Friday, October 28, 2016

CFPB's Compliance Bulletin and Policy Guidance 2016-02 - Service Providers: Questions and Answers

Managing Director
Lenders Compliance Group

On Wednesday, October 26, 2016, the CFPB issued updated guidance on service providers, based on its previous issuance of April 13, 2012, titled CFPB Bulletin 2012-03, Subject: Service Providers (“Bulletin”), that had been published in the Federal Register. The Bulletin is a statement of policy that articulates considerations relevant to the Bureau’s exercise of its supervisory and enforcement authority. This new issuance is published in the Federal Register and is titled Compliance Bulletin and Policy Guidance 2016-02, Service Providers (“Guidance”).

Click HERE for a copy of the Guidance and the Bulletin.

Essentially, this updated guidance provides additional clarifications regarding how supervised entities are to manage their risk management program for service providers. It is meant to clarify that “the depth and formality of the risk management program for service providers” may vary depending upon the service being performed (i.e., the service provider’s size, scope, complexity, importance and potential for consumer harm) and the performance of the service provider in carrying out its activities in compliance with Federal consumer financial laws and regulations. 

Much of the guidance is a reiteration of the Bulletin, with a reminder that “while due diligence does not provide a shield against liability for actions by the service provider, it could help reduce the risk that the service provider will commit violations for which the supervised bank or nonbank may be liable.” This reiterating of the Bulletin seems to have been made necessary because, although other CFPB Bulletins were published in the Federal Register, it appears that the Bureau did not previously publish Bulletin 2012-03 when it was issued.

I have said all along how important it is to work with an outsource due diligence company, if a financial institution is not going to adequately equip and staff an in-house evaluation function, which means ensuring the presence of competent risk management professionals and the required research tools. This is why we established VendorsCompliance Group as the an outsource evaluator that would be far more than a compilation service. 

These compilation services that hold themselves out as evaluators for vendor management purposes are just putting together and providing a compilation rating. That is simply insufficient, viewed from the standpoint of effective due diligence. Vendors Compliance Group does not merely compile information and documentation, which is only a first step, but also it actually evaluates and risk rates service providers by means of hands-on reviews conducted by risk management professionals using state of the art research methodologies. The evaluator actually is often personally in contact with the bank or nonbank to ensure that there is a strong and steady flow of transaction information. 

When Vendors Compliance Group risk rates a service provider, the supervised bank or nonbank can be sure that it is a rigorously derived, vendor compliance risk rating, provided by a due diligence methodology which stands up to regulatory scrutiny.

Let’s review some basics, as set forth in the Guidance. 
I am going to frame this outline in the form of Questions and Answers for the sake of ensuring a broad understanding of the Bureau’s expectations with respect to service provider evaluations. I will use the Guidance as the source document.

Q: Why is a service provider evaluation necessary?
A: The Bureau expects supervised banks and nonbanks to oversee their business relationships with service providers in a manner that ensures compliance with Federal consumer financial law, which is designed to protect the interests of consumers and avoid consumer harm. 

Q: What is the governing statute for the definition of a Federal consumer financial law?
A: Section 1002(14) of the Dodd- Frank Act (12 U.S.C. 5481(14)).

Q: What institutions are expected to evaluate their service providers?
A: Supervised banks and nonbanks, as follows:
  • Large insured depository institutions, large insured credit unions, and their affiliates (12 U.S.C. 5515); and
  • Certain non-depository consumer financial services companies (12 U.S.C. 5514). 
Q: What service providers are expected to be evaluated?
A: The following supervised entities are to be evaluated:
  • Service providers to supervised banks and nonbanks (12 U.S.C. 5515, 5514); and
  • Service providers to a substantial number of small insured depository institutions or small insured credit unions (12 U.S.C. 5516).
Q: Specifically, how is the term “service provider” defined by the Bureau?
A: “Service provider” is generally defined in Section 1002(26) of the Dodd-Frank Act as ‘‘any person that provides a material service to a covered person in connection with the offering or provision by such covered person of a consumer financial product or service.’’ (12 U.S.C. 5481(26)) A service provider may or may not be affiliated with the person to which it provides services.

