Thursday, December 12, 2013

Social Media: Consumer Compliance Risk Management Guidance

On December 11, 2013, the Federal Financial Institutions Examination Council (FFIEC) released final guidance (“Guidance”) on the applicability of consumer protection and compliance laws, regulations, and policies to activities conducted via social media by banks, savings associations, and credit unions, as well as nonbank entities supervised by the Consumer Financial Protection Bureau (collectively, “financial institutions”). The Guidance was issued final on behalf of the Office of the Comptroller of the Currency (OCC), Board of Governors of the Federal Reserve (Board), Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), the Consumer Financial Protection Bureau (CFPB) (collectively, the “Agencies”), and the State Liaison Committee (SLC).

The Guidance is intended to help financial institutions understand potential consumer compliance and legal risks, as well as related risks, such as reputation and operational risks associated with the use of social media, along with expectations for managing those risks. It also provides considerations that financial institutions may find useful in conducting risk assessments and crafting and evaluating policies and procedures regarding social media. Although this Guidance does not impose any new requirements on financial institutions, as with any process or product channel, financial institutions are expected to manage potential risks associated with social media usage and access.

The Final Rule is meant to highlight and manage potential risks to financial institutions and consumers; however, financial institutions should ensure their risk management programs provide oversight and controls commensurate with the risks presented by the types of social media in which the financial institution is engaged, including, but not limited to, the risks outlined within the Guidance.

In this article, I will set forth an outline of the Guidance along with suggestions to manage the risks associated with the use of social media.* I have also published a helpful article on this topic, entitled Social Media and Networking Compliance, which may be downloaded from our Library. 


For purposes of the Guidance, messages sent via traditional email or text message, standing alone, do not constitute social media, although such communications may be subject to a number of laws and regulations discussed in the Guidance. However, messages sent through social media channels are social media. According to the Guidance, social media is considered to be a form of interactive online communication in which users can generate and share content through text, images, audio, and/or video. Social media can take many forms, including, but not limited to, micro-blogging sites; forums, blogs, customer review web sites and bulletin boards; photo and video sites; sites that enable professional networking; virtual worlds; and social games. Social media can be distinguished from other online media in that the communication tends to be more interactive. 


The Guidance suggests that a financial institution should have a risk management program that allows it to identify, measure, monitor, and control the risks related to social media. The size and complexity of the risk management program should be commensurate with the breadth of the financial institution’s involvement in this medium.

For instance, a financial institution that relies heavily on social media to attract and acquire new customers should have a more detailed program than one using social media only to a very limited extent. An observation made in the Guidance, and worth noting, is though a financial institution’s own risk assessment indicates that it has chosen not to use social media, nevertheless, it should “still consider the potential for negative comments or complaints that may arise within the many social media platforms”, and, when appropriate, evaluate what, if any, action it will take to monitor for such comments and determine if a response is needed. 


The risk management program should be designed with participation from specialists in compliance, technology, information security, legal, human resources, and marketing. Financial institutions should also provide guidance and training for employee official use of social media.

The Guidance stipulates at least seven components of a risk management program. These include, but are not limited to:

1. A governance structure with clear roles and responsibilities whereby the board of directors or senior management direct how using social media contributes to the strategic goals of the institution (for instance, through increasing brand awareness, product advertising, or researching new customer bases) and establishes controls and ongoing assessment of risk in social media activities;

2. Policies and procedures (either stand-alone or incorporated into other policies and procedures) regarding the use and monitoring of social media and compliance with all applicable consumer protection laws and regulations, and incorporation of guidance as appropriate. Further, policies and procedures should incorporate methodologies to address risks from online postings, edits, replies, and retention;

3. A risk management process for selecting and managing third-party relationships in connection with social media;

4. An employee training program that incorporates the institution’s policies and procedures for official, work-related use of social media, and potentially for other uses of social media, including defining impermissible activities;

5. An oversight process for monitoring information posted to proprietary social media sites administered by the financial institution or a contracted third party;

6. Audit and compliance functions to ensure ongoing compliance with internal policies and all applicable laws and regulations, and incorporation of guidance as appropriate; and

7. Parameters for providing appropriate reporting to the financial institution’s board of directors or senior management that enable periodic evaluation of the effectiveness of the social media program and whether the program is achieving its stated objectives. 


The use of social media to attract and interact with customers can impact a financial institution’s risk profile, including:

· Risk of harm to consumers
· Compliance and legal risks
· Operational risks, and
· Reputation risks.

In our own reviews on behalf of our clients, we have found that the foregoing risks are increased due to poor due diligence, oversight, or control on the part of the financial institution.

Let us now give consideration to each of the Risk Areas, with respect to the risks posed by Social Media. Suggestions are emboldened in each synopsis.

Wednesday, October 23, 2013

Fair Lending Compliance, Ability-to-Repay and Qualified Mortgages

On October 22, 2013, the Consumer Financial Protection Bureau (Bureau), Office of the Comptroller of the Currency (OCC), Board of Governors of the Federal Reserve System (Board), Federal Deposit Insurance Corporation (FDIC), and the National Credit Union Administration (NCUA) (collectively, the Agencies) issued a statement in response to inquiries from creditors about whether they would be liable under the disparate impact doctrine of the Equal Credit Opportunity Act (ECOA) [15 U.S.C. 1691 et seq., and its implementing regulation, Regulation B, 12 C.F.R. Part 1002] by originating only Qualified Mortgages as defined under the Bureau's recent Ability-to-Repay and Qualified Mortgage Standards Rule (ATR Rule). The ATR Rule implements provisions of the Truth in Lending Act (TILA).[1]

The Agencies' general approach and expectations regarding fair lending, including the disparate impact doctrine, are summarized in prior issuances.[2]

The Agencies state that they are issuing this statement to describe some general principles that will guide supervisory and enforcement activities with respect to entities within their jurisdiction as the Ability-to-Repay Rule takes effect in January 2014. Per the Agencies, the requirements of the Ability-to-Repay Rule and ECOA are compatible. ECOA and Regulation B promote creditors acting on the basis of their legitimate business needs.[3]

Therefore, the Agencies do not anticipate that a creditor's decision to offer only Qualified Mortgages would, absent other factors, elevate a supervised institution's fair lending risk.

The Bureau's Ability-to-Repay Rule implements provisions of the Dodd-Frank Act that require creditors to make a reasonable, good faith determination that a consumer has the ability to repay a mortgage loan before extending the consumer credit.[4] TILA and the Ability-to-Repay Rule create a presumption of compliance with the ability-to-repay requirements for certain "Qualified Mortgages," which are subject to certain restrictions as to risky features, limitations on upfront points and fees, and specialized underwriting requirements.

Consistent with the statutory framework, there are several ways to satisfy the Ability-to-Repay Rule, including, according to the Agencies, making responsibly underwritten loans that are not Qualified Mortgages.

The Bureau does not believe that it is possible to define by rule every instance in which a mortgage is affordable for the borrower. Nonetheless, the Agencies are recognizing that some creditors might be inclined to originate all or predominantly Qualified Mortgages, particularly when the Ability-to-Repay Rule first takes effect. The Rule includes transition mechanisms that encourage preservation of access to credit during this transition period.

Furthermore, according to the issuance, the Agencies expect that creditors, in selecting their business models and product offerings, would consider “demonstrable factors” that may include credit risk, secondary market opportunities, capital requirements, and liability risk. The Ability-to-Repay Rule does not dictate precisely how creditors should balance such factors, nor do either TILA or ECOA. Consequently, as creditors assess their business models, the Agencies are clearly stating they understand that implementation of the Ability-to-Repay Rule, other Dodd-Frank Act regulations, and other changes in economic and mortgage market conditions have real world impacts and that creditors may have a legitimate business need to fine tune their product offerings over the next few years in response.

Importantly, the Agencies seem to be recognizing that some creditors' existing business models are such that all of the loans they originate will already satisfy the requirements for Qualified Mortgages. An example given is where a creditor has decided to restrict its mortgage lending only to loans that are purchasable on the secondary market might find that - in the current market - are Qualified Mortgages under the transition provision. Thereby giving Qualified Mortgage status to most loans that are eligible for purchase, guarantee, or insurance by Fannie Mae, Freddie Mac, or certain federal agency programs.

With respect to any fair lending risk, the Agencies claim that situation here is not substantially different from what creditors have historically faced in developing product offerings or responding to regulatory or market changes. The decisions creditors will make about their product offerings in response to the Ability-to-Repay Rule are similar to the decisions that creditors have made in the past with regard to other significant regulatory changes affecting particular types of loans.

An example provided is where some creditors may have decided not to offer "higher-priced mortgage loans" after July 2008 (viz., following the adoption of various rules regulating these loans or previously decided not to offer loans subject to the Home Ownership and Equity Protection Act after regulations to implement that statute were first adopted in 1995). There were no ECOA or Regulation B challenges to those decisions.

Inevitably, creditors should continue to evaluate fair lending risk as they would for other types of product selections, including by carefully monitoring their policies and practices and implementing effective compliance management systems. As with any other compliance matter, individual cases will be evaluated on their own merits.

