November 2014 Newsletters
Just over a month ago, the CFPB issued their first enforcement action against a servicer for violating the new servicing rules. The CFPB threw the hammer down on Flagstar Bank for their handling of loss mitigation applications. Specifically, they allege that Flagstar systematically misled, delayed and wrongfully closed loss mitigation applications. The steep penalties included a $27.5 million redress to customers, a $10 million civil penalty and a prohibition from acquiring default servicing rights from third parties.
This is a wake-up call for financial institutions. Financial institutions need to take note and shore up any compliance issues they have with the new regulations to avoid regulatory scrutiny.
The servicing rule is only the tip of the iceberg. The CFPB and other regulators have a multitude of other rules to use to scrutinize financial institutions. We can only expect more enforcement actions in the near future, and actions that branch out into other major revisions such as the ability to repay rule.
What lessons can we learn from this enforcement action?
Respond to borrowers timely and with accurate information. One of the biggest complaints the CFPB levied on Flagstar was their lack of communication. They allege that Flagstar continually misinformed borrowers, denied applications for unspecified reasons and failed to alert the borrower about the status of their applications. Servicers need to make personnel available to respond to borrower inquiries in a timely and accurate manner.
Keep accurate records. Having a good paper trail provides evidence of compliance. It’s not good enough to just comply with the new rules; you have to prove it as well. For example, having a complete loan narrative that explains why you believe the borrower has the income and assets to show their ability to repay a loan will make it easy come exam day. Spelling it out for the examiner will make their review faster and will give them fewer opportunities to make their own assumptions.
Transparency. Let customers know how much and when the financial institution will charge fees. Make every effort to ensure the customer has a complete understanding of the transaction. Misleading or deceiving a customer will lead to compliance violations, including the dreaded, ubiquitous UDAAP.
The regulatory agencies have said that the banks would be extended leniency during the first exams of 2014 as far as compliance with all of the new mortgage rules, but this enforcement action could very well be the shot across the bow that the time of leniency has ended.
From the recent regulatory outreach sessions, some very interesting comments have been made concerning vendor management and correlation with Unfair Deceptive and Abusive Acts and Practices (UDAAP) as well as vendor management being a primary contributor to bank’s compliance violations.
Typically when you think about vendor management, the last thing on your mind is UDAAP and consumer compliance violations in connection with the bank’s products or services. When performing vendor management reviews, the bank is focused on the vendor’s financials, business continuity, disaster recovery and other areas that deal with the vendor’s ability to continue to provide the service the bank is contracting for.
How does vendor management play a role in consumer compliance violations? When you read regulatory agency's reports on common violations, it is easy to spot vendor-related issues. For example, many of the truth-in-lending violations being cited in recent exams stem from third party prepared documents. Even though a third party may have prepared the documents or even provided the software for the bank to use for document preparation, it is the bank’s responsibility to ensure the accuracy of the documents. Depending solely on the vendor, without verification, could lead to costly violations.
With that being said, how does vendor management, or the lack of adequate vendor management, play a role in UDAAP? This is an issue that has been in many news stories lately and at the bottom of several civil money penalties and fines. The issue that causes the UDAAP claim is that the bank’s vendor is practicing what is commonly known as “negative option marketing.” Exactly what does this mean? Well, the bank offers a product or service through a third party to its consumer customers in which the customer must specifically notify the bank, within a specific timeframe, if they want to opt-out of the service. Does this sound familiar? We have seen these types of products for years; for example, a credit monitoring service is offered initially for free to the consumer, but after a specified timeframe there is a fee attached, UNLESS the customer specifically contacts the bank to opt-out of the program after the initial period. How does that fit into vendor management? Well, the bank should understand their vendors and their products, and should ensure all disclosures contain all of the appropriate language, and in the example cited, ensure the initial period is clearly documented as well as the opt-out requirements.
Regulators are not going to cut the bank any slack with vendor management in regards to consumer violations. Make sure when you are completing vendor management due diligence that you include a review of the products or services those vendors will be offering for the bank.