Tuesday, October 11, 2016

Cybersecurity - A Model Approach

Managing Director
Lenders Compliance Group

As some of you know, Lenders Compliance Group is the first risk management firm in the country to provide both a risk assessment and a disaster recovery plan for banks and nonbanks. The goal is to make the due diligence approach both affordable and consequential. Importantly, the resulting findings must meet regulatory scrutiny, since liability remains with the financial institution with respect to implementing Internet Technology, Information Security, and Cybersecurity requirements. The review process is conducted by Kevin Origoni, our Director/IT-IS-Cybersecurity, who is a Six Sigma awardee for his knowledge and experience. Our interest in this area has only grown more attentive as federal and state regulators have become very active in implementing disaster recovery and cybersecurity guidelines.

Our attentiveness has been borne out by the recently proposed regulation involving cybersecurity issued by the New York State Department of Financial Services (DFS). The regulation would impose significant cybersecurity standards on entities it supervises. The proposal is subject to a 45-day public comment period, which will end on November 14, 2016. Importantly, some of these standards exceed current state and federal requirements. It is valuable, therefore, to take a brief look at these prospective standards.

The proposed regulation would apply to entities operating or required to operate under a license, registration or other authorization under the New York Banking Law, Insurance Law or Financial Services Law. These covered entities include:
  • New York state chartered banks,
  • New York licensed branches and agencies of foreign banks,
  • insurance companies,
  • money transmitters,
  • licensed lenders,
  • mortgage brokers, and
  • mortgage bankers, lenders and servicers.

Certain small entities would be exempt from some, but not all, of the requirements of the proposed regulation.

If adopted, the proposed regulation would require covered entities to adopt a written cybersecurity program and implement various safeguards to protect nonpublic information, as broadly defined in the proposal. Covered entities would have to annually certify to the DFS their compliance with the proposed regulation.

We believe that the DFS proposal will set a nationwide standard for cybersecurity and should be carefully considered as a model for disaster recovery, IT, IS, and cybersecurity requirements.

As it is currently drafted, the proposed regulation is prescriptive, inasmuch as it goes beyond the requirements imposed by the federal banking regulators on the depository institutions they supervise. For instance, guidance provided by the Federal Financial Institutions Examination Council (FFIEC) in its September 2016 Examination Handbook suggests that financial institutions should implement the type and level of encryption that is commensurate with the sensitivity of information being protected. However, FFIEC does not mandate that all nonpublic information be encrypted while in transit and at rest, or resident, as the DFS has proposed. But the DFS proposal also appears to require multi-factor authentication in a much broader range of circumstances than the guidance provided by federal regulators to depository institutions, which is mostly focused on online banking.

Similarly, the federal banking regulators require financial institutions to provide notice of information security breaches involving unauthorized access to or use of sensitive customer information; however, the DFS would mandate such notification within 72 hours of any cybersecurity event, a timeframe which the federal banking regulators do not require.

The DFS sets forth standards for policies and procedures. Each covered entity’s cybersecurity program would need to be designed to ensure the confidentiality, integrity and availability of the covered entity’s information systems and to perform the following functions:

Wednesday, June 15, 2016

Advertising Compliance: Getting Ready for the Banking Examination - Part Two - Risk Assessments

Jonathan Foxx
President & Managing Director

Lenders Compliance Group

In Part One of this two-part series, I noted that “the regulator will determine whether advertisements and promotional materials provide timely, clear, and understandable information about the existence of costs, payment terms, penalties, or other terms and charges, the reasons for their imposition, and the salesperson’s compensation from cross-sales.”[i]

Just as an examiner will review the advertising materials using various metrics and means, so also should the mortgage loan originator use three tools to ensure compliance with advertising rules.

The tools are:
  • Advertising Manual, with a host of supporting forms;
  • Record Retention, containing all advertisements and reviews thereof; and
  • Forms and Checklists, constituting all loan products and origination methods.
In this article, we are going to explore these three tools. While the considerations do not encompass all the requirements and conditions relating to each tool, I hope to provide a general understanding of how these should be designed and, most importantly, how they must be interfaced with one another.

Advertising Manual

At the outset, let me clarify the importance of distinguishing advertising policy and procedure from an advertising manual. While the former often does not contain the latter, the latter most certainly contains the former. That is to say, a policy and procedure may or may not be actively given to employees; however, a manual is always given to them. The advertising policy may set forth rules and philosophy, but the manual is the actual implementation guidelines that an employee consults to find decisive standards.

Many companies have an advertising policy and procedure document, sometimes relying on it to serve the purpose of an advertising manual. However, employees – such as loan officers – need to know not only policies and procedures but also the whole gamut of potential conditions that affect their advertising campaigns. Only an advertising manual satisfies this overall need.

