Social Media: Consumer Compliance Risk Management Guidance

On December 11, 2013, the Federal Financial Institutions Examination Council (FFIEC) released final guidance (“Guidance”) on the applicability of consumer protection and compliance laws, regulations, and policies to activities conducted via social media by banks, savings associations, and credit unions, as well as nonbank entities supervised by the Consumer Financial Protection Bureau (collectively, “financial institutions”). The Guidance was issued final on behalf of the Office of the Comptroller of the Currency (OCC), Board of Governors of the Federal Reserve (Board), Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), the Consumer Financial Protection Bureau (CFPB) (collectively, the “Agencies”), and the State Liaison Committee (SLC).

The Guidance is intended to help financial institutions understand potential consumer compliance and legal risks, as well as related risks, such as reputation and operational risks associated with the use of social media, along with expectations for managing those risks. It also provides considerations that financial institutions may find useful in conducting risk assessments and crafting and evaluating policies and procedures regarding social media. Although this Guidance does not impose any new requirements on financial institutions, as with any process or product channel, financial institutions are expected to manage potential risks associated with social media usage and access.

The Final Rule is meant to highlight and manage potential risks to financial institutions and consumers; however, financial institutions should ensure their risk management programs provide oversight and controls commensurate with the risks presented by the types of social media in which the financial institution is engaged, including, but not limited to, the risks outlined within the Guidance.

In this article, I will set forth an outline of the Guidance along with suggestions to manage the risks associated with the use of social media.* I have also published a helpful article on this topic, entitled Social Media and Networking Compliance, which may be downloaded from our Library. 

WHAT IS SOCIAL MEDIA?

For purposes of the Guidance, messages sent via traditional email or text message, standing alone, do not constitute social media, although such communications may be subject to a number of laws and regulations discussed in the Guidance. However, messages sent through social media channels are social media. According to the Guidance, social media is considered to be a form of interactive online communication in which users can generate and share content through text, images, audio, and/or video. Social media can take many forms, including, but not limited to, micro-blogging sites; forums, blogs, customer review web sites and bulletin boards; photo and video sites; sites that enable professional networking; virtual worlds; and social games. Social media can be distinguished from other online media in that the communication tends to be more interactive. 

RISK MANAGEMENT PROGRAM

The Guidance suggests that a financial institution should have a risk management program that allows it to identify, measure, monitor, and control the risks related to social media. The size and complexity of the risk management program should be commensurate with the breadth of the financial institution’s involvement in this medium.

For instance, a financial institution that relies heavily on social media to attract and acquire new customers should have a more detailed program than one using social media only to a very limited extent. An observation made in the Guidance, and worth noting, is though a financial institution’s own risk assessment indicates that it has chosen not to use social media, nevertheless, it should “still consider the potential for negative comments or complaints that may arise within the many social media platforms”, and, when appropriate, evaluate what, if any, action it will take to monitor for such comments and determine if a response is needed. 

FEATURES OF A RISK MANAGEMENT PROGRAM

The risk management program should be designed with participation from specialists in compliance, technology, information security, legal, human resources, and marketing. Financial institutions should also provide guidance and training for employee official use of social media.

The Guidance stipulates at least seven components of a risk management program. These include, but are not limited to:

1. A governance structure with clear roles and responsibilities whereby the board of directors or senior management direct how using social media contributes to the strategic goals of the institution (for instance, through increasing brand awareness, product advertising, or researching new customer bases) and establishes controls and ongoing assessment of risk in social media activities;

2. Policies and procedures (either stand-alone or incorporated into other policies and procedures) regarding the use and monitoring of social media and compliance with all applicable consumer protection laws and regulations, and incorporation of guidance as appropriate. Further, policies and procedures should incorporate methodologies to address risks from online postings, edits, replies, and retention;

3. A risk management process for selecting and managing third-party relationships in connection with social media;

4. An employee training program that incorporates the institution’s policies and procedures for official, work-related use of social media, and potentially for other uses of social media, including defining impermissible activities;

5. An oversight process for monitoring information posted to proprietary social media sites administered by the financial institution or a contracted third party;

6. Audit and compliance functions to ensure ongoing compliance with internal policies and all applicable laws and regulations, and incorporation of guidance as appropriate; and

7. Parameters for providing appropriate reporting to the financial institution’s board of directors or senior management that enable periodic evaluation of the effectiveness of the social media program and whether the program is achieving its stated objectives. 

WHAT ARE THE RISKS?

The use of social media to attract and interact with customers can impact a financial institution’s risk profile, including:

· Risk of harm to consumers
· Compliance and legal risks
· Operational risks, and
· Reputation risks.

In our own reviews on behalf of our clients, we have found that the foregoing risks are increased due to poor due diligence, oversight, or control on the part of the financial institution.

Let us now give consideration to each of the Risk Areas, with respect to the risks posed by Social Media. Suggestions are emboldened in each synopsis.

CFPB Toolbox - Update

On October 9, 2013, we notified you about our new CFPB Toolbox that we maintain in our Library.

We have added this new CFPB issuance:

eRegulations

(CFPB's Search Tool)

According to the CFPB (announced on October 22, 2013), the eRegulations search tool will provide the following:

• Easy to search and navigate.

• Key terms are defined throughout.Official interpretations are available throughout.

• Include certain sections of the "Federal Register preambles" to help explain the background to any particular paragraph.

• Ability to see previous, current, and future versions.

The CFPB timed the eRegulations announcement to coincide with the new remittance transfers examination procedures (Regulation E), so that is the first regulation linked into the tool.

Please use our CFPB Toolbox as a facilitating resource, while in many cases still visiting the CFPB's website for more information.