The OCC, the Board, the FDIC, and the NCUA believe that the same principles described above apply in supervising institutions for compliance with the Fair Housing Act (FHA), 42 U.S.C. § 3601 et seq., and its implementing regulation, 24 C.F.R. Part 100.[5]

[1] See Disparate impact is one of the methods of proving lending discrimination under ECOA. See 12 C.F.R. pt. 1002 & Supp. I.
[2] For instance, in 1994, eight federal agencies published the Policy Statement on Discrimination in Lending, 59 Fed. Reg. 18,266 (Apr. 15, 1994), and last year the Bureau issued a bulletin on lending discrimination, CFPB Bulletin 2012-04 (Fair Lending) (Apr. 18, 2012). In addition, the OCC, Board, FDIC, NCUA, and Bureau each have fair lending examination procedures.
[3] Even where a facially neutral practice results in a disproportionately negative impact on a protected class, a creditor is not liable provided the practice meets a legitimate business need that cannot reasonably be achieved as well by means that are less disparate in their impact. See 12 C.F.R. §1002.6; 12 C.F.R. pt. 1002, Supp. I, § 1002.6, ¶ 6(a)-2.
[4] Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. No. 111-203, § 1411, 124 Stat. 1376, 2142 (2010) (codified at 15 U.S.C. § 1639c).
[5] The OCC, Board, FDIC, and the NCUA have supervisory authority as to the FHA.

Thursday, October 17, 2013

Elder Financial Abuse: Prevention and Remedies

I have written about elder financial abuse, and I will keep writing about it until stops.[i]

It is unfathomable to me that schemes to defraud the elderly are so pervasive. These seniors are attractive targets for financial exploitation. They are taken advantage of by scam artists, financial advisors, family members, friends, acquaintances, caregivers, home repair contractors, real estate firms, residential mortgage loan originators, credit repair companies, stock brokers, accountants, lawyers, collection agents, appraisers, fiduciaries, guardians, unscrupulous professionals and business people (or those posing as such), pastors, annuity salespersons, and doctors.

It is not news at this point that financial exploitation is a common form of elder abuse and that only a small fraction of incidents is reported to federal, state, or local enforcement authorities, despite persistent efforts by private companies and government agencies to slow its growth. 

Predator and Victim

Why target the elderly? Because older adults often have retirement savings, accumulated home equity, or other assets. Combine those factors with a likelihood of eventual physical or mental impairments, a range of cognitive disabilities, emotional decline, isolation, loneliness, health problems, loss of a partner, family, or friend – all contributing to being vulnerable to financial exploitation and scams – and the result is a feeding frenzy to obtain ill-gotten gains!

Financially abused elders, are susceptible to exploitation for numerous reasons. They are often frail, and the predators assume that frail victims will not survive long enough to follow through on legal interventions, or that they will not make convincing witnesses. Severely impaired individuals are also less likely to take action against their abusers, as a result of illness or embarrassment. The elderly are likely to have disabilities that make them dependent on others for help. These "helpers" or new “best friends” may have access to homes and assets, and may exercise significant influence over the older person. Many elderly people are not financially sophisticated or are unfamiliar with modern technology involving money management.

Family and friends may prey on the elderly. Statistically, ninety (90%) percent of abusers are family members or trusted others! A younger family member might fear that the older family member will get sick and use up savings, depriving the abuser of an inheritance. Or, the abuse is rationalized, believing that the predator stands to inherit assets, and thus feels justified in taking what is thought to be "almost" or "rightfully" due. Then there are the family members who have negative feelings toward siblings or other family members whom they want to prevent from acquiring or inheriting the older person's assets. Or, friends and family who have had a negative relationship with the older person feel a sense of "entitlement." And, certainly, there are close relations who have substance abuse, gambling, or financial problems, which tempt them to defraud and financially abuse the elderly family member.[ii]

What happens when an elderly person is financially abused? The devastation is deep, broad, and painful. These are some typical outcomes: loss of trust in others; loss of security; depression; feelings of fear, shame, guilt, anger, self-doubt, remorse, worthlessness; financial destitution; inability to replace lost assets through employment; inability to hire an attorney to pursue legal protections and remedies; becoming reliant on government ‘safety net’ programs; inability to provide for long term care needs; and, loss of the primary residence.[iii] 

Regulatory Responses

For many years, the Financial Crimes Enforcement Network (“FinCEN”) has kept track of very specific instances of elder abuse relating, for instance, to mortgage fraud. Importantly, it issues periodic advisories that offer statistics as well as outlines of new scams. My firm monitors FinCEN’s statistics and issuances, and we provide the findings in our newsletters, articles, and compliance alerts, and we place relevant documents and issuances in our website library.[iv]

It is important to mention that elder financial abuse includes the Red Flags associated with identity theft. Therefore, the twenty-six Red Flags offered in the Interagency Guidance, through the Federal Trade Commission, are a resource.[v]

The Consumer Financial Protection Bureau uses its Office of Financial Protection for Older Americans to provide information and tools to avoid the financial exploitation of the elderly. Additionally, the agency has been carefully considering regulatory ways and means to curtail such financial abuse. Indeed, it has moved to the forefront in developing strategies to communicate that the Gramm-Leach-Bliley Act (“GLBA”) does not prohibit companies from reporting suspected elder financial exploitation, which I will discuss in some detail in the following section.[vi]

In this article, I will outline how the GLBA furthers the protection of the elderly from financial abuse. I will also provide an outline of some Red Flags as well as ways to increase public awareness about elder financial abuse. Understanding the ways and means available to provide consumer financial protection will help to end the plundering of the elderly. 

Using the Gramm-Leach-Bliley Act

On September 24, 2013, certain federal regulatory agencies issued guidance (“Guidance”) to clarify that the privacy provisions of the Gramm-Leach-Bliley Act (“GLBA”) generally permit financial institutions to report suspected elder financial abuse to appropriate authorities.[vii] Because the GLBA’s privacy provisions generally require a financial institution to notify consumers and give them an opportunity to opt out before providing nonpublic personal information to a third party, the Guidance seeks to clarify that it is generally acceptable under the law for financial institutions to report suspected elder financial abuse to appropriate local, state or federal agencies.

The federal agencies that have collaborated to issue the clarification Guidance, entitled Interagency Guidance on Privacy Laws and Reporting Financial Abuse of Older Adults, are the Federal Reserve System (“FRB”), Commodity Futures Trading Commission (“CFTC”, issuing as Staff Guidance), Consumer Financial Protection Bureau (“CFPB”), Federal Deposit Insurance Corporation (“FDIC”), Federal Trade Commission (“FTC”), National Credit Union Administration (“NCUA”), Office of the Comptroller of the Currency (“OCC”), and Securities and Exchange Commission (“SEC”). The purpose of the issuance is to provide guidance to financial institutions with respect to clarifying the applicability of privacy provisions of the GLBA, specifically regarding the reporting of suspected financial exploitation of older adults.

Wednesday, October 2, 2013

HUD’s Safe and Rebuttable Qualified Mortgages

The anxiously awaited Proposed Rule (“Rule”) outlining the Qualified Mortgage for FHA loans was published in the Federal Register on September 30, 2013. Given the bland, bureaucratic title Qualified Mortgage Definition for HUD Insured and Guaranteed Single Family Mortgages (“Issuance”), HUD is submitting for public comment its definition of a “qualified mortgage” for the types of loans that HUD insures, guarantees, or administers that align with the statutory ability-to-repay (“ATR”) criteria of the Truth-in-Lending Act (“TILA”) and the regulatory criteria of the definition given by the Consumer Financial Protection Bureau (“CFPB”), without departing from HUD’s statutory requirements. The expiration of the comment period is October 30, 2013.

A copy of the Proposed Rule is available in our Library.

In this article, I will provide an overview of the Rule with respect to Title II mortgages of the National Housing Act. I shall offer some practical insights relating to the potential consequences and implementation of the Rule for residential mortgage lenders and originators.*

Birthing HUD’s Proposed Rule

The Rule has its genesis in a foundational document, the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”), which created the new section 129C in TILA, establishing minimum standards for considering a consumer’s repayment ability for creditors originating certain closed-end, dwelling-secured mortgages, and generally prohibiting a creditor from originating a residential mortgage loan unless the creditor makes a reasonable and good faith determination of a consumer’s ability to repay the loan according to its terms.

Briefly, Section 129C is meant to provide lenders a specific format to meet the ATR requirements when lenders make “qualified mortgages” (“QMs”). A new section 129C(b), added by section 1412 of Dodd-Frank, establishes the presumption that the ATR requirements of section 129C(a) are satisfied if a mortgage is a “qualified mortgage,’’ and authorizes the CFPB, to prescribe regulations that revise, add to, or subtract from the criteria in TILA that define a “qualified mortgage.’’ (Section 129C also provides for a reverse mortgage to be a qualified mortgage if the mortgage meets the CFPB’s standards for a qualified mortgage, except to the extent that reverse mortgages are statutorily exempted altogether from the ATR requirements. The CFPB’s regulations provide that the ATR requirements of section 129C(a) do not apply to reverse mortgages. Section 129C(a)(8) excludes reverse mortgages from the repayment ability requirements.)

