Confessions of a Compliance ExecutiveCustomer Complaints – A Gold Mine for Identifying Compliance Risk

Customer complaints aren’t always what they seem

Confessions of a Compliance Executive
Customer Complaints – A Gold Mine for Identifying Compliance Risk

Compliance expert and former Head of Compliance, Sylvia Yarbough, shares secrets and insights from the heart of the compliance team.

If you have a compliance confession, or are worried about emerging regulation, visit our Compliance Confession Booth.

A few months ago, I was reading the CFPB Press Release concerning the changes to their exam manual for Unfair, Deceptive, and Abusive Acts and Practices (UDAAP) (as you do). It seems that the CFPB has decided to broaden their examination practices for UDAAP beyond the lending space to now include financial service practice that would cover all financial products. In conducting an exam, the CFPB will incorporate additional documentation to include:

  • Documentation regarding the use of models, algorithms, and decision-making processes used in connection with consumer financial products and services.
  • Information collected, retained or used regarding customer demographics, including the demographics of customers using various products or services, and the breakdown of consumer demographics for various product uses, fees, revenue sources and costs, or the impacts of various products and services on specific demographics.
  • Any demographic research or analysis relating to marketing or advertising of consumer financial products or services.

In addition, CFPB will be reviewing the financial services compliance program to ensure policies, procedures, reviews, testing and monitoring for UDAAP across all offerings are in place…it’s no small thing.

Over the years that I’ve worked in compliance, I have seen organizations efforts continue to evolve in dealing with UDAAP regulation since it came into force in 2010.  In this first entry of Compliance Confessionals: Tales from an ex-Compliance Executive, I want to discuss the untapped gold mine of Customer Complaints that, with proper analytical tools, some organizations have learned to identify potential UDAAP concerns, as well as other regulatory risk. I’d also like to walk you through my journey in evolving complaints mining.

Customer complaints aren’t always what they seem

First and foremost, I do want to state that having a proactive program – where compliance and risk professionals are scrutinizing marketing campaigns and analytic criteria for product/service offerings with hawk-eyes for potential discriminatory practices – is the basic requirement in a good risk management program. However, it is still possible to miss a risk indicator.

Over the years, I have personally experienced truly eye-opening issues by reviewing customer complaints. I am sure many of you may have had similar experiences – resulting in uncovering a potential regulatory violation. At first glance, these complaints can seem mundane, and can include a customer complaining about being…

  • … denied an advertised product offer after inquiring when his co-worker told him about the advertised product and showed him the mailer she had received.
  • … offered promotional rates but being told she didn’t qualify when she reached out to get that rate.
  • … asked for identification, at a location he transacted at weekly, while witnessing customers in-line in front of him not being asked for any identification.
  • … put into an account with high fees, when she maintains the fees were not explained to her when she opened the account.

As I said, on the surface these appear mundane – barely worth a second glance. But sometimes, when these types of complaints are thoroughly investigated, you can quickly find your organization has ventured into the nebulous realm of potential UDAAP, or other regulatory violations.

There is often no malicious intent.  In my experience, the issues that can turn into UDAAP violations come from years of best practices in marketing, overlaid with new-age analytics, and coupled with the urgency to beat our competitors in gaining market share. You then layer in the human factors of what is now termed “unconscious biases” and ever-evolving evolving regulatory expectations – you have the makings of a perfect storm.  This is why the smart organizations use complaints not just to retain customers, but to unmask potential regulatory risk.

How are teams capturing customer complaints?

Most organizations, no matter if a small Fintech start up or Global organization, have a customer service unit that responds to customer complaints. However, many organizations still are not doing the best job in getting these complaints appropriately captured in some Customer Relationship Management Tool (CRM) with a complaint’s module.

Regardless of the tool (dare I say it, even a good spreadsheet) used appropriately, can be a strong starting point even for a small business. Over the years, what I have seen as the key to good complaints capture, is well-trained customer service representatives (CSRs), who are clear and concise in documenting the issue with appropriate detail. This should be a no brainer, but you wouldn’t believe some of the things I’ve seen.

It’s worth pointing out that these are often the same CSRs whose performance is measured by minutes spent on each call, their ability to cross-sell, and meet customer retention goals. These conflicting priorities can result in rushing customers off the call, placating the customer with some pricing or fee concession, and often poor documentation of the conversation.

There are better success ratios in documenting complaints from electronic mail or postal mail. Unfortunately, in most organizations this type of communication represents less than 20% of complaints received.