Best wishes,

Jonathan Foxx

President & Managing Director

HUD’s Safe and Rebuttable Qualified Mortgages

The anxiously awaited Proposed Rule (“Rule”) outlining the Qualified Mortgage for FHA loans was published in the Federal Register on September 30, 2013. Given the bland, bureaucratic title Qualified Mortgage Definition for HUD Insured and Guaranteed Single Family Mortgages (“Issuance”), HUD is submitting for public comment its definition of a “qualified mortgage” for the types of loans that HUD insures, guarantees, or administers that align with the statutory ability-to-repay (“ATR”) criteria of the Truth-in-Lending Act (“TILA”) and the regulatory criteria of the definition given by the Consumer Financial Protection Bureau (“CFPB”), without departing from HUD’s statutory requirements. The expiration of the comment period is October 30, 2013.

A copy of the Proposed Rule is available in our Library.

In this article, I will provide an overview of the Rule with respect to Title II mortgages of the National Housing Act. I shall offer some practical insights relating to the potential consequences and implementation of the Rule for residential mortgage lenders and originators.*

Birthing HUD’s Proposed Rule

The Rule has its genesis in a foundational document, the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”), which created the new section 129C in TILA, establishing minimum standards for considering a consumer’s repayment ability for creditors originating certain closed-end, dwelling-secured mortgages, and generally prohibiting a creditor from originating a residential mortgage loan unless the creditor makes a reasonable and good faith determination of a consumer’s ability to repay the loan according to its terms.

Briefly, Section 129C is meant to provide lenders a specific format to meet the ATR requirements when lenders make “qualified mortgages” (“QMs”). A new section 129C(b), added by section 1412 of Dodd-Frank, establishes the presumption that the ATR requirements of section 129C(a) are satisfied if a mortgage is a “qualified mortgage,’’ and authorizes the CFPB, to prescribe regulations that revise, add to, or subtract from the criteria in TILA that define a “qualified mortgage.’’ (Section 129C also provides for a reverse mortgage to be a qualified mortgage if the mortgage meets the CFPB’s standards for a qualified mortgage, except to the extent that reverse mortgages are statutorily exempted altogether from the ATR requirements. The CFPB’s regulations provide that the ATR requirements of section 129C(a) do not apply to reverse mortgages. Section 129C(a)(8) excludes reverse mortgages from the repayment ability requirements.)

As you may know, I have published and presented extensively on QMs and have dubbed the non-qualified mortgage with the acronym “NQM.” For some of my work on this subject, please visit HERE, and HERE, and HERE.

Section 129C authorizes the agency with responsibility for compliance with TILA, that is, the CFPB, to issue a rule implementing these requirements. The CFPB already set forth its Final Rule on ATR, QMs, and NQMs, as issued in the Federal Register on January 30, 2013. Along with certain other agencies, HUD was also later on charged by the CFPB, pursuant to Dodd-Frank, with prescribing regulations defining the types of loans that it would insure, guarantee, or administer, as applicable, that are qualified mortgages. In the Rule, HUD now proposes that any forward single family mortgage insured or guaranteed by HUD must meet the criteria of a qualified mortgage, as defined in the Rule.

HUD reviewed its mortgage insurance and loan guarantee programs and, in the Issuance, stated that all of the single family residential mortgage and loan products offered under HUD programs are qualified mortgages; that is, they “exclude risky features and are designed so that the borrower can repay the loan.” However, for certain of its mortgage products, HUD proposes its Rule for qualified mortgage standards similar to those established by the CFPB in its definition of “qualified mortgage.” 

Safe Harbor and Rebuttable Presumption of Compliance

Through its “qualified mortgage” rulemaking, the CFPB established both a “safe harbor” and a “rebuttable presumption of compliance” for transactions that are qualified mortgages. CFPB's label of safe harbor is applied to those mortgages that are not higher-priced covered transactions (i.e., the annual percentage rate (“APR”) does not exceed the average prime offer rate (“APOR”) by 1.5 percent). These are considered to be the least risky loans and presumed to have conclusively met the ATR requirements of TILA. The label of rebuttable presumption of compliance is applied to those mortgages that are higher-priced transactions.

TILA Section 129C(b)(2)(ix) provides that the term “qualified mortgage” may include a “residential mortgage loan” that is “a reverse mortgage which meets the standards for a qualified mortgage, as set by the Bureau in rules that are consistent with the purposes of this subsection.” But the Federal Reserve Board’s proposal, adopted by the CFPB, does not include reverse mortgages in the definition of a “qualified mortgage.” Indeed, the CFPB’s Final Rule does not define a “qualified” reverse mortgage.

HUD proposes to designate Title I (home improvement loans), Section 184 (Indian housing loans), and Section 184A (Native Hawaiian housing loans) insured mortgages and guaranteed loans covered by the Rule to be safe harbor qualified mortgages and HUD proposes no changes to the underwriting requirements of these mortgage and loan products.

The largest volume of HUD mortgage products - those insured under Title II of the National Housing Act – would be bifurcated into qualified mortgages similar to the two categories created in the CFPB final rule: a safe harbor qualified mortgage and a rebuttable presumption qualified mortgage.

Specifically, the Rule would define the safe harbor qualified mortgage as a mortgage insured under Title II of the National Housing Act (excepting reverse mortgages insured under section 255 of this act) that meets the points and fees limit adopted by the CFPB in its regulation at 12 CFR 1026.43(e)(3), and that has an APR for a first-lien mortgage relative to the APOR that is less than the sum of the annual mortgage insurance premium (“MIP”) and 1.15 percentage points. HUD would define a rebuttable presumption qualified mortgage as a single family mortgage insured under Title II of the National Housing Act (excepting reverse mortgages insured under section 255 of this act) that meets the points and fees limit adopted by the CFPB in its regulation at 12 CFR 1026.43(e)(3), but has an APR that exceeds the APOR for a comparable mortgage, as of the date the interest rate is set, by more than the sum of the annual MIP and 1.15 percentage points for a first-lien mortgage.

Revolving Door Regulators

Senator yesterday. Lobbyist today.

Representative yesterday. CEO today.

Cabinet level appointee yesterday. Bank Chairperson today.

Government Agency Director yesterday. Law firm senior partner today.

CFPB Regulator yesterday. Competitor today.

