1. Udaap: the Cfpb'S Broadest Enforcement Tool
UDAAP is the CFPB's broadest and most flexible enforcement authority, and any consumer financial product or service can be subject to a UDAAP challenge if its terms, disclosures, marketing, or servicing practices cause substantial consumer injury, mislead consumers, or exploit consumer vulnerabilities.
What Are Unfair, Deceptive, and Abusive Acts or Practices and How Does the Cfpb Define Each?
The CFPB has authority under the Consumer Financial Protection Act to prohibit unfair, deceptive, or abusive acts or practices by any person in connection with any consumer financial product or service, and each of the three prongs of the UDAAP prohibition has a distinct legal standard. An act or practice is unfair if it causes or is likely to cause substantial injury to consumers that consumers cannot reasonably avoid and that is not outweighed by countervailing benefits. An act or practice is deceptive if it misleads or is likely to mislead a consumer in a material way. An act or practice is abusive if it materially interferes with a consumer's ability to understand a term or condition of a consumer financial product, or if it takes unreasonable advantage of a consumer's lack of understanding of the product, inability to protect their own interests, or reasonable reliance on a covered person to act in the consumer's interests.
Consumer Financial Protection Bureau and financial regulatory counsel can advise on the UDAAP standards applicable to the specific product or service, assess whether any current practices create UDAAP exposure, and develop the UDAAP compliance and risk management strategy.
What Business Practices Most Commonly Trigger Udaap Enforcement Actions?
The business practices that most commonly trigger UDAAP enforcement actions by the CFPB include inadequate or misleading disclosures of fees, interest rates, and other material terms of consumer financial products, add-on product marketing practices that bundle undesired products with desired ones or fail to clearly disclose that the add-on is optional, debt collection practices that misrepresent the amount owed or threaten consequences the collector has no legal authority to impose, credit reporting practices that submit inaccurate information to consumer reporting agencies and fail to promptly correct errors, and digital interface design practices that use dark patterns to obtain consumer consent to terms they did not intend to agree to.
| Udaap Category | Cfpb Standard | Common Examples |
|---|---|---|
| Unfair | Causes substantial consumer injury that consumers cannot reasonably avoid, not outweighed by countervailing benefits | Unexpected account fees; inadequate overdraft disclosures; forced add-on products |
| Deceptive | Misleads or is likely to mislead a reasonable consumer in a material way | False advertising of loan terms; misleading APR disclosures; bait-and-switch product offerings |
| Abusive | Materially interferes with consumers' ability to understand a product, or takes unreasonable advantage of consumer vulnerabilities | Burying material contract terms; high-pressure sales of add-on products; exploiting financially distressed consumers |
Consumer Financial Protection Bureau and regulatory compliance counsel can advise on the UDAAP classification applicable to the specific business practice and develop the UDAAP remediation and compliance strategy.
Consumer Financial Protection Bureau and consumer protection law counsel can advise on the specific business practices most likely to attract CFPB examination scrutiny and develop the UDAAP compliance program and examination response strategy.
2. Fair Lending and Credit Scoring Compliance
Consumer financial services companies are subject to fair lending laws that prohibit discrimination in the extension of credit, and the use of algorithmic credit scoring and AI in underwriting and pricing decisions has created significant new fair lending risk.
What Are the Fair Lending Laws That Apply to Consumer Financial Products?
The primary fair lending laws that apply to consumer financial products are the Equal Credit Opportunity Act, which prohibits discrimination in any aspect of a credit transaction on the basis of race, color, religion, national origin, sex, marital status, age, or receipt of public assistance, and the Fair Housing Act, which prohibits discrimination in residential mortgage lending on the basis of race, color, national origin, religion, sex, familial status, or disability. Fair lending violations can arise either from disparate treatment, which involves intentional discrimination against members of a protected class, or from disparate impact, which involves neutral policies or practices that have a disproportionately adverse effect on members of a protected class.
Consumer Financial Protection Bureau and fair credit reporting act counsel can advise on the fair lending laws applicable to the specific product, assess whether the current underwriting and pricing practices satisfy the applicable requirements, and develop the fair lending compliance and monitoring strategy.
What Are the Fair Lending Risks Created by Algorithmic Credit Scoring and Ai Underwriting Models?
Algorithmic credit scoring models and AI underwriting systems create significant fair lending risk because they can produce disparate impact on protected classes even when they do not explicitly consider protected characteristics, particularly when they use proxy variables that are correlated with protected class membership such as geographic location, educational institution, or social network data. The CFPB and the federal banking regulators have issued guidance requiring creditors to be able to identify the specific reasons for any adverse action taken on a credit application, and the explainability requirement creates a significant challenge for creditors using complex machine learning models.
