UDAAP: the other ‘A’ in US consumer protection
The US Federal Trade Commission (FTC) has for many years had the responsibility of preventing business practices that are unfair or deceptive to consumers. The terms unfair and deceptive are not defined in law, but are interpreted through case law and with the aid of FTC policy statements.
From UDAP to UDAAP
The Dodd-Frank Wall Street Reform and Consumer Protection Act (‘Dodd-Frank’) retains these basic principles, but adds a new term to the familiar UDAP acronym (unfair or deceptive acts or practices): abusive. Under Dodd-Frank, it is unlawful for any provider of consumer financial products or services or a service provider to “engage in any unfair, deceptive or abusive act or practice”. Hence the new acronym UDAAP forms one of the guiding principles of the Consumer Financial Protection Bureau (CFPB) set up under the Act.
Although the new standard is not defined in the statute, there is commentary to the effect that an abusive act or practice is one which:
- materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service; or
- takes unreasonable advantage of:
- a lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service;
- the inability of the consumer to protect the interests of the consumer in selecting or using a consumer financial product or service; or
- the reasonable reliance by the consumer on a covered person to act in the interests of the consumer.
It is clear, then, that a core part of the remit of the CFPB is to protect vulnerable consumers. To this end, Dodd-Frank established, within the Bureau, the Office of Financial Protection for Older Americans to protect ‘seniors’ from UDAAP in relation to current and future financial choices (see box: Case study: US retirement savings products), and the Office of Servicemember Affairs to similarly protect military personnel.
The elephant test
As yet, a significant degree of uncertainty remains over how the Bureau will develop and apply criteria to determine abusiveness. Pressed by the House of Representatives on this point, Bureau Director Richard Cordray said:
“There is a gray area and then there is a core. And within the core, there is really no question that the people who are perpetrating acts that are within that core, they know that what they are doing is probably wrong, and yet they do it anyway. In the gray area, it is a little harder to judge…
But I also think that there is enough misconduct that occurs in the core areas that we would be well-served to focus on that at the outset, in the first period of our Bureau. We want to get that cleaned up. Then, we can work on trying to define around the edges a little more clearly.”1
Cordray is in effect appealing to common-sense and the ‘elephant test’:2 we will recognize abusive behavior when we see it, and act to prevent it.3
This leaves some market participants in a state of confusion and anxiety. It could take some years for the criteria of acceptable, non-abusive behavior to be clarified through Bureau practice; in the meantime, many fear that they may have no defense against arbitrary Bureau proceedings. But in practice there are a number of sensible responses which US companies should be adopting.
Despite the concerns expressed in Congress and elsewhere, the common-sense, ‘elephant test’ is very powerful. Richard Corday has emphasized that the Bureau will focus on the core area where companies know that what they are doing is probably wrong. So the fundamental principle is simply not to do wrong by the consumer. Business practices need to be reassessed through the lens of UDAAP and compliance management systems and processes then need to be built on, and embody, this principle.
But of course there are additional implications. Compliance should not be limited to monitoring front-end marketing and sales activities: it needs to extend across the whole product life cycle, from product design and development, through marketing and sales and to after-sales monitoring, customer relations and complaint procedures. Consistency of product value proposition and consumer messaging throughout the whole period is essential to demonstrate fair treatment. Full, appropriate and accurate disclosure is critical: does the small print support the headline marketing pitch?
Beyond this, the UDAAP principle also implies appropriateness: is the product being sold right for the people to whom it is being marketed? Answering this question may require much more sophisticated customer analytics and segmentation tools (such as 100 percent call recording, advancing prompts for consumer interactions (i.e., real-time compliance) and business unit quality assurance and quality controls to incorporate compliance and UDAAP type assessments) than many companies currently have to hand.
The US market is sometimes caricatured as being based on the principle of caveat emptor. However, Cordray has emphasized:
“It is the American way for responsible businesses to be straightforward and upfront with their customers, giving them all the information they need to make informed decisions. This is good for the honest businesses themselves and it is good for the overall economy.”4
Companies which adopt this principle have little to fear from the additional A in UDAAP.