_______________________________________________________________________

IN THIS ARTICLE

The Inside-Outside Gambit

The Four Horsemen

A Business Model for Former Regulators

Partners in Business

Making a Market in Non-QM

Timeline

What did they know, and when did they know it?

Extinguishing the Fire

Library

_______________________________________________________________________

The Inside-Outside Gambit

There are many forms of corruption. Perhaps the most pernicious is where an elected or duly appointed representative of the citizenry leaves office to use the sloughed off position for financial gain in the private sector.

Let's set up a definition for such (mostly unregulated) behavior. I will give it a phrase: "inside-outside gambits."

What is an inside-outside gambit? It is the use of information obtained in the course of a former governmental position by an official for financial gain, directly or indirectly, soon or immediately after leaving government employment in that position. Such information includes contacts with decision-makers in the government; providing information about proprietary conversations leading up to the promulgating of laws, rules, and regulations; access to insiders and knowledge of their views; navigating the systemic and organizational structure; non-public facts regarding the governmental plans or condition that could provide a financial advantage. Note that I use the phrase "inside-outside," not "insider trading."

I am not talking about a situation where there is the illegal trading of a public company's stock or other securities (such as bonds or stock options) by individuals with access to non-public information about the subject company (such trading being illegal).

However, the effect of “inside-outside gambit” and “insider trading” is practically the same: these strategies lead to an unfair, usually economic, advantage.

A basic concept of law is that an injury must be sustained by a plaintiff. Broadly speaking, no injury, no case.

So who is harmed when an equity trader uses inside information for personal financial benefit? The public, of course. Certainly, that part of the public that invests in the stock market, relying on rules, regulations, and laws to be impartially applied, with equal access to all. And who is harmed when a former government official uses inside information for personal financial benefit almost immediately after being employed in the government position. Of course, the public. Certainly, that part of the public that relies on rules, regulations, and laws to be impartially applied, with equal access to all.

How about when regulators in the most powerful agency that regulates the origination of residential mortgage loans, the Consumer Financial Protection Bureau (CFPB), leave that agency and start a mortgage company soon after leaving the CFPB, to compete or partner with mortgage companies?

When Thomas Jefferson advocated that legislators should have term limits in order to prompt the return to private life in order to live under the rules they promulgated, somehow I don't think this is what he had in mind.

In a letter of 1776, Jefferson wrote:

[His] "reason for fixing them [elected representatives] in office for a term of years rather than for life was that they might have an idea that they were at a certain period to return into the mass of the people and become the governed instead of the governor, which might still keep alive that regard to the public good that otherwise they might perhaps be induced by their independence to forget."

In other words, Jefferson viewed public service as a privilege. He fully expected government officials to return to private life and live under the laws they passed. I quite doubt that he viewed such a return to be a means for an ex-official’s self-enrichment, by utilizing public service to exploit – or even appear to exploit - the very laws promulgated by the ex-official.

_______________________________________________________________________

The Four Horsemen

On July 31, 2013, the House Committee on Oversight and Government Reform and the House Committee on Financial Services sent an eight page Congressional letter (Letter) to Richard Cordray, the Director of the Consumer Financial Protection Bureau (CFPB). Signed by a bi-partisan group of Representatives, it expressed concern about the recent departure from the CFPB of four high level officials. The Letter forms the basis of further inquiries by the Committees. Noting a news report, the Representatives indicated it appears that certain officials "have left the CFPB in order to profit from rules they helped create."

Who are these individuals? What were their former CFPB positions?

CFPB: Spying to Protect the Consumer

It all began with a Bloomberg article. Although the CFPB spying on the financial habits of at least 10 million consumers seems to be a far cry from NSA's spying on the telephone calls, emails, snail mails, website usage, and many other communication media used by hundreds of millions of US citizens, the timing of the Bloomberg article comes at, shall we say, a rather sensitive time - given its publication just shortly prior to the recent revelations regarding the NSA's rather unique way of interpreting the Fourth Amendment of the US Constitution regarding search and seizure.

Probable Cause Conundrum

 

I call it the "probable cause conundrum," because (1) the Fourth Amendment expressly states that "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized," yet (2) a warrant to spy on Americans these days, at least with respect to probable cause and the requirement that a warrant to spy must be limited in scope according to specific information, has been hugely expanded. At least one of the Supremes has interpreted "probable cause" to mean "reasonable." For some reason, I really don't think that point of view was ever the way the Framers considered it, based on the law extant at the time the Constitution was actually drafted. But I digress.

As a result of Tennessee v. Garner [471 U.S. 1 (1985)], inter alia, we all learned that the "reasonableness requirement" applies not just to a search in combination with a seizure, but also to a search without a seizure, as well as to a seizure without a search. But, again, I digress. So not to go too far afield, let us return to that Bloomberg article which, by the way, was published back in April of this year.

To quote the very first paragraph of the article, its author, Carter Dougherty, writes that "the new U.S. consumer finance watchdog is gearing up to monitor how millions of Americans use credit cards, take out mortgages and overdraw their checking accounts. Their bankers aren’t happy about it." And Mr. Dougherty later on states that "Director Richard Cordray has said that the consumer bureau needs raw material to make 'data-driven', decisions based on how financial products and services are used or abused. Research will improve regulation as well as the marketplace."

We don't like to think that our federal agencies are spying on us, watching our communications, perhaps especially our financial habits, determining therefrom how best to "serve" the public interest. Sure, we know that Google and other web giants are constantly monitoring our financial habits - presumably with our permission to do so. Somehow, it's acceptable if private corporations do it, but when the government does it - not so much!

It all becomes rather weird when the NSA (backed by, say, the DOJ) orders private corporations to spy on us, but the latter are not permitted to admit that the former ordered them to do so - with or without our permission - on the basis of what appears to be a new meaning of "probable cause."

