Ed. Note-today we have a guest post from Karen Schirmer, a Senior Advisor at Chartwell.

You’ve been hearing for a while now that the regulatory environment has been changing, and you follow the Consumer Financial Protection Bureau (“CFPB”) alerts to see if this new regulator will be looking at your type of business sometime in the near future. But you haven’t done anything new to prepare for greater consumer protection scrutiny because you’re too busy preparing for the upcoming state or bank examination. If this describes your organization, we understand that being proactive with limited funds and resources can be difficult. Nonetheless, consumer protection laws exist on the state and federal level, and states, banks, and other regulators are all taking a broader approach to their reviews. In this article, we will provide you with simple best business recommendations on how to get started with your consumer protection program.

Examine your collateral and marketing for consumer transparency

The most frequently cited violations of consumer protections have been unfair, deceptive, or abusive acts or practices (“UDAAP”) due to the lack of transparency of fees, unclear terms and conditions, and misleading statements deemed harmful to consumers. It is important that the consumer understands what the product or service is and the costs and terms of the products or services being purchased.   This includes all fees and fee limits, including inactivity, dormancy or service fees. Marketing, Packaging, Terms and Conditions, and overall Website language are places that have high risk of creating confusion for the consumer. These are good places to start your project review. Focus on the wording of your marketing and other collateral: is it in an active voice, using strong verbs and the simplest tense possible? Are explanations in everyday words, rather than excessive acronyms, abbreviations, or multiple negatives? Are several qualifiers used in explanations? If so, see if those explanations may be made more direct. Short, concise sentences are best. Look for consistency in terminology – if a transaction fee is the same as an activity fee, pick one term (this may be guided by regulation), define it, and use it throughout.

When evaluating either new or existing financial services products for consumer transparency, your standard of proof should be low, such as “likelihood” of being misled. A reasonable consumer’s overall or “net” impression counts, and omissions of key facts can lead a consumer to the wrong overall impression.

The format and proximity of material information is very important. Consumer disclosures and other key information, such as product function, terms and conditions, privacy and complaint notices should be in at least 8pt font (your product may need to follow a particular font requirement, per regulation) and whenever possible, clearly described on the first or second page, and linked in multiple places. It is prudent to identify any structural aspects of a product or terms and conditions that a consumer might not understand or would find surprising and add highlights or clarifications as appropriate.

Engage your privacy and data security teams 

With several high-profile data security breaches occurring in 2014, consumer confidence and trust in many financial products has eroded, and spending habits have changed accordingly.

The message is that companies offering financial products and services should look into strengthening their security infrastructure with data loss prevention, network security, encryption, and strong authentication and defensive measures. Other internal best practices include having a detailed data security policy that is communicated through training to employees and 3^rd party stakeholders, and assigning controls and control owners to test security measures on a regular basis.

Privacy and transparency are interrelated. Companies must provide users with clear and complete information regarding any collection, use and disclosure of the collected data. Further, internal departments that have access to or may want to use the data must receive training on the limited uses for and protection of the data.

Enhance the consumer experience 

The consumer experience starts with the presentation of a product choice or choices, and the consumer is able to select options in an informed manner. Lack of understanding on the part of the consumer of the risks, costs or conditions of the product or service often leads to complaints.

Once the consumer has signed up for a product or service, it is important that the consumer may access his/her account information easily. The consumer should have ample free access to account information.

A consumer’s experience with a product is directly impacted by the quality of a company’s customer service function. The telephone number(s) for complaints of various types should displayed in multiple places (i.e. websites, receipts, postings, Terms and Conditions).

Effective and timely resolutions of complaints is critical in an environment where consumer protection gets strong attention from state Attorney General’s offices and Federal Agencies. Companies should have policies and procedures that include the following:

1. A policy statement in support of consumer protection;
2. An ongoing process of identifying consumer protection laws;
3. A compliance management system to track the applicable requirements of the laws on a per business or per product basis;
4. A written process specifically for complaints that raise compliance issues;
5. A written process for using complaint data to fix practices and take corrective action; and
6. A records-management process that includes the maintenance of complaint records, litigation, investigation, policies, procedures and reports of complaints resulting in operational changes. Responses and timeframes are tracked

Consumer protection is more than just providing disclosures. Your consumer protection review can be done in layers. Seek a commitment from senior management and/or Board of Directors, implement strategic projects such as the ones described above, add in training and on-going monitoring and you will be well on your way to having strong consumer protection compliance program.

Karen Schirmer has 12 years of experience directing Compliance teams, and drafting programs that identify requirements, risks, controls and methods of control validations. During her work as Compliance Director for Western Union, Inc. and Integrated Payments Systems Inc., she conducted independent reviews, and coordinated regulatory examinations.  As part of the First Data leadership team for 10 years, she drafted and directed the operations of the 2012-2013 Global Corporate Compliance Program. 

[view source.]