828-252-4036 info@bankexam.com

Get Ready for UDAAP

Don’t get hammered for not being able to show compliance.

UDAAP may rock your world – and that’s not good news.

Four Steps to Readiness

The compliance, reputational and financial risks posed by an adverse UDAAP examination result are significant – no, make that VERY significant. Here are four initial steps to minimize UDAAP risk:

1. Understand the UDAAP regulation is all about how the customer is treated.

Technical compliance with the letter of the pertaining regulation is not all that is required. For example, the feds have ruled that “Bounce-Proof” checking NSF programs were exempt from Regulation Z. However, the feds also determined that Bounce-Proof was anti-consumer; they went looking for ways to cut it back and found them in Reg E, Truth-in-Savings and UDAP (the first Unfair and Deceptive reg.) Therefore, successful UDAAP programs recognize the fact that every feature of the bank’s relationship with customers must be examined through the lens of consumer benefit.

2. Conduct a bank-wide UDAAP review.

You want to know how your practices, policies, and procedures stack up. Review them in light of the CFPB’s exam manual (see below.) Involve all departments. Do not make the mistake of assuming UDAAP is solely the purview of the Compliance and Audit Department. The Marketing Department is a significant player. So is Loan and Deposit Ops. Ditto Credit Admin. Every department, and every significant player in each department who has specialized responsibilities, should be involved in the review.

3. Review the bank’s complaint file.

If you don’t have a formal complaint process, especially if it is not available to consumers on your website, get that done right away. Complaint files are the best source of consumer dissatisfaction. (Examiners often ask early in the process to see your complaint file.) If your bankers or your processes or your policies have drawn even one complaint, you should investigate and determine if the complaint is systemic – that is, did the issues surrounding the complaint arise because of a bank policy? If the answer is yes, then a fix is required, pronto. (By the way, if your bank does not have a robust complaint program that collects complaints, assigns an investigation, tracks performance and circulates a management report, that is a critical UDAAP weakness in and of itself.)

4. Supervision of the UDAAP exam review is critical.

Ideally, the exam should be supervised by marketing professionals, preferably people who are not employees of the bank. Marketing people are experts at understanding how consumers think and react. This expertise will serve the bank well during a UDAAP review. Does this mean compliance and risk managers take a back seat? No, it does not. But it is vital that people who are consumer-oriented take the lead in the UDAAP review.

The source link for every banker who wants to be informed about UDAAP is the CFPB’s examination manual. The manual can be found on the CFPB website. You can find it here:


We can help you get an UDAAP Risk Assessment done. Call us and let’s talk it over.  Here’s the next steps:

  1. Call to discuss your needs and to obtain our Certificate of Non-Disclosure and Privacy Agreement.
  2. If we’re only spit-balling, than skip Step 3. We don’t charge for conferences or to share our experience.
  3. Review our Fee Proposal. If it is acceptable, go to next step. NOTE: depending upon the circumstances, not all information request may be necessary. The rule of thumb: if you’re paying us, we want as much information as possible. If we’re just talking, then less information may be forthcoming.
  4. Provide some information for our discussion session. Some, all or none of the below maybe appropriate.
    • Summarize examination comments (positive and negative) along with examiner recommendations and send those to us. Include in your summary both the written comments as well as any oral communication that took place. NOTE: we may not need to see copies of the actual comments; we can always review with a GoToMeeting session.
    • Gather up your current policy and procedures along with any documents you use to open accounts or perform the work. You can scan and email to our secure portal or fax them to us.
    • Gather your current reports you are using now to manage compliance.
    • Summarize your current monitoring efforts; provide copies of reports used.
  5. We’ll send you a checklist you can use to help us understand the specifics of how you operate this part of the bank and how you are managing the compliance piece.
  6. We’ll send you the “prelim” policy and procedure in a MS WORD format to review and revise.
  7. We’ll schedule a follow-up phone conference to review your changes.
  8. We’ll send the revised Policy and Procedure.
  9. You provide credit card for our billing. (Payment by ACH and/or check is also acceptable.)

They came in to help us a few years back. We liked the way they do business. They’re focused on helping us, not on their billing. One of their execs serves on our compliance committee and is a big part of our compliance management.

Community Bank CEO