The CFPB’s powers continue to expand; UDAAP is still a potential black hole for consumer financial services companies

There is a relatively well-known theory in science (note: I am not a trained scientist) called the Big Bang theory, which is an effort to explain what happened at the very beginning of our universe.  Under the standard theory, astrophysicists posit that our universe sprang into existence about 13.7 billion years ago as the result of a “singularity.”

No one knows for sure what the singularity is or from where it came.  But it had to happen for the Big Bang to happen.  The Big Bang itself is an ongoing event in which the universe continues to expand and cool, creating millions of galaxies and billions of solar systems along the way, each of which is likewise expanding.


Not quite 13.7 billion years ago, the financial sector had a somewhat less mysterious singularity of its own in the form of the world recession and financial crisis of the late 2000s.  One of the consequences of this particular singularity was a big bang called the Dodd-Frank Wall Street Reform and Consumer Financial Protection Act (“Dodd-Frank Act”).  The Dodd-Frank Act  has spawned all sorts of administrative and bureaucratic galaxies and solar systems of its own, each of which is, like the sun, an independent source of great power.

One example is the Financial Stability Oversight Council (“FSOC”) created under Dodd-Frank Act.  The purpose of FSOC is to:

(1) identify the risks to the financial stability of the United States from both financial and non-financial organizations;

(2) promote market discipline by eliminating expectations that the Government will shield them from losses in the event of failure; and

(3) respond to emerging threats to the stability of the US financial system.

Somewhat akin to our expanding universe, FSOC has been given expansive powers to monitor, investigate and assess any risks to the financial system in the United States.  In support of this power, the Council has the authority to collect information from any State or Federal financial regulatory agency, and may direct the Office of Financial Research, which supports the work of the Council, “to collect information from bank holding companies and nonbank financial companies.”


Another example of a powerful and sprawling new federal agency developing out of the post-Dodd-Frank primordial ooze is the Consumer Financial Protection Bureau (“Bureau”).  The Bureau now oversees and regulates most consumer financial products and services under federal law.  The Bureau is, in a sense, the center of the consumer lending solar system, with everything that comes close to falling within its statutory mandate being swept into an orbit around this new super agency.

This is not just a theory, of course.  For proof, one need look no further back than the last couple of months to see the Bureau’s expanding power and reach.


The Bureau has taken it upon itself to move swiftly to implement Dodd-Frank Act mandates, as well as to take what some might call liberties with its statutorily given discretion to define the limits of its own power.  Recent instances of this phenomenon are myriad.

In February of this year, for example, the Bureau issued a proposed rule pursuant to which the Bureau seeks to add to its growing list of supervised entities.  In particular, the rule – which is expected to go into effect later this year – will sweep in consumer debt collectors with annual receipts greater than $10 million and consumer reporting companies with annual receipts above $7 million.  The Bureau is exercising this power under its authority to define (and therefore regulate) the so-called “larger participants” in the consumer financial services area.

To put this particular proposed rule in some context, for purposes of determining which insured depository institutions and credit unions the Bureau is to have exclusive supervisory authority over, the Dodd-Frank Act itself defines the largest of such institutions as having total assets of more than $10 billion.  The “larger participant” debt collectors would qualify weighing in at a fraction of that number.

In the same vein of the Bureau defining which entities are “larger participants” – that is, entities which traditionally have not been regulated at the federal level – the Bureau’s first director, Richard Cordray, recently noted that retailers that offer consumer financial products and services may soon be pulled into the Bureau’s gravity.

Also in February, the Bureau announced that it was starting a probe into bank checking account overdraft policies.  As part of the probe, the Bureau has made it clear that it may initiate enforcement actions as well.  In essence, the Bureau will demand data on the issue from banks, seek input from the public (as it does with ever-increasing frequency), and then pass judgment on the practices it reviews.

Slightly more recently, in March, the Bureau announced that it would advance new rules governing adjustable rate mortgages (“ARMs”) and – even though the Bureau has absolutely no power to regulate the business of insurance – mortgage insurance.  For ARMs, by the end of the year, the Bureau expects to have in place new rules that will require banks to give homeowners several months notice before monthly payments rise.  For “forced placed” mortgage insurance (i.e., mortgage insurance that is taken over by a bank when a borrower does not make the payments), the new rule will require banks to have a reasonable basis to believe that a borrower is not maintaining their own insurance.

Like the slow creep of an ever-expanding universe arising out of that singularity, the Bureau is slowly, assuredly, and definitively expanding.  Lurking in the Bureau’s solar system is a danger that has yet to be fully realized: UDAAP.


UDAAP is the Dodd-Frank Act’s prohibition against unfair, deceptive, or abusive acts or practices in the consumer financial services galaxy.  Like the examples above, UDAAP is an extraordinary power held by the Bureau.  But UDAAP is different.  What differentiates UDAAP from the powers outlined above and many other powers the Bureau has exercised is that UDAAP defies definition.  It is vague, amorphous, and with very little shape.  We know that UDAAP exists – it is right there in the text of the Dodd-Frank Act, but we have yet to see it in action.

Like a black hole, then, UDAAP has the potential to vacuum-up consumer financial products and services, and the marketing practices that sell the products.  But since the Big Bang of Dodd-Frank, the Bureau has not provided much guidance on what it thinks UDAAP really is, or how it might apply in the post-Dodd-Frank era.  More on the black hole concept in a moment.  For now, are you wondering whether UDAAP really exists?  Is it really a threat?  Should banks and other consumer financial services companies really be worried about UDAAP?  Yes, yes, and yes.  And many already are.


How do I know? The federal government has told me so!  Repeatedly.

