How one credit union is adjusting to change at CFPB

To help navigate the uncertainties surrounding unfair, deceptive, or abusive acts or practices compliance, Alliant Credit Union in Chicago is looking to the past for answers.

The $14.7 billion-asset credit union is mining the Consumer Financial Protection Bureau’s library of consent orders to build a better understanding of what actions are considered a violation of UDAAP guidelines. As the CFPB's leadership changed, so has its stance on what constitutes a policy violation. Thus, the credit union has determined that it's better to look at the agency's actions rather than its words.

“Because the CFPB has chosen to do regulation by enforcement with UDAAP, we at Alliant have gone back and cataloged every single consent order since the first one I worked on, reviewed them for any sort of UDAAP call out and then filed that away as a risk statement to use for the future,” said Todd Anderson, chief compliance officer at Alliant.

Anderson elaborated that after reviewing and cataloguing the consent orders in a consistently updated Excel spreadsheet, the “lessons learned” are then integrated into Alliant’s governance, risk and compliance system to ensure that it adheres to CFPB standards.

“First and foremost, you’ve got to define what your UDAAP program is at your institution and outline what specific elements you’re looking to include … but it’s just as important to embed UDAAP thinking throughout your compliance program to ensure any new services are framed properly from the start,” Anderson said.

The regulator’s enforcement of UDAAP can prove to be a costly burden for credit unions of all sizes. While larger institutions have more resources to dedicate to UDAAP guidelines, small organizations must follow the same framework using a fraction of the resources.

Last month, the National Association of Federally-Insured Credit Unions sent a letter to the Senate Banking Committee in advance of its semiannual review of the CFPB to highlight the challenges smaller institutions face. Within the letter, the NAFCU emphasized the burden placed on credit unions to comply with UDAAP and called for more clarity.

“Credit unions expend a lot of resources on compliance staff and complaint systems to monitor issues and ensure that they're following all consumer protection laws to a ‘t’ ... but the bureau should be proactively clarifying their UDAAP authority and expectations instead of waiting to catch someone's bad behavior through an enforcement action, and only then clarifying the acts and practices they consider unfair, deceptive or abusive,” said Ann Kossachev, vice president of regulatory affairs for NAFCU.

Kossachev stressed that credit unions seeking to explore new offerings for their members might unknowingly violate UDAAP guidelines.

“I don't think that any financial institution is intentionally or purposefully trying to violate consumer protection laws and to actively harm consumers … but unclear rules of the road may actually make violations more likely,” Kossachev said.

In opening an investigation of an institution, the CFPB’s enforcement director or a deputy will review consumer complaints, supervisory exams and referrals from other agencies to determine whether a response is warranted. For credit unions with $10 billion of assets or less, the National Credit Union Administration will instead step in to oversee enforcement.

Before a formal lawsuit is filed against the offending institution, the CFPB’s Notice and Opportunity to Respond and Advise process provides the credit union with a chance to present a rebuttal. However, the decision to use the NORA process is up to the discretion of the agency and not always a guarantee.

In January of 2020, Kathy Kraninger, who was then the director of the CFPB, outlined the “abusive” component of the agency’s UDAAP measures and defined which actions are considered a violation.

Later on, acting Director Dave Uejio (who filled the role before the appointment of director Rohit Chopra) stated that Kraninger’s original stance did not adequately meet the standards imposed by Congress and recanted the agency’s statement.

To provide examples of practices that go against the CFPB’s restrictions, the agency publishes documents related to enforcement action cases that are currently in arbitration or have been settled for institutions to view.

As additional resources for the institutions it oversees, the CFPB issues occasional policy guidance though bulletins, joint agency memoranda, and other notices. For those with unresolved questions, the agency has a designated support line to answer specific inquiries.

Despite the measures by the CFPB to inform the public on practices that would seek to harm the consumers it’s tasked with protecting, credit unions like Alliant are still pushing for UDAAP clarity to avoid pitfalls.

“Institutions shouldn’t have to go through hundreds of documents to boil down the simple principles of what the CFPB is looking for … that, to me, is something that should be out there,” Anderson said.

For reprint and licensing requests for this article, click here.
Credit unions Regulation and compliance
MORE FROM AMERICAN BANKER