As you may know, I have published and presented extensively on QMs and have dubbed the non-qualified mortgage with the acronym “NQM.” For some of my work on this subject, please visit HERE, and HERE, and HERE.

Section 129C authorizes the agency with responsibility for compliance with TILA, that is, the CFPB, to issue a rule implementing these requirements. The CFPB already set forth its Final Rule on ATR, QMs, and NQMs, as issued in the Federal Register on January 30, 2013. Along with certain other agencies, HUD was also later on charged by the CFPB, pursuant to Dodd-Frank, with prescribing regulations defining the types of loans that it would insure, guarantee, or administer, as applicable, that are qualified mortgages. In the Rule, HUD now proposes that any forward single family mortgage insured or guaranteed by HUD must meet the criteria of a qualified mortgage, as defined in the Rule.

HUD reviewed its mortgage insurance and loan guarantee programs and, in the Issuance, stated that all of the single family residential mortgage and loan products offered under HUD programs are qualified mortgages; that is, they “exclude risky features and are designed so that the borrower can repay the loan.” However, for certain of its mortgage products, HUD proposes its Rule for qualified mortgage standards similar to those established by the CFPB in its definition of “qualified mortgage.” 

Safe Harbor and Rebuttable Presumption of Compliance

Through its “qualified mortgage” rulemaking, the CFPB established both a “safe harbor” and a “rebuttable presumption of compliance” for transactions that are qualified mortgages. CFPB's label of safe harbor is applied to those mortgages that are not higher-priced covered transactions (i.e., the annual percentage rate (“APR”) does not exceed the average prime offer rate (“APOR”) by 1.5 percent). These are considered to be the least risky loans and presumed to have conclusively met the ATR requirements of TILA. The label of rebuttable presumption of compliance is applied to those mortgages that are higher-priced transactions.

TILA Section 129C(b)(2)(ix) provides that the term “qualified mortgage” may include a “residential mortgage loan” that is “a reverse mortgage which meets the standards for a qualified mortgage, as set by the Bureau in rules that are consistent with the purposes of this subsection.” But the Federal Reserve Board’s proposal, adopted by the CFPB, does not include reverse mortgages in the definition of a “qualified mortgage.” Indeed, the CFPB’s Final Rule does not define a “qualified” reverse mortgage.

HUD proposes to designate Title I (home improvement loans), Section 184 (Indian housing loans), and Section 184A (Native Hawaiian housing loans) insured mortgages and guaranteed loans covered by the Rule to be safe harbor qualified mortgages and HUD proposes no changes to the underwriting requirements of these mortgage and loan products.

The largest volume of HUD mortgage products - those insured under Title II of the National Housing Act – would be bifurcated into qualified mortgages similar to the two categories created in the CFPB final rule: a safe harbor qualified mortgage and a rebuttable presumption qualified mortgage.

Specifically, the Rule would define the safe harbor qualified mortgage as a mortgage insured under Title II of the National Housing Act (excepting reverse mortgages insured under section 255 of this act) that meets the points and fees limit adopted by the CFPB in its regulation at 12 CFR 1026.43(e)(3), and that has an APR for a first-lien mortgage relative to the APOR that is less than the sum of the annual mortgage insurance premium (“MIP”) and 1.15 percentage points. HUD would define a rebuttable presumption qualified mortgage as a single family mortgage insured under Title II of the National Housing Act (excepting reverse mortgages insured under section 255 of this act) that meets the points and fees limit adopted by the CFPB in its regulation at 12 CFR 1026.43(e)(3), but has an APR that exceeds the APOR for a comparable mortgage, as of the date the interest rate is set, by more than the sum of the annual MIP and 1.15 percentage points for a first-lien mortgage.

Therefore, under the Rule, HUD would require that all loans insured under Title II of the National Housing Act to be either a rebuttable presumption or safe harbor qualified mortgage, and, importantly, that they meet the CFPB’s points and fees limit at 12 CFR 1026.43(e)(3). The CFPB set a three (3%) percentage points and fees limit for its definition of qualified mortgage and allowed for adjustments of this limit to facilitate the presumption of compliance for smaller loans. 

Monday, September 16, 2013

The Mini-Correspondent Channel: Pros and Cons

Several years ago, our firm, Lenders Compliance Group, provided unique guidance to the mortgage division of a bank.* The bank wished to build a special origination platform for its mortgage brokers. At that time, the prevailing regulations required disclosure of the Yield Spread Premium (YSP), and the bank wanted to give their Third Party Originators (TPOs) an opportunity to close in their own name, with their own funds, and, among other things, by-pass disclosure of the YSP. In building the platform for the bank, many features were needed to implement these relationships in accordance with federal and state law, as well as safety and soundness metrics. This all took place at a time when a 3% fee cap on broker revenue was not even a glimmer in the eyes of legislators or regulators, and Elizabeth Warren[i] had yet to promote the creation of the Consumer Financial Protection Bureau (CFPB).

As Shakespeare wrote in The Tempest, “What’s past is prologue.”

Since the early part of this year, many lenders are building a new origination channel. The proximate cause for the new channel is found in the Final Rule pertaining to the Ability-to-Repay guidelines and the requirements of a Qualified Mortgage (Rule).[ii]

The new channel is meant specifically for brokers who hope to by-pass a 3% cap on loan amounts above $100,000, the new CFPB requirement that substantially and principally affects broker TPOs.[iii] The loans covered by the Rule are first lien and junior lien mortgage loans that are closed-end mortgage loans secured by a dwelling, including home purchase, refinance and home equity loans. (Excluded loans are HELOCs; Timeshares; Reverses; Bridges with a term of 12 months or less and loans to purchase a new dwelling where the consumer plans to sell another dwelling within 12 months; Vacant Lot loans; Loan Modifications not subject to the "refinancing" provisions under TILA; and Business Loans.)[iv]

In particular, many brokers usually seek to charge fees between 2% and 3% per loan transaction; however, as of January 10, 2014,[v] any excess above 3% in total points and fees virtually guarantees that such loans, originated by brokers, will not be eligible for treatment as a Qualified Mortgage (QM). The result of the Final Rule and specifically the 3% cap is to create an incentive for many brokers to morph into a new kind of correspondent, termed the “Mini-Correspondent.” The new origination channel developed by some wholesale lenders is aptly called the “Mini-Correspondent Channel.”

One of us, Jonathan Foxx, has written extensively – both in magazine articles and newsletters – about the Ability-to-Repay guidelines (ATR), the Qualified Mortgage, and the Non-Qualified Mortgage (viz., which he has titled the “NQM”). For additional details and guidance, please read those publications.[vi]

In this article, we are going to explore two interrelated issues. First, we will discuss the 3% cap, its implementation and placement within the QM framework, and the way it affects the originations of the mortgage broker. To do that, we will provide the QM framework into which the 3% cap is situated. Secondly, we will discuss the structure of and certain requirements relating to a mini-correspondent TPO. Bear in mind that this new type of TPO is taking place in a dynamic regulatory environment and loan origination market; therefore, aspects of our observations may change, due to a regulatory response, or other material factors, that pertain to originating loans through this new channel. 

Two Classes of Qualified Mortgages

Essentially, the Rule creates two types of QMs, one of which provides a safe harbor from liability and another which does not provide a safe harbor, but does offer a rebuttable presumption of compliance with the Rule. Obviously, the former is preferred, though the latter is not without its merits.

The safe harbor is only available if the creditor complies with all aspects of the Rule, including, at minimum, all the ATR guidelines, and where the Annual Percentage Rate (APR) on a first lien loan must be within 1.5 percentage points of the “average prime offer rate” (APOR) as of the date the interest rate is set (viz., the APR on a junior lien must be within 3.5 percentage points of the APOR).[vii] If the APR threshold is exceeded, the creditor has a rebuttable presumption of compliance.

The distinction between the safe harbor and rebuttable presumption is very significant. With the safe harbor, a lender obtains a conclusive presumption of compliance and may refute a claim that it violated the Rule, such as not complying with the ATR guidelines. But if the lender obtains only a rebuttable presumption of compliance, a claim can be litigated on the basis of a creditor not making a “reasonable” and “good faith” determination of the borrower’s ability to repay, irrespective of a lender’s complying fully with various aspects of the Rule, such as the ATR guidelines.

The ATR test promulgated by the Rule consists of eight factors. Neither the safe harbor nor the rebuttable presumption is available to a lender solely because a loan is underwritten to the ATR test’s guidelines. The ATR factors require the lender to underwrite and verify (1) current or reasonably expected income or assets, other than the value of the dwelling, (2) current employment status (viz., if the creditor is relying on employment income), (3) monthly payment, (4) monthly payment on any “simultaneous loan” of which the creditor is (or should be) aware, (5) mortgage-related obligations, (6) current debt obligations (including alimony, palimony, and child support), (7) monthly Debt-to-Income (DTI) ratio or residual income, and (8) borrower credit history. It should be noted that the ATR test itself does not place limits on points and fees. 

