Institutions regulated by the Consumer Financial Protection Bureau (CFPB) and subject to its enforcement authority are dealing with of the agency's sweeping authority to prohibit unfair, deceptive, and abusive acts or practices (UDAAP).1 To date, the CFPB has relied on this authority to open investigations, initiate proceedings, and enter into a number of broad-ranging consent orders requiring regulated entities to pay hundreds of millions of dollars in restitution and penalties. However, CFPB Director Richard Cordray has consistently indicated that the CFPB will not be issuing rules to define or describe acts or practices deemed to be UDAAP, choosing instead to define UDAAP through enforcement.2 Moreover, the CFPB has made it clear that complying with all applicable federal consumer financial protection laws and regulations is not enough to escape allegations of UDAAP. In the agency's view, an act or practice may constitute UDAAP even if the regulated entity complies with all applicable legal and regulatory requirements.
The CFPB's approach at first glance appears to be "we know it when we see it," not only for actual acts or practices, but also for potential violations of UDAAP, given the CFPB's emphasis on self-reporting.3 Regulated entities must read the tea leaves, trying to understand how the CFPB will exercise its UDAAP authority based on the allegations in enforcement actions and CFPB statements in its Examination Manual and agency guidance. Although it's still early, some patterns and take-home lessons are emerging from these sources. The attached chart lists specific acts and practices that the CFPB has alleged or identified as unfair, deceptive, and/or abusive. The list is drawn from several sources, including:
- CFPB Consent Orders based in whole or in part on alleged UDAAP violations;
- Agency enforcement actions filed in federal court;
- Specific prohibited practices cited in the CFPB's Examination Manual, derived in part from substantive statutes and regulations and previous FTC guidance;
and
- Guidance in Bulletins and similar informal statements that reflect the CFPB's UDAAP priorities.4
Thus far, binding legal precedent is scarce in the absence of instances of full adjudication of CFPB UDAAP enforcement actions and formal rulemaking.
Nonetheless, financial services companies are well advised to take heed of the CFPB's areas of focus to date.
We discuss below the UDAAP provisions in Title X of the Dodd-Frank Act and how the CFPB has exercised its UDAAP authority to date.
CFPB UDAAP Framework
The Dodd-Frank Act makes it unlawful for any covered person or service provider to "engage in any unfair, deceptive, or abusive act or practice."5 Congress granted the CFPB authority to take enforcement action to prevent any person or entity subject to its jurisdiction from engaging in or committing UDAAP.6
An act or practice is "unfair" if the CFPB has a reasonable basis to conclude that: 1) it causes or is likely to cause substantial injury to consumers; 2) the injury is not reasonably avoidable by consumers; and 3) the injury is not outweighed by countervailing benefits to consumers or competition.7 The test is the same as the definition of "unfairness" developed by the FTC under the FTC Act.8 The CFPB indicates in its Examination Manual that determinations of unfairness by the FTC and other regulators "may inform" the Bureau's determinations.9
The Dodd-Frank Act does not define "deceptive," but the CFPB has adopted a standard similar to the FTC's definition of this term. Specifically, the CFPB states in its Examination Manual that a representation, omission, act, or practice is deceptive if: 1) it is material; 2) it is likely to mislead a consumer; and 3) the consumer's interpretation is reasonable.10 As with "unfairness," the FTC issued a policy statement and developed a body of enforcement decisions regarding the meaning of "deceptive."11 The CFPB has referenced these materials, for example, in explaining that the factors it will consider in evaluating whether disclosures are deceptive "track FTC guidance."12
The Dodd-Frank Act added the "abusive" prong to the traditional FTC UDAP analysis. According to the Act, an act or practice is "abusive" if it materially interferes with the consumer's ability to understand a term or condition of a consumer financial product or service and takes unreasonable advantage of: 1) the consumer's lack of understanding of the material risks, costs, or conditions of the product/service; 2) the consumer's inability to protect his or her interests in selecting or using the product/service; or 3) the consumer's reasonable reliance on a covered person to act in his/her interests.13 Ever since this language was introduced in the legislation that became the Dodd-Frank Act, commenters have noted that determination of whether an act or practice is "abusive" is highly subjective and involves what a particular consumer understood about a particular transaction. The "abusive" standard appears to create a "suitability" standard, potentially with the burden on the financial institution to demonstrate what the consumer actually understood at the time of the transaction.
Footnotes
1 12 U.S.C. § 5536.
2 See, e.g., Kate Davidson, "Trying to Stay Above Politics: A Conversation with Richard Cordray," The American Banker (Mar. 23, 2012).
3 See CFPB Bulletin 2013-06, "Responsible Business Conduct: Self-Policing, Self-Reporting, Remediation, and Cooperation" (June 25, 2013), available at http://files.consumerfinance.gov/f/201306_cfpb_bulletin_ responsible-conduct.pdf .
4 Specific acts and practices identified as unfair, deceptive, or abusive in substantive statutes and regulations, such as the Fair Debt Collection Practices Act and Regulation Z, and cited by the CFPB, are not included in this chart.
5 12 U.S.C. § 5536.
6 12 U.S.C. § 5531(a).
7 12 U.S.C. § 5531(c)(1).
8 FTC Policy Statement on Unfairness (Dec. 17, 1980), available at http://www.ftc.gov/ftc-policy-statement-onunfairness ; 15 U.S.C. § 45(n).
9 CFPB Examination Manual v.2, UDAAP.1, n.2 (Oct. 2012).
10 Id. at 5.
11 See, e.g., FTC Policy Statement on Deception (Oct. 14, 1983), available at http://www.ftc.gov/ftc-policystatement-on-deception .
12 CFPB Bulletin 2012-06, "Marketing of Credit Card Add-on Products" (July 18, 2012) at 2-3 & n.5, available at http://files.consumerfinance.gov/f/201207_cfpb_bulletin_ marketing_of_credit_card_addon_products.pdf .
13 12 U.S.C. § 5531(d).
To view this article in full please click here.
Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© Morrison & Foerster LLP. All rights reserved