What I find interesting is the similarity between the NSA's and the CFPB's reasons for the need to collect, respectively, virtually all communication data on American citizens and also the financial data on millions of American consumers. It seems that spying has an underlying positive cause, one that apparently we citizens simply don't fully appreciate. For if we did appreciate the workings of these agencies that are just trying to protect us, watch over us to make sure we are safe, and do what they can to mitigate our worst fears, we would overwhelmingly and clearly express our gratitude to the NSA and CFPB for their commitment to our protection - and some Americans certainly seem very grateful.

The Fourth Amendment - how quaint it has become!

Justifying Spying

NSA and CFPB – Two Peas in a Pod

 

But let's look at some of these justifications that both the NSA and the CFPB have in common for spying on us. Or, if you find that phrase to be nettlesome, perhaps the phrase ‘conducting surveillance on us’ is easier to accept.

First Justification: We need a bogeyman, whom we shall call El Coco, its Spanish version, as when a Spanish-speaking parent tells a child 'si no te portas bien vendrá el coco' ("if you're not good the bogeyman will come and get you"). Almost every civilization has had some version of the bogeyman, that amorphous, unpredictable, malevolent being whose primary role is to scare the living daylights out of us and make us willingly compliant and malleable victims.

So, in the case of the NSA, El Coco comes in the form of terrorists and other malcontents; and, in the case of the CFPB, El Coco seems to be residential mortgage lenders and originators (RMLOs) and other members of the financial markets and sometimes even consumers themselves. In both instances, we can thank the government for protecting us from the mischievous schemes of El Coco.

Fortunately, these federal agencies keep guard against El Coco and make sure that nothing physically or financially bad will happen to Americans. If you take the position, as did President Franklin Roosevelt, that "there is nothing to fear but fear itself," then you're really not showing much appreciation for the many protective efforts being done on your behalf, to protect you from the wrathful and heinous acts of El Coco.

CFPB’s Mortgage Rules for Readiness

The just released 2013 CFPB Dodd-Frank Mortgage Rules Readiness Guide (Guide) from the Consumer Financial Protection Bureau (CFPB) provides, finally, a set of criteria and preparation procedures for residential mortgage lenders and originators. It is Version 1.0 and, like previously issued guides and manuals, the CFPB will update the Guide periodically, using the results from its field examinations to further enhance the audit methodologies.

Note that it is called a “Readiness Guide.” Such documents are not meant to be, and are not, conclusive. Such guides are expected to be sign posts leading the way, a means by which a company may learn of the priorities and exigencies of a regulator’s oversight functions. In other words, as the Guide itself declaims: “The Guide summarizes the mortgage rules finalized by the CFPB in January 2013, but it is not a substitute for the rules.”

To put a finer point on the use of the Guide, please always remember that only the rules and their official interpretations can provide complete and definitive information regarding their requirements.*
 
These rules can be found at http://www.consumerfinance.gov/regulatory-implementation/.

Each rule in the Guide also includes a hyperlink with additional information, which includes Small Entity Compliance Guides that may make the rule easier to digest. There are links to videos outlining the main elements of the rule. Furthermore, a convenient hyperlink compendium structure is embedded in the Guide, so that the rule headings are themselves hyperlinks directing the reader to the rule-specific CFPB website page.

_________________________________________________________________

IN THIS ARTICLE

Sections of the Guide

Summary of the Rules

Questionnaire

Library

___________________________________________________________________

SECTIONS OF THE GUIDE

The Guide consists of the following sections:

Part I: Summary of the Rules
Part II: Readiness Questionnaire
Part III: Frequently Asked Questions
Part IV: Tools

Part I (Summary of the Rules) contains an outline of the eight final rules issued in January 2013 concerning mortgage markets in the United States pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) Public Law 111-203, 124 Stat. 1376 (2010) (2013 Title XIV Final Rules).

The rules amend several existing regulations, including Regulation Z, X, and B. Throughout the year, CFPB expects to provide updates to the rules where necessary. Updates will be posted, along with summaries of the changes, on the regulatory implementation CFPB webpage.

The questionnaire in Part II (Readiness Questionnaire) is '”not intended” to encompass all details of a comprehensive compliance program. This should not be interpreted to mean that the questionnaire is a replacement for the examination procedures or regulations. It is intended to serve as a guide in preparing for implementation of the mortgage rules and in performing a self-assessment. Thus, the questionnaire should be used as a self-assessment in determining a company’s progress towards compliance with the new mortgage rules. The questionnaire contains twenty-nine self-assessment questions and numerous subsections. Do not confuse the questionnaire with a proxy examination tool: it will not be added to the Examination Manual. The CFPB views the questionnaire as a “voluntary guide” for preparation. I have no doubt that it will be used by management in their discussions with examiners. The extent of those discussions may be determined by the institution’s size, products offered, risk mitigation, risk profiles, and other factors, such as the overall strength of the compliance management system.

Part III (Frequently Asked Questions) consist of only a two-page set of questions and answers, most of them quite obvious, both in the asking and the answering. Perhaps the most interesting ‘question and answer’ set is this one:

Question: Will the CFPB coordinate and communicate supervisory activities with other regulatory agencies?

Answer: In accordance with the Dodd-Frank Act and its routine practice, the CFPB will coordinate with other regulators. Regulators will communicate examination plans and findings with each other. When appropriate, the regulators will coordinate examination efforts in order to reduce regulatory burden.

Although the CFPB gave a vaguely worded answer, let’s put it this way: the integration of information between the state banking departments and the CFPB and, where applicable, other state and federal agencies, has become (or is becoming) seamless.

Finally, Part IV (Tools) is a resource directly, commonly used on many websites to direct the reader to other website locations of interest. This section hosts many hyperlinks, seventeen in total, that cover most of the rules and regulations that the CFPB has promulgated relating to mortgage compliance.

___________________________________________________________________

The Enforcement Powers of the Consumer Financial Protection Bureau

For several months, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) has implemented a spate of enforcement actions against banks and nonbanks. My interest in this article is neither to re-litigate those cases nor single out any particular financial institution for further scrutiny.* Sometimes we must learn our lessons at somebody else’s expense, rather than to castigate another for unseemly conduct. None of us, however, is absolved of the responsibilities, the violations of which could lead to enforcement actions against us or the financial institution where we are employed.