Qualified Mortgage and the 3% Cap

As mentioned above, a QM with an APR that does not exceed the APOR thresholds receives a safe harbor from liability (i.e., compliance with the ATR guidelines). If the APOR thresholds are exceeded, this means that the loan is a higher-priced QM, and, as such, receives the rebuttable presumption of compliance. In effect, the two classes of QM constitute a prime and non-prime market, with the prime entitled to safe harbor and the non-prime entitled to a rebuttable presumption.[viii]

But there are several challenges that a lender must overcome in order to use the safe harbor defense, one of which is the 3% cap. The Rule excludes from the points and fees 3% cap any compensation paid, per transaction, by a mortgage broker to an employee of the mortgage broker and compensation paid by a creditor to its loan officers. Compensation paid by a creditor to a loan originator other than an employee of the creditor (i.e., paid to a broker by a creditor on a lender paid transaction) is included in the 3% cap along with other upfront charges paid by the consumer to the creditor or its affiliates.[ix] Furthermore, the 3% cap includes certain fees paid to affiliates, mortgage originator compensation paid directly or indirectly by the consumer, and amounts imposed by secondary market investors and passed through to borrowers to compensate for credit risk. When these "points and fees" are factored into the loan origination costs, many loans will exceed the 3% limit.[x] 

Friday, August 23, 2013

Mortgage Fraud: Data Confirms Spike in 2006-2007

The Financial Crimes Enforcement Network (FinCEN) has released an analysis of Mortgage Fraud SAR Filings in Calendar Year 2012. The report was issued on August 20, 2013. This publication updates FinCEN’s prior Mortgage Loan Fraud (MLF) assessments examines Suspicious Activity Report (SAR) filings from January through December 2012 (CY 2012).
The report provides new information on the volume of SAR filings, geographic locations of subjects, and other filing trends in CY 2012. Tables covering non-geographic aspects are compared with filings from corresponding periods in2011. A section provides updated statistics on foreclosure rescue-related SARs during 2012, and filers’ voluntary use of the new FinCEN SAR e-filing report for voluntary mortgage fraud reporting through March 31, 2013.
This article offers an outline of the FinCEN report. Please visit our Library to download it.

MLF SAR Filings by Year SAR Received, 2001-2012
Mortgage Loan Fraud (MLF) SARs
Time Elapsed from Activity Date to Reporting Date
Number of Mortgage Loan Fraud SAR Filings by Year
with and without the Term “Repurchase” in Narrative
Mortgage Loan Fraud SAR Subjects - Top 20 States and Territories
Foreclosure Rescue Scams
Number of Mortgage Loan Fraud SAR Filings by Year
with Term “Foreclosure Rescue” in Narrative, 2003-2012

MLF SAR Filings by Year SAR Received, 2001-2012

FinCEN’s data on suspected mortgage fraud shows that reports declined 25% in 2012  (from 92,561 to 69,277) as compared to the previous year. The past three years of suspected mortgage fraud suspicious activity reports (MLF SARs), if counted by the date they were received by FinCEN, accounted for approximately 46% of the past decade’s mortgage fraud SARs.
We take this to mean that filing increases or decreases are not necessarily indicative of overall increases or decreases in MLF activities over a bracketed period, as the volume of SAR filings in any given period does not directly correlate to the number or timing of suspected fraudulent incidents in that period.
However, one of the inherent features of mortgage fraud is that the suspicious activity associated with it is often only recognized and reported years after loan origination, after a review of origination documents is prompted by a loan default, repurchase demand, or other factors. As a result, many mortgage fraud SARs are filed much later than the date that the suspicious activity actually began. Thus, in 2012, 57% of SARs reported mortgage loan fraud (MLF) activities that started more than 5 years before the SAR was filed.

Tuesday, August 6, 2013

Revolving Door Regulators

Senator yesterday. Lobbyist today.

Representative yesterday. CEO today.

Cabinet level appointee yesterday. Bank Chairperson today.

Government Agency Director yesterday. Law firm senior partner today.

CFPB Regulator yesterday. Competitor today.


The Inside-Outside Gambit
The Four Horsemen
A Business Model for Former Regulators
Partners in Business
Making a Market in Non-QM
What did they know, and when did they know it?
Extinguishing the Fire

The Inside-Outside Gambit

There are many forms of corruption. Perhaps the most pernicious is where an elected or duly appointed representative of the citizenry leaves office to use the sloughed off position for financial gain in the private sector.

Let's set up a definition for such (mostly unregulated) behavior. I will give it a phrase: "inside-outside gambits."

What is an inside-outside gambit? It is the use of information obtained in the course of a former governmental position by an official for financial gain, directly or indirectly, soon or immediately after leaving government employment in that position. Such information includes contacts with decision-makers in the government; providing information about proprietary conversations leading up to the promulgating of laws, rules, and regulations; access to insiders and knowledge of their views; navigating the systemic and organizational structure; non-public facts regarding the governmental plans or condition that could provide a financial advantage. Note that I use the phrase "inside-outside," not "insider trading."

I am not talking about a situation where there is the illegal trading of a public company's stock or other securities (such as bonds or stock options) by individuals with access to non-public information about the subject company (such trading being illegal).

However, the effect of “inside-outside gambit” and “insider trading” is practically the same: these strategies lead to an unfair, usually economic, advantage.

A basic concept of law is that an injury must be sustained by a plaintiff. Broadly speaking, no injury, no case.

So who is harmed when an equity trader uses inside information for personal financial benefit? The public, of course. Certainly, that part of the public that invests in the stock market, relying on rules, regulations, and laws to be impartially applied, with equal access to all. And who is harmed when a former government official uses inside information for personal financial benefit almost immediately after being employed in the government position. Of course, the public. Certainly, that part of the public that relies on rules, regulations, and laws to be impartially applied, with equal access to all.

How about when regulators in the most powerful agency that regulates the origination of residential mortgage loans, the Consumer Financial Protection Bureau (CFPB), leave that agency and start a mortgage company soon after leaving the CFPB, to compete or partner with mortgage companies?

Wednesday, July 24, 2013

Steering Consumers to Expensive Mortgage Loans

The CFPB announced that it had filed a complaint yesterday in a federal district court against Utah-based Castle & Cooke Mortgage, LLC (“C & C”) and two of its officers for illegally giving bonuses to loan officers who steered consumers into mortgages with higher interest rates.

C & C is not some mom and pop mortgage company: in 2012 it originated in the range of $1.3 billion, and it does business in at least 22 states, and maintains approximately 45 branches across the country.

At the core of the complaint is the allegation that C & C violated the Loan Originator Compensation Rule (“LOC Rule”) which bans compensation based on loan terms, such as the interest rate of the loan. Specifically, the CFPB alleges that C & C violated the LOC Rule by establishing a quarterly bonus program, which paid certain C & C loan officers greater bonus compensation when they persuaded consumers to take on more expensive loans. The average quarterly bonus ranged from $6,100 to $8,700.

The CFPB further alleges, that, by contrast, those loan officers who did not charge consumers higher interest rates did not receive quarterly bonuses. (The CFPB also alleges that C & C did not record what portion of each loan officer’s quarterly bonus was attributable to a particular loan and did not reference its quarterly bonus program in each loan originator’s compensation agreement, in violation of federal consumer financial law.)

The idiomatic expression for this is called "selling up" or "upselling the consumer" or "up-charging the borrower." So, briefly put, the CFPB alleges that more than 1,100 illegal quarterly bonuses were paid - where the loan officers had been given the forgoing incentive - and that tens of thousands of customers may have been upsold by C & C since April 6, 2011, the compliance effective date of the LOC Rule.

The time frame is important. It is alleged that from July 8, 2011 through April 27, 2012 the company paid to its loan officers more than 500 quarterly bonuses, in amounts that varied based on loan terms or conditions, totaling more than $4 million. And is it further alleged that since May 2012, C & C had actually continued paying quarterly bonuses to loan officers in amounts that varied based on loan terms or conditions, and, thus by doing so from the compliance effective date, according to the CFPB, the company “recklessly or knowingly paid quarterly bonuses based on loan terms or conditions, in violation of the Compensation Rule.” The “recklessly and knowingly” allegation is made in order to set the bar for civil monetary penalties at the highest levels.

Bottom Line: The CFPB's position is that, by tying bonuses to the interest rate of the loans in this manner, C & C was in direct violation of the LOC Rule.

Another interesting facet of this complaint is that the case was referred to the CFPB by investigators with the Utah Department of Commerce, Division of Real Estate (jointly, “CFPB”). This should further reinforce the fact and make exceedingly clear that states and the CFPB are more and more working together seamlessly to enforce the applicable regulations. The complaint was filed in the United States District Court for the District of Utah, where the company is located and where the individual defendants reside.