Regardless of the vehicle in receiving these complaints or the tool used to capture, I have learned that well-trained CSRs coupled with a tool that allows for detailed data entry fields to uniquely capture customer identification, product or service, appropriate dates, and detail descriptive is key. The more sophisticated the tool, the more you can incorporate drop-downs selections that eliminate potential for free form errors.

It all started with manual review…

In most organizations, regardless of the size, you will find someone who is responsible for marketing or customer satisfaction, reviewing complaints. However, these individuals are often focused on customer retention.  In one of my first compliance leadership roles, I requested that my compliance team begin getting the complaint reports. This was in the days before customers could complain directly to the CFPB, or the extreme circumstances where a customer filed a complaint with the State Attorney General, or a law firm that usually ended up in the Legal department’s hands. Again, I am talking about reviewing the mundane complaints to identify patterns of potential regulatory risk.

My team started with just reading the complaints, based on sampling, and trying to spot any that would map to their interpretation of regulatory requirements. The end result of this effort was summary reports which fed back to the business, with narratives of potential issues. These issues would then be taken on by the business, working with Compliance, to decide if their front-end marketing, campaigns, or customer interactions needed improvement. This is an approach that any organization can undertake to get started on the journey.

Depending on the volume of complaints, you can manage down to a statically meaningful sample. At a minimum, this type of effort will uncover some obvious business practices that can be improved and will also establish a solid framework to demonstrate the good underpinnings of a compliance program.

The caution here is that some regulations are more obvious to tie to complaints. When a customer uses a statement like “I have requested on several occasions that you do not call me with solicitations” it is an obvious violation of Telephone Consumer Protection Act (TCPA). It will require a much more critical objective interpretation to flag a customer statement such as “I feel like I have been misled in opening this account because I didn’t understand all of the fees”.  The discerning compliance professional may see the potential for this to be considered deceptive practices (UDAAP) based on deep-diving into the behavior of the sales team — not necessarily the procedures in place.

Automation for customer complaints review

Over the years, as technology evolved, larger organizations began to leverage more sophisticated analytics to review complaints. I had the opportunity to implement new versions of my complaints review that allowed for leveraging some advanced analytics. In my time in Compliance, I worked on incorporated complex automated text review to match complaints to risk rated regulatory requirements. In addition, we developed trend reports by various geographic and location splits. This put my team in the position of isolating the highest risk complaints to focus on, while limiting the manual effort.

I never achieved my nirvana. I had visions of leveraging fairly sophisticated AI to include voice to text, tone analyzer, contextual analysis, etc. to deep-dive and connect customer complaints to potential regulatory requirements including UDAAP. This information would be visualized on dashboards that provided the compliance partner the most relevant complaints with the highest regulatory risk as well as trends and patterns by geography, region, branch and customer demographics. The compliance partner would use her time more effectively to work with her business partners to deep-dive into root-cause analysis and changes in organization practices.

Although I never achieved that level, there are a few organizations out there that are close to achieving this goal… with some that have made it. Technology has gotten better, more affordable, and the value of AI analytics is being better understood by executive leadership for the doors it can open up — business insights beyond risk management that all areas of the organization can leverage.

Seek and you may find

In summary, whether you are a small organization with limited resources or a large organization that is capable of leveraging AI, there is a wealth of knowledge that can be gained by mining your customer complaints. This will allow your organization, to better understand and be proactive in changing marketing, promotions, and product/ service offerings that were rolled out with the best intention but lead to unintended customer impact and regulatory risk.

Remember the old adage “a person’s perception is his reality”. A complaint starts off as a customer perception of an issue.  In essence, enough complaints may unearth the reality of a potential UDAAP or other regulatory violation. Every organization should make the effort to gather these complaints nuggets, because the regulators sure will.


CUBE simplifies compliance for regulated companies of all shapes and sizes.

Related resources

Why is FinTech so hard to regulate?

Why is FinTech so hard to regulate?

Why is the FinTech sector so hard to regulate? We’ve set out the 5 main challenges facing financial...

Cryptocurrency and ESG: the contradictions and complexities

Cryptocurrency and ESG: the contradictions and complexities

Can ESG and cryptocurrency work hand-in-hand to become a supreme investment opportunity or is it the...

Crypto Country? UK joins the EU in crypto regulation

Crypto Country? UK joins the EU in crypto regulation

On 21 October 2022, the UK followed in the footsteps of the EU’s MiCA & voted to recognise cryptocur...

Taming the crypto wild west: the US and UK strengthen regulation

Taming the crypto wild west: the US and UK strengthen regulation

With recent crypto crashes, the need for safeguards and risk controls is greater than ever. The US a...

View More