It is important, therefore, to have some sense of what is meant by the term “enforcement,” especially with respect to the CFPB’s authorities. The CFPB received a host of enumerated laws and related authorities on July 21, 2011[i], and, pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”), a concomitant set of defined rules were established[ii] that gave the Bureau numerous enforcement powers, including the powers to conduct investigations and implement enforcement actions to enforce federal consumer financial law.[iii]

For instance, Section 1052 of the Dodd-Frank authorizes the CFPB to engage in joint, interagency investigations and requests for information, including matters relating to fair lending. Though the statute specifically provides that, “where appropriate,” the Bureau may conduct “joint investigations” with the Secretary of Housing and Urban Development, the Attorney General of the United States, or both, it also sets forth lengthy provisions governing subpoena powers and civil investigative demands.

______________________________________________________

IN THIS ARTICLE

Hearings and Adjudications

Scope of Legal Remedies

Blowing the Whistle on Violations

Policy Statement and Whistleblower Protection

Locking Horns with the Department of Labor

______________________________________________________

Hearings and Adjudications

On November 7, 2011, the Bureau issued CFPB Bulletin 2011-04 (entitled “Enforcement”),[iv] the first in a series of bulletins relating to policies and priorities of the Bureau’s Office of Enforcement. The Bulletin announced that before the CFPB commences an enforcement proceeding, it may (or may not) give the subject of the proceeding notice of the nature of the potential violations and may (or may not) offer the subject the opportunity to submit a written statement in response. The Bulletin also gave specific instructions regarding the submission requirements of the written statement, such as the paper size, spacing, font size, and length, while also mandating that the response had to be received by the CFPB by no more than 14 calendar days after the notice.[v]

Almost a year after the CFPB received its authorities, it adopted rules, on June 29, 2012, regarding the procedures it expected to follow when investigating whether a “person” (a legal term for an individual or entity) is or has been engaged in conduct that would constitute a violation of any provision of federal consumer financial law.[vi]

Indeed, Dodd-Frank authorizes[vii] the Bureau to conduct hearings and adjudication proceedings to ensure or enforce compliance with the following applicable items:

Title X, which established the Consumer Financial Protection Bureau as an independent agency within the Board of Governors of the Federal Reserve System, including any rules prescribed by the CFPB under Title X; and

“… any other Federal law that the Bureau is authorized to enforce, including an enumerated consumer law, and any regulations or order prescribed thereunder, unless such Federal law specifically limits the Bureau from conducting a hearing or adjudication proceeding and only to the extent of such limitation.” 

Furthermore, Section 1053 of Dodd-Frank sets forth the rules for Cease-and-Desist proceedings and enforcement orders.

Statutorily, Dodd-Frank authorizes the CFPB to apply to the United States district court within the jurisdiction of which the principal office or place of business of the person is located, for the purposes of enforcing any effective bulletin or notice, outstanding notice, or order.

Thus it was that, soon after the Bureau announced its rules for investigating violations, in July 2012 the CFPB announced its first enforcement action. That action consisted of a consent order in which Capital One agreed to refund $140 million to 2 million customers and pay a $25 million penalty. The enforcement was the consequence of alleged deceptive marketing tactics used by Capital One’s vendors to coax consumers into paying for add-on products when they activated their credit cards.[viii]

Dodd-Frank authorizes the CFPB to commence a civil action against any person who violates a federal consumer financial law and to impose a civil penalty or to seek all appropriate legal and equitable relief including a permanent or temporary injunction.

When commencing a civil action, the Bureau must notify the Attorney General and, with respect to a civil action against an insured depository institution or insured credit union, the appropriate prudential regulator. Except as otherwise permitted by law or equity, no action may be brought under Title X more than three years after the date of discovery of the violation.

Indeed, the CFPB published an interim rule regarding its awarding of attorney fees and other litigation expenses in certain situations, as required by the Equal Access to Justice Act.[ix]

Scope of Legal Remedies

The CFPB has extensive authorities to not only investigate violations of federal consumer protection laws but also implement broad enforcement relief.

Consider this list, which I do not assert to be comprehensive. These legal remedies are held to be “without limitation:”

• Rescission or reformation of contracts
• Refund of money
• Disgorgement and refund of various types of assets
• Return of real property
• Restitution
• Disgorgement or compensation for unjust enrichment
• Payment of damages or other monetary relief
• Public notification regarding the violation (including the costs of notification)
• Limits on the activities or functions of the person
• Civil monetary penalties

Indeed, Dodd-Frank authorizes the court in a court action, or the CFPB in an administrative proceeding, to grant “any appropriate legal or equitable relief with respect to a violation of federal consumer financial law, including a violation of a rule or order prescribed under a federal consumer financial law.”[x]

The relevant statute provides that there may not be an imposition of exemplary or punitive damages; however, in an action to enforce any federal consumer financial law, the CFPB, the states Attorneys General, or state regulators may recover their costs, if they prevail.

Notwithstanding the foregoing exclusion of exemplary or punitive damages, for any violation of a law, rule, or final order, or condition imposed in writing by the CFPB, a civil penalty may not exceed $5,000 for each day during which the violation or failure to pay continues. However, take note: that penalty amount jumps to $25,000 for each day for any person that recklessly engages in a violation of a federal consumer financial law, and to $1,000,000 for each day for any person that knowingly violates a federal consumer financial law.

And if the CFPB obtains evidence that any person has engaged in conduct that may constitute a violation of federal criminal law, the Bureau will immediately refer the case to the Attorney General of the United States.

Blowing the Whistle on Violations

The Bureau has distinguished whistleblower information from consumer complaints. Section 1057 of Dodd-Frank protects certain employees from retaliation who submit information about their employers' potential violations of the consumer financial protection laws now enforced by the CFPB. On December 15, 2011, the CFPB issued Bulletin 2011-05 (Enforcement and Fair Lending) to solicit information about potential violations of federal consumer financial laws.[xi] The Bulletin notes that Dodd-Frank § 1057 protects certain employees and their representatives who provide information against retaliation by their employers.[xii]

Dodd-Frank provides broad whistleblower protections to employees of covered persons and their subsidiaries (viz., “covered persons” being defined in Sections 1024, 1025, and 1026 of Dodd-Frank).

