TOPICS

Thursday, April 30, 2015

Information Security Breaches

QUESTION
Much has been in the news recently of very large companies experiencing failures of their Information Technology infrastructure to prevent access to private, secure data. Breaches in security have compromised very large companies like Sony, Target and Home Depot.

As a small financial company, should I still be concerned?

ANSWER
The simple answer is “Yes!”

Compliance and security issues keep financial industry IT professionals up at night. And for good reason. Security breaches and instances of non-compliance can lead to fines, a loss of customer confidence and even criminal charges in extreme cases of negligence. The problem is that maintaining compliance and ensuring data protection is both time consuming and complicated.

Since the financial crisis, regulators have increased requirements and scrutiny of financial institutions for maintaining compliance. At the same time, every financial services organization needs to be aggressive about increasing and improving their services in order to remain competitive and attract new customers. 

IT departments within financial organizations are facing unprecedented change:
  • Companies now face competition on a global scale with nanosecond transactions
  • Customer applications are on 24x7 and outages are unacceptable
  • Security threats have become the #1 IT issue
  • Company reputation / brands threats – the Ponemon Institute reported in September 2014 that 43% of companies experienced a data breach in the past year
  • Cloud, Big Data, Mobility & Security require additional investments in order to compete
  • IT budgets continue to be constrained and/or are shrinking

There are also market challenges financial companies must deal with:
  • 24 x 7 Infrastructure (always on)
  • Cost of down time is ever increasing
  • Cybercrime is rampant
  • New data privacy laws 

Kevin Origoni
Director/IT and Information Security
Lenders Compliance Group

Thursday, April 23, 2015

Consumer withdraws E-Sign Consent

QUESTION
Much has been said about obtaining E-Sign consent. But we received a notice from our borrower to withdraw the consent they had previously given to us. Now we are unsure how their withdrawal of E-Sign consent affects the disclosures that they had agreed to receive and already received. What are the disclosure consequences in a withdrawal of E-Sign consent?

ANSWER
The withdrawal by the consumer of consent to receive electronic records does not affect the legal effectiveness, validity or enforceability of electronic records provided to the consumer before the implementation of the withdrawal of such consent, if the applicable procedures to obtain the E-Sign consent have been fully implemented. [15 USC § 7001(c)(4)]

For instance, applicable procedures include that, prior to consenting, the consumers are to be provided with a statement of the hardware and software requirements for access to and retention of the electronic records, and they also consent electronically in a manner that reasonably demonstrates that they can access information in the electronic form that will be used to provide the information that is the subject of the consent.

The consumers’ withdrawal of consent to receive electronic records is effective within a reasonable period of time after the record provider receives the withdrawal. 

Under certain conditions, the consumers’ failure to comply may be treated as a withdrawal for E-Sign consent purposes if, after consumers give consent and upon their election, the following circumstances pertain:

1. A change in the hardware or software requirements needed to access or retain electronic records creates a material risk, such that consumers will not be able to access or retain a subsequent electronic record that was the subject of the consent; and

2. Consumers are provided with a statement of both the revised hardware and software requirements for access to and retention of the electronic records as well as the right to withdraw consent without the imposition of any fees for such withdrawal, and without the imposition of any condition or consequence that was not disclosed. The foregoing applies where, prior to consenting, consumers were provided with (A) a clear and conspicuous statement informing them of any right or option they have to the record provided or made available on paper or in non-electronic form; and (B) they had been notified of their right to withdraw the consent to have the record provided or made available in an electronic form, and of any conditions, consequences (which may include termination of the parties’ relationship), or fees in the event of such withdrawal.

Jonathan Foxx
President & Managing Director
Lenders Compliance Group

Thursday, April 16, 2015

RESPA’s “Required Use”

QUESTION
Our state banking department has cited us for a violation of RESPA, because we did not comply with RESPA’s “Required Use” provisions. What is “Required Use” and how can we avoid this violation in the future?

ANSWER 
The Real Estate Settlement Procedures Act (RESPA) contains a certain definition relating to the use of a settlement service provider. Under RESPA, “required use” occurs when a loan applicant must use a particular provider of a settlement service in order to have access to some distinct service or property, and the applicant will pay for the settlement service of the particular provider or will pay a charge attributable, in whole or in part, to the settlement service. [24 CFR § 3500.2(b)]

The following two caveats should be followed in order to avoid causing a violation of RESPA if, for instance, the lender offers a package, or a combination of settlement services, or offers discounts or rebates to consumers for the purchase of multiple settlement services:
  1. Any package or discount is optional to the purchaser; and,
  2. The discount is a true discount below the prices that are otherwise generally available, and must not be made up by higher costs elsewhere in the settlement process.
Jonathan Foxx
President & Managing Director
Lenders Compliance Group

Thursday, April 9, 2015

Ordering Appraisals prior to Submission of Application

QUESTION
We are a residential mortgage lender. Customers are asking us if we can order an appraisal prior to their submission of an application to us so that they are sure that the property will appraise sufficiently. We are aware that if a customer orders an appraisal we would not be able to accept it, as it will not be in our name and our investors do not allow for a transfer of the appraisal. We would like to accommodate our customers by offering this service and helping them avoid paying for an appraisal twice.

We envision that we will order the appraisal with the customer paying for the appraisal at the time it is done. The appraisal report will come directly to us as the lender and then we will provide a copy of the appraisal to the customer. If the customer then wants to proceed, we will use the same appraisal to support the loan. Is the foregoing procedure permissible and, if so, are there any risks to proceeding in this manner?