Every employee that receives the advertising manual must sign an attestation of receipt. This document has several purposes. It confirms that the employee has been put on notice about the company’s advertising rules and guidelines; it may be used as proof that the document is expected to be complied with or, if not, the employee will be disciplined; it demonstrates to an examiner that the company proactively provides such guidance; and, finally, it affirms the company’s commitment to on-going monitoring of advertising compliance. A signed attestation should be a requirement of employment.

There are three fundamental purposes of the advertising manual:
  1. The employee must sign for receiving it. The reason for such receipt is to ensure that the employee has proven receipt and will be held responsible for meeting the requirements therein.
  2. The company must set forth its advertising standards. This means not just training on the manual or learning the company’s advertising rules. It means also empowering the employee to seek immediate guidance at all times, irrespective of availability to compliance personnel.
  3. Interaction between employees and compliance department. As part of the process toward approval by the compliance department, the manual provides forms that serve as a firm record of advertising that is duly and properly authorized by the company.
At a minimum, the advertising manual should provide rules and guidance in regulatory risks and advertising restrictions. However, a comprehensive document contains far more than statements of policy. It begins with concise definitions of advertisements and promotional materials. Furthermore, the manual should set forth the applicable regulations that frame advertising compliance. Most importantly, there must be a written set of approval procedures, which contain corresponding forms and checklists.

Certain sections must be included, such as the following:
  • Electronic Media
  • Telemarketing
  • Do Not Call
  • Do Not Fax
  • Do Not Email
  • Prescreening
  • Firm Offers of Credit
  • Published Rates
  • Rate Sheets
  • Third Party Advertisements
If the company offers special programs, such as loan products designed for senior citizens, these must be outlined and given some depth as to the target audience and restrictions.

An important inclusion in the advertising manual is a set of reference terms, which ought to be in a separate section of its own. Examples should be given for “triggering terms,” the advertised words or phrases that “trigger” the need for additional disclosures.

Record Retention

Whereas the subject of record retention often comes last in an outline of regulatory compliance policies, it actually holds second place with respect to advertising compliance, after the advertising manual and before the forms and checklists. This priority is due to the critical need to retain all advertisements.  

A company must keep copies of printed advertisements, as well as the text of advertisements that are conveyed by electronic or broadcast media, for a two (2) year period from the date issued by the advertiser. Let me be as clear as possible here: retain copies of printed advertisements (including transcripts of non-print media) and marketing materials used, including all materially different advertising, marketing and promotional media regarding any mortgage credit product.

As a policy position, the company should impose a uniform two (2) year record retention rule to be enforced through the latter of the two year retention period or through at least one regulatory examination. As a practical matter, retain advertisements in perpetuity, if possible. Furthermore, I suggest the company maintain any advertisements that apply to evidence of required actions.

Checklists and forms

There are many checklist categories that are used in advertising compliance. I am going to provide a brief outline of three of them for you. These are the General, FHA, and Online checklists. I have outlined below a checklist for each category, with an expanded checklist for online, given that online is a large source of marketing and loan origination activities.

The list is deliberately brief and by no means comprehensive, so view them with the proviso that you must develop a checklist that is specific to your company’s loan products and risk profile.

You may not know the implications of some of these checklist items; however, please assume that the very fact that these items are on the lists indicates they impute important inferences associated with advertising compliance.

  • Does the advertising include the HUD logo or legend?
  • Does the advertising include the Fair Housing logotype?
  • Does the advertising have any tendency or capacity to deceive?
  • Is the advertising accurate?
  • If the advertising describes a benefit, does it also describe any conditions that must be satisfied to obtain the benefit?
  • Does the advertising include any Truth-in-Lending Act triggering terms? (Note: if you do not have a list of these trigger terms, please consult a compliance professional. The list is extensive, long, and requires careful review.)
  • Does the “®” or “SM” symbol appear with any service mark?
  • If a service mark appears, does the following language appear: “[Mark] is a service mark of [name of owner of the mark]?”
  • If the advertisement is for a home equity credit line, does it comply with the Truth-in-Lending Act’s special home equity credit line requirements?
  • Does the advertising include any references to tax deductibility?
  • Does the advertising make any “guarantees?
  • Are any applicable state-specific rules satisfied?
  • Have all statements of fact been substantiated?
  • For telemarketing activities, have the telemarketing requirements been satisfied?

