CFPB Issues S.A.F.E. ACT Examination Procedures

On March 7, 2012, the Consumer Financial Protection Bureau (CFPB) issued guidance regarding examination procedures pertaining to compliance with the Secure and Fair Enforcement for Mortgage Licensing Act of 2008 (SAFE Act or SAFE) examination procedures. This issuance pertains to examinations relating to federally registered individuals and their employers.

The guidance largely reconfirms information included in the final rule promulgated by the various federal banking regulatory agencies during 2010. For instance, similarities include definitions, de minimis exemptions, steps and procedures to obtain and maintain federal registration, and policies and procedures. 
The examination procedures and criteria had been expected, and can be summarized, as follows:

Establish whether written policies and procedures have been adopted to assure compliance with the SAFE Act and applicable regulations.

Determine whether the annual independent testing of the institution's policies and procedures regarding compliance with the SAFE Act and applicable regulations has been conducted.

Evaluate whether any deficiencies identified during independent testing have been corrected and measures have been put into place to ensure that deficiencies do not recur.

In this newsletter, we will briefly outline the salient features of the SAFE examination for federally registered individuals and their employers.

IN THIS ARTICLE

Examination Objectives
Policy Statement
Policies and Procedures
Examination Procedures

Examination Objectives

The SAFE examination objectives (which reflect procedures approved by FFIEC), must include these determinations:

1) Whether the financial institution has adopted written policies and procedures designed to assure compliance with the SAFE Act regulation.

2) Whether the annual independent testing of the institution's policies and procedures for assuring compliance with the SAFE Act regulation has been conducted.

3) Whether any violations or deficiencies identified during the independent testing have been corrected and that steps have been taken to ensure they do not recur.

Policy Statement

As in many other areas of regulatory compliance, establishing written policy and procedures for SAFE compliance is essential.

So, the following outline provides the necessary criteria that must be contained in such a policy statement.

In the case of SAFE compliance, the policy statement affects all covered financial institutions that employ individual MLOs, where MLOs act within the scope of their employment, and regardless of the application of any de minimis exception to their employees.

Furthermore, it should contain a requirement to conduct annual independent compliance tests to ensure compliance with the regulation.

Policies and Procedures

The following requirements must be contained in the SAFE written policies and procedures:

• Establish a process for identifying which employees of covered financial institutions must be registered.

• Require that all employees who are MLOs be informed of the registration requirements of the SAFE Act and SAFE Act regulation and instructed on how to comply.

• Establish procedures to comply with the SAFE Act regulation's unique identifier requirements.

• Establish reasonable procedures for confirming the adequacy and accuracy of MLO employee registrations, including updates and renewals, by comparisons with its own records.

• Establish reasonable procedures and tracking systems for monitoring compliance with registration and renewal requirements and procedures.

• Provide for annual independent testing for compliance with the SAFE Act regulation by institution personnel or an outside party.

• Provide for appropriate action if an employee fails to comply with the registration requirements of the SAFE Act regulations or the institution's related policies and procedures, including prohibiting such employees from acting as MLOs or other appropriate disciplinary actions.

• Establish a process for reviewing employee criminal history background reports received pursuant to the regulation, taking appropriate action consistent with applicable federal law14 and implementing regulations with respect to the reports, and maintaining records of the reports and actions taken with respect to applicable employees.
  

CFPB: Treatment of Privileged Information

On March 12, 2012, the Bureau of Consumer Financial Protection (CFPB) announced proposed amendments to the confidential treatment of information obtained from persons in connection with its exercise of authorities under federal consumer financial law.

The proposed amendments will add a new section to the rules which provide that the submission by any person of any information to the Bureau in the course of the Bureau's supervisory or regulatory processes will not waive or otherwise affect any privilege such person may claim with respect to such information under federal or state law as to any other person or entity.

Additionally, the CFPB is proposing to adopt a provision which provides that privileged information given by the CFPB to another federal or state agency does not waive any applicable privilege, whether the privilege belongs to the CFPB or any other person.

The Dodd-Frank Act (Dodd-Frank) did not explicitly address whether the submission of privileged information to the CFPB in the course of the its supervisory or regulatory processes will affect any privilege a supervised entity may claim with respect to such information, even though Congress did provide that "all the powers and duties" of the prudential regulators relating to their transferred consumer financial protection functions would be granted to the CFPB, and this grant of authority encompasses the ability to receive privileged information from supervised entities without effecting a waiver.

