COMPLY: The Marketing Compliance Podcast

COMPLY: The Marketing Compliance Podcast

Episode 6: UDAAP Compliance Under CFPB Director Chopra Part 2

C22-podcast-banner

Episode Description:

Today’s podcast is part two of a discussion had between Rhonda McGill, Sr. Director of Client Solutions at PerformLine and Tony Alexis, Partner at Goodwin Law and former Assistant Director and Head of the Office of Enforcement at the CFPB, where he developed and managed the CFPB’s enforcement strategy, consumer financial investigations and litigation. Before you listen to today’s podcast, make sure you go back and listen to part one of the conversation in our previous podcast! But on today’s show Rhonda and Tony continue their discussion of UDAAP Compliance Under CFPB Director Chopra, specifically:
  • The CFPB's updated procedural rules that provide them with the authority to carry out enforcement actions in-house
  • Expectations on the States' enforcement of UDAAP
  • The role of a strong Compliance Management System (CMS) in UDAAP compliance
 

Show Notes:

Subscribe to COMPLY: The Marketing Compliance Podcast

 

About COMPLY: The Marketing Compliance Podcast

The state of marketing compliance and regulation is evolving faster than ever, especially for those in the consumer finance space. On the COMPLY podcast, we sit down with the biggest names in marketing, compliance, regulations, and innovation as they share their playbooks to help you take your compliance practice to the next level. 

Episode Transcript:

Ashley:

Hey there COMPLY podcast listeners. Today's podcast is part two of a discussion had between Ronda McGill, Senior Director of Client Solutions here at PerformLine and Tony Alexis, Partner at Goodwin Law and former Assistant Director and Head of the Office of Enforcement at the CFPB, where he developed and managed the CFPB's enforcement strategy, consumer financial investigations, and litigation. Before you listen to today's podcast, make sure you go back and listen to part one of the conversation in our previous podcast. But on today's show, Rhonda and Tony continue that discussion of UDAAP compliance under CFPB Director Chopra. Specifically talking about the CFPB's updated procedural rules that provide them with the authority to carry out enforcement actions in-house, expectations on the state's enforcement of UDAAP and the role of a strong compliance management system in UDAAP compliance. As always, thanks for listening and enjoy the show.

Rhonda:

Do you feel based on, you know, just this discussion around the examination guide, do you feel that there's anything in there that's noteworthy? It sounds like there's the more of the same, but a lot more of it. And then there's the, you know, additional amendments.

Tony:

So I would say, as I understand, I have an examiner that works in my office and he and I chit-chat from time to time about the manual. And one of the things that he brought to my attention that I didn't realize was that, you know, cyber security had moved into a certain section of the manual in a way that clearly made it clear to the institutions that is a risk priority. For the most part, even though it grows and it shrinks, my sense as the exam manual is incredibly good authority in a good way to prepare for your exams, to prepare for your compliance programs, and to just be prepared for what your risks are. I clearly and frankly, even though I find myself while helping with clients, paging through the exam manual to look for definitions that I think that people would be comfortable with for particular product, services, or you know, the rules themselves or the laws themselves.

Rhonda:

So it sounds like basically this is a good time to really look at the compliance program itself and just to do some adjustments and kind of parallel your policies and procedures and alignment with what could potentially be coming your way with an examination.

Tony:

Yeah, well, you know, I've heard some institutions have kind of laid off on compliance or, or thought themselves to be in an environment in which compliance was not going to necessarily be a driver of the business mm-hmm <affirmative> and now are somewhat behind the eight ball as they try to play catch up. But yes, I think the compliance manual is a good place to start. And I also think that compliance is very, very important to any particular financial service team and really needs to be refreshed. And the actual activities need to be moment.

Rhonda:

Yeah, I had one client, I think they actually asked the question about, well, they said they ran a pretty tight ship and they thought that they were pretty conservative as it applies to UDAAP. So I think a lot of folks are now kind of reevaluating and saying, are we as conservative as we thought we were? Or, you know, so what pitfalls are out there because there are potential pitfalls.

Tony:

Right? But, well or lack of better phrase, no one quite true and I actually heard someone say, look, I don't think it's my responsibility, what I fear of to tell someone where to set their compliance program or what risk factors they're willing to take for profit and loss, the issue is what happens if you get caught the first place to look of why that mistake happened was to go look at your compliance..

Rhonda:

Client program <laugh> for sure. So in some recent comments, Director Chopra talked about concentrating on more non-bank financial organizations that they deem presented some additional consumer risk. Are there certain areas within consumer finance that really should be taking heat? I know some folks, we were just talking a little bit ago about the cyber security. I think some folks are talking crypto and all of these, there's so much out there. You have any thoughts on that?

Tony:

So my sense is anything which can sneak up on you with lightning speed. And what I mean is, for example, Buy Now, Pay Later has been around a substantial period of time. I'm not saying decades, but I would say a little about a decade or longer mm-hmm <affirmative> and it was doing well, their pace was good. You could make a good living, but working at a Buy Now, Pay Later enterprise, but then during the pandemic they caught the fire.