Europe focuses on consumer protection
In Europe, the European Union has led the way in proposing or introducing a wide range of new conduct-driven regulatory initiatives. In a recent article, the Financial Times listed around 25 significant current proposals which are under negotiation or pending.5 While some are highly technical, and targeted at individual specialized elements of the financial services industry, others are major pieces of new legislation, explicitly focused on reforming retail markets for investments and other financial products. Among the most important of these are UCITS V (designed to allow authorized collective investment funds to operate and market their products freely across the European Union) and PRIPs (designed to create a level playing field for sales of retail investment products, for instance as between insurance products and UCITS funds).
Developments such as these are increasingly defining the characteristics of financial products within a framework of acceptable conduct and consumer protection. As a result, they are also increasingly influencing the nature of the product development process and management of the whole product life cycle. Previously, companies focused on developing a product which would target a wide market, which could be sold profitably and which would fit with the company’s overall risk appetite. Now, this approach is being turned on its head.
The key questions being addressed in the product development phase are now whether the product answers a clear customer need; how its key features can be marketed and communicated in a fair and clear manner; what additional consumer education is necessary to ensure informed decision-making. In the past, a significant contributor to mis-selling was not so much malice and greed as a lax attitude to ensuring that appropriate products were being bought by the right customers. Today, much more sophisticated customer segmentation and profiling are necessary as a companion to effective conduct policies.
Similarly, while risk management was traditionally focused on financial risk and the impact of different products on profit and loss, a much broader perspective now includes key aspects of organizational and reputational risk: financial services companies are rapidly realizing that the negative impacts of a major mis-selling scandal can extend far beyond a hefty fine and threaten the brand value of the whole enterprise.
Adapting to the new regulatory environment carries costs, in terms of investment in new systems and processes, and the development of procedures and controls to manage the new obligations. But these carry potential benefits as well, in that they should lead to better-developed products, better aligned with customer needs and hence potentially less risky and more profitable.
National regulators, such as the new Financial Conduct Authority (FCA) in the UK, are becoming increasingly robust over conduct issues as they translate these new regulatory requirements into legislation. The FCA itself has begun to investigate issues such as the product development process and pricing policies, and has not hesitated to intervene at an early stage to prevent consumer detriment. Retail financial services companies need to act decisively if they are to preserve their license to operate in the new conduct environment.
Financial services companies not only face rafts of new and potentially onerous regulation; they have to come to terms with a fundamental change in attitudes to conduct and business practice. Put simply, it is no longer enough to be legally compliant and to leave to customers their decisions over product purchases or their evaluations of options and alternatives. Providers of financial products will increasingly have to take responsibility for ensuring that consumers are treated fairly, across the whole product life cycle, and that they are guided to the right products for their needs, delivering good value, at the right price. To echo the objectives of the US Dodd-Frank Act, products, services, or practices that are unfair, deceptive or abusive to consumers, however inadvertently or indirectly delivered, are no longer acceptable. This change of mind-set brings fundamental challenges for companies’ business models, for product design and distribution, for management of customer interactions across the whole product life cycle, and for corporate governance, monitoring and compliance. It requires almost a revolution in attitude and culture. Meeting this need on top of responding to the continuing regulatory agenda is a major challenge indeed.
1 Evidence before the House of Representatives Committee on Financial Services, 29 March 2012.
2 A term often used in legal proceedings. Lord Justice Stuart-Smith described it as “the well-known elephant test. It is difficult to describe, but you know it when you see it”. Cadogan Estates Ltd v Morris, 1998.
3 The CFPB announced its first enforcement action (PDF 154 KB) that included charges of “abusive” on June 4; related law firm announcement.
4 Speech to the Consumer Bankers Association, Austin, Texas, 21 March 2012.
5 EU finance reforms: the great Lithuanian reckoning, Financial Times, 19 July 2013.