A covered person or service provider is defined in the foregoing sections as:

Being one that:

• Offers or provides origination, brokerage, or servicing of loans secured by real estate for use by consumers primarily for personal, family, or household purposes, or loan modification or foreclosure relief services in connection with such loans;
• Is a larger participant of a market for other consumer financial products or services, as defined by the applicable section of Dodd-Frank;
• The Bureau has reasonable cause to determine, by order, after notice to the covered person and a reasonable opportunity for such covered person to respond, based on complaints collected through the CFPB’s complaint system under or information from other sources, that such covered person is engaging, or has engaged, in conduct that poses risks to consumers with regard to the offering or provision of consumer financial products or services; [xiii]
• Offers or provides to a consumer any private education loan;[xiv] or
• Offers or provides to a consumer a payday loan.

Being an:

• Insured depository institution with total assets of more than $10,000,000,000 and any affiliate thereof; or
• Insured credit union with total assets of more than $10,000,000,000 and any affiliate thereof.

Being an:

• Insured depository institution with total assets of $10,000,000,000 or less; or
• Insured credit union with total assets of $10,000,000,000 or less.

A covered person may not terminate or in any other way discriminate against any covered employee or any authorized representative of covered employees.

Policy Statement and Whistleblower Protection

The protections afforded the whistleblower and the Bureau’s procedures relating to whistleblower protection should invoke a response from all affected financial institutions to draft and ratify a policy statement relating to preventing retaliation toward a whistleblower.

Such a policy should include various statements of principle, practice, policy, and procedures – what I call the “Four Ps” – to ensure that all employees understand the importance of internally reporting to a company’s chain of command any suspicious practices or potential violations. When the internal route fails, whistleblowers may go to a government entity, such as the CFPB, to report their concerns. As part of the policy statement, there should be a clear and unambiguous provision to protect the whistleblower from any harassment by the employer or any employees.

Therefore, the aforementioned policy should specifically state that whistleblowers will be protected from retaliation if they:

• Provided, caused to be provided, or are about to provide or cause to be provided, information to the employer, the CFPB, or any other state, local, or federal, government authority or law enforcement agency relating to any violation of, or any act or omission that the employee reasonably believes to be a violation of any other provision of law that is subject to the jurisdiction of the CFPB, or any rule, order, standard, or prohibition promulgated by the CFPB.
• Testified or will testify in any proceeding resulting from the administration or enforcement of any provision of law that is subject to the jurisdiction of the CFPB, or any rule, order, standard, or prohibition prescribed by the CFPB;
• Filed, instituted, or caused to be filed or instituted any proceeding under any federal consumer financial law; or
• Objected to, or refused to participate in, any activity, policy, practice, or assigned task that the covered employee (or other such person) reasonably believed to be in violation of any law, rule, order, standard, or prohibition, subject to the jurisdiction of, or enforceable by, the CFPB.

The Bureau established an email address and phone number for submitting whistleblower tips. Additionally, the CFBP has built a web space for whistleblower communications.

Locking Horns with the Department of Labor

Dodd-Frank gives an employee who believes that he or she has been discharged or otherwise discriminated against 180 days after the date on which the alleged violation occurs to file a complaint with the Secretary of Labor. Furthermore, Dodd-Frank sets forth certain rules for Department of Labor investigations, such that if the Department concludes that there is reasonable cause to believe that a violation has occurred, it may issue a preliminary order providing relief. However, the Department must dismiss a complaint unless the complainant makes a prima facie showing that the action in question was a contributing factor in the unfavorable personnel action. No investigation is permitted if the employer demonstrates, “by clear and convincing evidence,” that the employer would have taken the same unfavorable personnel action in the absence of that behavior.

The Department of Labor has vast authorities to redress the grievances of covered employees. If it determines that a violation has occurred, the Department may order the person who committed the violation to, among other things, take affirmative action to abate the violation; reinstate the complainant to his or her former position, together with compensation (including back pay) and restore the terms, conditions, and privileges associated with his or her employment; and provide compensatory damages to the complainant.

At the request of the covered employee who has been retaliated against, the Department may assess a sum equal to the aggregate amount of all costs and expenses (including attorney fees and expert witness fees) reasonably incurred by the complainant. But, if the Department finds that the complaint is frivolous or has been brought in bad faith, it may award to the prevailing covered employer a reasonable attorney fee, not exceeding $1,000, to be paid by the complainant.

---

[i] The Designated Transfer Date, Dodd–Frank Wall Street Reform and Consumer Protection Act, (Pub. L. 111–203, H.R. 4173), signed into law on July 21, 2010

[ii] Ibid. Subtitle E of Title X

[iii] Op. cit. 1 Title X

[iv] Enforcement, Early Warning Notice, CFPB Bulletin 2011-04, November 7, 2011

[v] 77 Federal Register 27446 (May 10, 2012)

[vi] Specifically, on June 29, 2012, the CFPB revised the interim rules it had adopted on July 28, 2011 regarding these procedures. See: 76 Federal Register 45168 (July 28, 2011); 77 Federal Register 39101 (June 29, 2012)

[vii] Op. cit. 1, § 1052(d)

[viii] The Consent Order was issued pursuant to 12 U.S.C. § 5563 (Hearings and Adjudication Proceedings, Dodd-Frank § 1053) and § 5565 (Relief Available, Dodd-Frank § 1055).The consent order stated that the CFPB found – though the bank had not admitted or denied - violations of Dodd-Frank §1031 regarding unfair, deceptive or abusive acts or practices.

