Tuesday, April 24, 2012

Fair Lending Compliance - Some Red Flags

The Consumer Financial Protection Bureau (CFPB) will make Fair Lending a focus of its examinations.
Our firm is committed to providing comprehensive audit and due diligence reviews in preparation for the CFPB's Nonbank and Bank Supervision and Examination. 
Our Compendium provides:
  • Directory: All Sections
  • Contents: Links to Compendium Text
  • Contents: Links to CFPB Website Text
In preparing our Audit and Due Diligence procedures for our clients, we have combined all three parts into a single Directory with links to each section's CFPB Compendium texts and CFPB's website texts. There are over 700 pages in this CFPB Compendium.
A central feature of the CFPB exam is the review of a company's Fair Lending compliance.
In preparing your firm for a CFPB examination, it is important to explore how Fair Lending is practiced by your firm.
The term "Fair Lending" has been around for many years and is used as a catch-all phrase for several regulatory compliance requirements.
Let's consider four areas affecting Fair Lending compliance - areas to which financial institutions sometimes do not give sufficient consideration.
I will provide a brief list, grouped by category, and suggest some potential risks that should be considered.
The list is not meant to be comprehensive - I have chosen just four categories - but this exercise should guide you toward expanding the scope of your Fair Lending initiatives.
Please keep in mind that state banking department examiners and federal prudential regulators will also look for these potential infractions when conducting examinations.
Maternity Leave
Some Potential Risks
  • Community Reinvestment Act (CRA) assessment areas do not comply with Regulation BB and/or exclude minority areas.
  • Branches and expansion plans disfavor minority neighborhoods.
  • Marketing strategies exclude minority geographies.
  • Complaints about redlining by consumers or community advocates.
Some Potential Risks
  • Overages, fees, yield spread premiums, and pricing exceptions.
  • Lack of specific guidelines for pricing (including exceptions).
  • Use of risk-based pricing that is not based on objective criteria or applied consistently.
  • Broad pricing discretion, such as through overages, underages, or yield spread premiums.
  • Lack of clear documentation of reasons for pricing decisions (including exceptions).
  • Lack of monitoring for pricing disparities.
  • Financial incentives for loan originators to charge higher prices.
  • Pricing policies or practices that treat applicants differently on a prohibited basis or have a disparate impact.
  • Loan programs that contain only borrowers from a prohibited basis group.Complaints about pricing by consumers or community advocates.
Some Potential Risks
  • Stricter underwriting policies, such as tighter credit standards in certain specific geographic markets.
  • Lack of specific underwriting policies for Fair Lending risk, including both disparate treatment and disparate impact discrimination.
  • Lack of monitoring and/or policies to manage disparate impact risks caused by varying origination channels or geographic areas.
Maternity Leave
Regulation B, the implementing regulation of the Equal Credit Opportunity Act (ECOA), prohibits using assumptions related to the likelihood that any group of persons will rear children or will, for that reason, receive diminished or interrupted income in the future.
Some Potential Risks
  • Assuming that a woman will not return to work after childbirth.
  • Not implementing underwriting policies that treat applicants on maternity or parental leave and applicants on other types of leave similarly.
  • Failing to consider the requirements for verifying the income of an applicant on maternity or parental leave.
  • Failing to review and respond to complaints by consumers who were on maternity or parental leave at the time of the loan application.
  • Not incorporating remedies into a policy statement regarding maternity or parental leave.
Law Library Image
Consumer Financial Protection Bureau
* Jonathan Foxx is the President & Managing Director of Lenders Compliance Group