  • Advertising patterns or practices that a reasonable person would believe indicate prohibited-basis customers are less desirable.
  • Advertising only in media serving non-minority areas of the market.
  • Marketing through brokers or other agents that the lender knows (or has reason to know) would serve only one racial or ethnic group in the market (unless part of an effort to attract minorities not otherwise being reached).
  • Use of marketing programs or procedures for residential loan products that exclude one or more regions or geographies within the lender’s assessment or marketing area that have significantly higher percentages of minority group residents than does the remainder of the assessment or marketing area.
  • Using mailing or other distribution lists or other marketing techniques for pre-screened or other offerings of residential loan products that:
  • Explicitly exclude groups of prospective borrowers on a prohibited basis. 
  • Exclude geographies (i.e., census tracts and zip codes) within the institution’s marketing area that have significantly higher percentages of minority group residents than the remainder of the marketing area.
  • Proportion of monitored prohibited-basis applicants is significantly lower than that group’s representation in the total population of the market area.
  • Consumer complaints alleging discrimination in advertising or marketing loans. 

  • A lender that advertises online credit products subject to the Fair Housing Act must display the equal housing lender logotype and legend or other permissible disclosure of its nondiscrimination policy if required by the rules of its regulator.
  • In some cases, regulations contain special rules for multiple-page advertisements. For online advertisements that may be deemed to contain more than a single page; thus, lenders should comply with the applicable sections of Regulation Z,[ii] which describe the requirements for multiple-page advertisements). (Note: It is not yet clear what would constitute a single “page” in the context of the Internet or online text.)
  • Internet or other systems in which a credit application can be made online may be considered “places of business” under HUD’s rules prescribing lobby notices.
  • Ensure that online products are offered and evaluated on a non-discriminatory basis and that no illegal discouragement exists.
  • Place any required disclosure as close as possible to the advertising claim.
  • View disclosures on the same platform as the advertisement and be sure to include any disclosures necessary to prevent the advertisement from being misleading.
  • Incorporate disclosures into advertisements whenever possible. If including sufficient disclosure is not possible because of space constraints, consider putting he disclosures clearly and conspicuously on a page to which the advertisement links (if allowed by applicable law).
  •  When using hyperlinks:
  • Make the link obvious. 
  • Appropriately label the link to convey its importance, nature and relevance. 
  • Use hyperlinks consistently, so customers know when they are available. 
  • Place the link as close as possible to the relevant information. 
  • Take customers directly to the disclosure on the click-through page. 
  • Assess the effectiveness of the link by monitoring click-through rates and other information about customer use; make changes as appropriate.
  • Use the “reasonable person rule” and assume that each page of the website is not going to be read by the viewer nor every word - nor visit every web page.
  • Design advertisements so scrolling is not necessary to find a disclosure. When scrolling is necessary, use text or visual cues to encourage scrolling.
  • Research about where consumers may look on the screen for information.
  • Recognize and respond to technical limitations or unique characteristics of a communication method when making disclosures.
  • Display disclosures before customers make a decision to buy.
  • Repeat disclosures as needed on lengthy websites and for repeated advertising claims.
  • Be on the lookout for multiple routes through the website and be sure disclosures are repeated as necessary.
  • Prominently display disclosures; be aware of color, size and graphics.
  • Review the entire advertisement (as a whole) to address the effectiveness of disclosures in light of other elements (viz., text, graphics, hyperlinks, and sound).
  • If using audio disclosures with audio claims, present them in a volume and cadence consumers can hear and understand.
  • Use plain language and syntax.
  • If a disclosure cannot be made clearly and conspicuously so as to prevent an advertisement from being deceptive, do not use the advertisement.
  • To determine whether a particular disclosure is clear and conspicuous, consider:
  • Its placement in the ad and its proximity to the claim it qualifies. 
  • Its prominence. 
  • Whether seeing the disclosure is unavoidable. 
  • Whether other items in the advertisement might distract attention from the disclosure. 
  • Whether the disclosure should be repeated several times to be effectively communicated, or because consumers may enter the site at different locations or travel on paths that might cause them to miss it. 
  • Whether audio messages have adequate volume and cadence. 
  • Whether the language of the disclosure is understandable to the intended audience. 
  • Monitor and analyze data for indications that disclosures were or were not comprehended, and make necessary adjustments. 
  • Pay close attention to technological limitations. (For example, a disclosure that requires Adobe Flash Player will not be displayed on certain mobile devices.)
  • Deactivate pop-up disclosures that can be blocked. Using ‘unblockable’ pop-ups may be problematic.
  • For audio claims, use audio disclosures. For written claims, use written disclosures.