One of the most recent examples is President Obama making it clear during his 2012 State of the Union address that his administration will not tolerate UDAAP in consumer financial products and services:

And if you’re a mortgage lender or a payday lender or a credit card company, the days of signing people up for products they can’t afford with confusing forms and deceptive practices are over.  Today, American consumers finally have a watchdog in Richard Cordray with one job: To look out for them.

But there are other clear statements of this policy goal.  In particular, the Bureau itself has made it clear that UDAAP is a major agenda item.

Last July, the Bureau laid out its three-part vision:

A consumer finance market place:

…where customers can see prices and risks up front and where they can easily make product comparisons;

in which no one can build a business model around unfair, deceptive, or abusive practices;

…that works for American consumers, responsible providers, and the economy as a whole.

Right there sandwiched between better disclosures and a fully functioning marketplace is UDAAP.  A full third of the Bureau’s dream for a better consumer financial products and services marketplace related to UDAAP.

Just a couple of months later, in September of 2011, the Bureau issued version 1.0 of its Supervision and Examination Manual (“Manual”).  As the moniker suggests, the Manual is a guide to how the Bureau will supervise and examine consumer financial service providers under its jurisdiction for compliance with the various federal laws covering consumer financial transactions.  The Manual references UDAAP concepts about 100 times, with 17 pages devoted to discussing each of the component notions (i.e., unfair, deceptive, abusive).

In January 2012, the Bureau provided two updates to the Manual.  The first addresses mortgage examination procedures.  The second addresses short-term, small dollar amount lending, frequently referred to as payday lending.  Both of these updates also discuss UDAAP in their respective contexts.

In short, yes, yes, yes UDAAP is very important and a big deal to the Bureau and, for that matter, the current presidential administration.


With all that UDAAP saber rattling by the President and the Bureau, with tens of pages of UDAAP coverage in the Manual, with one-third of the Bureau’s vision devoted to UDAAP, you might conclude that there is clear guidance about how to steer clear of UDAAP violations.  That conclusion would be reasonable, but dead wrong.

We know precious little about what Congress and the Bureau think falls within the UDAAP ambit.  What do know?  Well, we know the standards as the Bureau has filtered them through the Dodd-Frank Act.

An act or practice related to a consumer financial product or service is deceptive when:

(1) a representation, omission, act, or practice misleads, or is likely to mislead, a consumer;

(2) the consumer’s interpretation of the representation, omission, act, or practice is reasonable under the circumstances; and

(3) the misleading representation, omission, act, or practice is material.

Curiously, Congress left deception undefined under the Dodd-Frank Act, notwithstanding decades of use of the term in the FTC Act and other similar statutes, and the myriad judicial opinions interpreting the term in those contexts.  The Bureau, accordingly, filled in the blanks on this standard.

An act or practice is unfair when:

(1) it causes or is likely to cause substantial injury to consumers;

(2) the injury is not reasonably avoidable by consumers; and

(3) the injury to consumers is not outweighed by countervailing benefits to consumers or to competition.

As for abusive, an act or practice fails the test if it:

(1) materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service; or

(2) takes unreasonable advantage of (a) a lack of understanding on the part of the consumer of the material risks, costs, or conditions of a consumer financial product or service; (b) the inability of the consumer to protect its interests in selecting or using a consumer financial product or service; or (c) the reasonable reliance by the consumer on a covered consumer financial product or service provider to act in the interests of the consumer.

Abusive is a new term in this galaxy.  UDAAP appears to be an evolution from other statutes that sought to prohibit unfair or deceptive acts or practices, or “UDAP.”  Because of the newness of the term, more guidance is warranted if not mandated.  But none has really surfaced.  In fact, the only “guidance” given by the Bureau begs many, many more questions than it answers.

Specifically, in the Manual, the only direction the Bureau provides beyond reciting the statutory definition is that “although abusive acts also may be unfair or deceptive, examiners should be aware that the legal standards for abusive, unfair, and deceptive each are separate.”  In other words: it is all different, even though it is all the same.  To say the Bureau’s guidance on this score is unhelpful to the Bureau.  And the statement is perplexing in its deliberate avoidance of the issue.  The manual has commentary on and provides a myriad of examples of “unfair” and “deceptive” acts or practices, but not on “abusive.”  The Manual is essentially deafeningly silent.


So we have standards, but they are, as standards go, fairly amorphous and undefined.  Come too close to them and you are likely to be sucked in.  Like a black hole, the UDAAP standards have the potential to envelop anything that even approaches their gravitational field.

The Bureau has yet to issue any regulations on UDAAP and, as demonstrated above, guidance is relatively thin.  The danger under these current conditions is that political whimsy and personal agendas will blindside seemingly legitimate consumer financial service companies.

The Bureau’s first and present director, Richard Cordray, has a track record of arguably doing just that: using UDAAP to fill a legislative gap.  As the financial crisis heated up, the then-attorney general of Ohio used a local UDAP statute to go after mortgage servicers.  Among other things, Cordray, on behalf of the state of Ohio, accused the mortgage servicers of putting consumers through excessive wait times when they called the companies.  At the time, there were no statutes, rules, or regulations governing wait times.  Nonetheless, through the magic of UDAP, Ohio was able to go after the servicers.  At the time, the mortgage industry had been vilified, and its corporate participants were easy and vulnerable targets.

Might this happen at the federal level?  Could an undefined payday lending practice lead to a UDAAP violation?  Is it possible that big box retailers who offer credit services will find themselves subject to new and undefined customer service restrictions?  Will UDAAP be used to advance federal policy goals where existing law is otherwise silent?

Stay tuned… all of this and more is possible as the Bureau continues to expand.

By Martin J. Bishop

Post to Twitter

Comments are closed.