In 1938 the Wheeler-Lea Act amended section 5 of the Federal
Trade Commission Act to declare unfair or deceptive acts or practices in
commerce illegal and expanded the FTC’s authority to include consumer
protection. Adopted as a companion amendment to the 1938 Federal Food, Drug,
and Cosmetic Act, which granted the FDA authority over the food and drug
industry, medical devices, and cosmetics, as well as establishing mandatory
pre-market drug approvals, the amendment gave the FTC authority over drug
advertisements.
While the instigating factor was unfair or deceptive acts or
practices relating to the advertisement of drugs, the amendment was drafted
much broader, specifically: “Unfair methods of competition in or affecting
commerce, and unfair or deceptive acts or practices in or affecting commerce,
are hereby declared unlawful.” (Note the focus on commerce - not consumers!) While
the prohibition applies to all engaged in commerce, the FTC was not granted
authority over banks, savings and loan institutions, or Federal credit unions.
In 1975, the FTC Act was amended to require the banking
agencies to establish consumer complaint processes and take action on
complaints alleging unfair or deceptive practices. (Note the focus on consumers
– not commerce!) This amendment prompted the FRB to issue Regulation AA,
Subpart A establishing the consumer complaint process. Over the course of time,
Congress took action on specific abusive, unfair, or deceptive acts or
practices, resulting in regulations such as those covering TILA, Fair Credit,
Home Equity, TISA, HOEPA, and Privacy – but none of the agencies adopted a
regulation covering the broad topic of “unfair or deceptive acts or practices.”
Oh, they skirted the topic from time to time. In 1980 the
FRB issued a policy statement on unfairness, followed by a policy statement on
deception in 1983. And in 1985, Regulation AA was expanded to include Subpart B
“for the purpose of preventing specific
unfair or deceptive acts or practices of banks.” Beginning in 2002, the
agencies issued various notifications to institutions of their intent to
enforce the prohibitions against unfair or deceptive trade practices, based on
the law and interpretations established by the courts and the FTC. And, agency
examination procedures for FTC Unfair or Deceptive Acts or Practices were added
to some, but not all, supervisory manuals, and no interagency exam procedures
were issued.
The 2010 Dodd-Frank Act (DFA) reopened the debate as to
whether the banking agencies should promulgate rules prohibiting unfair or
deceptive acts or practices, and added a new category of concern – abusive. Additionally,
the DFA directs the newly created CFPB to issue regulations to prevent UDAAP
against consumers. (Again, note the focus on consumers – not commerce!) While
to date the CFPB has not issued the required regulation, it did include UDAAP procedures
in its examination manual.
Bureau examiners are directed “to assess the quality of the
regulated entity’s compliance risk management systems, including internal
controls and policies and procedures, for avoiding unfair, deceptive, or
abusive acts or practices.” Further, the procedures enumerate specific topics
that should be covered in the institution’s policies and includes consideration
of whether “internal control processes are documented” in evaluating the
adequacy of the institution’s program.
Gulp! Based on the exam procedures, I feel a project plan coming
on. Have you specifically identified the policies, procedures, and internal
controls relating to UDAAP in your institution? Are they all documented? Does
your training program specifically cover UDAAP, and do you include third party
providers in UDAAP training? Do you routinely analyze (and, of course document
the analysis of) consumer complaints specifically for UDAAP? Oh, wait –
generally the level of formality of the program expected will be dictated by
the level of risk – have you done a UDAAP risk assessment? Have you expanded
the audit scope so that it “includes a review of potential unfair, deceptive,
or abusive acts or practices” and is that work “performed consistent with the
audit plan?” And the list goes on!
But wait – there’s more! Within the introductory information
of the examination procedures, in the section Relationship to Other Laws it states: “a transaction that is in
technical compliance with other federal or state laws may nevertheless violate
the prohibition against UDAAPs.” The example provided relates to an
advertisement that complies with TILA but contains other statements that are
untrue or misleading. But what impact, if any, does UDAAP have on an
institution’s use of a Model disclosure?
The FTC’s clear and conspicuous standard, which is included
in the CFPB’s manual, evaluates communications with consumers based on the “four
Ps” – prominence, presentation, placement, and proximity. The Model forms
generally appear to meet the prominence, placement, and proximity tests. The
presentation standard stated in the CFPB manual looks for an “easy-to-understand
format” and the FTC version asks if the wording and format are easy for
consumers to understand. Well, have you read those Model forms lately? Do we
need to expand our project plan to include designing disclosures with wording
and formatting that are easy for the consumer to understand
AND that meet all regulatory requirements?!?!
Clearly, regulators are focused on UDAAP and consumers –
just look at the recent CFPB enforcement action against Capital One based on
“deceptive” practices – yet, 75 years after Congress declared “unfair or
deceptive acts or practices in or affecting commerce unlawful,” we have yet to
see a regulation dealing with this broad topic. The CFPB is required to issue
regulation; all of the agencies continue to issue guidance relating to specific
products or practices; and, examiners are including varying degrees of UDAAP
reviews in examination scopes. And, my personal view is that the regulatory
consumer-centric focus will ultimately expand to encompass all types of
customers.
Institutions that implement a project plan addressing UDAAP
now will be better positioned to respond to the new regulation and the increased
regulatory focus. Determine your UDAAP-readiness by reviewing the examination
procedures published by your primary regulator – and those published by the
CFPB – to identify opportunities for enhancement. Then draft a plan and
timeline to implement those enhancements. And, by all means, stay tuned to the
agencies for breaking news!
