Overview
An accurate understanding of the impacts of Title X of the Dodd-Frank Wall
Street Reform and Consumer Protection Act of 2010, known as the Consumer
Financial Protection Act (CFPA), on the regulation and enforcement of
unfair, deceptive, and abusive acts or practices (UDAAP) remains elusive
for many in the banking industry. Commonly held misconceptions about UDAAP
include the beliefs that:
- The UDAAP provisions of the CFPA repealed Section 5 of the FTC Act (UDAP)
- The pre-CFPB regulation of UDAP was primarily driven by content-specific,
formal regulations, issued after notice and comment
- The CFPB’s application of UDAAP represents a marked departure from
how the FTC and the federal banking agencies historically applied UDAP
In reality, much of what is often perceived as new about UDAAP is firmly
rooted in pre-CFPA interpretations of UDAP, which continue to be relevant
for purposes of understanding, anticipating, and preventing violations
of UDAAP. Moreover, as explained below, the CFPB’s application to
date of the UDAAP prohibition against “abusive” acts or practices
does not indicate a marked departure from prior UDAP precedents or signal
a new playing field for compliance efforts. As a result, greater clarity
can be found regarding the requirements of UDAAP and the related necessary
actions by lenders. Because much of UDAAP is not new, those institutions
that become the subject of a UDAAP investigation are very limited in their
ability to claim a justifiable lack of awareness.
Pre-CFPB Interpretations
The federal regulation of UDAP commenced 75 years ago, on March 21, 1938,
when the FTC Act was amended by the addition of the simple, unadorned
declaration: “unfair or deceptive acts or practices in or affecting
commerce, are hereby declared unlawful.”[1] The issuance of formal regulations interpreting this assertion in the
context of banking over the ensuing seven decades was limited to the Federal
Reserve Board’s Regulation AA, issued as a result of the FTC Improvement
Act of 1975, and mirror regulations issued by the Federal Home Loan Bank
Board (FHLBB)—predecessor to the Office of Thrift Supervision (OTS)—and
the National Credit Union Administration (NCUA).[2] Regulation AA closely mirrored the FTC’s Credit Practices Rule (18
C.F.R. Part 444) and prohibited: (1) the use of certain provisions in
consumer credit contracts, (2) the misrepresentation of the nature or
extent of cosigner liability, and (3) the pyramiding of late fees. As
is further discussed below, the Rule’s relative lack of importance
for purposes of interpreting and applying UDAP is evidenced by the fact
that none of the most significant pre-CFPA bank agency enforcement actions
alleged Rule violations.
Although the FTC continues to enforce the Credit Practices Rule against
non-banks, Regulation AA has been rescinded. As is explained in the Interagency
Guidance Regarding Unfair or Deceptive Credit Practices (Interagency Guidance),
which was published jointly by the CFPB and the four federal banking agencies
on August 22, 2014, the CFPA did repeal the ability of the federal banking
agencies to issue rules interpreting UDAP.[3] As a practical matter, however, the rescission of Regulation AA has no
effect on the future ability of the banking agencies to enforce that rule’s
substantive requirements. In this regard, the Interagency Guidance notes
that “depending on the facts and circumstances . . . the “[Banking]
Agencies may determine that statutory violations exist even in the absence
of a specific regulation governing the conduct.”[4] In sum, formal banking regulations were a non-factor in the pre-CFPA interpretation
and enforcement of UDAP, and the CFPB’s fact-specific approach to
applying UDAAP, in lieu of issuing formal regulations, continues that
supervisory approach.
Actions under the FTC Act and UDAAP
As is noted in the CFPB Supervision and Examination Handbook (CFPB Handbook):
“The standard for unfairness in the Dodd-Frank Act [Section 1031]
has the same three-part test as the FTC Act.”[5] As a result of this close synergy between the FTC Act and the CFPA, pre-CFPB
interpretations of unfairness by the bank agencies and the FTC remain
highly relevant. Among the pre-CFPA bank agency enforcement actions highlighted
in the CFPB Handbook is the OCC’s April 2008 Consent Order issued
against Wachovia National Bank, wherein the OCC alleged that Wachovia
Bank engaged in unfair practices by continuing to maintain deposit accounts
for fraudulent telemarketers despite a high volume of returned deposits
from remotely-created checks and complaints from defrauded consumers.
