since Katrina.
UDAP penalties in 2013 ranged from approximately $6,000 to $3.6 Million (American Express Centurion Bank) and $5 Million (Citizens Bank of Pennsylvania). In half of the cases the civil money penalty exceeded $100,000 (excluding restitution), but the average was approximately $660,000 given some of the very high penalties.
Related to the FDIC’s action against American Express, the CFPB ordered American Express to provide $59 Million in restitution on top of a $9.6 Million fine, and the OCC added an additional $3 Million fine. Also in December, the CFPB ordered GE CareCredit to refund $34.1 million to 1 million customers due to deceptive credit card enrollment tactics. In 2012 the CFPB had imposed a combination of civil money penalties and restitution requirements totaling $210 Million against Capital One and $214 Million against Discover.
This is just a sampling of the enforcement actions from 2013, and many more are in the works at at this time but cannot yet be reported because they are not yet public. It is clear that UDAP and UDAAP enforcement is a very high priority today and that this trend is likely to continue through at least 2014.
To reduce your risks of UDAP and UDAAP criticism and enforcement actions, consider the following actions:
- To paraphrase President Taft, don’t write your advertisements to be understood, write them so they can’t be misunderstood. If an advertisement or other consumer-facing document can be misinterpreted, the examiners will find a way to do so.
- Consider asking employees with the least understanding of the product or compliance to read and explain the materials in their own words. The results might surprise you.
- If you advertise on television, look carefully at any printed disclosures on the screen. Do they appear over a background that obscures the text, such as dark letters on a dark background or light letters on a light background? Are the disclosures visible long enough for the average consumer to read them? Again, test these disclosures with your employees who know the least about the product.
- Review and follow FTC advertising guidance, including the FTC’s .Com Disclosures Guidance. While this guidance might not technically apply to all of your advertisements, the federal bank regulators tend to apply it nevertheless. For example, the Truth in Savings Act is relatively liberal about the placement of disclosures in relation to the text that it modifies, but FTC guidance can be more demanding regarding the proximity of disclosures to the text and the labeling of links to those disclosures.
- Assess the features and terms of your products or services honestly. Try to think like the average consumer (or regulator) to identify the most negative or objectionable terms. Ask yourself whether you would encourage your grandmother or favorite sibling to buy it. If you would not, your regulator will not like the product either, and from there it is only a short step to a UDAP or UDAAP claim.
- Know and monitor your third-party vendors. As enforcement actions indicate, every bank is fundamentally responsible for those vendors through which it markets and offers products. If you use a third party for payment processing or otherwise, make sure the vendor’s policies are not susceptible to UDAP or UDAAP violations and that their interactions with consumers ensure compliance.
Perhaps most important, continue to watch the enforcement trends and do not hesitate to reach out to your peers and consultants for second opinions.