Both the state regulator and the CFPB are claiming that C & C violated the LOC Rule by paying its loan officers quarterly bonuses in amounts based on terms or conditions of the loans they closed, thus "incentivizing loan officers to steer consumers into mortgages with less favorable terms," which, of course, is the very practice the LOC Rule seeks to prevent.

The remedies being sought would require C & C to desist from providing an incentive to loan officers to up-charge consumers by distributing quarterly bonuses based on the interest rates of loans sold. In addition to the restitution to consumers, the CFPB seeks civil monetary penalties, which is three tiered: up to $5,000 for any violation; up to $25,000 for reckless violations; and up to $1,000,000 for knowing violations.

I have read the full complaint. Permit me to outline the "before and after" process that the CFPB alleges C & C used, which forms the basis of the CFPB's complaint:

Before the LOC Rule compliance effective date, it is alleged:

1) Each branch of C & C employed loan officers who interacted directly with borrowers. C & C paid its loan officers to assist borrowers with obtaining credit to be secured by a dwelling.

2) A loan officer took an initial loan application, assessed the borrower’s creditworthiness, and determined the interest rates available to the borrower for a given loan product.

3) Borrowers did not directly compensate C & C's loan officers for the loan origination services they provided.

4) C & C paid its loan officers commissions based on the interest rates of the loans they offered to consumers, that is, the higher the interest rates, the higher the loan officers’ commissions.

Monday, July 22, 2013

CFPB: Spying to Protect the Consumer

It all began with a Bloomberg article. Although the CFPB spying on the financial habits of at least 10 million consumers seems to be a far cry from NSA's spying on the telephone calls, emails, snail mails, website usage, and many other communication media used by hundreds of millions of US citizens, the timing of the Bloomberg article comes at, shall we say, a rather sensitive time - given its publication just shortly prior to the recent revelations regarding the NSA's rather unique way of interpreting the Fourth Amendment of the US Constitution regarding search and seizure.

Probable Cause Conundrum

I call it the "probable cause conundrum," because (1) the Fourth Amendment expressly states that "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized," yet (2) a warrant to spy on Americans these days, at least with respect to probable cause and the requirement that a warrant to spy must be limited in scope according to specific information, has been hugely expanded. At least one of the Supremes has interpreted "probable cause" to mean "reasonable." For some reason, I really don't think that point of view was ever the way the Framers considered it, based on the law extant at the time the Constitution was actually drafted. But I digress.

As a result of Tennessee v. Garner [471 U.S. 1 (1985)], inter alia, we all learned that the "reasonableness requirement" applies not just to a search in combination with a seizure, but also to a search without a seizure, as well as to a seizure without a search. But, again, I digress. So not to go too far afield, let us return to that Bloomberg article which, by the way, was published back in April of this year.

To quote the very first paragraph of the article, its author, Carter Dougherty, writes that "the new U.S. consumer finance watchdog is gearing up to monitor how millions of Americans use credit cards, take out mortgages and overdraw their checking accounts. Their bankers aren’t happy about it." And Mr. Dougherty later on states that "Director Richard Cordray has said that the consumer bureau needs raw material to make 'data-driven' decisions based on how financial products and services are used or abused. Research will improve regulation as well as the marketplace."

We don't like to think that our federal agencies are spying on us, watching our communications, perhaps especially our financial habits, determining therefrom how best to "serve" the public interest. Sure, we know that Google and other web giants are constantly monitoring our financial habits - presumably with our permission to do so. Somehow, it's acceptable if private corporations do it, but when the government does it - not so much!

It all becomes rather weird when the NSA (backed by, say, the DOJ) orders private corporations to spy on us, but the latter are not permitted to admit that the former ordered them to do so - with or without our permission - on the basis of what appears to be a new meaning of "probable cause."

What I find interesting is the similarity between the NSA's and the CFPB's reasons for the need to collect, respectively, virtually all communication data on American citizens and also the financial data on millions of American consumers. It seems that spying has an underlying positive cause, one that apparently we citizens simply don't fully appreciate. For if we did appreciate the workings of these agencies that are just trying to protect us, watch over us to make sure we are safe, and do what they can to mitigate our worst fears, we would overwhelmingly and clearly express our gratitude to the NSA and CFPB for their commitment to our protection - and some Americans certainly seem very grateful.

The Fourth Amendment - how quaint it has become!

Justifying Spying
NSA and CFPB – Two Peas in a Pod

But let's look at some of these justifications that both the NSA and the CFPB have in common for spying on us. Or, if you find that phrase to be nettlesome, perhaps the phrase ‘conducting surveillance on us’ is easier to accept.

First Justification: We need a bogeyman, whom we shall call El Coco, its Spanish version, as when a Spanish-speaking parent tells a child 'si no te portas bien vendrá el coco' ("if you're not good the bogeyman will come and get you"). Almost every civilization has had some version of the bogeyman, that amorphous, unpredictable, malevolent being whose primary role is to scare the living daylights out of us and make us willingly compliant and malleable victims.

So, in the case of the NSA, El Coco comes in the form of terrorists and other malcontents; and, in the case of the CFPB, El Coco seems to be residential mortgage lenders and originators (RMLOs) and other members of the financial markets and sometimes even consumers themselves. In both instances, we can thank the government for protecting us from the mischievous schemes of El Coco.

Tuesday, July 16, 2013

Policy, Procedures, and Examinations - Part II: Mortgage Bankers

The most common question my colleagues and I are asked by prospective clients is whether we provide the “full set” of policies and procedures for all of the mortgage acts and practices. Of course we do! But policies and procedures are only one aspect of the many risk management services my firm offers.*

Nevertheless, policy statements seem to be ‘first and foremost’ when it comes to a client’s compliance needs.

Yet we do not often get questions such as the following:

  • How can we effectuate policies and procedures?
  • What policies are the most important for us to adopt?
  • Although we have policy statements, how often should we update them?
  • Who would be in charge of maintaining and enforcing policies?
  • How do we build policy statements into a Compliance Management System (CMS)?
  • Which policy statements are important to our warehouse lenders?
  • Which policy statements are important to investors and Regulators?
  • Which policy statements are important to our servicing affiliate and subservicers?
  • How can we prove that our policies are being adequately implemented?
  • What are the key components of policies and procedures?
  • What vendor offers the most professionally safe policy statements?
  • How do we go about building our own policies and procedures?
  • How often should we train our employees on our policies?
  • Is there a self-assessment checklist that we can put into our policy statements?
  • What is the best way to document our implementation of procedures?
  • Is there a core set of policies that we absolutely must have at all times?
  • Which policies require testing and auditing, either internally or externally?
  • How do we stay up to date on regulatory changes that affect our policies?
  • What method is preferred to review, adopt, and update policy statements?
  • Do we have a sufficient budget for maintaining policies and procedures?
  • What resources should we use to draft comprehensive policy statements?
  • What is the best method to retire a policy that is no longer a regulatory requisite?
  • Where should we go for guidance in those areas that are not yet fully regulated?
These are but a few of the many questions that a lender should be resolving.

In my view, we ought to get away from the thinking that considers policies and procedures to be a panacea for the effects of improper management, regulatory deficiencies, and trending defects. Policies are a continually changing, dynamic means to an end, but not the end itself. And they are only as good as the accuracy of their content and the efficacy of their implementation.

Just one employee who does not know, or contravenes, the requirements of a policy statement becomes the weakest link in an otherwise strong chain of compliance enforcement. When it comes to acting in compliance with, and according to, a policy and procedure, the financial institution is only and always as strong as its weakest link!

Most mortgage bankers want to be proactive, not reactive, though, often, that is not always achievable, especially when new policies, guidelines, rules, procedures, and actionable implementations seem to arise all the time. This reminds me of Say’s Law in economics, which, when referring to aggregate expenditure in an economy, states that spending rises to the level of income. In the case of policy statements, it seems that policies and procedures rise to the level of demands for them by the spate of regulations requiring them. If this seems like a circular kind of way to get things done, it is!

Still, we must make our way through the thicket of policy statements, hopefully coming oneday to a clearing where, if even for a brief moment, there is some equilibrium between the policies needed and the regulatory demand for them.

Some proactive lenders make it their business to always be ready for a regulatory examination; others drag out the process interminably, waiting to receive an examination letter before they get ready – which, by the way, is usually too late. And, yes, in mortgage compliance, it is certainly possible to be too late to do anything about a violation of law. Compliance leaves traces; it is impossible to obliterate its trail. I have said many times, preparation is protection! Indeed, I have written extensively on this theme.[i]

The US Coast Guard has a famous Latin motto: Semper Paratus, which means “Always Ready”. Let’s use an admonishment, also in Latin! I offer this cautionary advice to mortgage bankers: always stay vigilant; always make sure your policy statements meet regulatory scrutiny; and, to now use my own Latin phrase, never be put in the position of being Ex Abrupto, which means “Without Preparation”.