As a result of its inaction, Wachovia was ordered to pay fines and monetary
restitution totaling $140 million in connection with products that were
not Wachovia-branded, not targeted to Wachovia’s customers, and,
for the most part, were sold to consumers who had no Wachovia account
relationships. This Consent Order is additionally significant because
it predated the enactment of Section 1036(a)(3) of the CFPA, which specifically
prohibits furnishing “substantial assistance” to a third party
that engages in UDAAP violations, by two years.[6]
Another notable pre-CFPB bank agency enforcement action concerning allegations
of unfairness is the FDIC’s July 2009 Settlement with Advanta Bank.
The FDIC’s allegations centered on Advanta’s aggressive repricing
of business credit card accounts and Advanta’s failure to provide
the affected customers advance notice of the increased rates and the opportunity
to opt-out—neither of which were required of Advanta by the Truth-In-Lending
Act and Regulation Z.[7] In the same action, the FDIC alleged that Advanta’s marketing of
its multi-tiered cash back rewards program was deceptive based on the
same standards that are relied upon to establish deceptive acts or practices
by the FTC.
With respect to deceptive acts or practices, the CFPB Handbook provides
that CFPB examiners “should be informed by the FTC’s standard
for deception” and further notes that: “The Federal Trade
Commission (FTC) and federal banking regulators have applied these standards
[for deception and unfairness] through case law, official policy statements,
guidance, examination procedures, and enforcement actions that may inform
CFPB.” Among the notable examples of a pre-UDAAP action involving
allegations of deception is the FTC’s December 2008 enforcement
action against CompuCredit, a non-bank, non-creditor which designed, marketed,
and serviced high cost, subprime credit card products that were issued
by a third-party bank. The FTC ordered CompuCredit to pay $144 million
in fines in customer reimbursement for a myriad of alleged deceptive marketing
practices and failures to provide appropriate disclosures, the terms of
which for CompuCredit, as a non-creditor, were not dictated by the conduct-specific
requirements of Regulation Z.
In addition to interpreting UDAP through their formal enforcement actions,
the FTC and the federal banking regulators issued a significant body of
pre-CFPA written guidance concerning the unfair and deceptive standards.[8] That guidance includes OCC Advisory Letter 2002-3, which, among other
things, provides that acts or practices may violate conduct-specific regulations,
such as Regulation Z, Regulation B, or Regulation P, and additionally
violate UDAP.[9] In addition, Advisory Letter 2002-3 further cautions that although the
Fair Debt Collection Practices Act (the FDCPA) is inapplicable to a party
collecting on its own debts (i.e. a first-party collector), that party
may be liable under UDAP for the improper collections practices of its
third party agents.[10] Finally, the advisory letter notes that unfair acts practices “generally
would involve acts or practices that are unscrupulous, unconscionable,
or contrary to public policy, and that harm consumers.”[11]
In sum, while the CFPB has been far more active than the bank agencies
were in bringing actions against banks alleging deception and unfairness
prior to the CFPA, the primary difference between such actions pre and
post-enactment of the CFPA, is the vastly greater volume and frequency
of UDAAP enforcement actions, along with a steady flow of public statements
by the CFPB cautioning against UDAAP.[12] For the most part, however, these new actions and public issuances reinforce
and magnify the application of historical UDAP precedents, but do not
break new ground. This avalanche of new UDAAP enforcement actions is what
makes UDAAP seem entirely new, versus based on existing legal and historical
precedents.
The Abusive Standard
Notwithstanding the above, the abusive standard of Section 1031 of the
CFPA has no direct parallel in UDAP. To date, however, the CFPB has only
cited abusive violations in actions that primarily alleged unfair or deceptive
acts or practices; e.g., only one of the six counts alleged in a PayPal
Complaint asserted abusive acts or practices. In the vast majority of
those actions, the CFPB emphasized that the affected consumers were particularly
susceptible to financial harm due to economic distress, servicemember
status, or other circumstances. In addition, most citations of abusive
acts or practices were alleged as violations of Section 1031(d)(2)(A)
or (B), which respectively prohibit a covered person from taking unreasonable
advantage of: “(A) a lack of understanding on the part of the consumer
of the material risks, costs, or conditions of the product or service;
[or] (B) the inability of the consumer to protect the interests of the
consumer in selecting or using a consumer financial product or service.