In this article, I will offer a brief understanding of this complex issue and provide an Action Plan.*

IN THIS ARTICLE

History
Bulletin 12-01
Proposed Rule
Confidentiality
Considerations
Action Plan

____________________________________________________

History

The CFPB first announced in October 2010 that it would be gathering information from banks and nonbanks in its efforts to examine and supervise financial service products.

Many financial institutions at the time expressed considerable concern that divulging privileged documents to the CFPB would be deemed a waiver by the courts, thereby permitting competitors and consumer groups to access the privileged documents.

The CFPB's first official release in 2012, Bulletin 12-01, addressed the treatment and scope of confidentiality protections accorded information collected from supervised institutions through the CFPB's supervisory process.

Then, as indicated above, on March 12, 2012, the CFPB proposed the new rule, the purpose of which, among other things, is to codify protections for privileged information submitted by financial institutions that are regulated by the CFPB.

Bulletin 12-01

The CFPB asserts that "Congress intended the Bureau's examination authority to be equivalent to that of the prudential regulators," with respect to the statutory provision that grants prudential regulators the authority to receive privileged information from their supervised entities without there being a waiver of privilege.

The CFPB reached this conclusion by claiming that in inheriting the prudential regulators' examination authority with respect to compliance with federal consumer financial laws for supervised institutions, it was concomitantly granted "all powers and duties" vested in the prudential regulators related to examination authority.

And one of the powers is the ability and authority to receive privileged information without affecting a waiver. However, it should be noted here that the statutes cited by the CFPB in support of its claim applies to federal banking agencies, not the CFPB. Thus, it seems that the CFPB is not entirely in a position to use, mutatis mutandis, the same statutory privilege protection provided for in Dodd-Frank.

Bulletin 12-01 (Bulletin) addressed two specific parts of the CFPB's policy on confidential information.

1) It states that institutions providing privileged information to the CFPB pursuant to a supervisory request will not waive any privilege that attaches to such information.

2) It indicates that the CFPB will treat information obtained through the supervisory process as confidential and privileged, and, importantly, it provides that the CFPB will only disclose such information to prudential and state regulators, when necessary and/or appropriate, and to law enforcement agencies, only where justified, as determined by the CFPB.

The Bulletin seeks to resolve an intrinsic issue regarding the CFPB's lack of a statutory examination privilege such as that provided to the federal banking agencies. Although the Bulletin provides possible legal support for why similar privilege applies to supervisory information provided to the CFPB, the outline itself does recognize the absence of the same statutory protection that the federal banking agencies had been compelled to pursue in the Financial Services Regulatory Relief Act of 2006 ("FSRRA"), specifically Section 607.

Anti-Money Laundering Debuts for Nonbank Mortgage Companies

A new era in filing requirements is about to begin.* For the first time, the Financial Crimes Enforcement Network, known as “FinCEN,” will require nonbank mortgage lenders and originators to implement an Anti-Money Laundering program (“AML Program”) and file Suspicious Activity Reports (“SARs”) for certain loan transactions.[i] FinCEN is establishing this AML program in accordance with the Bank Secrecy Act (“BSA”).[ii] The guidelines relating to the AML requirement become effective on April 16, 2012, and the AML Program’s effective compliance date is August 13, 2012.[iii] The AML program and SAR filing regulations, which I will refer to as “FinCEN’s rule,” are considered to be “the first step in an incremental approach to implementation of regulations for the broad loan or finance company category of financial institutions.”[iv]

The Bank Secrecy Act defines the term "financial institution" to include, in part, a loan or finance company. This terminology, however, can reasonably be construed to extend to any business entity that makes loans to or finances purchases on behalf of consumers and businesses. Thus, nonbank residential mortgage lenders and originators, and mortgage brokers, are grouped into the "loan or finance company" category.[v] However, the term ‘‘loan or finance company’’ is actually not concisely defined in any FinCEN regulation, and there is no legislative history on the term itself. Nevertheless, FinCEN is applying this term to extend to any business entity that makes loans to or finances purchases on behalf of consumers and businesses. [vi] Therefore, residential mortgage lenders and originators (“RMLOs”) are covered by the scope of the ‘‘loan or finance company’’ term. I will use the acronym “RMLO” in this article, inasmuch as my principal focus herein relates to residential mortgage lenders and originators.