Other advertising checklists that should be included are, as applicable:

  • Closed End Credit
  • Open End Credit
  • Reverse Mortgages
  • Home Equity Lines of Credit
  • Fair Lending
In addition, consider providing a set of Reference Guide or Quick Reference Guide with the following sections:

·         Close End Credit – Triggering Terms
o   General Phrases: Do Not Trigger Full Disclosure
·         Closed End Credit Triggering Terms
o   General Phrases: Do Trigger Full Disclosure
·         HELOC – Triggering Terms
o   General Phrases That DO Trigger Full Disclosure
·         Advertising Descriptions and Phrases (i.e., Terms of Offer)

A form should be provided in the advertising manual in order to ensure that a request has been made to the compliance department for approval of the advertisement. Such a form may be called “Advertising Request Approval Form,” or some other title, but the purpose of the form is to provide the following information and documentation:

  • Name of requester and date of request
  • Summary of the advertisement
  • Media
  • Date(s) of publication
  • Specimen of advertisement
  • Audience
  • Approval or Denial (viz., with management signature and date)
The form and all revisions to the advertisement prior to and at publication are kept together for future use as well as to maintain supporting proof of the review process.

Triggering Terms

Certain advertising terms, known as “triggering terms,” cause the need for additional disclosure. The presence of these terms in an advertisement can lead to TILA violations, among other things. There are triggering terms associated with different loan products, such as home equity credit lines, closed end credit, HELOCs, and many other loan products.

For instance, a few terms for closed end credit that trigger the need for additional disclosure are:
o   “Up to 48 months to pay”
o   “90% financing”
o   “As low as $50 a month”
o   “36 equal payments”
o    $500 total cost of credit”

Of course, there are triggering terms that do not trigger additional disclosure.

Some examples of terms for closed end credit that do not trigger the need for additional disclosure are:
o   “Defer your first monthly installment until July”
o   “Pay monthly”
o   “Regular monthly payments”
o   “5% Annual Percentage Rate Loans”
o   “Qualify at 1.00% below prime.”

Virtually all aspects of advertising must be evaluated in an advertisement. Depending on the advertisement or campaign’s loan product, advertising compliance should consider such categories as the term of the offer or promotion, the limitations on use or scope of the offer, general limitations and restrictions on the offer, limitations on geographical scope, limitations as to choice of loan products or availability, limitations of liability, qualifications or prerequisites to availability, and many more factors.

Fair Lending

Advertisements are a minefield of potential fair lending violations. There are some rudimentary indicators of potential Disparate Treatment in marketing of residential loan products. Disparate treatment occurs when a company treats a credit applicant differently based on one of several prohibited bases, such as race or color, national origin, religion, and several other bases.

Importantly, an allegation of a fair lending violation does not require any showing that the treatment was motivated by prejudice or a conscious intention to discriminate against a person beyond the difference in treatment itself. [iii]

When a company applies a racially or otherwise neutral policy or practice equally to all credit applicants, but the policy or practice disproportionately excludes or burdens certain persons on a prohibited basis, the policy or practice is described as having a Disparate Impact. The fact that a policy or practice creates a disparity on a prohibited basis is not alone proof of a violation. According to the interagency examination procedures set forth by Federal Financial Institutions Examination Council (FFIEC), “when an examiner finds that a lender’s policy or practice has a disparate impact, the next step is to seek to determine whether the policy or practice is justified by ‘business necessity.’ The justification must be manifest and may not be hypothetical or speculative.”[iv]

Factors that may be relevant to the justification could include cost and profitability. Even if a policy or practice that has a disparate impact on a prohibited basis can be justified by business necessity, it still may be found to be in violation if an alternative policy or practice could serve the same purpose with less discriminatory effect. But, as stated above in the case of disparate treatment, so also evidence of discriminatory intent is not necessary to establish that a lender's adoption or implementation of a policy or practice that has a disparate impact is in violation of the Fair Housing Act or Equal Credit Opportunity Act.

