Key Updates to the OCC's UDAAP Handbook

The Office of the Comptroller of the Currency (OCC) has released a revised version of its Unfair or Deceptive Acts or Practices and Unfair, Deceptive, or Abusive Acts or Practices (UDAP/UDAAP) handbook. The updated handbook, now Version 1.1, reflects regulatory advancements and clarifies supervisory expectations since the previous version from June 2020. Below, we delve into the key updates and their implications for financial institutions:

Third-Party Risk Management

The OCC’s revised UDAP/UDAAP handbook (Version 1.1) incorporates significant updates reflecting the guidance provided in OCC Bulletin 2023-17, which emphasizes third-party risk management. These updates underscore the critical role of effective oversight in mitigating risks associated with outsourcing key functions and engaging external partners. Specifically, the OCC has stated “The OCC expects a bank to practice effective risk management regardless of whether the bank performs an activity internally or through a third party. A bank’s use of third parties does not diminish the responsibility of its management to ensure that the activity is performed in a safe and sound manner and in compliance with applicable laws, including those designed to ensure the fair treatment of consumers and fair access to financial services.”

Information Security Expectations

The handbook places a renewed emphasis on information security as a critical component of operational risk management. Institutions are expected to implement robust controls to safeguard sensitive consumer data.

Board and Management Accountability

Version 1.1 introduces heightened expectations for board and management oversight. Boards are encouraged to actively monitor consumer compliance, ensuring proper policies and processes are in place to prevent and address UDAP/UDAAP risks. The handbook also stresses the importance of incorporating UDAP/UDAAP compliance considerations into strategic decision-making.

Loan and Deposit Account Agreements and Overdraft Protection

The revised OCC handbook identifies loan and deposit account agreements and overdraft protection products as areas presenting significant UDAAP risks. Banks are advised to carefully monitor these products and associated practices to ensure compliance with fairness and transparency standards, mitigating the potential for consumer harm. Specifically, the OCC states that banks should focus on avoiding certain deposit account practices such as:

• Assessing overdraft fees on debit card transactions that are authorized when a consumer’s available account balance is positive but later posted to the account when the available balance is negative
• Assessing an additional fee each time a third party resubmits the same transaction for payment after a bank returns the transaction for non-sufficient funds.

Conclusion

Although the primary function of the OCC, as a prudential regulator, has been to ensure the safety and soundness of a covered financial institution, consumer protection concerns and compliance with federal consumer financial law are now on equal footing. In the past decade, UDAP/UDAAP has been a top priority for the Consumer Financial Protection Bureau as well as state banking regulators. The OCC’s updated handbook now underscores the importance of proactive and robust risk management in mitigating UDAP/UDAAP risks, that may not have been given the appropriate attention, especially for mid-sized and smaller institutions.

Given this update, banks and financial institutions should assess their compliance programs to include:

• Conducting comprehensive risk assessments using the OCC’s new worksheet.
• Strengthening board and management oversight of UDAP/UDAAP compliance.
• Reviewing and updating marketing and customer communication practices.
• Enhancing training programs to reflect updated compliance requirements.

Banks should partner with their trusted legal counsel to effectively implement these recommendations and align their compliance practices with the OCC’s updated guidelines. By doing so, they not only mitigate regulatory risks but also strengthen customer trust and market reputation.

Clark Hill’s Financial Services Regulatory & Compliance group helps clients navigate changes to an evolving regulatory environment by providing guidance and fractional compliance services in order to meet their needs. Our exceptional team of lawyers and regulatory advisors have extensive experience and knowledge of the laws and regulations governing financial products and services. We can assist clients in developing and implementing compliance programs. For more information, please contact Joann Needleman, finreg@clarkhill.com.

This publication is intended for general informational purposes only and does not constitute legal advice or a solicitation to provide legal services. The information in this publication is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. Readers should not act upon this information without seeking professional legal counsel. The views and opinions expressed herein represent those of the individual author only and are not necessarily the views of Clark Hill PLC. Although we attempt to ensure that postings on our website are complete, accurate, and up to date, we assume no responsibility for their completeness, accuracy, or timeliness.