This article is the first in a series of six articles concerning UDAAP.

In response to the lingering recession of the late-2000s, Congress passed the Dodd-Frank Wall Street Reform and Consumer Protection Act and, among other things, created the Consumer Financial Protection Bureau (CFPB). Congress bestowed upon the up-start Bureau a broad new power to prohibit unfair, deceptive, and abusive acts or practices (UDAAP) across the entire consumer financial services industry. Today, with Dodd-Frank now in force, the bureau serves as the single primary regulator responsible for enforcing the federal consumer financial protection laws across all facets of consumer lending and other consumer-based financial products and services. This includes, of course, UDAAP.

For the unfamiliar, UDAAP is quite easily one of the most vague and amorphous statutes ever written. In essence, Dodd-Frank gives the bureau broad power to prohibit all kinds of consumer lenders, servicers and other consumer financial services market participants (e.g., consumer reporting agencies, prepaid credit cards, debt collectors) from engaging in practices that fall within the loose, barely defined standards of unfairness, deception and abuse. Although no legitimate market actor would knowingly condone or sanction practices that are objectively unfair, deceptive or abusive, it is quite another thing altogether for those in the consumer financial industry to function with these largely unknowable standards.

Prior to Dodd-Frank was just UDAP—unfair and deceptive acts or practices. Unfairness and deception were defined under UDAP in much the same way as they are defined under UDAAP—that is, vaguely. The difference is that, when it came to consumer financial services, there was a ramping up of the understanding of these terms and, ultimately, pronouncements by the principal UDAP enforcer: the Federal Trade Commission (FTC). The bureau is, for consumer financial services companies, however, a much more focused and formidable regulator.

Notably, back in the UDAP days, the industry was not subject to an abusive standard; indeed, abusive was not part of the vernacular, as it is now. That changed when Dodd-Frank took effect. No longer are the FTC or the various prudential banking regulators the focus of UDAP enforcement. Rather, the new sheriff with its proud, shiny new badge took over this piece of turf and is enforcing the new UDAAP standards that came along with it.

Expectations on the CFPB were always very high. The bureau is the brainchild of Elizabeth Warren, former Harvard law professor, consumer activist, past CFPB consultant, and now the junior Senator from Massachusetts. The hope was that with better, more consolidated oversight, openness and transparency, the era of the bureau would usher in an era of a better marketplace for both sides of consumer lending—the consumers and the financial institutions. Indeed, Warren and the CFPB itself are major proponents of these welcome principles. But as it turns out, transparency and openness at the bureau and under Dodd-Frank are largely one-way concepts. The industry must be transparent about its practices with the bureau, but the bureau is not beholden to reciprocate. The most glaring example of this is the bureau’s treatment of UDAAP.

Dodd-Frank was enacted on July 21, 2010. One year later, the CFPB obtained its enforcement authority and began most of its regulatory activities. It is now more than two and a half years since Dodd-Frank was passed and one and a half years since the bureau officially opened its doors. Even with all that elapsed time, the CFPB has told the industry virtually nothing in terms of guidance on UDAAP. Although the bureau touts its “Know Before You Owe” programs designed to give consumer borrowers better information about the loans they are undertaking, the CFPB has done next to nothing to help the industry understand the developing risks associated with consumer lending and servicing under the new UDAAP standards. The CFPB has not championed a comparable “Know Before You Loan Program,” designed to provide the industry with insights into the practices the bureau believes violates the tenets of UDAAP. But shouldn’t it?

Over the course of the next six articles, I will delve into each of the UDAAP standards—unfair, deceptive, abusive—in an effort to find some shape in these amorphous definitions. With the definitions in mind, vague as they may be, I will make some recommendations about how to adjust compliance programs to mitigate not only the regulatory risks presented by these standards, but the looming civil litigation risks as well. Finally, I will make some recommendations about what we can do as an industry to press the bureau for more clarity about UDAAP. After all, there is no principled or reasoned basis for the bureau not to inform the industry about its view of what conduct falls within the UDAAP standards; unless, that is, the bureau desires to use the imprecision of the standards to make policy after the fact. Let us hope that this is not the case.