On December 3, the Office of the Comptroller of the Currency (OCC) issued version 1.1 of the “Unfair or Deceptive Acts or Practices and Unfair, Deceptive, or Abusive Acts or Practices” booklet of the Comptroller’s Handbook, also known as the UDAAP booklet. The UDAAP booklet was last updated in June 2020.

Key Updates in Version 1.1

  • Overdraft Services:
    The revised booklet offers enhanced guidance on sound risk management practices related to overdraft services. This update underscores the importance of transparency in disclosing overdraft policies and fees. Specifically, the booklet emphasizes the need for banks to clearly and conspicuously disclose the terms and conditions of overdraft programs, including any associated fees. It also highlights the importance of providing customers with timely and accurate information about their overdraft options and the potential consequences of opting into such programs.
  • Data Protection and Security:
    Reflecting the evolving landscape of data privacy laws, the OCC has integrated guidance from the Consumer Financial Protection Bureau (CFPB) on data protection and security. This addition highlights the increasing regulatory focus on safeguarding consumer data. The updated booklet includes detailed expectations for banks to implement robust data protection measures, including encryption, access controls, and regular security audits. It also stresses the importance of having comprehensive policies and procedures in place to address potential data breaches and ensure prompt and effective responses to any incidents that may occur. By incorporating these measures, the OCC aims to enhance the overall security of consumer information and mitigate the risks associated with data breaches.
  • Appendix B: UDAP and UDAAP Risk Indicators:
    The updated booklet includes a revised version of Appendix B, which now features enhanced UDAP and UDAAP risk indicators. This tool is designed to help examiners identify potential red flags and evaluate risk management programs more effectively. The risk indicators cover various aspects of a bank’s operations, including marketing practices, product disclosures, and customer service interactions. By providing a comprehensive set of indicators, the OCC aims to assist examiners in identifying areas where banks may be at higher risk of engaging in unfair, deceptive, or abusive practices.

The updated booklet is not only important for banks under OCC supervision but also carries implications for entities that partner with national banks to deliver services, such as debt collection agencies and fintech firms. The enhanced guidance on overdraft services and data protection, in particular, reflects broader regulatory trends and rising expectations for consumer protection.