This article is the last in a four-part series on the Consumer Finance Protection Bureau (CFPB) and the broad powers with which it is armed to regulate financial institutions under the Dodd-Frank Wall Street Reform and Consumer Protection Act. Read parts one, two and three.  

In the first three articles in this series, we have outlined the origins of the CFPB, addressed its new definition of “abusive,” and discussed an institution’s exposure to liability for vendor actions in light of this new definition. In this article, we suggest ways in which financial institutions can protect themselves against unfair, deceptive or abusive acts and practices (UDAAP) violations through a combination of efforts, including employee compliance training, programs for receipt and analysis of consumer complaints, and increased consideration of financial products from the perspective of the lay consumer.

The CFPB has made clear that financial institutions subject to its jurisdiction must develop and implement effective compliance management systems to prevent UDAAP violations. A cornerstone of any such compliance management system is employee training. As part of a formal, written compliance program, to be administered by the institution’s chief compliance officer, the institution should develop a formal training program designed to ensure that its employees are educated about the concept of UDAAP, fertile areas for potential violations and the steps the institution takes to ensure compliance. An overview of the CFPB’s compliance management review, which can be found on the CFPB’s website, reveals that effective employee UDAAP training requires that institutions consider the specific regulatory requirements related to an employee’s job functions and tailor the training accordingly.

A review of the CFPB’s recent regulatory actions confirms this approach. In a bulletin issued on July 18, the agency indicated that it would be targeting the marketing of credit card add-on products as part of its regulatory efforts. The bulletin advised companies that they should institute comprehensive employee training regarding credit card add-on products as part of their compliance management programs. The CFPB specifically noted that organizations should implement such training to limit the potential for regulatory violations and consumer harm. Additionally, on Oct. 1, the CFPB fined American Express Bank for engaging in deceptive debt collection practices. In the consent order entered into between the CFPB and the bank, the agency specifically noted that the bank had failed to implement an effective employee training program that addressed deceptive acts and practices. As part of the consent order, American Express was required to implement a training program that included training on consumer protection laws.

Financial institutions should also have a clear and effective process for receiving, reviewing and addressing consumer complaints as a method to avoid, or minimize the potential for, UDAAP violations. Consumer complaints can play a key role in the detection of UDAAP because the complaints may be indicative of weaknesses in an institution’s compliance management system, such as training or internal controls.

Moreover, the CFPB solicits and reviews complaints directly from consumers. According to CFPB Director Richard Cordray’s Sept. 20 testimony before the House Financial Services Committee, as of Sept. 3, the CFPB had received 72,297 complaints from consumers regarding credit cards, mortgages and other financial products and services. The CFPB reviews these complaints and considers whether to initiate enforcement actions. Accordingly, if the CFPB is receiving and considering complaints directly from consumers, financial institutions should ensure that they have effective processes in place for receiving, reviewing and addressing their customers’ complaints because the results may be indicative of CFPB concerns.

Finally, financial institutions can minimize the risk of a UDAAP violation by considering their financial products from the perspective of an uninformed consumer or financial layman. The CFPB is the consumer watchdog of financial institutions, and describes its work as “a mission to make markets for consumer financial markets and services work for Americans.” Accordingly, it can be expected that CFPB officials will review the products and practices of financial institutions from the perspective of the consumers they are seeking to protect. Financial institutions should therefore review their products and services from the same lay perspective and assess whether any of them might be considered to have confusing or misleading language or terms. Moreover, institutions may want to consider the internal reasons behind the creation of the product or service. If the reason is difficult to describe or  does not clearly reflect a benefit to the consumer, the product or service may be the type that will draw the attention of the CFPB.  

While there is no single task that a financial institution can take to prevent a CFPB investigation for UDAAP violations, a combination of proactive efforts can successfully limit the likelihood of such investigations.