= Subscriber content; or subscribe now to access all American Banker content.

Nine Dangerous Words: "Show Me Where It Says We Can't Do That"

Here is a common scenario. A bank executive develops a new product, maybe a fee-generation concept. Properly following procedure, he consults the compliance officer, who performs a check-the-box review and signs off — but raises a "fairness" concern because the product is controversial with regulators and consumer groups.

The executive says, "show me where it says we can't do that."

The compliance officer shrugs. Nothing explicitly bars the practice.

The business manager ponders it. He is committed to ethics and great customer service. However, his team has planned this rollout for months and needs the revenue. Competitors already offer the product. If the regulators objected to it, wouldn't they ban it? And the practice is defensible. Some customers will want it, and the bank will disclose everything as required. Ultimately the manager chalks up another encounter with the "business prevention department" and moves ahead.

Historically, that logic usually worked for banks. The examiners, like the compliance officer, would eventually come and check off the boxes too. Revenue would rise. Any customer complaints would go onto the "resolved" stack since no rules were broken. If customers felt mistreated, the institution's compliance and business metrics would likely never even register it.

Using this traditional compliance process, most banks easily weathered controversies in recent years in areas like subprime lending, credit cards, and overdraft protection. Unless fair lending problems arose, activities that were technically compliant were legal. Litigation was unlikely. End of story.

Now though, suddenly, a new story is unfolding so fast most banks have not yet heard it. A rising regulatory focus on UDAAP — unfair, deceptive and abusive acts and practices — has made, "show me where it says we can't do that," a very dangerous sentence.

Why the change? After all, the FTC Act's ban on unfair and deceptive practices is over 70 years old, long enforced by bank regulators through routine Regulation AA reviews and by challenging activities at the industry's margins. Today's new element is a deep rethinking of the past regulatory approach that permitted subprime lending practices that are now widely deemed unfair despite usually meeting technical requirements. Congress has responded by creating the new Consumer Financial Protection Bureau and ordering it to write regulations on UDAAP — broadened by Dodd-Frank to add the second "A," for "Abusive." The other banking agencies, meanwhile, have escalated enforcement using the extensive powers they retain. Examiners (like bankers) often feel that the technical regulations don't always produce actual consumer protection. Many are picking up UDAAP as another tool.

It's a hard tool to wield, however, since the issues are subjective, complex, and often novel. In effect, the regulators are adapting the old but flexible UDAP law to a challenging new risk landscape.

So far, the impact is mostly invisible. There is nonpublic remediation with customer refunds, while enforcement cases are just beginning to emerge from the confidential agency pipeline. In July, the Federal Reserve imposed its largest-ever consumer regulatory civil penalty — $85 million — over a UDAP-related issue. One $3 billion bank has paid $30 million in fines and restitution. Escalating state enforcement and private litigation have produced awards reaching hundreds of millions of dollars. Both large and small institutions have faced effects like downgraded Camel and CRA ratings, blocked mergers, related fair lending enforcement, attention from class action litigators, and damaged brands. And all this is occurring before the CFPB begins to act.

UDAAP involves more than egregious or outlier behavior. Many cases challenge common industry practices or long-standing issues examiners never questioned before. One enforcement action affected only four customers. Cases have arisen over commercial accounts, operations protocols, foreclosed properties, third-party actions, routine fees — activities most banks do not view as compliance topics at all.

The traditional compliance program is built to meet technical regulations covering specific bank functions. It is not designed to produce "fairness." Most compliance programs do not even look at key areas now generating enforcement cases. In effect, UDAAP is becoming a mandate to make every practice fair, transparent, and appropriate for customers, including those considered "vulnerable" due to factors like income, age, and financial sophistication or distress. While all banks strive for fairness, few have built institution-wide processes and cultures to meet this standard. The compliance management model will need updating.

And so will the business executive's question to compliance, which will become, "How can we design this to meet both profit goals and fairness standards?"

Fortunately, consumers and banks both benefit when people make good financial choices. The CFPB will soon regulate non-banks that have historically been more lightly supervised than depository institutions. Banks that proactively move now to assure strong UDAAP performance along with technical compliance can potentially win and retain more customers while also sharply reducing regulatory risks.

Jo Ann S. Barefoot, former deputy comptroller of the currency, is co-chair of Treliant Risk Advisors.


(2) Comments



Comments (2)
Nothing has really changed. As a National Bank Examiner in the 1970's, I was assigned to a compliance examination and told to look for discrimination in the installment loan department. Since there was no HMDA monitoring for non real estate credits, we were asked to look for "coding" that would indicate an applicant that was a minority. When I brought this ridiculous dead end to the attention of the supervisory office at the OCC, I was told to look for "names that sound black" in the trial balance printout and see if they had to pay higher rates than other loans that "did not have black sounding names". It is a waste of money to look for discrimination. In 35 years of consulting to community banks, I have never seen a banker miss an opportunity to make a loan to anyone that can pay it back, regardless of ethnicity.
Posted by misterb1954 | Saturday, September 17 2011 at 10:45AM ET
Slippery slope, unintended consequences are two phrases that come to mind after reading this post. What is fair? This will be a major problem and will end up hurting the exact people it is intended to protect. Why not let customers and banks decide what is fair? Get rid of the bail out process for bad banks known as the FDIC and others then we will see good and fair banking practices. When you take away risk of loss you take away "fairness". Capitalism cannot exist with out failure/bankruptcy, etc. It is like waving justice for mercy; without one the other is meaningless.
Posted by SteveCharger | Friday, September 16 2011 at 1:38PM ET
Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.