10:14 AM
Colin Campbell, SAI Global
Colin Campbell, SAI Global
Connect Directly

3 Tips to Automate UDAAP Management

With the CSFB indicating it is taking a strong stand, financial firms need to make sure they do not end up taking on hefty UDAAP fines.

While still a relatively new regulatory agency, the Consumer Financial Protection Bureau (CFPB) has raised the bar for the prevention and planned enforcement of unfair, deceptive and abusive acts or practices (UDAAP).

Colin Campbell, SAI Global
Colin Campbell, SAI Global
Even though the CFPB has made it very clear that it will vigorously pursue UDAAP among financial institutions, it has given very little in terms of guidance or transparency on its definition of the term. Rather, it has chosen to educate the market through enforcement. Due to this, financial service providers have been trying to adapt compliance programs and implement appropriate policies and procedures to be confident that their products, sales and marketing practices, and even advertising, will not be in violation.

The urgency around the CFPB's UDAAP focus is at a fever pitch since it began accepting consumer complaints via its website and has used them to target practices that it feels violates UDAAP. The concern among financial service providers is justified. The CFPB recently issued its first penalties, all much larger than previously anticipated, to American Express ($85 million in refunds and penalties), Discover ($200 million in refunds and penalties) and Capital One ($140 million in refunds and penalties).

Additionally the agency announced in December of 2012 that it will share this real-time data with state regulatory agencies to better collaborate and work on the consumers' behalf. The reasoning behind this change is to save consumers the hassle of filing complaints with multiple government agencies and to provide the agencies with a more comprehensive picture of complaints within the market. Without the proper tools and processes in place, organizations face an increased risk of financial penalties and damage to their brand and reputation.

So what should financial service firms do to proactively uncover, address and prevent possible UDAAP violations? There are several strategies being employed today, but what is proving to be the most effective strategy for companies is the adoption of governance, risk and compliance (GRC) technologies to automate processes and create centralized locations to compile, track and analyze consumer complaints -- not only to address UDAAP violations, but also to identify and strengthen areas where policies and procedures regarding UDAAP might be weak.

However, according to a recent survey conducted by SAI Global of compliance professionals in the financial services industry, only 26 percent of financial institutions surveyed are currently using automated systems, while 53 percent are still using manual processes.

3 Practices FOR UDAAP
What should firms focus on when they are looking to adopt new practices to eliminate these manual processes? Here are three things that every financial firm should do:

  • Ensure the Right Information Gets to the Right People: When activities are automated, information is delivered to the appropriate people to assess for potential UDAAP violations, facilitate collaboration, and track completion of individual tasks so that complaints are resolved in a timely manner. In some more sophisticated systems, users can even be notified of their responsibilities through email and automated "to do" lists. Reminders are automatically sent when critical dates, such as providing response to the CFPB within 10 days, are in jeopardy of being missed and to provide reminders of the status of activities to keep everyone informed as a complaint moves through various steps of the resolution process. This type of automated workflow provides an easy way to involve multiple people in the complaint management process -- and hold them accountable for their assigned actions.
  • Establish a System of Record: One of the most important benefits of automating processes is that it creates a "compliance system of record" for organizations. All activities and supporting documentation are managed in a single location, providing improved visibility and control. This allows executives to reliably know what actions have been taken, the status of all pending tasks and the results achieved. Additionally, processes are standardized so issues are handled using a consistent approach and audits are streamlined as information is organized and accessible.
  • Offer Up "Proof:" With a central collection point for all customer complaint activities (as well as policies and procedures, risk assessments, third party monitoring), organizations are better able to provide "evidence" to regulators of compliance with the UDAAP regulations. The concept of a virtual records or evidence room, where all activities and documentation are linked to related regulations and guidance, such as the CFPB UDAAP regulations, allows organizations to easily demonstrate proof of compliance to external auditors. Having the information organized and directly accessible for auditors and examiners streamlines the overall process and enhances the credibility of the organization.

While adopting new technologies and eliminating manual processes does not completely solve the UDAAP issue -- there also needs to be cultural changes, executive buy in, process changes and more clarification from CFPB -- it is certainly the most effective way for organizations to manage the increasingly complex regulatory landscape. Automating and managing the lifecycle of consumer complaints, including everything from data collection and complaint investigations, through documentation and resolution, comprehensively, ensures that organizations are in a state of continual readiness for anything the CFPB throws their way. Being vigilant, thorough, organized and collaborative throughout the enterprise is the only way financial service organizations can not only survive, but thrive it today's highly regulated business climate.

About The Author:
Colin Campbell, SVP, Product Management, GRC Solutions, SAI Global Colin Campbell heads the product management of SAI Global's governance, risk and compliance solutions globally. Campbell has over 25 years' experience working with clients to utilize technology in automating key business processes such as risk & compliance management, travel and expense management and financial reporting solutions.  During this time he has worked in a variety of roles including sales, development, consulting & product management within the U.S. and the APAC regions.

Register for Wall Street & Technology Newsletters
Stressed Out by Compliance, Reputational Damage & Fines?
Stressed Out by Compliance, Reputational Damage & Fines?
Financial services executives are living in a "regulatory pressure cooker." Here's how executives are preparing for the new compliance requirements.