Rhonda:

They really did

Tony:

Yes, and it was really interesting that people who, you know, know the market know, knew about BNPL, but never thought of them as players. They really catapulted into what I would consider to be the driver's seat of so many different aspects of the market. You know, low credit, poor credit, and thin-file people of a certain age and I think ultimately what you have with FinTech is because of their size and because of the services that they get involved with, that their growth can all of a sudden go from, you know, zero or close to zero to numbers that are just too hard to calculate. Right. And do it seemingly overnight. My sense is that's the thing that he's incredibly worried about. And so when, you know, again, you spoke to crypto.

Tony:

Crypto is probably nothing that he's worried about at this particular point. And doesn't really need a I would say CFPA type of deep dive to the consumer program. Mm-hmm <affirmative> but nevertheless, my sense is, as crypto becomes the basis of potential changes in our payment system, then that means it'll catch fire that put, and if you are the company and or if you are the CFPB, I don't think that that's the first time you wanna think about the clients as related to that particular market. So that those are the types of things. And that is those markets which can grow almost overnight and do harm in very bad or distinct harm to consumers very quickly.

Rhonda:

All right. So another change, and I think this is kind of going into that the some of the space that we spoke about earlier was with regards to updated procedural rules that provide the Bureau with the authority to carry out enforcement actions in-house. Can you talk a little bit about that, what that means to folks? Because I there's been a couple of questions where folks are not quite sure where they're going with this.

Tony:

I mean, so, well, I mean, ultimately the issue is it when the CFPB and a consumer company reach impase and they need to resolve an issue, then the two choices, or I guess the third choice is to give up and not do anything. But the first choice is to take them to the US district court mm-hmm <affirmative> and that process seems like it's takening a long time because you have to get into the regular queue you get assigned a judge, you have to go through the phases of civil, you know, trial that includes, you know, discovery and after discovery, pretrial then trial. And then if anyone is dissatisfied with the outcome of what happened in district court, then you can take it to appeal to one of the circuits or the appropriate circuit.

Tony:

The issue in administrative is it's pretty quick. You still have someone that's neutral and that person, you know, the ALJ makes a decision. And if a party is not satisfied with the outcome, then that person can appeal it first to the judge. I mean to the director, and then after the director, then they can also go to the circuit you know, to the court of appeals mm-hmm <affirmative> and appeal the manner. I think, you know, what most people may be concerned with, is given the way that the rules function administratively there are opportunities for the director to take liberty with certain aspects of the matter while it's pending. And that's like, okay, that would be pretty tough for some type of a company, especially if they have investors and they have a limited amount of capital to be able to fund litigation forever. Right. You know, all of a sudden, take it on the chin pretty quickly in the process. And then afterwards, you know, then finish you know, the process and end up then for the first time, say going to the DC circuit, the third circuit or fourth circuit, or whichever circuit

Rhonda:

mm-hmm <affirmative>

Tony:

You know, courts of appeals are not known for you know, very quick dispositions as well. I mean, you know, they vary, it clearly has a lot to do with the issue that's being appealed, but I could see one of those matters, probably drawing out for a certain period of time. And a lot of those cases, I would say the assumption or the presumption is the CFPB would've already prevailed in what it wanted to do at an earlier phase and not in disctric court.

Rhonda:

Okay. Thank you. So I wanna do a little bit of a shift because there was a question that came in with regards to some of the states and some of the states act like they're little mini CFPBs <laugh>. So based on some of the changes that are happening within the CFPB, have you seen any evidence that States, on how they're going to interpret UDAAP? Are they gonna make any changes? Are they, I feel like in some instances they're already a little bit stricter than the federal <laugh>, but not always.

Tony:

Look, it really depends if some states, you know, like California, which restructure it's California Department of Business Oversight, the, you know, the DVBO

Rhonda:

Yeah, named the DFPI, financial protection something... 

Tony:

The DFPI, the people are still the same there, but I would say they created some chartering differences in terms of, you know, what they would pursue, the type of enterprises that do business in the state that they wanna see either registered or licensed, activities that are designed to get people who aren't licensed or registered, registered, I see that level of activity. In terms of how they interpret it, how they interpret UDAAP remember one or two things: number one under the Dodd-Frank or the Consumer Financial Protection Act, it already is the case that a state attorney general, after they give notice to the CFPB can file a suit against an enterprise that's working within its borders and pursue them with any of the provisions of you know, UDAAP, or other aspects of rules and regulations, that the CFPB has. So it's not necessarily unusual to see a state have a UDAAP a case. That happened recently with, I think, MoneyGram, I think the New York DFS or the New York AG mm-hmm <affirmative> sued them with the CFPB.

Rhonda:

Yes. I think that, that was mentioned in the supervisory note update,

Tony:

Right. And given that you can see that some actors might find it very comforting to hide behind the CFPB, as opposed to going it alone, because there's some, you know, there's some resource savings. But yes, there are gonna be some states that are going to be you know pro-UDAAP in the sense that they think that the best way to address consumer challenges in their jurisdiction is to be incredibly aggressive with the law enforcement. And there's some places who find that that's not necessarily the right way to address a problem. And the notion of scaring businesses off you know, has its own ramifications. And they may not you know, look at UDAAP and agree with the CFPB's annunciation about what the what the law is and what the laws you know, address.