ANSWER
While it is understandable that the customer does not want to pay for an appraisal twice and you as the lender want to accommodate your customers,  for the reasons set forth below, it is recommended that a lender does not order the appraisal prior to issuing initial disclosures and obtaining an intent to proceed. Your scenario is fraught with RESPA, Fair Lending and UDAAP implications.

You state that the potential applicant will pay for the appraisal “at the time it is done”. If the idea is that the customer will pay the appraiser directly at the time he does the appraisal, and if the appraisal is to be later used to support the loan, this is not permissible. Appraiser Independence requirements do not permit an appraiser to collect payment directly from the borrower. The lender or its designated third party must select, retain, and provide for all compensation to the appraiser. So, if the appraisal is to be used in the loan origination process, the lender must be the party that orders the appraisal and pays for same.

Similarly, it is not permissible for the customer is to pay the lender upfront with the lender remitting payment to the appraiser, as this scenario constitutes a RESPA violation. In order to collect payment from the applicant, the lender must charge the applicant the cost of the appraisal. Under RESPA, a lender, cannot charge a potential loan applicant any fee, including an appraisal fee, prior to issuing the GFE and the applicant indicating an intent to proceed. Although RESPA does not prevent a lender from ordering the appraisal prior to the issuance of the GFE and receipt of an intent to proceed, in the event the potential applicant does not proceed with an application or the transaction does not close, the lender runs the risk it will not be able to seek reimbursement from the potential applicant.

Even if the lender is willing to assume the risk of non-payment, this scenario presents many other issues, including possible TILA and RESPA disclosure violations. The lender needs to determine what information it has in its possession. If the loan originator has enough information from the potential applicant to identify the property and is willing to order an appraisal (and take the risk of not being paid for the appraisal), it is probable that the LO has sufficient information from the applicant to have an application triggering disclosure obligations.

Additionally, although a lender may look at absorbing the cost of the appraisals that do not close as a “cost of doing business”, this scenario may subject a lender to fair lending implications. It is difficult to justify having one set of applicants who are required to pay for appraisals up front (after giving an intent to proceed) but never close the transaction for whatever reason, and another group of applicants who obtain “free” appraisals because the application fails to close. If a non-protected group is receiving the benefit of these “free” appraisals, while a protected group is not receiving this benefit, there will be a fair lending issue.

In addition to fair lending concerns, Unfair Deceptive or Abusive Acts and Practices (UDAAP) should be considered. If a loan officer tells the potential applicant (who has not received a GFE or other disclosures) that the lender will order the appraisal which the applicant can pay for at a later date, the lender may be creating an impression in the applicant’s mind that the applicant is obligated to proceed with the transaction notwithstanding that he has not received the GFE or other disclosures. The purpose of the GFE is to allow the applicant to compare offers, understand the real cost of the loan, and make informed decisions in choosing a loan. In ordering the appraisal, the LO may be creating the impression that the applicant is not permitted to shop and compare loans, and must continue with the application, irrespective of the fact that the applicant has not been given sufficient information to make an informed decision in choosing a loan. This could be viewed as a deceptive practice.

The bottom line is that the appraisal ordered by the lender is for the lender’s benefit. If the potential applicant wants an appraisal to verify value prior to bidding on a property, refinancing, etc., it is best that he directly contract for his own appraisal.

Joyce Wilkins Pollison
Director/Legal & Regulatory Compliance
Lenders Compliance Group

Thursday, April 2, 2015

Waiting Period Requirements after Rate Lock

QUESTION
Once a consumer locks his or her interest rate, are there any waiting period requirements prior to closing?

ANSWER 
In certain instances, a lender will not be able to close a mortgage loan immediately following a consumer locking the rate.  Waiting period requirements exist in some instances depending on the circumstances as well as the state in which the subject property is located. 

There are many considerations to take into account when determining whether a waiting period exists between rate lock and closing.

First, a mortgage lender must consider whether the seven business day waiting period from initial disclosures expired. A creditor must deliver or mail initial disclosures no later than three business days after receiving the consumer’s application and at least seven business days before consummation.

If this requirement has been met, a mortgage lender must next consider whether the rate lock resulted in any changes in terms requiring re-disclosure of the Truth-in-Lending Statement (“TIL”) due to inaccuracy of the annual percentage rate (“APR”). The APR is inaccurate if the APR varies by more than one-eighth of one percent (.125) in a regular transaction or more than one quarter of one percent (.25) in an irregular transaction; and, if either inaccuracy occurs, a revised TIL must be re-disclosed. Irregular transactions include transactions with multiple advances, irregular payment periods, or amounts other than an irregular first or last period or payment. If the APR is inaccurate and re-disclosure is required, the mortgage loan transaction cannot close until three business days after the consumer receives the revised TIL. 


In addition to the above waiting periods, various states impose additional waiting periods between rate lock and closing. Currently, the following states require a waiting period between rate lock and closing in certain instances:


There are several factors to take into account once a consumer locks his or her interest rate and prior to closing the loan. Lenders must be cautious when determining if a waiting period exists. Waiving a waiting period for a bona fide emergency or other reason should likely only occur in rare instances and must be properly evaluated and documented.

Michael Barone
Director/Legal & Regulatory Compliance
Lenders Compliance Group