Wednesday, July 10, 2013

CFPB’s Mortgage Rules for Readiness

The just released 2013 CFPB Dodd-Frank Mortgage Rules Readiness Guide (Guide) from the Consumer Financial Protection Bureau (CFPB) provides, finally, a set of criteria and preparation procedures for residential mortgage lenders and originators. It is Version 1.0 and, like previously issued guides and manuals, the CFPB will update the Guide periodically, using the results from its field examinations to further enhance the audit methodologies.

Note that it is called a “Readiness Guide.” Such documents are not meant to be, and are not, conclusive. Such guides are expected to be sign posts leading the way, a means by which a company may learn of the priorities and exigencies of a regulator’s oversight functions. In other words, as the Guide itself declaims: “The Guide summarizes the mortgage rules finalized by the CFPB in January 2013, but it is not a substitute for the rules.”

To put a finer point on the use of the Guide, please always remember that only the rules and their official interpretations can provide complete and definitive information regarding their requirements.*

These rules can be found at

Each rule in the Guide also includes a hyperlink with additional information, which includes Small Entity Compliance Guides that may make the rule easier to digest. There are links to videos outlining the main elements of the rule. Furthermore, a convenient hyperlink compendium structure is embedded in the Guide, so that the rule headings are themselves hyperlinks directing the reader to the rule-specific CFPB website page.
Sections of the Guide
Summary of the Rules

The Guide consists of the following sections:

Part I: Summary of the Rules
Part II: Readiness Questionnaire
Part III: Frequently Asked Questions
Part IV: Tools

Part I (Summary of the Rules) contains an outline of the eight final rules issued in January 2013 concerning mortgage markets in the United States pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) Public Law 111-203, 124 Stat. 1376 (2010) (2013 Title XIV Final Rules).

The rules amend several existing regulations, including Regulation Z, X, and B. Throughout the year, CFPB expects to provide updates to the rules where necessary. Updates will be posted, along with summaries of the changes, on the regulatory implementation CFPB webpage.

The questionnaire in Part II (Readiness Questionnaire) is '”not intended” to encompass all details of a comprehensive compliance program. This should not be interpreted to mean that the questionnaire is a replacement for the examination procedures or regulations. It is intended to serve as a guide in preparing for implementation of the mortgage rules and in performing a self-assessment. Thus, the questionnaire should be used as a self-assessment in determining a company’s progress towards compliance with the new mortgage rules. The questionnaire contains twenty-nine self-assessment questions and numerous subsections. Do not confuse the questionnaire with a proxy examination tool: it will not be added to the Examination Manual. The CFPB views the questionnaire as a “voluntary guide” for preparation. I have no doubt that it will be used by management in their discussions with examiners. The extent of those discussions may be determined by the institution’s size, products offered, risk mitigation, risk profiles, and other factors, such as the overall strength of the compliance management system.

Wednesday, June 5, 2013

Anti-Money Laundering Program: Testing

I learned recently some rather extraordinary news: my firm is currently the only mortgage risk management firm in the country offering testing of a Residential Mortgage Lenders and Originator’s (RMLO’s) Anti-Money Laundering Program.* This situation struck me as exceedingly odd, inasmuch as testing is a statutory requirement.
Testing annually is recommended, but not later than every eighteen months. In this first year, most companies are testing prior to the Financial Crimes and Enforcement Network’s (FinCEN’s)statute’s anniversary date in August. An audit of the procedures detailed in an RMLO’s policy and procedures must be conducted either an internal auditor, in accordance with FinCEN guidelines, or, in accordance with FinCEN guidelines, by an independent external auditor.
How is it that we are the first mortgage risk management firm to offer the independent auditing requirement? Maybe, even at this late date, the industry itself is still trying to absorb the AML compliance implementation, while struggling to integrate a multitude of other new regulations.
Many residential mortgage industry participants have run the Elizabeth Kubler Ross spectrum of denial to acceptance at a pace that leaves in its wake the sentiments of high dudgeon, middling dudgeon, intermediate dudgeon, towering dudgeon, lofty dudgeon - and, finally, recognition that the tide of change is actually upon us!
I have tried to make it clear in previous articles, that the AML program is quite different than other policy statements and procedures!

For two of my analyses on this matter, read my articles entitled Anti-Money Laundering Program - Preparation is Protection (8/2012), or Anti-Money Laundering Debuts for Nonbank Mortgage Companies (3/2012).
Over the years, we have conducted AML audits for banks. Now we conduct them for nonbanks and their Suspicious Activity Report (SAR) filing compliance. Soon enough, I expect another cottage industry to arise, chock full of firms that will promote such external auditing, bringing about yet another feeding frenzy!
In this article, I will offer some of the basics to AML testing for RMLOs, so that you have a high-level set of bullets that may offer some insight into the audit process. There are many moving features to such an audit. In constructing your own procedures, be aware that the time to learn about how to properly test and report audit results is most certainly not during an examination.
Elements of Testing
Internal or External Auditing
We recommend that an AML audit for RMLOs should contain, at the least, the following elements:
Entrance Interview
We require an entrance interview for all AML program audits. The meeting is held with company’s officials, compliance personnel, and support staff is conducted to (1) discuss the company’s lender profile, (2) specify procedures to be followed by the company in the course of the engagement, (3) answer any questions regarding the auditor’s evaluation process.
Audit responses to Prior Year Consulting and Regulatory Examination Reports (if applicable) We are in the first year of the AML program. However, each year afterward, the review will ask for the prior year's reports, including any regulatory reports. This part of the review cannot be side-stepped, because it acts as a baseline, further enhanced by an evaluation of corrective action responses. The reviewer's first actions may include back-testing to see if corrective actions were implemented. Any continuation of a compliance failure that previously was subject to corrective action should cause the review to mark down the results.
Issue and Review Document Request
Every audit must contain a document request. The extent that a company can comply with the document request is in itself a sign of the company's ability to implement the AML program's requirements. It is expected that a company will provide the documents needed promptly, in legible condition, and in their entirety. Failure to provide certain documents causes an adverse finding.
Conduct Anti-Money Laundering (AML) Risk Assessment
The review must go through a series of risk assessment analytics in order to determine that the company is fulfilling its AML program requirements. These series can be quite extensive, depending on the company's size, complexity, and risk profile.

Friday, May 17, 2013

FinCEN: Accountant and Elder Abuse

We have been keeping track of FinCEN's SAR Activity Review – Trends, Tips & Issues virtually from its inception.
In its just issued May 2013 report, FinCEN provides new information regarding two areas of importance:
1) The Suspicious Activity Report (SAR) filing patterns related to elder financial exploitation before and after the publication of FinCEN's Advisory to Financial Institutions on Filing Suspicious Activity Reports Regarding Elder Financial Exploitation ("Advisory"), in February 2011, and
2) An analysis of trends related to SAR filings involving accountants and involving insider abuse within depository institutions.
In this newsletter, I would like to provide you with some insights regarding each of these areas of concern reviewed in the FinCEN report, with a brief review of elder abuse trends and a much more extensive review of suspicious financial activity involving accountants.*
Elder Abuse - Trends
Accountant Abuse - The Gatekeeper
Sampling the Data
Separating the Wheat from the Chaff
Accountants Abuse - Trends
Elder Abuse - Trends
A comparison of the filing rates pre- and post-advisory of SARs with narratives containing the two key search phrases “elder financial exploitation” and “elder financial abuse,” shows a very significant increase in relevant filings post-Advisory.
Between March 1, 2011, and August 31, 2012, filers submitted 7,651 total SARs, a 382 percent increase from the 12-month period prior to the release of the Advisory during which filers completed 1,589 relevant SARs. Post-Advisory filing trends showed continued increases in filing incidences. 
SARs generally reported patterns of financial exploitation perpetrated by a relative or caregiver against elderly victims. Narratives most frequently described the perpetrator coercing or cajoling the victim into completing financial transactions that benefited the perpetrator at the expense of the victim.
There are reported instances where the perpetrator reportedly abused a power of attorney over the victim’s account.
Furthermore, so-called "sweetheart scams" were on the rise. A “sweetheart scam” involves the fraudster feigning romantic intentions towards a victim, thus gaining the victim’s affection. The perpetrator then uses the goodwill engendered to defraud the victim. This fraud may impact the victim’s financial accounts and/or identity security, and may even cause the victim to unwittingly facilitate financial fraud against others on the perpetrator’s behalf.
An increased trend in elder financial abuse was noted in the 18 month period after the issuance of the Advisory. Depository Institutions filed 6,026 elder financial exploitation-related SARs in this period. FinCEN determined that institution filers identified “abuse by a relative or caregiver” as the most reported months post-Advisory.
Chart-A-SAR Review-5-2013
Monthly post-Advisory filing numbers indicate that filers continued to increase their submissions of SARs related to elder financial exploitation more than a year and a half after issuance of the Advisory. FinCEN reports that this trend suggests that many filers have incorporated FinCEN’s elder financial exploitation guidance into their AML monitoring programs. Sample narratives showed filers checked “Other” most often as the characterization of suspicious activity when describing suspicious transactions involving elderly customers.
Most narratives described the perpetrator engaged in identity theft, misuse of position or self-dealing, check kiting, counterfeit checks, or embezzlement/theft, to defraud elderly victims. Many SAR narratives revealed that filers were careful to assess suspicious transactions, often questioning an elderly customer if his transactions appeared out of character. These precautions usually spared the filer and the customer any significant losses.