Thursday, April 12, 2012

CFPB Offers A View Of Profit Sharing

The CFPB recently announced that it will update the TILA loan originator compensation rule (Rule) in July of 2012. The updated rule may cause some new concerns regarding the implementation of the current Rule or it just may actually provide some sorely needed repairs for issues, strange and otherwise, that have dogged the Rule from the very start.
One issue in particular has been fomenting all along: the FRB's interpretation of the Rule (and the interpretation informally adopted by the FDIC) regarding contributions made to retirement plans on behalf of loan originator employees. The FRB deemed such contributions to be compensation and subject to the restriction that compensation cannot be based on the terms and conditions of the loan transaction. This is because the FRB asserted that profits were considered a proxy for loan terms and conditions.
Recently, the CFPB has weighed into this matter by declaring that employers should be permitted to contribute to "Qualified Plans" out of a profit pool derived from loan originations.
So let's discuss what this all means and if this issue is really resolved! *
Profit Sharing Debacle
Bulletin 2012-02
Interpreting the Bulletin
"Heads-Up" Regulating
Profit Sharing Debacle
Contributions to a profit sharing plan pose a significant challenge to mortgage brokers or bankers whose sole source of profitability is from the origination of loans. If the broker only brokers loans, then the income received was already subject to the restriction that it could not be based on the terms and conditions of the credit extended.
Thus, the profit sharing contribution also would not be based on the terms and conditions.
If, on the other hand, a mortgage banker funds the loans with its own money and makes a profit from a true secondary market transaction that is allowed to be dependent on the terms and conditions of the credit extended, it will be much harder to make a profit sharing contribution and effectively assert that the payment is not dependent on the terms and conditions of the credit extended.
For those entities, there might be a need to revise the 401(k) plan to make it a nondiscretionary plan so that such profits play no part in determining whether a contribution is made or the amount of the contribution.
There has been considerable debate on how or whether profit sharing plan contributions may accept compensation. If the contribution is tied to profits, and profits are tied to the origination of loans, a portion of which might be determined by the terms or conditions of the transaction originated, then the FRB asserted that no contribution could be made. This becomes particularly problematic because Employee Retirement Income Security Act (ERISA) rules generally do not allow for contributions to be made for some employees but not for other employees. Thus, this would have the effect of eliminating contributions for all employees.
So here is the debacle: In order for a lender to make the contributions for loan originators without running afoul of the Rule, it is the lender's responsibility to show that the contribution was not based on the terms and conditions of the credits extended.
I will list just some of the contortions that loan originators have had to deal with thus far, depending on the profit sharing plan:
Plans with matching contributions: There would be no difficulty in showing the amount of the contribution was independent of the terms and conditions of the credit transaction because the amount of the contribution is based on the amount contributed by the employee.
Non-discretionary plans: Where the contributions must be made in a fixed amount irrespective of "profits," there would be a valid case that the amount of the contribution is not based on the terms and conditions of credit extended.
Discretionary non-elective or matching contributions: That are not tied directly to specific profit targets, is a more complicated issue, but could be supported by the point that all employees, mortgage originators or not, receive the same amount. In other words, no originator received compensation tied to the loan terms and conditions because others were compensated equally irrespective of loan terms and conditions.
Discretionary plan tied to specific profit targets: Would likely need to exclude the income from loan originations to avoid a challenge that the payment was based on the terms and conditions.
And, of course, any plan that sets the amount of the contribution based entirely on the income an originator generated would definitely violate the regulation.
Bulletin 2012-02
Since the CFPB issued its April 2, 2012 CFPB Bulletin 2012-02  (Bulletin) that dealt, in part, with profit sharing, various media outlets and industry associations have applauded it for "clarifying" that the Rule does not ban loan originators from participating in employee stock ownership plans (ESOPs) or 401(k) plans - so-called "Qualified Plans."
One prominent law firm provides the Bulletin's exact text, which states that "employers of loan originators may make contributions to employees' qualified profit sharing, 401(k), and stock ownership plans (qualified plans) out of a profit pool derived from loan originations."
Another highly-respected law firm issued a notice, stating the CFPB "has confirmed that Regulation Z (which implements the Truth in Lending Act) does not prohibit mortgage loan originators from participating in qualified profit-sharing 401(k) or employee stock ownership plans (Qualified Plans)."
The plain reading of the Bulletin's text seems to provide a somewhat more nuanced view!

Friday, April 6, 2012

FTC Issues New Consumer Privacy Guidelines

Recently, we notified you that on March 12, 2012, the Consumer Financial Protection Bureau (CFPB) announced proposed amendments to the confidential treatment of information obtained from persons in connection with its exercise of authorities under federal consumer financial law. *
The proposed amendments would add a new section to the rules which provide that the submission by any person of any information to the Bureau in the course of the Bureau's supervisory or regulatory processes will not waive or otherwise affect any privilege such person may claim with respect to such information under federal or state law as to any other person or entity. Additionally, the CFPB is proposing to adopt a provision which provides that privileged information given by the CFPB to another federal or state agency does not waive any applicable privilege, whether the privilege belongs to the CFPB or any other person.
Today, we will take a brief look at consumer privacy protection updates at the Federal Trade Commission (FTC), the watchdog enforcement agency charged with protecting consumer privacy, issued a sweeping revisions to its privacy rules.
In this article, we will take a look at the FTC's call for companies to adopt best privacy practices. These best practices include making privacy the "default setting" for commercial data practices and giving consumers greater control over the collection and use of their personal data through simplified choices and increased transparency.
Privacy by Design
Simplified Choice for Businesses and Consumers
Greater Transparency
What Has Changed?
Future Issues
On March 26, 2012, the FTC issued a final report of 112 pages, setting forth best practices for businesses to protect the privacy of American consumers and give them greater control over the collection and use of their personal data.
In the report, Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers, the FTC also recommends that Congress consider enacting general privacy legislation, data security and breach notification legislation, and data broker legislation.
The Report follows a preliminary staff report that the FTC issued in December 2010. The preliminary report proposed a framework for protecting consumer privacy with respect to the new communication technologies of this century.
Like this Report, the framework urged companies to adopt the following practices, consistent with the Fair Information Practice Principles first articulated almost 40 years ago:
  • Privacy by Design: Build in privacy at every stage of product development.

  • Simplified Choice for Businesses and Consumers: Give consumers the ability to make decisions about their data at a relevant time and context, including through a Do Not Track mechanism, while reducing the burden on businesses of providing unnecessary choices.

  • Greater Transparency: Make information collection and use practices transparent.
Companies should build in consumers' privacy protections at every stage in developing their products. These include reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy.
Companies should give consumers the option to decide what information is shared about them, and with whom. This should include a Do-Not-Track mechanism that would provide a simple, easy way for consumers to control the tracking of their online activities.
Companies should disclose details about their collection and use of consumers' information, and provide consumers access to the data collected about them.
The Report changes the guidance's scope; that is, the preliminary report of December 2010 recommended that the proposed framework apply to all commercial entities that collect or use consumer data that can be linked to a specific consumer, computer, or other device, but now this final Report concludes that the framework should not apply to companies that collect and do not transfer only non-sensitive data from fewer than 5,000 consumers a year.
The Report also responds to comments filed by organizations and individuals that, with technological advances, more and more data could be "reasonably linked" to consumers, computers, or devices. Thus, the Report concludes that data is not "reasonably linked" if a company takes reasonable measures to re-identify the data, commits not to re-identify it, and prohibits downstream recipients from re-identifying it.