Rhonda:

Okay, great. So back in 2019, you co-authored an article titled, "Compliance in a UDAAP Risk Environment," and that talked about how a strong compliance management system is critical to any financial institution, especially as it relates to UDAAP. Could you talk a little bit about that and why a strong compliance management system is so critical for organizations to get out ahead of risk? And also that article was written prior to the pandemic, the COVID-19 pandemic, so given that the impact of the pandemic had what it's had on compliance, is there anything that you would add to that article and new learning and best practices?

Tony:

So the first piece is it really was just general, taking my perspective of compliance, and compliance management, and how you can address a lot of potential problems later, by really looking at the compliance formulas first, you know, because compliance really is about addressing risk. And a lot of risk in consumer compliance programs are, I would say, known risk. You know, like follow the complaints, treat complaints very quickly. You know, those things are incredibly laid out in front of you. They're easy to monitor. I think they're easy to pick out, et cetera. The pandemic, you know, if I could rewrite that again, I'm not too sure I rewrite it again, because ultimately, you know, the companies that were cited for potential violations it came out in the supervisory highlights, prioritized assessments edition, which was winter of 2021 in January.

Tony:

Mm-hmm, <affirmative> the first advisory islands that came out. When that came out. I found what they did was they gave a list of potential you know, steps and transactions that would feel very ordinary. Cause remember at that particular time, we had people who were being kept at home, right. We had people who didn't know if they were ever going to go back to the workplace you had, states who were closed and therefore you had limited funds available and people's bank accounts to pay their bills, their mortgages, their credit cards, their you know, their automobile, everything.

Rhonda:

Everything.

Tony:

And then the critical issue became, well, what would happen if we froze the payments and said, hey, we're not gonna give you a pay vacation, but what we're gonna say is you don't have to pay while we temporarily stop the clock. Well, the critical issue is right, so I may be January, February, and March are off, but when I start up again in April, what am I gonna do? Am I gonna ask for all three of those payments? Or am I just take those three payments and move them at the end of the month, I mean, the end of the particular product mm-hmm <affirmative> and a lot of questions about that. How do you disclose that to a consumer? How do you disclose with the APRs? How do you, you know, disclose if there is, for example , a challenge, a dispute resolution, which has very strict timelines in which you're supposed to conduct your investigation, you're supposed to tell your consumer what the outcome of the investigation is.

Tony:

You're supposed to provide temporary credit if you can't get the dispute invested and investigation resolved, you know, typically, or can sometimes involve reaching out to a third party. Guess what? People couldn't make those timelines, and the reason why they couldn't make those timelines is because I'm working from home, it doesn't make sense that Bank of Alexis also has people who aren't working exactly, you know, at the office place and may not have access to some of the you know, some of the service files and some of those systems, you know, from a home computer and, you know, really, cause I would say, the incredible number of hypotheticals to come true. And, you know, to capture that in our article, which I felt was more practical advice as opposed to once in a lifetime advice. So I don't regret not addressing any of those issues in, in the, you know, during the pandemic.

Rhonda:

Super thank you so much. So as we are gonna be, looks like we're almost hitting an hour. So as we're concluding today's webinar, Tony, can you share what you would take as the, maybe the top takeaways from this, what would you like to share with folks that you'd like them to really have take away from this and really take under consideration as they're going back to their workspaces?

Tony:

Yeah. Number one, you know, I'll never forget that there was a scene in a movie Platoon and once they're going out on ambush and the Sergeant said, no matter what, when you get lost, don't shout out, which made sense. You don't wanna raise your voice and let the enemy know where you were <laugh> as in  this particular environment, you need to shout out.

Rhonda:

Shout, time to shout<laugh>

Tony:

Right, because you need to speak to your supervisors, you need to speak to people that can help you, who've had the experience. Then you need to also be able to speak out to outside consultants. You know like PerformLine, or in my case, you know, specific firms. And believe me, it doesn't mean that automatically you're on the clock, I'm going to get billed for it, etcetera. My sense is, you know, have a core group of people who you trust, who are generally right, who can either point you to the right answer, or the person that can be the right answer, or otherwise provide access to resources. I think that that's critical. The other aspect that I think is critical is, you know, I don't think, I don't think it's overly you know, harmful to be somewhat envious of your competitors.

Tony:

And if it works for them, then find out why it works. <laugh>, You know, ask you can find someone there and, and ask. You know, the issue might be because they have unlimited resources or the issue might be they have unlimited money. Or the issue might be is they're making their internal investigations in the right place. They have a sharp team, they have a sharp compliance team. They have a audit team that looks at everything and has a regular audit schedule. They have a good risk team. My sense is to really dig in and find out what the answers to those questions are.

Ashley:

Thanks for listening to this episode of the COMPLY podcast, we hope you enjoyed part two of the conversation had between Rhonda and Tony around UDAAP compliance under CFPB Director Chopra. For additional insights into all things marketing compliance, you can head to content.performline.com and be sure to check out the links and resources in today's show notes. As always, thanks so much for listening and we'll see you next time.