The Federal Reserve released the 7th Anniversary Issue of the Consumer Compliance Outlook. The issue only contains one article, entitled Managing Risk Throughout the Product Life Cycle and it describes a product-focused risk management framework largely through a UDAAP lens, which may be especially useful for credit unions considering the introduction of new products and services. As UDAAP enforcement actions by the CFPB continue to materialize, the Fed is suggesting a risk management framework that may help manage some of the uncertainty.
NCUA examination of risk management for all credit unions includes a risk-based review of the type of products and services offered by the credit union, and the depth and breadth of potential exposures created by those offerings. This framework is one way that a credit union can gauge and mitigate that risk, though certainly not the only way. The particular framework suggested by the Fed divides up a product life cycle into seven stages, and sets out a list of recommendations, risk factors, compliance considerations, and self-check questions for each stage. The seven stages of a product life cycle include strategic considerations, product design, marketing, product delivery, origination or consummation, product use and duration, and termination.
Strategic considerations includes the initial analysis of a potential product, including the determination of the product’s fit with the credit union, the product’s benefit to its members, and the identification of various components tied to product development. During this stage, a credit union would want to involve the board, management, compliance staff and appropriate business line staff to determine the strategic goals of the product and how it fits into the credit union’s strategic plans and risk appetite; the full scope of any compliance and regulatory issues; and what changes to processes, procedures, and system capabilities may be necessary.
Product design is the second stage, and one in which compliance personnel are critical. The Fed indicates some institutions make the mistake of not involving compliance in product design until final review. The Fed recommends that product design be conducted with not only regulatory compliance in mind, but also with ongoing consideration of the complexity of the product and of the fairness to consumers. With continued regulatory focus on fairness and consumer harm, a credit union might try to address any possible UDAAP implications when designing a product. This could include simplifying a product to ensure a consumer can understand it and that the credit union can fully deliver on its terms.
Marketing of a product also presents openings for possible UDAAP violations, for example, if products and services are targeted to potentially vulnerable populations. To avoid this risk, as well as the compliance risk involved in creating advertisements, the Fed recommends that compliance staff and marketing staff collaborate in the development of marketing plans and strategies. Bringing compliance into the marketing process early can result in time and cost savings to credit unions, in addition to supporting an overall culture of compliance.
Product Delivery focuses on the sales and applications processes and can take place in a variety of channels. Each delivery channel contains its own risks and a credit union would want to consider the appropriateness and fairness of using each channel for a particular product. Risks may be regulatory in nature, but they may also be reputational in nature. The Fed uses the delivery of a product across social media as an example. While Twitter and Facebook offer exciting new ways to connect with members and potential members, they also have the potential to allow a dissatisfied member’s comment to echo and escalate across the internet and traditional media.
Origination and Consummation describes the stage where the consumer has decided on a product or service. A credit union must determine adequate pricing controls and appropriate limitations on discretion so as to avoid any UDAAP risk. Well-documented qualification standards and pricing guidelines help mitigate this risk. The Fed also stresses that technical satisfaction of regulations, such as initial disclosures, may not be enough―a credit union must consider the fairness, consistency, and clarity of the method and form of disclosures to ensure a consumer was not otherwise misled about a product.
Product Use and Duration describes the stage where the product itself is in use and can vary widely, depending on the type of the product. Whereas a remittance transfer is a one-time transaction that is completed quickly, a mortgage may be in active repayment for thirty years. The nature of the compliance risk associated with a product must be determined individually, depending on the life of the product, the amount of service that product requires, and the amount of regulation surrounding service of the product. Additionally, the Fed recommends monitoring and evaluating member complaints as a tool to pinpoint compliance risks associated with the use of a product.
Termination describes both the end of a product in its natural course, such as a product reaching maturity or voluntary account closures, as well as early termination of a product or service by the credit union. Early termination by a credit union could be the discontinuation of a product or service or the termination of an individual product or service due to non-performance by a member. While any termination of a product or service may trigger regulatory requirements, termination initiated by a credit union may pose significant reputational risk, and should be carefully considered and planned.
(Summary prepared by NAFCU)