3 Steps Banks Can Take to Avoid UDAAP Violations

• Mar 14, 2023
• By Rafael DeLeon

In the wake of heightened regulatory scrutiny, Regions Bank was recently fined close to $200 million for unfair, deceptive, or abusive acts and practices (UDAAP) violations against its customers. Consequently, banks have been handed an opportunity to learn a few lessons on the importance of prioritizing UDAAP compliance to both protect consumers from harm and shield themselves from significant reputational damage. The Regions Bank Case In September, the Consumer Financial Protection Bureau (CFPB) reported that Regions Bank committed UDAAP violations when it charged ?surprise overdraft fees? between 2018 and 2021. Specifically, it charged overdraft fees on transactions that had a sufficient balance when a transaction was authorized but later settled with insufficient funds (Authorized-Positive Overdraft Fees). According to the CFPB, the fees were hidden and so confusing that not even the bank?s employees could explain why customers were being charged. Consumers were also unable to understand the bank?s overdraft policies. The CFPB stated that Regions? ?manipulative processes meant that even consumers closely monitoring their account balances and carefully calibrating their spending in accordance with the balances shown could not reasonably avoid surprise overdraft fees.? The bank?s actions caused at least $141 million in consumer harm. In response, the CFPB ordered Regions to:

• Stop charging Authorized-Positive fees;
• Pay a $50 million penalty to the CFPB?s victims relief fund; and
• Provide at least $141 million to affected customers.

To make matters worse, this was a repeat violation. The bank ran into similar trouble in 2015 when the CFPB required it to pay $49 million in restitution and a $7.5 million fine for charging consumers overdraft fees when they hadn?t opted into the program. Understanding the Risks of UDAAP Violations Regions? case points to the importance of understanding UDAAP. UDAAP violations occur when an act or practice is considered unfair, deceptive, or abusive. These regulations are designed to ensure that institutions are working to protect their current customers and consumers. Typically, UDAAP violations fall into one of three categories:

1. Unfair practices are those that may cause substantial injury, are not reasonably avoidable, and the injury is not outweighed by the benefit.
2. Deceptive practices are material statements or omissions that would mislead a reasonable consumer.
3. Abusive practices interfere with a consumer?s ability to understand a term or condition or take unreasonable advantage of a consumer.

UDAAP places a special emphasis on protecting ?vulnerable? customers, which are defined by protected characteristics such as age, disability, gender, race/ethnicity, low or limited literacy, receipt of public assistance, and education level. Regions Could Have Avoided Violations Regions was warned by its compliance staff that continuing to charge customers surprise overdraft fees exposed the bank to UDAAP risk. If harm was proven by the CFPB, Regions would be on the hook to refund the fees and likely pay an additional fine. Despite this, Regions continued its practices ? likely because overdraft and non-sufficient funds fees are key to the bank?s profit model. In 2019, overdraft and non-sufficient funds fees accounted for 17.7% of its non-interest income. This decision cost the bank close to $200 million in fines and restitution and undoubtedly a reputational hit. How Banks Can Avoid UDAAP Risk While the landscape around consumer protection can be complex, banks can learn concrete lessons from Regions? UDAAP fiasco and ensure they are protecting customers and their reputation. Here?s a quick look:

1. Take Employee Reports Seriously

Employees warned management of its overdraft practices for years before the bank was investigated. In a 2016 survey of employees, nearly 700 identified overdraft/non-sufficient funds fees as the most difficult customer problem to resolve. A series of consumer and employee focus groups in 2020 found similar results. Despite these reports, the bank held off on making any changes. Banks must ensure employee reports are addressed, especially where consistent customer complaints and roadblocks are concerned. Employees should have clear internal channels for reporting concerns, and management should take quick action to update products and services when serious concerns are identified.

2. Listen To Your Customers

Regions? case is also an example of how customer complaints can serve as key risk indicators (KRIs). Customer focus groups revealed major frustrations with overdraft fees, which should have alerted the internal compliance team before it was escalated. It?s important to maintain a reliable complaint management program. It should include:

• Channels for customers to submit complaints and complaints to be logged;
• A function for identifying and analyzing complaint trends; and
• A way to consistently resolve complaints in a timely manner.

Effectively managing complaints can help your bank detect where potential consumer harm is occurring and solve the problem before examiners or attorneys get involved. Remember: you can?t fix something if you don?t know it?s broken.

3. Implement a Risk Assessment Program

Banks should also implement a risk assessment program to prevent UDAAP violations. Examiners want to see that your institution is aware of risks and taking action to correct unfair practices. A risk assessment program helps banks to monitor, report on, and communicate risk at an enterprise level. A good program will give you the tools to spot and address potential UDAAP and other risky practices early. In the case of Regions, a healthy risk assessment program could have surfaced critical risks such as regulatory non-compliance, customer abuse, and unfair product terms ahead of the CFBP?s investigation. A risk assessment program typically has three lines of defense to identify, measure, manage, and control risks. The challenge for banks is ensuring your program uses detailed data collection and continuous monitoring ? all while weighing its practices against a constantly-changing landscape of federal and state regulations. For most banks, this necessitates the use of an automated solution. Manual risk assessment can be time-consuming and costly to effectively implement at an enterprise level. Make Headlines for the Right Reasons Ultimately, meeting UDAAP regulations isn?t just about avoiding fines or a damaging scandal. By complying with UDAAP, banks can demonstrate their commitment to ethical practices and support the long-term health of their institution in the process. About Author: Rafael E. DeLeon is Senior Vice President, Industry Engagement at Ncontracts, and an expert in risk management, governance, and regulatory compliance at financial institutions. ? Prior to joining Ncontracts, he served as the Director for Banking Relations in the Office of the Comptroller of the Currency (OCC), as well as an OCC National Bank Examiner, trainer, and industry analyst for over 30 years. Mr. DeLeon also serves as a director at MainStreet Bankshares in Fairfax, Va. ?

---