Financial services regulatory and fintech counsel can advise on the fair lending risks created by the specific algorithmic credit scoring or AI underwriting model and develop the model risk management and fair lending compliance strategy.
3. Mortgage and Loan Servicing Compliance
Consumer loan and mortgage servicers are subject to a comprehensive set of federal servicing requirements, and the CFPB has made servicing compliance a consistent enforcement priority, particularly with respect to the treatment of borrowers experiencing financial distress.
What Are the Key Federal Servicing Requirements for Mortgage and Consumer Loan Servicers?
The primary federal servicing requirements for mortgage servicers under Regulation X, which implements RESPA, include the obligation to acknowledge receipt of a complete loss mitigation application within five days, to evaluate a complete loss mitigation application within thirty days, to maintain contact with borrowers experiencing financial distress, and to not initiate foreclosure proceedings while a complete loss mitigation application is pending. Consumer loan servicers are subject to UDAAP requirements that prohibit servicing practices that cause substantial consumer injury, and the CFPB has taken enforcement actions against servicers for misapplying payments, charging unauthorized fees, and mishandling loss mitigation applications.
Consumer Financial Protection Bureau and mortgage origination counsel can advise on the federal servicing requirements applicable to the specific mortgage or consumer loan portfolio, assess any gaps in the current servicing compliance program, and develop the servicing compliance and examination response strategy.
How Do Servicers Avoid Udaap and Fair Servicing Enforcement Actions?
Servicers can reduce their UDAAP and fair servicing risk by implementing a compliance management system that includes policies and procedures for all servicing functions, a robust training program for all servicing staff, a quality control and audit program that regularly tests servicing operations for compliance, and a consumer complaint management program that promptly identifies and remediates servicing errors. Servicers should also maintain detailed records of all servicing actions taken on each loan and all consumer communications to support their ability to respond to CFPB examinations and consumer complaints.
Consumer Financial Protection Bureau and financial services law counsel can advise on the UDAAP and fair servicing risks in the specific servicing program and develop the servicing UDAAP remediation and compliance strategy.
4. Fintech, Regulatory Sandboxes, and Emerging Compliance Risks
FinTech companies offering consumer financial products are subject to the same federal consumer financial laws as traditional financial institutions, and the regulatory sandbox programs offered by the CFPB and several states provide a framework for testing new products with temporary regulatory relief.
What Regulatory Framework Applies to Fintech Companies Offering Consumer Financial Products?
FinTech companies offering consumer financial products and services are subject to the same federal consumer financial laws as traditional banks and non-bank financial institutions, including the UDAAP prohibition, the fair lending laws, TILA, the Electronic Fund Transfer Act, and the Gramm-Leach-Bliley Act privacy rules, and they are also subject to the licensing and registration requirements imposed by the states in which they operate, which can include money transmitter licenses, consumer lender licenses, and mortgage broker or lender licenses. FinTech companies that partner with banks to offer financial products under the bank's charter must comply with the terms of their bank partnership agreement.
Fintech and financial services regulatory counsel can advise on the regulatory framework applicable to the specific FinTech company's consumer financial products and services, assess the licensing, registration, and compliance requirements, and develop the FinTech regulatory strategy.
Fintech Companies Offering Consumer Financial Products and Services Are Subject to the Same Federal Consumer Financial Laws As Traditional Banks and Non-Bank Financial Institutions, Including the Udaap Prohibition, the Fair Lending Laws, Tila, the Electronic Fund Transfer Act, and the Gramm-Leach-Bliley Act Privacy Rules, and They Are Also Subject to the Licensing and Registration Requirements Imposed by the States in Which They Operate, Which Can Include Money Transmitter Licenses, Consumer Lender Licenses, and Mortgage Broker or Lender Licenses. Fintech Companies That Partner with Banks to Offer Financial Products under the Bank'S Charter Must Comply with the Terms of Their Bank Partnership Agreement. Fintech and Financial Services Regulatory Counsel Can Advise on the Regulatory Framework Applicable to the Specific Fintech Company'S Consumer Financial Products and Services, Assess the Licensing, Registration, and Compliance Requirements, and Develop the Fintech Regulatory Strategy.
A regulatory sandbox is a program offered by a federal or state regulator that allows companies to test innovative financial products and services in a controlled environment with temporary relief from certain regulatory requirements or with advance guidance about how the regulator will treat the product under the applicable laws. The CFPB's No-Action Letter policy and Trial Disclosure Program provide FinTech companies with a mechanism for obtaining advance assurance that the CFPB will not take enforcement action against a specific product or practice during a testing period, and several states, including Arizona, Wyoming, and West Virginia, have enacted regulatory sandbox legislation.
Fintech and regulatory compliance counsel can advise on the regulatory sandbox programs available to the specific FinTech company, assess the eligibility requirements, and develop the sandbox application and product testing strategy.
30 Mar, 2026