[ix] Op. cit. 6, 77 Federal Register 39117

[x] Op. cit. 1, §1055, codified at 12 USC § 5565

[xi] Enforcement and Fair Lending, Bureau Invites Whistleblower Information and Law Enforcement Tips, and Highlights Anti-Retaliation Protections, CFPB Bulletin 2011-05, December 15, 2011

[xii] Ibid. The bulletin encourages “knowledgeable sources” with information about potential violations to email their information to whistleblower@cfpb.gov or to call toll-free (855) 695-7974. On February 2, 2012, the CFPB published its own whistleblower protection notice for its employees.

[xiii] Op. cit. 1, § 1013(b)(3)

[xiv] As defined in § 140 of the Truth in Lending Act (15 USC 1650), notwithstanding § 1027(a)(2)(A) and subject to § 1027(a)(2)(C) of Dodd-Frank

______________________________________________________

*Jonathan Foxx is the President & Managing Director of Lenders Compliance Group

National Mortgage Professional Magazine [April 2013, Volume 5, Issue 4, pp. 8-32]

Loan Originator Compensation: New Rules

On January 24, 2013, as the last of the Final Rules of the Consumer Financial Protection Bureau (CFPB) rolled out, I offered an outline of all of them, entitled "CFPB's Gang of Seven (Final Rules)".

I listed them in order of issuance, as follows:

1. Ability-to-Repay (ATR)
2. High-Cost Mortgage (HCM)
3. Escrow
4. Servicing
5. Appraisals for High-Risk Mortgages
6. Copies of Appraisals
7. Mortgage Loan Originator Compensation

Having come through the last two months responding to numerous questions about these Final Rules, I have been able to cobble together some of the most salient questions, regulatory features, and concerns that our clients have expressed about them. And when I have spoken to the media types, it seems that they also have a set of questions and interests that are not being fully addressed in the current dialogue. Of abiding interest is the change relating to loan originator compensation.

With that in mind, I want to provide a brief outline of some loan originator compensation issues, offering additional details garnered from two months in the trenches working through these regulatory issues on behalf of our clients. From time to time, I will have more to discuss about many regulatory changes anticipated in 2013 and 2014. I am going to conduct this review topic by topic, rather than just as specific regulations subject to a final rulemaking. 

____________________________________________________

IN THIS ARTICLE

Terms and Conditions
Retirement Plans
Factors and Proxies
Dual Compensation
Non-loan Originations Services
Points and Fees
Loan Originator Qualifications
Mandatory Arbitration Clause
Single Premium Insurance
Record Retention Requirements

____________________________________________________

Terms and Conditions

By now, there is nary a residential mortgage lender or originator that does not know that, under Regulation Z, loan originator compensation is prohibited from being based upon the terms and conditions of a mortgage loan transaction.

The CFPB has provided new nomenclature for the terminology "transaction terms and conditions," without much changing the prohibition and certain exceptions to the standing rule. The new terminology is "term of a transaction," but now with the clarified meaning that term of a transaction means to include "any right or obligation of the parties to a credit transaction."

The usual cast of regulatory prohibitions continue in force. For instance, loan originator compensation is still prohibited from being based on such things as the interest rate of a loan, or upon the inclusion of additional fees or charges for products or services provided by other parties to the transaction. 

And the usual cast of regulatory identifiers of a term of a transaction continue in force. Thus, fees or charges are a term of the transaction if they must be disclosed in the Good Faith Estimate (GFE) or HUD-1 or HUD-1A Settlement Statement (HUD-1). That obviously means to include loan originator or creditor fees or charges for the credit transaction or for a product or service provided by the loan originator or creditor that is related to the extension of credit; and it also means those fees or charges of other parties for any product or service required by the lender as a condition of the extension of credit. Keep in mind, however, that just because a fee or charge is stated on the HUD-1 does not in itself make the fee or charge a term of the transaction.

One rather controversial area involves the off-setting of compensation due to increased costs. The standing rule has provided that loan originator compensation is prohibited from being reduced in response to a change in the transaction terms. This has caused lenders all manner of frustration, not to mention loss of revenues and diminished profits. Yet, the new rule would allow compensation to be reduced in order to offset unexpected increases to estimated settlement costs, otherwise known as "unforeseen circumstances." What is a circumstance that is unforeseen? The imagination reels! But since the CFPB has offered no formal guidance to delineate very specifically what may or may not be an unexpected event, the lender must be extremely careful not to enter these dark waters too briskly.

____________________________________________________

Retirement Plans

Profits may be used toward contributions to tax advantaged retirement plans. The important feature is to ensure that such contributions are not be based on the terms of the individual loan originator’s transactions. Non-deferred, profit based compensation plans - such as bonus pools and profit-sharing plans - is permissible. However, any such payments (1) must ensure that compensation is not directly or indirectly based on the terms of the individual loan originator’s transactions, and (2) either the compensation under the plan does not exceed 10 percent of the loan originator’s total compensation for the applicable period or the loan originator was an originator for no more than 10 transactions during the preceding 12 months. 

Whatever the choice, the entity involved must ensure that payments do not include bonuses, awards, trips, or other 'incentive' products or services.

____________________________________________________

Factors and Proxies

Although the standing rule provides that loan originator compensation may not be dependent upon a factor that is a “proxy” for what would otherwise be considered a term of a loan transaction, there is clarification now that a factor is a term of a loan transaction “proxy” if it meets these two criteria: (1) the factor varies with a transaction term over a significant number of transactions, and (2) the loan originator, directly or indirectly, has the ability to add, reduce, or change the factor when originating the loan or credit.

____________________________________________________

CFPB’s Final Rule: Ability-to-Repay and Qualified Mortgages

On Wednesday, I provided an outline of the Consumer Financial Protection Bureau's (CFPB's) Regulatory Agenda for 2013. As if on cue, the CFPB accommodated us on Thursday with the first of its forthcoming issuances.* This pertains to the Final Rule regarding Ability-to-Repay, which leaves the Final Rule issuances this month for Loan Originator Compensation, Mortgage Servicing, and Requirements for Escrow Accounts.