In evaluating whether there is a potential for a fair lending violation in an advertisement, FFIEC has also offered several factors to consider, amongst which are:[v]

  • Advertising patterns or practices that a reasonable person would believe indicate prohibited basis customers are less desirable.
  • Advertising only in media serving non-minority areas of the market.
  • Marketing through brokers or other agents that the institution knows (or has reason to know) would serve only one racial or ethnic group in the market.
  • Use of marketing programs or procedures for residential loan products that exclude one or more regions or geographies within the institutions assessment or marketing area that have significantly higher percentages of minority group residents than does the remainder of the assessment or marketing area.
  • Using mailing or other distribution lists or other marketing techniques for pre-screened or other offerings of residential loan products that:
  • Explicitly exclude groups of prospective borrowers on a prohibited basis; or
  • Exclude geographies (i.e., census tracts, ZIP codes, etc.) within the institution's marketing area that have significantly higher percentages of minority group residents than does the remainder of the marketing area.
  • Proportion of prohibited basis applicants is significantly lower than that group's representation in the total population of the market area.
  • Consumer complaints alleging discrimination in advertising or marketing loans.
With respect to media usage, the follow steps should be undertaken:[vi]

  • Determine in which newspapers and broadcast media the institution advertises.
  • Identify any racial or national origin identity associated with those media.
  • Determine whether those media focus on geographical communities of a particular racial or national origin character.
  • Learn the institution's strategies for geographic and demographic distribution of advertisements.
  • Obtain and review copies of the institution's printed advertising and promotional materials.
  • Determine what criteria the institution communicates to media about what is an attractive customer or an attractive area to cultivate business.
  • Determine whether advertising and marketing are the same to racial and national origin minority areas as compared to non-minority areas.


A marketing campaign, whether consisting of one or numerous advertisements and promotional opportunities, must be scrutinized for potential UDAAP (Unfair, Deceptive, or Abusive Acts or Practices) and fair lending violations. Nearly any kind of “puffery” can cause a UDAAP violation, the classic example being over-promising and under-delivering! Another classic is up-selling or down-selling to less attractive products or products unsuitable for the audience of prospective applicants.

An act or practice is deceptive if there is a representation, omission of information, or practice that is likely to mislead consumers who are acting reasonably under the circumstances, and the representation, omission, or practice is one that is material, for instance, likely to affect consumers’ decisions to purchase or use the product or service at issue.[vii]

There is a two-prong rule for determining if an act or practice is deceptive.[viii]

  • There is a representation, omission of information, or practice that is likely to mislead consumers acting reasonably under the circumstances; and
  • That representation, omission, or practice is material to consumers.
Violations of UDAAP easily abound if applicable disclosures are not clear and unambiguous, such as where material information is omitted from the marketing campaign, information is contradicted by laws or regulations, all fees are not disclosed or their timing not given, use of the word “Free” is misleading, fake images and testimonials are used, so-called “guarantees” are misleading, and, in general, insufficient information causes a consumer to not reasonably understand the terms of the campaign.

Here is a three-part test recommended by the FTC[ix] as a tool to avoid UDAAP violations in advertising:

  1. The practice must be one that causes or is likely to cause substantial injury to consumers.
  2. The injury must not be outweighed by countervailing benefits to consumers or to competition.
  3. The injury must be one that consumers could not reasonably have avoided.
This three-part formula may be taken as a rule-of-thumb method toward screening advertisements for potential UDAAP violations. The fact is that there is a distinct prohibition or restriction on unfair or deceptive advertising and all due efforts must be undertaken toward the goal of preventing unfair or deceptive practices.

Keep in mind that a representation may be express or implied. An “express claim” directly represents the fact at issue, while an “implied claim” does so in an oblique or indirect way.[x] Whether an implied claim is made depends on the overall net impression that consumers take away from an advertisement, based on all of its elements (language, pictures, graphics, and so forth).[xi] Therefore, the examiner is going to evaluate whether consumers’ impressions or interpretations of a representation or omission are reasonable.

In Part One of this two-part series, I mentioned the “reasonable person” rule. I stated that one of my colleagues often refers to the “reasonable person rule” as the “village idiot rule;” that is, if the village idiot can be expected to understand the message, the “reasonable person rule” test may be passed. Be forewarned, if there is a claim, challenge or examination finding to whether a consumer is in any way misled or may be misled by an advertisement, the onus will be on the company to prove otherwise!

Indeed, reasonableness is evaluated based on the sophistication and understanding of consumers in the group to which the representation is targeted, which may be a general audience or a specific group, such as senior citizens.[xii] But a claim may be susceptible to more than one reasonable interpretation, and if one such interpretation is misleading, then the advertisement is deceptive, even if other, non-deceptive interpretations are possible.[xiii]