Moreover, in
every instance, the subject misconduct could have been alleged as an unfair
act or practice.[13] Indeed, the CFPB’s inconsistency in invoking the abusive standard
is a common source of industry dissatisfaction. To recap, based on the
CFPB’s UDAAP enforcement actions to date, an apropos analogy can
be drawn between the abusive standard and hail in a thunderstorm; i.e.
both can be damaging, are rare and difficult to predict, and only occurs
within a larger disturbance. If this enforcement pattern continues, an
institution that succeeds in avoiding unfair or deceptive acts or practices
should also succeed in avoiding abusive acts or practices.
Conclusion
Because UDAP and UDAAP are not fundamentally different from each other,
there is an established body of knowledge to draw upon in identifying
potential UDAAP risks. To this end, certain signs of emerging UDAAP risks
are obvious, such customer complaints, an increase in the denial rates
for customers’ redemption requests for rewards or other benefits,
or the early cancellation of products and services. Recognizing other,
more subtle signs, however, may require assistance from persons who are
specialists in spotting emerging trends and vulnerabilities within particular
product lines or customer segments, which is where Bridgeforce and Bridgeforce
Law can help. In this regard, it is our experience that even the best
designed and well-executed system of internal controls for managing UDAAP
risks can benefit from a fully independent assessment conducted far enough
in advance of the next consumer compliance examination to make any necessary
adjustments.
[1] 15 U.S.C. § 45(a)(1).
[2] The OCC did not have the authority to issue rules interpreting Section
5 of the FTC.
[6]See CFPB Consent Order issued against JPMorgan Chase & Co. (“Chase”)
on July 8, 2015, regarding sales of bad debt and robo-signing of court
documents in which the CFPB alleged that Chase violated Section 1036(a)(3)
of the CFPA (12 U.S.C. § 5536(a)(3)) by ”knowingly or recklessly”
providing “substantial assistance” to a third party that engaged
in unfair, deceptive or abusive act or practices where Chase either knew
or should have known that debt buyers would seek to collect on certain
accounts sold by Chase that were unenforceable, had inaccurate information,
or included inadequate information to support the claims that consumers
owed the debts sold and owed them in the amounts stated in loan documents
provided by Chase (¶¶ 35-36).
http://www.consumerfinance.gov/newsroom/cfpb-47-states-and-d-c-take-action-against-jpmorgan-chase-for-selling-bad-credit-card-debt-and-robo-signing-court-documents/
[9] OCC Advisory letter 2002-3, pages 6.
[10] Id. page 7. In July 2013, the CFPB issued Bulleting 2013-07 (Prohibition
of Unfair, Deceptive, or Abusive Acts or Practices in the Collection of
Consumer Debts), which describes certain acts or practices related to
the collection of consumer debt that could, depending on the facts and
circumstances, constitute violations of UDAAP. The Bulletin strongly emphasizes
that first-party collectors that engage in activities which would otherwise
violate the FDCPA may be held accountable under UDAAP. As recent enforcement
actions demonstrate, the CFPB has been rigorous in its enforcement of
UDAAP against such collectors. See e.g. June 17, 2015 Consent Order issued
against Security National Auto Acceptance Company.
http://www.consumerfinance.gov/newsroom/cfpb-takes-action-against-servicemember-auto-lender-for-aggressive-debt-collection-tactics/.
[12] During the three month period between April 8, 2015 and July 8, 2018,
the CFPB publicly-announced a total of nine formal enforcement actions
based on various alleged violations of UDAAP.
[13] For example, the CFPB Complaint against PayPal alleged that PayPal’s
disregard of customer’s instructions to allocate excess payments
for deferred credit plans constituted an abusive practice in violation
of Section 1031(d)(2) of the CFPA (unreasonable advantage of the inability
of the consumer to protect the interests of the consumer in selecting
or using a consumer financial product or service). 12 U.S.C. § 5531(d)(2).
Yet, the Section 1031(c) CFPA standard for unfairness (i.e. substantial
harm, not reasonably avoidable by the consumer, as to which there was
countervailing public benefit) would seemingly apply to that exact same
conduct. 12 U.S.C. § 5531(c).