Tuesday, May 7, 2013

GSEs: Ability-to-Repay and Qualified Mortgages

Yesterday, the Federal Housing Finance Agency (FHFA) announced that it is directing Fannie Mae ("Fannie") and Freddie Mac ("Freddie") to limit their future mortgage acquisitions to loans that meet the requirements for a qualified mortgage ("qualified mortgage" or "QM"), including those that meet the special or temporary qualified mortgage definition, and loans that are exempt from the “ability to repay” ("ATR") requirements under the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank).
In January, the Consumer Financial Protection Bureau (CFPB) issued a final rule implementing the “ability to repay” provisions of Dodd-Frank, including certain protections from liability for loans that meet the criteria of a qualified mortgage as outlined in the rule.
We have discussed the ability to repay provisions HERE, HERE, HERE, HERE, and HERE.
I would like to call your attention to a few important details.*
Eligible for Sale to Fannie and Freddie
Additional Guidance and Notifications
Considered historically, the Consumer Financial Protection Bureau (CFPB) issued a final rule on January 10, 2013, implementing the “ability to repay” provisions of the Dodd-Frank. That rule generally requires lenders to make a reasonable, good faith determination of a consumer’s ability to repay before originating a mortgage loan and establishes certain protections from liability for QMs.
The ATR rule takes effect for applications dated on or after January 10, 2014.
It is significant that, beginning January 10, 2014, Fannie and Freddie will no longer purchase a loan that is subject to the ATR rule if the loan:
  • is not fully amortizing,
  • has a term of longer than 30 years, or
  • includes points and fees in excess of three percent of the total loan amount, or such other limits for low balance loans as set forth in the rule.
The FHFA announcement states that "effectively, this means Fannie and Freddie will not purchase interest-only loans, loans with 40-year terms, or those with points and fees exceeding the thresholds established by the rule."
Fannie and Freddie will continue to purchase loans that meet the underwriting and delivery eligibility requirements stated in their respective selling guides. This includes loans that are processed through their automated underwriting systems and loans with a debt-to-income ratio of greater than 43 percent. But loans with a debt-to-income ratio of more than 43 percent are not eligible for protection as QMs under the CFPB’s final rule unless they are eligible for purchase by Fannie and Freddie under the special or temporary qualified mortgage definition. 
Eligible for Sale to Fannie and Freddie
Just a few days ago, on May 2, 2013, the FHFA directed Fannie Mae and Freddie Mac to limit future acquisitions to loans that:
  • are qualified mortgages under the ability to repay rule, including those meeting the special or temporary qualified mortgage requirements; or
  • are exempt from the ability to repay requirements, such as investor transactions.
Thus, effective for mortgages with application dates on or after January 10, 2014, Fannie and Freddie will not be allowed to purchase any loans if they are subject to the ATR requirements and are either:
  • loans that are not fully amortizing (e.g., no negative amortization or interest-only loans);
  • loans with terms in excess of 30 years (e.g., no 40-year terms); or
  • loans with points and fees in excess of 3% of the total loan amount or such other limits for low balance loans as set forth in the ability to repay final rule.
Fannie will continue to purchase loans that meet the underwriting and delivery eligibility requirements (i.e., existing debt-to-income ratios, loan-to-value ratios, and reserves) stated in the Selling Guide, including loans processed through Desktop Underwriter®.
Freddie will limit future purchases to:
  • Mortgages that are “qualified mortgages” under the final rule, including those meeting the special or temporary qualified mortgage requirements, and
  • Mortgages that are exempt from the ATR, such as investor transactions.
Therefore, effective for mortgages subject to the final rule with applications received on or after January 10, 2014, Freddie will not be permitted to purchase the following:
  • Mortgages that are not fully amortizing (e.g., Mortgages with a potential for negative amortizations or interest-only Mortgages);
  • Mortgages with terms in excess of 30 years (i.e, 40-year fixed-rate Mortgages); and,
  • Mortgages with points and fees in excess of 3% of the total loan amount or such other limits for low balance Mortgages as set forth in the final rule.

Tuesday, April 30, 2013

FHA: Mortgagee Review Board - Administrative Actions

Periodically, we review with you the types of administrative actions taken by HUD's Mortgagee Review Board (MRB).
The review of the MRB's published administrative actions should be considered a teaching moment for all FHA approved mortgagees, inasmuch as the MRB is empowered to enforce its administrative sanctions through, among other things, reprimand, probation, suspension or withdrawal of approval and/or underwriting authority, cease-and-desist orders, and civil money penalties.
On April 11, 2013 HUD published the administrative actions taken by the Mortgagee Review Board (MRB) against certain FHA mortgagees. The period covered in the issuance is January 1, 2012 to September 30, 2012.
In this article, we provide an outline of the kinds of violations and respective sanctions that the MRB recently sustained.
A Word to the Wise
Rule of Thumb
Administrative Actions
A Word to the Wise Word
In representing clients before the MRB, we can vouch for the exhaustive due diligence that is virtually mandated, the considerable costs involved, the experienced legal counsel and requisite regulatory compliance expertise that is needed, and the significant adverse impact on an FHA lender's ability to conduct or even continue in business.
It's easy to get lulled into a sense of false confidence by thinking that some violations are minor. But if the MRB gets involved, those minor violations will become a part of the causes for administrative action, and even in some instances the proximate cause of the administrative action.
Nothing should be considered a "minor" violation, when originating HUD/FHA mortgage loans.
It is instructive to note the causes for the administrative action brought against an FHA-approved mortgagee.
Ignorance is a futile defense, when it comes to the causes that can affirmatively contribute to disciplinary action.
Rule of Thumb Rule
The MRB is not sympathetic to a mortgagee that violates HUD/FHA requirements which are, or are expected to be, within the mortgagee's control.
Violations that are not, or not expected to be, in the mortgagee's control provide the MRB with a more nuanced basis upon which to provide some leniency.
Administrative Actions
Failed to notify the Department that it was the subject of multiple state regulatory actions and sanctions, and submitted false certifications to HUD in connection with its annual renewal of eligibility documentation for its fiscal years ending in 2009, 2010 and 2011.
ACTION: Civil money penalty in the amount of $75,000.
Failed to perform quality control functions in compliance with HUD/FHA requirements, failed to meet the requirements for participation in the FHA mortgage insurance program, failed to ensure the correct mortgagee identification number was used when originating FHA-insured mortgage loans, failed to adequately document the source of and/or adequacy of funds used for closing, failed to correctly calculate and document the mortgagor's income, failed to verify the stability of the mortgagor's income, failed to ensure the mortgagor was eligible for an FHA-insured mortgage loan, failed to ensure the property met HUD's eligibility requirements, failed to comply with TOTAL Scorecard requirements, failed to comply with HUD's property flipping requirements, failed to provide construction documents required for property eligibility and/or high ratio financing resulting in over-insured mortgages, failed to ensure that the maximum mortgage amount was correctly calculated, resulting in over-insured mortgages, failed to ensure that data submitted to HUD systems was accurate, and charged mortgagors unallowable fees.
Notice of Administrative Action immediately and permanently withdrawing the FHA approval.
VIOLATION: Failed to obtain adequate documentation of the income used to qualify a borrower, failed to resolve discrepancies and/or conflicting information before submitting loans for FHA mortgage approval, and failed to ensure mortgagors were not charged fees that were excessive and/or unreasonable for the services performed.
Settlement Agreement that required civil money penalties in the amount of $17,000, to indemnify HUD/FHA for its losses with respect to two FHA-insured loans, and to refund borrowers for excessive origination fees.
Submitted or caused to be submitted false information to HUD in relation to 63 mortgagee record changes, failed to reconcile its portfolio data and allowed HUD records to incorrectly identify the mortgagee as the holder of 97 FHA-insured mortgage loans, and submitted false information to HUD on 133 claims for FHA insurance benefits and, in 90 instances, claimed benefits for ineligible holders of record.
ACTION: Settlement Agreement that, among other things, required a civil money penalty in the amount of $1.2 million and to complete mortgage record changes to facilitate the payment of certain FHA insurance claims.