[i] “Advertising Compliance: Getting Ready for the Banking Examination,” by Jonathan Foxx, National Mortgage Professional Magazine, May 2016, Volume 8, Issue 5, p 94
[ii] For instance, § 1026.16(c), § 1026.24(d)
[iii] Interagency Fair Lending Examination Procedures, August 2009, p iii, Office of the Comptroller of the Currency Federal Deposit Insurance Corporation, Federal Reserve Board Office of Thrift Supervision, National Credit Union Administration
[iv] Idem. p iv
[v] Idem. p 11
[vi] Idem. P 39
[vii] Section 5 of the FTC Act broadly proscribes unfair or deceptive acts or practices in or affecting commerce.
[viii] Deception Policy Statement, at 176–77, Federal Trade Commission Policy Statement on Deception, appended to In re Cliffdale Assocs., Inc., 103 F.T.C. 110, 174–84 (1984) (Deception Policy Statement). See also FTC v. Tashman, 318 F.3d 1273, 1277 (11th Cir. 2003); FTC v. Gill, 265 F.3d 944, 950 (9th Cir. 2001); FTC v. QT, Inc., 448 F. Supp. 2d 908, 957 (N.D. Ill. 2006), aff’d, 512 F.3d 858 (7th Cir. 2008); FTC v. Think Achievement Corp., 144 F. Supp. 2d 993, 1009 (N.D. Ind. 2000); FTC v. Minuteman Press, 53 F. Supp. 2d 248, 258 (E.D.N.Y. 1998)
[ix] Section 5(n) of the FTC Act sets forth a three-part test to determine whether an act or practice is unfair.
[x] FTC v. QT, Inc., 448 F. Supp. 2d at 957
[xi] See FTC v., LLC, 453 F.3d 1196, 1200 (9th Cir. 2006) (‘‘A solicitation may be likely to mislead by virtue of the net impression it creates even though the solicitation also contains truthful disclosures.’’); FTC v. Gill, 265 F.3d at 956 (affirming deception finding based on ‘‘overall ‘net impression’’’ of statements); Removatron Int’l Corp. v. FTC, 884 F.2d 1489, 1497 (1st Cir. 1989)
(advertisement was deceptive despite written qualification); Thompson Med. Co. v. FTC, 791 F.2d 189, 197 (DC Cir. 1986) (literally true statements may nonetheless be deceptive); FTC v. QT, Inc., 448 F. Supp. 2d at 958.
[xii] Op. cit. 4, pp 177-179
[xiii] Idem p 178

Monday, May 23, 2016

Advertising Compliance: Getting Ready for the Banking Examination

President & Managing Director
Lenders Compliance Group

Advertising is often central to a loan originator’s marketing plans. After all, if prospective borrowers can’t even find you when they need mortgage loans, there’s nothing left but word of mouth, dropping off bagels at real estate brokers, giving away pens and pads with your name on it, offering occasional, educational and promotional presentations on loan products, and hanging out a website shingle with the hopes that you will be listed on Page 10 of Google Search.

Informing the public of loan products is a highly regulated activity in mortgage banking and finance. Buzz words, restricted words and phrases, and trigger terms can be a nasty nest of vipers that will catch you up in a regulator’s net. The regulatory areas involving mortgage banking advertising include the Fair Housing Act, Equal Credit Opportunity Act (ECOA), Truth in Lending Act (TILA), Federal Trade Commission’s Mortgage Advertising Rules, FHA mandates, Real Estate Settlement Procedures Act (RESPA), Unfair, Deceptive, or Abusive Acts or Practices (UDAAP), fair lending, the SAFE Act, the Fair Credit Reporting Act (FCRA), and state regulations. Clearly, advertising compliance is complex!

My firm looks at thousands of potential advertisements a year that are sent to us by our clients for clearance. Although we provide them with our Advertising Manual, which is deep and broad in application and contains many forms and formats, each advertisement still often needs a review, especially at the commencement of a marketing campaign. Our clients want to comply with federal and/or state advertising regulations; however, they feel continually constrained as to how best to both stay within bounds of regulatory compliance and also create appealing advertisements. Of course, banking examiners don’t much care about how engaging and captivating an advertisement is; these professionals are tasked with protecting the consumer in accordance with required regulatory guidelines.

One of the very first requests a regulator asks at the outset of an examination is to receive for audit all advertisements involving contact with the public during the scope period. Woe be unto the company that does not have each and every advertisement ready and available for audit! And woe be unto the company that lets a regulator somehow uncover an advertisement that was not disclosed at the time of an examination – even if the advertisement had no violations in it, the trust factor with the auditor will not be easily re-established!