FinCEN can issue regulations requiring financial institutions to keep records and file reports that are determined to have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings, or in the conduct of intelligence or counterintelligence activities, including analysis, to protect against international terrorism. Federally regulated depository institutions have been required to have AML Programs,[vii] and now, as of the aforementioned effective compliance date, RMLOs must also comply with FinCEN’s regulations relating to implementing an AML Program and the filing of SARs.

Over the last few years,[viii] FinCEN has issued studies and analyses that used SARs to discover suspected mortgage fraud and money laundering that involved both banks and residential mortgage lenders and originators.[ix] According to FinCEN, these reports “underscore[d] the potential benefits of AML and SAR regulations for a variety of businesses in the primary and secondary residential mortgage markets.”[x]

Residential mortgage lenders and originators, the RMLOs, are considered to be the primary providers of mortgage finance, and have a unique position with respect to direct contact with the consumer. Thus, they are presumably able to assess and identify money laundering risks and fraud.[xi] At this time, FinCEN is not proposing a definition of “loan or finance company’’ that would encompass other types of consumer or commercial finance companies, or real estate agents and other entities involved in real estate closings and settlements.

In this article, I am going to unpack the AML Program for you in a way that will give you some familiarity with its scope, while perhaps also making its implementation a bit less daunting than it might otherwise seem to be. Nevertheless, many RMLOs will find that setting up the AML Program will be a challenging endeavor. Information, issuances, and relevant documentation are available in the FinCEN section of my firm’s website Library.

Please keep in mind that, as is the case with many applications of legal and regulatory compliance, there are aspects and nuances that will require recourse to a competent risk management professional to obtain comprehensive guidance and reliable information.[xii]

AML Program

Residential mortgage lenders and originators, the RMLOs, are required to establish an AML Program that includes, at a minimum:

(1) Development of internal policies, procedures, and controls.

(2) Designation of a compliance officer.

(3) Ongoing employee training program.

(4) Independent audit function to test for compliance.

To effectuate the AML Program, FinCEN has given a definition of an RMLO that is broad in scope and covers most nonbank residential mortgage originators.

The AML Program covers any business that, on behalf of one or more lenders, accepts a completed mortgage loan application, even if the business does not in any manner engage in negotiating the terms of a loan. Also covered are businesses that offer or negotiate specific loan terms on behalf of either a lender or borrower, regardless of whether they also accept a mortgage loan application.

Note that the word “accept” is intended to differentiate the FinCEN rule from the SAFE Act. FinCEN is ensuring that persons who either accept an application or offer or negotiate the terms of a loan are covered. Furthermore, the AML rule applies to residential mortgage originators, regardless of whether they receive compensation or gain for acting in that capacity.

The Cost of Consumer Financial Protection

Recently, I met with several accomplished compliance professionals for lunch. There was considerable discussion about the continuing growth of the regulatory frameworks, the bureaucracies to maintain them, and economic burden on financial institutions. *

One individual expressed the importance of financial protection of the consumer, while recognizing that such protection causes incremental compliance requirements; another individual agreed that such protection was needed, but worried that the costs to provide that protection would ultimately be borne by the consumer through increased pricing. 

In a way, these views reflect an ethical dilemma, and I would like to explore this seeming conundrum and offer a resolution.

IN THIS ARTICLE

An Unfettered Market
Pricing
Framework
Regulations
Protecting the Consumer
"Remember that credit is money."
Ethical Dilemma
Discussion Forum

An Unfettered Market

There is no political economy that we know of, since the dawn of recorded history, in which an unfettered market has existed.

Theories abound about how such a market might function. Whether we term such markets as "unfettered" or use the more emotionally appealing word "free," these markets are nonetheless only theories, howsoever popular in the public mind, and have virtually no extrapolation into economic reality. Better to call such theoretical legerdemain "utopian markets" and leave them to their rightful place in speculative philosophy and treatises on metaphysics.

Of course, utopias are attractive and always will be, even if we instinctively know that their viability is inherently unsupported by human experience and their imagined structure is ultimately dissolved in the unsentimental crucible of human history.

Pricing

All markets are a remunerative way of exchanging information, which we call goods and services. Pricing is that information means by which markets communicate value relative to goods and services. And pricing is communicated through the conveyance of planning.

Markets contain an element of planning - some in extreme, others much less so. The plan, or the framework, is often in control of market participants by virtue of the very act of pricing. It is not possible to remove pricing from a market. Even a market predicated on bartering utilizes the "quid pro quo" as its informational pricing signal.

