(As published in BankingExchange.com)
Industry is witnessing that the federal approach to Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) is becoming less aggressive
As the industry witnesses the federal approach to Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) becoming less aggressive, many think the focus of UDAAP will shift to state developments. As a result, understanding state level trends, as well as maintaining strong UDAAP policies and procedures, will likely be crucial to avoiding enforcement actions.
The origins of UDAAP
At the federal level, there are basically two variations of UDAAP:
- UDAP (Unfair and Deceptive Acts or Practices), and
- UDAAP (Unfair, Deceptive or Abusive Acts or Practices).
UDAP was created in the FTC Act in 1938. The Federal Trade Commission has rulemaking authority. Today, UDAP is primarily focused on businesses other than banks, savings and loan institutions, and federal credit unions.
UDAAP was created in the Consumer Financial Protection Act (CFPA) in 2010. As the extra “A” suggests, the most notable difference is the inclusion of the “abusive” standard. Another substantive difference is that the Consumer Financial Protection Bureau (CFPB) has rulemaking authority. Consequently, UDAAP is primarily focused on banks, savings and loan institutions, and federal credit unions.
The CFPB has typically taken the lead in federal UDAAP enforcement, but the other prudential regulators (OCC – Office of the Comptroller of the Currency, FRB – Federal Reserve Board, FDIC – Federal Deposit Insurance Corporation, NCUA – National Credit Union Administration) also have enforcement authority.
The Biden administration’s CFPB took a very aggressive approach to UDAAP. For example, prohibiting certain commonly used contract provisions in consumer contracts, as described in CFPB Circular 2024-03 (under a theory of deceptiveness). Another notable example was prohibiting or capping “junk fees,” such as credit card penalty fees and overdraft fees (under a theory of unfairness).
The Trump administration has made it clear that the CFPB (if the CFPB continues to exist) will take a less aggressive approach regarding UDAAP moving forward. What that means is still unclear. It is highly probable that there will still be UDAAP enforcement actions. For example, egregious violations (such as pyramiding late fees or disclosing a low APR but charging a much higher rate) will most likely still be prosecuted. But if the CFPB is no longer taking the lead on UDAAP and pushing the boundaries of its enforcement, state UDAAP developments will have a more prominent role.
State-level UDAAP: A snapshot
At the state level, a few states have UDAAP laws, but many states only have UDAP laws. For simplicity, the remainder of this article will refer to both types of laws at the state level as UDAAP.
Most states enacted UDAAP statutes in the 1960s-1980s. Every state has a consumer protection statute that prohibits deceptive practices. Many states also prohibit unfair or unconscionable practices. Many of these state laws cover at least some types of banking activities. Generally, state UDAAP laws confer enforcement authority on the state’s attorney general. Some states authorize a state agency to create rules banning specific actions under state UDAAP laws.
States have broad authority to regulate UDAAP. Historically, consumer protection has been a power reserved to the states by the 10th Amendment of the U.S. Constitution. Many federal consumer protection laws set a “floor” for consumer protection and allow states to provide greater consumer protection (e.g., Equal Credit Opportunity Act, Electronic Funds Transfer Act, Gramm-Leach-Bliley Act). Importantly, the CFPA provides that a state law giving consumers greater UDAAP protection than the federal law is not inconsistent with the federal law and is not preempted by it.
Examples of recent state UDAAP activities
As might be expected, California and New York have been at the forefront of expanding UDAAP laws and enforcement at the state level. California’s Attorney General issued a letter warning banks and credit unions that “surprise” overdraft fees and returned deposited item fees may violate California law (under a theory of unfairness). New York’s Department of Financial Services proposed regulations prohibiting many types of overdraft fees, such as charging fees on overdrafts of less than $20 or charging overdraft fees that exceed the overdrawn amounts, among other prohibitions (also under a theory of unfairness).
However, it’s not just expected states like California and New York that are contemplating new or revised laws related to UDAAP. For example, Florida and Georgia recently enacted commercial financing disclosure laws requiring Truth-in-Lending Act-like disclosures for certain business credit. A failure to provide these disclosures would violate that law and likely be deceptive under UDAAP. Another example is several state legislatures considering banning medical debt from credit reports. If the proposed legislation in these states becomes law, failure to exclude medical debt from credit reports would violate that law and likely be unfair under UDAAP.
The keys to compliance
1. Closely monitor UDAAP developments
One key for staying compliant is for financial institutions to remain informed of UDAAP developments at the federal level and in any state in which they do business. These developments could include new statutes, new regulations, or new enforcement actions.
Enforcement actions can be particularly tough to monitor because they can come from a variety of sources.
At the federal level, enforcement actions can come from the CFPB, OCC, FRB, FDIC, and NCUA. Sometimes multiple agencies will jointly issue an enforcement action.
For most states, enforcement actions come from the attorney general, but some states also permit regulatory agencies to bring enforcement actions. In addition, most states permit consumers to directly bring a lawsuit against a financial institution alleged to have violated UDAAP in some situations, so it’s also important to monitor court cases involving UDAAP. Leaning on state industry associations can help financial institutions track down these enforcement actions and cases.
Awareness of trends in other states can help institutions prepare for the direction UDAAP may be headed in their state.
2. Maintain strong policies and procedures
UDAAP encompasses every interaction an institution has with their customers. A non-exhaustive list of examples includes (1) the initial advertising, (2) the use of credit reports in credit decisions, (3) the contracts and disclosures at loan origination or account opening, (4) loan servicing or account maintenance, and (5) debt collection.
Strong policies to avoid UDAAP should include a focus on accuracy, honesty and transparency, clarity, compliance (with relevant laws), fairness, and timeliness.
Maintaining strong policies and procedures to avoid UDAAP violations is important because it avoids investigations and monetary penalties. More importantly, it avoids reputational harm and builds trust with customers.
Conclusion
New developments in UDAAP enforcement will likely shift toward the states in the next few years. To stay ahead of the compliance curve, financial institutions should closely monitor UDAAP developments at the state-level and pay close attention to trends. They should also continue to maintain strong policies and procedures around UDAAP, ensuring those policies encompass the various interactions they have with customers. Finally, remember that avoiding UDAAP is more than just mere compliance – it is also key to maintaining high levels of trust with customers.