The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) required that, for residential mortgages, creditors must make a reasonable and good faith determination based on verified and documented information that the consumer has a reasonable ability to repay the loan according to its terms. It also established a "presumption" of compliance for a certain category of mortgages, which was called “qualified mortgages” or "QMs." These provisions are similar, but not identical to, the Federal Reserve Board's (FRB's) 2008 rule and cover the entire mortgage market rather than simply higher-priced mortgages. The FRB proposed a rule to implement the new statutory requirements before authority passed to the CFPB to finalize the rule. The compliance effective date is January 10, 2014.

I have written extensively about Ability-to-Repay and the Qualified Mortgage.

Please feel free to review these articles.

In this article, I would like to mention the premises used as the reasons for an Ability-to-Repay rule (ATR). Then I will outline the essential features of ATR, followed by a review of the "Qualified Mortgage." Finally, I will provide a general summation in order to provide some context with respect to the Final Rule's implementation.

_________________________________________________

IN THIS ARTICLE

Premises for Ability-to-Repay
What is Ability-to-Repay?
What is the Qualified Mortgage?
Types of Qualified Mortgages
Summation

Library

_________________________________________________

Premises for Ability-to-Repay

The CFPB believes that when consumers apply for a mortgage they "often struggle to understand how much of a monthly payment they can afford to take on." Thus, according to the CFPB, the consumer may reasonably assume that lenders and mortgage brokers would not make loans to people who cannot afford them. But in the years leading up to the financial crisis, the CFPB asserts that lenders too often made mortgages that could not be paid back.

Therefore, the purpose of ATR is to require lenders to obtain and verify information to determine whether a consumer can afford to repay the mortgage and, per the CFPB, thereby help to restore trust in the mortgage market.

These are the premises upon which the CFPB has established the need for Ability-to-Repay:

-In the lead up to the financial crisis, certain lending practices set consumers up to fail with mortgages they could not afford.

-The deterioration in underwriting standards contributed to dramatic increases in mortgage delinquencies and rates of foreclosures.

-The Dodd-Frank Act recognizes the need to mandate that lenders ensure consumers have the ability to pay back their mortgages.

-The Ability-to-Repay rule protects consumers from risky practices that helped cause the crisis.

In its review of the above-mentioned premises, the CFPB had taken the position that lenders sold no-doc and low-doc loans where consumers were “qualifying” for loans beyond their means. Lenders also "sold risky and complicated mortgages like interest-only loans, negative-amortization loans where the principal and eventually the monthly payment increases, hybrid adjustable-rate mortgages where the rate was set artificially low for years and then adjusted upwards, and option adjustable-rate mortgages where the consumer could 'pick a payment' which might result in negative amortization and eventually higher monthly payments."

In plain English, the CFPB asserts that lenders should not be able to offer no-doc, low-doc loans, otherwise known as “Alt-A” loans, where some lenders made quick sales by not requiring specific, qualifying documentation, yet then offloaded these risky mortgages by selling them to investors.

As it was contended, these actions precipitated the collapse of the housing market in 2008 and the subsequent financial crisis.

Dodd-Frank provides the authority to the CFPB to define criteria for certain loans called “Qualified Mortgages” that are presumed to meet the Ability-to-Repay rule requirements.

The salient observation about ATR is that the CFPB is issuing this rule in order "to ensure that responsible consumers get responsible loans," as well as ensuring that "lenders can extend credit responsibly - without worrying about competition from unscrupulous lenders."

_________________________________________________

What is Ability-to-Repay?

There are four (4) ATR components, each in its own way requiring the lender to obtain financial information from the loan applicant and verify them.

CFPB’s Regulatory Agenda - 2013

As we begin a new year and prepare ourselves for the blizzard of new and revised regulations coming our way, I think it is important for us to consider the regulatory agenda that the Consumer Financial Protection Bureau (CFPB) has set for itself.* As you've heard me say so many times, preparation is protection. So, please undertake a review of the agenda that the CFPB has promised to pursue in the coming months, especially with the view of how best to prepare for the changes that are sure to follow.

It is worth noting that the CFPB reasonably anticipates having certain regulatory matters under consideration during the period from October 1, 2012 to October 1, 2013. And the CFPB will publish updates to its agenda periodically through October 1, 2013. These matters will be under consideration by the CFPB, primarily including various rulemakings mandated by the Dodd-Frank Act, such as several mortgage-related rulemakings and rulemakings to implement the CFPB's supervisory program for nondepository covered persons by, among other things, defining "larger participants" in certain consumer financial product and service markets. 

The CFPB is completing several mortgage-related rulemakings in January 2013, even as it continues to assess the need and resources available for additional rulemakings. For instance, the Dodd-Frank Act mandates rulemakings to implement amendments to the Home Mortgage Disclosure Act, and to the Equal Credit Opportunity Act to create a data reporting regime concerning small, women-owned, or minority-owned business lending. Also, the CFPB has inherited proposed rules concerning mortgage loans, home equity lines of credit, and other topics from other agencies as part of the transfer of authorities under the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act). All of these regulatory changes will require careful planning and clear guidance with respect to implementation.

In this article, I am going to highlight the regulatory changes that the CFPB has moved into their final stages. I offer a brief outline of the regulatory issues and the CFPB's likely resolution. Each of these regulations, now approaching the status of Final Rule, is extraordinarily significant and, in some instances, constitutes formidable challenges. 

_________________________________________________

IN THIS ARTICLE

Chart

Consumer Financial Protection Bureau -
Final Rule Stage (Selected Rules)

Final Rule Stages

Loan Originator Compensation (Regulation Z)
Mortgage Servicing (Regulation X, Regulation Z)
Requirements for Escrow Accounts (Regulation Z)
TILA Ability To Repay (Regulation Z)
TILA/RESPA Mortgage Disclosure Integration
(Regulation X, Regulation Z)

Library

_________________________________________________

Chart: Consumer Financial Protection Bureau

Final Rule Stage (Selected Rules)

This chart provides a quick overview of certain regulatory changes that the CFPB will promulgate this year. The chart also provides the anticipated Final Rule dates.