Framework

In the absence of a framework there is no market. It is not the framework that encourages commerce; rather, it is the commerce itself that encourages the formation of the framework. Innovative commerce often bleeds through and beyond an old framework, thus creating the need for a new framework.

And there is often reactionary resistance to the new framework. Those market participants who are paying attention to the informational signals of a new market are already finding ways and means to act in the new framework, while those whose commerce has not kept pace with innovation tend to resist the change mightily, hopelessly trying to preserve what they have by "fighting the tape."

Regulations

Over the years I have found that the word "regulations" has become a euphemism for all manner of mischief perpetrated by politicians and market participants. Notice I differentiate the two: while some politicians may be market participants, most market participants are not politicians. Yet politicians spend quite a bit of their time crafting regulations! The mischief takes the form of viewing regulations as not only coercive (which they are) but also capricious (which they are not).

Both the politicians and the market participants rail on and on between and amongst each other about the coercion and the capriciousness of regulations, yet none of them ever really defines what actually is an efficient regulation. That is because, often, neither side has any idea how best to define such a thing.

But I'll define an "efficient regulation" right here and now:

An efficient regulation is the means by which the framework is preserved. Nothing more.

An inefficient regulation is the means by which the framework is destroyed. QED.

FHA: Avoiding the Mortgagee Review Board

Periodically, we review with you the types of administrative actions taken by HUD's Mortgagee Review Board (MRB).

The review of the MRB's published administrative actions should be considered a teaching moment for all FHA approved mortgagees, inasmuch as the MRB is empowered to enforce its administrative sanctions, through, among other things, reprimand, probation, suspension or withdrawal of approval and/or underwriting authority, cease-and-desist orders, and civil money penalties.

Trust me - you don't want to go there!

On February 24, 2012, HUD published the administrative actions taken by the Mortgagee Review Board (MRB) against certain FHA mortgagees. The period covered in the issuance is February 14, 2011, to July 20, 2011.

In this newsletter, I will provide an outline of the kinds of violations and respective sanctions that the MRB recently sustained.

Best wishes,
Jonathan Foxx*

IN THIS ARTICLE

A Word to the Wise

Rule of Thumb

Administrative Actions

_____________________

A Word to the Wise

In representing clients before the MRB, I can vouch for the exhaustive due diligence that is virtually mandated, the considerable costs involved, the experienced legal counsel and requisite regulatory compliance expertise that is needed, and the significant adverse impact on an FHA lender's ability to conduct or even continue in business.

It's easy to get lulled into a sense of false confidence by thinking that some violations are minor. But if the MRB gets involved, those minor violations will become a part of the causes for administrative action, and even in some instances the proximate cause of the administrative action.

Nothing should be considered a "minor" violation, when originating HUD/FHA mortgage loans.

It is instructive to note the causes for the administrative action brought against an FHA-approved mortgagee.

Ignorance is a futile defense, when it comes to the causes that can affirmatively contribute to disciplinary action.

Rule of Thumb

The MRB is not sympathetic to a mortgagee that violates HUD/FHA requirements which are, or are expected to be, within the mortgagee's control.

Violations that are not, or not expected to be, in the mortgagee's control provide the MRB with a more nuanced basis upon which to provide some leniency.

Administrative Actions

VIOLATION:
Improperly entered incorrect information as "cash reserves'' into HUD's automated underwriting system in order to receive approvals for seven loans; failed to adequately document the stability of borrowers' employment or income and failed to adequately document other income used to qualify borrowers; failed to consider mortgage payment debt and liabilities when underwriting and approving FHA-insured loans; failed to adequately document the source of gift funds for one loan; and failed to obtain confirmation concerning cash saved at home with regard to two other loans.

ACTION:
Indemnify HUD for any future losses on six FHA-insured mortgage loans; reimburse HUD for losses in the amount of $496,727.53 for mortgage insurance claims paid by HUD; and pay a civil money penalty in the amount of $45,500.

VIOLATION:
Failed to notify HUD that the mortgagee, its principals, and its originators had entered into a consent order with a state, which required the payment of an $11,000 fine for originating mortgages in that state without originator licenses; failed to notify the HUD that it entered into a consent order with another state, which required the payment of a $1,500 penalty for failing to file its annual report; and falsely certified on its 2010 Yearly Verification Report that it had not been involved in a state proceeding that resulted in adverse action and had not relinquished a license in any jurisdiction in which it originates or services FHA-insured mortgages.

ACTION:
Mortgagee required to pay a civil money penalty in the amount of $12,500.