The Office of the Comptroller of the Currency — a regulator that oversees national banks — has issued a new set of guidelines aimed at outlining what constitutes unfair or deceptive acts or practices (UDAP) and unfair, deceptive, or abusive acts or practices (UDAAP), for banks and their third parties.
The book includes a breakdown of the different kinds of risk — operational, compliance, credit, strategic, and reputational — as well as instructions about third-party risk management and red flags that could possibly indicate a UDAP or UDAAP violation.
Red flags include:
- Customer complaints received by the OCC or the bank
- Whistleblower referrals received by the OCC or the bank
- High levels of fee income
- High volume of charge-backs or refunds
- Weak servicing and collection practices
- Inconsistencies between account disclosures and bank operating systems
- Weaknesses in risk management or internal controls over higher risk products or services
- Inadequate board and management oversight over incentive compensation programs
UDAP or UDAAP risks related to collections can occur when banks or its third parties do not:
- Mail periodic statements in a timely manner, which may contribute to a customer’s late payments.
- Accurately and clearly disclose the amounts due and associated fees or charges on the periodic statements.
- State the due date on the periodic statement conspicuously and in a manner consistent with any contractual grace period.
- Prevent the charging of customers for products or services they did not explicitly purchase or sign up for, such as various credit protection programs or insurance.
- Maintain and adhere to adequate policies, processes, and controls for crediting customer payments in a timely manner.
- Clearly tell customers when and if monthly payments are applied to fees, penalties, or other charges before being applied to regular principal and interest.
- Apply payments in excess of the required minimum payment first to balances with the highest interest rates when multiple advance tiers are present, except as otherwise required by law or regulation.
- Prevent any representation to customers that suggest they may pay less than the minimum amount due without adequately disclosing the fees or other consequences of paying the reduced amount.
- Use automated or virtual customer assistance services that easily or clearly allow customers to speak with a human representative of the bank when questions and billing inquiries are unanswered or have not been resolved via automated or virtual channels.
- Maintain policies, processes, and controls to prevent disclosing customer debt or other information to third parties or individuals who are not responsible for the debt (e.g., a customer’s parent, spouse, or coworker) without customer consent.
- Discontinue contact with third parties or individuals related to the customer once notified by the third parties or other individuals that they do not have any location information about the customer.
- Prevent repeated telephone calls to customers or relatives with the intent to annoy, abuse, or harass any person at the number called.
- Clearly and conspicuously disclose customer usage or activity fees, such as fees for submitting a past due payment or fees charged for credit card transactions in excess of available credit.