Tuesday, April 23, 2013

Waiting for the CFPB

My sources tell me that the Consumer Financial Protection Bureau (CFPB) will soon announce substantial monetary penalties and other administrative actions against a large nonbank. I guess it is inevitable that when such an announcement is finally out and about, humans  - and especially the financial services type humans - will be easily aroused to panic - which means the nascent, CFPB exam preparation industry will receive a steroidal boost. And the frisson of dismay and frenzy will be stirred up even further by the ambulance chasers, running to the rescue, with their merry band of products and services to quell the indomitable, bureaucratic brute.
There are plenty of compliance and law firms scouring the horizon for new clients that seek CFPB exam readiness. Indeed, I know of one such firm that has made fear-mongering into a fine art, whirring about and speaking at industry events where a surfeit of anxiety and angst may be supremely generated. As the affrighted crowd bounds into the arms of these ushers of deliverance, seeking the aegis of their singular protection, they are quite sold on a full scale risk assessment and sempiternal, on-going monitoring. But the prospective clients, sore at the loss of money in this endeavor, need not be too vexed, inasmuch as they do get action plans, some risk assessment tools, and assorted bric-a-brac of one-size-fits-all templates "specially drafted" for their own unique purposes.
Our industry is a strong bunch, survivors of the toughest real estate cycles, and accustomed to adapting to regulatory mandates. We have seen the largest fall and the lowest rise. We push back, when needed; and we push forward, when appropriate. We know that our industry is the backbone of the economy. Our future will not be compromised by cold sweat and consternation.
So, when considering the legal and regulatory compliance requirements of the CFPB, how alarmed and apprehensive should we be?
Trembling before the Tsar
In the Tsardom of Russia, most people never met the Tsar. They met his agents, which at the time meant the duly constituted orders of functionaries who acted in accordance with the law. The people who did meet the Tsar, even nobles, were known (and even expected) to tremble in his presence. Like the custom required by English kings, the people who stood in the presence of the Tsar stated their views, when called upon to speak, and, upon finishing their statements, they left the reception chamber by bowing and slowly backing out of the room, always facing the Tsar. This kind of obeisance showed respect for the established order and reflected the insuperable power and primacy of the monarchy.
But we do not live in a monarchy and the CFPB is not the Tsar.
We need not tremble before the CFPB!
There are a set of guidelines that the CFPB requires for implementation by lenders, mortgage brokers, servicers, and others in the financial services sector. Most of these guidelines are not particularly ponderous, unless the foregoing entities hadn't been implementing them all along. It is not as if we do not know the importance of fair lending or proper data collection pursuant to the Home Mortgage Disclosure Act (HMDA). There is no real mystery regarding compliance with advertising rules. Every company is keenly aware of the mandates set forth in the Real Estate Settlement Procedures Act (RESPA) and the Truth in Lending Act (TILA).
At this point in the industry's growth, who does not know about the importance of risk controls and risk mitigation? Who does not know about the central importance of responsible and knowledgeable management? How many companies willfully ignore consumer complaints?
A whole generation of bankers, lenders, brokers, and servicers have cultivated a heightened sensitivity to the Fair Credit Reporting Act (FCRA) and Fair & Accurate Credit Transaction Act (FACTA), Gramm-Leach-Bliley Act (GLBA), Bank Secrecy Act and Anti-Money Laundering Program requirements, Equal Credit Opportunity Act (Regulation B), Home Ownership & Equity Protection Act (HOEPA), Secure & Fair Enforcement for Mortgage Licensing Act (SAFE Act), the Fair Housing Act, the Anti-Predatory Lending Act, the National Do-Not-Call Registry, and monitoring third party service providers (sometimes neutrally referred to as "vendor management").
These are the sorts of areas about which the CFPB has an interest in ensuring consumer financial protection. None of the aforementioned is strange or new to anybody who has been paying attention!
I have said many times that 'Preparation is Protection' - and most companies associated with residential mortgage loan originations and servicing have been preparing, thus protecting themselves, for a long, long time. Many have been through numerous state and federal banking examinations, responding, where needed, with corrective actions. Not a few have retained competent mortgage risk management firms or in-house compliance advisors. Even those who cannot afford compliance counsel have participated in one way or another in conferences, conventions, and training venues in order to be educated in regulatory developments. Everybody now knows unequivocally that sales are cemented to compliance.
Who's afraid of the big bad wolf?
As I wrote recently, the CFPB has considerable enforcement powers. Among other things, it can rescind or reform contracts, require the refunding of money to a consumer and demand other forms of restitution, mandate the disgorgement and refunding of various types of assets, compel the return of real property, cause fees and other compensation to be disgorged for unjust enrichment, require the payment of damages or other monetary relief, cause public notification regarding a violation, limit the activities or functions of alleged violators, and, of course, exact civil monetary penalties.
But, in terms of the remedies mentioned above, none of these administrative actions is really new. Virtually every state banking department in the country has most of these enforcement powers. Nearly all prudential regulators have many such authorities. Banks and nonbanks that have undergone routine examinations are not an unsuspecting lot, completely unprepared for the kinds of detailed review that the CFPB conducts. Having watched the CFPB in action, I can say that a firm that is adequately prepared for a state or federal examination should be prepared for a CFPB examination.
Is the CFPB's examination a bit more detailed? Yes. But most of the exam requirements are re-treads or the kinds of state and federal banking information and documentation requests or guidelines that are mostly customary and pro forma.

Thursday, April 11, 2013

The Enforcement Powers of the Consumer Financial Protection Bureau

For several months, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) has implemented a spate of enforcement actions against banks and nonbanks. My interest in this article is neither to re-litigate those cases nor single out any particular financial institution for further scrutiny.* Sometimes we must learn our lessons at somebody else’s expense, rather than to castigate another for unseemly conduct. None of us, however, is absolved of the responsibilities, the violations of which could lead to enforcement actions against us or the financial institution where we are employed.
It is important, therefore, to have some sense of what is meant by the term “enforcement,” especially with respect to the CFPB’s authorities. The CFPB received a host of enumerated laws and related authorities on July 21, 2011[i], and, pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”), a concomitant set of defined rules were established[ii] that gave the Bureau numerous enforcement powers, including the powers to conduct investigations and implement enforcement actions to enforce federal consumer financial law.[iii]
For instance, Section 1052 of the Dodd-Frank authorizes the CFPB to engage in joint, interagency investigations and requests for information, including matters relating to fair lending. Though the statute specifically provides that, “where appropriate,” the Bureau may conduct “joint investigations” with the Secretary of Housing and Urban Development, the Attorney General of the United States, or both, it also sets forth lengthy provisions governing subpoena powers and civil investigative demands.
Hearings and Adjudications
Scope of Legal Remedies
Blowing the Whistle on Violations
Policy Statement and Whistleblower Protection
Locking Horns with the Department of Labor
Hearings and Adjudications
On November 7, 2011, the Bureau issued CFPB Bulletin 2011-04 (entitled “Enforcement”),[iv] the first in a series of bulletins relating to policies and priorities of the Bureau’s Office of Enforcement. The Bulletin announced that before the CFPB commences an enforcement proceeding, it may (or may not) give the subject of the proceeding notice of the nature of the potential violations and may (or may not) offer the subject the opportunity to submit a written statement in response. The Bulletin also gave specific instructions regarding the submission requirements of the written statement, such as the paper size, spacing, font size, and length, while also mandating that the response had to be received by the CFPB by no more than 14 calendar days after the notice.[v]
Almost a year after the CFPB received its authorities, it adopted rules, on June 29, 2012, regarding the procedures it expected to follow when investigating whether a “person” (a legal term for an individual or entity) is or has been engaged in conduct that would constitute a violation of any provision of federal consumer financial law.[vi]
Indeed, Dodd-Frank authorizes[vii] the Bureau to conduct hearings and adjudication proceedings to ensure or enforce compliance with the following applicable items:
  • Title X, which established the Consumer Financial Protection Bureau as an independent agency within the Board of Governors of the Federal Reserve System, including any rules prescribed by the CFPB under Title X; and
  • “… any other Federal law that the Bureau is authorized to enforce, including an enumerated consumer law, and any regulations or order prescribed thereunder, unless such Federal law specifically limits the Bureau from conducting a hearing or adjudication proceeding and only to the extent of such limitation.”
Furthermore, Section 1053 of Dodd-Frank sets forth the rules for Cease-and-Desist proceedings and enforcement orders.
Statutorily, Dodd-Frank authorizes the CFPB to apply to the United States district court within the jurisdiction of which the principal office or place of business of the person is located, for the purposes of enforcing any effective bulletin or notice, outstanding notice, or order.
Thus it was that, soon after the Bureau announced its rules for investigating violations, in July 2012 the CFPB announced its first enforcement action. That action consisted of a consent order in which Capital One agreed to refund $140 million to 2 million customers and pay a $25 million penalty. The enforcement was the consequence of alleged deceptive marketing tactics used by Capital One’s vendors to coax consumers into paying for add-on products when they activated their credit cards.[viii]
Dodd-Frank authorizes the CFPB to commence a civil action against any person who violates a federal consumer financial law and to impose a civil penalty or to seek all appropriate legal and equitable relief including a permanent or temporary injunction.
When commencing a civil action, the Bureau must notify the Attorney General and, with respect to a civil action against an insured depository institution or insured credit union, the appropriate prudential regulator. Except as otherwise permitted by law or equity, no action may be brought under Title X more than three years after the date of discovery of the violation.
Indeed, the CFPB published an interim rule regarding its awarding of attorney fees and other litigation expenses in certain situations, as required by the Equal Access to Justice Act.[ix]