As many of you know, Lenders Compliance Group’s orientation is what I call “applied compliance” – not the theoretical approach to compliance that seems to work in theory, but often becomes controversial in the on-going implementation of regulatory compliance. In this article, I am going to provide a practical approach to guiding you through the maze of certain advertising compliance rules as well as regulatory expectations. Obviously, the article is not meant to be comprehensive. But it is aimed at providing suggested ways and means toward the kind of hands-on, applied compliance that my firm handles every single day on behalf of our clients.

This is a two-part article. In this first part, I will discuss some basics, give you the principal ways to prepare for advertising compliance examinations, and highlight the banking examiner’s expectations. In the second part, we’ll explore marketing campaign development, the use of advertising checklists, triggering terms (the advertised words or phrases that “trigger” the need for additional disclosures), and the way advertisements impact fair lending.


First and foremost, let’s be clear about what is a viable advertisement.

Friday, April 29, 2016

Too Big to Fail: End Run around a Bank Run

A startling feature of Dodd-Frank is the impression it gives that “Too Big to Fail” - otherwise known as “TBTF” - has been legislatively fixed. The impression is quite misleading. Sort of like the impression that some bank executives are Too Big to Jail! They aren’t; but nobody’s in jail, last time I looked.

Dodd-Frank is a beast that chomps submissively at the rancid remains of a decomposing TBTF bank.  

What is TBTF anyway, but a hypothetical, counterfactual, arbitrary assemblage of somewhat dubious allegations based on the effect of a bank’s failure perpetrated on the entire financial system?

The public screams, “save us from another repeat of the recent financial crisis;” politicians twist and twitch fretfully over a re-occurrence, though they have no idea really how to figure out how big is “Big;” lobbyists for the banks write the legislation that primes the TBTF bizarre spectacle of wondering what metrics to use to quantify systemically explosive financial entities; and Congressman Barney Frank, whose eponymous legislation seems to offer some solace, leaves Congress and rationalizes his decision to join the Board of Signature Bank – appearances be damned!

Maybe there is a tentative solution if we wind up in the midst of a long term financial crisis. Perhaps a proposal, suggested on Tuesday by the FDIC and the OCC, might be worth considering. The proposal would require the biggest banks to retain sufficient assets to be convertible into cash if there is a financial crisis. The tool is known as the “net stable funding ratio.” This ratio requires banks to balance the use of short-term funding sources – the type of sources that come under intense pressure in a financial crisis, such disruption typified by a run on a bank – with more stable funding sources, for instance, deposits and regulatory capital tools, such as equity.

The proposal forces a bank with more than $250 billion in assets and $10 billion in foreign exposures to maintain enough easily convertible capital to allow it to cover any liquidity needs for up to a year. The FRB is also working on a liquidity proposal for banks with between $50 billion and $250 billion in total assets.

The net stable funding ratio, which is often referred to as the NSF, is really a creature of the 2008 financial crisis. As bank failures or near failures abounded, regulators felt that even the then-currently maintained capital levels could be in danger if there were too much reliance on the repo market and other wholesale funding sources. The big fear was that banks would not maintain enough liquid assets to withstand a run on the riskier entries on their balance sheets.

Functionally, the NSF works this way: it requires banks to measure their capital levels along with consumer and small business deposits – traditionally considered stable funding sources - against less stable funding mechanisms. Other assets, such as gold and loans, carry different risk weights in the way they count toward the ratio, based on a Basel Committee release in 2014 involving banking supervision.

So, banks are expected to carry a 100% funding ratio, which means they should be able to handle a short term run by either (A) paying out cash, or (B) quickly converting assets into cash. Hence, the FDIC, FRB, and OCC are devising their own adaptation of the Basel findings. Their NSF endeavors to be consistent with the Basel’s NSF.

Wonk ON!

Now to get a bit wonkish. The proposal would rate a balance sheet’s asset stability on such categories as the type of funding, including regulatory capital, long-term debt and deposits, its maturity horizon and the counterparty to the asset. Insured deposits would be given the highest stability “rating” while short term wholesale funding would be considered significantly less stable.

Assets with a maturities greater than one year would also get the highest stability rating, while funding with maturities of less than six months would get lower stability ratings, thereby causing banks to increase their liquidity provisions.

From the regulatory monitoring perspective, banks with greater than $50 billion in assets would have to report their compliance with the ratio each quarter. Banks with between $50 billion and $250 billion in assets would only have to do so at the bank holding company level. Larger banks would report at both the holding company level and at the insured depository level.

The FDIC, FRB, and OCC believe that at least 15 banks would be forced to comply with the ratio, while an additional 20 banks would be subject to the FRB’s proposal for banks between $50 billion and $250 billion in assets.

Wonk OFF!