Start Free Trial
Home/Regulations/UDAAP (Unfair, Deceptive, or Abusive Acts and Practices) — Regulatory Reference
Regulatory Reference
Financial Services Federal (US) medium

UDAAP (Unfair, Deceptive, or Abusive Acts and Practices) — Regulatory Reference

Prohibition on unfair/deceptive AI-driven decisions — model risk management and adverse action notice at the agent layer.

Key Provisions
  • Dodd-Frank Sections 1031 and 1036 — UDAAP authority for CFPB
  • FTC Act Section 5 — parallel UDAP authority outside CFPB jurisdiction
  • 2022 CFPB guidance on UDAAP and discrimination
  • 2023 CFPB guidance — specific adverse action notice requirements for AI/ML credit decisions
How AutoPIL Enforces It
  • Agent registry + audit chain documents which AI agents contributed to a customer-facing decision — required for accurate adverse action notice
  • Pre-retrieval enforcement prevents AI from consuming categories of data that would create UDAAP risk
  • Policy YAML expresses the firm's documented fairness controls
Audit LogPolicy EngineAgent RegistryAlert Rules
AutoPIL Policy IDs
FS-UDAAP-AA-001Adverse Action Notice Evidence
FS-UDAAP-FAIR-001Fairness-Sensitive Data Restriction
Official Sources
https://www.consumerfinance.gov/compliance/supervisory-guidance/unfair-deceptive-abusive-acts-practices-udaaps/https://www.consumerfinance.gov/about-us/newsroom/cfpb-issues-guidance-on-credit-denials-by-lenders-using-artificial-intelligence/

This page is a working reference and not a substitute for qualified legal review. Verify against official sources before use in compliance artifacts.

AutoPIL Governance Platform

Enforce this regulation today

AutoPIL intercepts every AI agent data access call, enforces your policy, and writes a tamper-evident audit record — before sensitive data enters the agent context window.

Start Free Trial View All Industries