Pulling Credit without Written Authorization

QUESTION:

At times, our loan officers pull credit without obtaining a written authorization from the consumer? Is this acceptable or do we need written authorization prior to pulling credit? What are the penalties for noncompliance?

ANSWER:

Although it is always best to obtain a written authorization, a consumer reporting agency may furnish a credit report “to a person which it has reason to believe—(A) intends to use the information in connection with a credit transaction involving the consumer on whom the information is to be furnished and involving the extension of credit to, or review or collection of an account of, the consumer.”

[15 USC §1681b(a)(3)(A)]

Absent a written authorization (or a documented verbal authorization), the issue is whether this permissible purpose existed. If the consumer applied for credit, whether in person, by phone, by mail, or electronically, the creditor has a permissible purpose to obtain a consumer report on the applicant, and thus does not need specific authorization from the applicant. That being said, it is always best to obtain a written authorization from the consumer so that you are protected in case the consumer asserts, especially in instances of phone applications, that he did not apply for credit. If verbal authorization was provided, the loan officer should document the file and confirm such verbal authorization as soon as practical with the customer such as through an e-mail confirmation. 

The private enforcement provisions of the Fair Credit Reporting Act (FCRA) permit a consumer to bring civil suit against a credit reporting agency for willful noncompliance with the FCRA, for actual damages in an amount of at least $100 but not more than $1,000 per violation. If a natural person obtains a consumer report through false pretenses or without a permissible purpose, the consumer will be entitled to the greater of $1,000 or actual damages. 

Additionally, the consumer can seek punitive damages (there is no ceiling on the amount that may be awarded) and, if successful, the consumer will be awarded attorney’s fees and cost of suit.

[15 USC §1681n] 

If a business or natural person obtains a consumer report from a consumer reporting agency through false pretenses or without a permissible purpose, the business or consumer will be liable to the consumer reporting agency for the greater of $1,000 or actual damages sustained by the agency. In the case of negligent noncompliance, the consumer may bring suit for actual damages, and if the consumer prevails, obtain an award of attorney’s fees and costs of suit. [15 USC §1681o]

The FCRA also outlines administrative enforcement consequences facing businesses and individuals who intentionally and continuously persist in violating the FCRA regulations. Repeat offenders are subject to a fine of up to $2,500 per infraction. In determining the amount of the fine, consideration is given to the history of the business’ or individual’s prior conduct, the degree to which they are culpable, and their ability to pay, among other factors. [15 USC 1681s] An individual using false pretenses to obtain a consumer report may also be subject to criminal charges. 

In addition to the federal Fair Credit Reporting Act, a creditor must be cognizant of state laws as some states, such as Vermont, require the consumer’s authorization prior to pulling credit. Other states do not have such a requirement.

Joyce Wilkins Pollison

Director/Legal & Regulatory Compliance 

Lenders Compliance Group

Debt Collector - Definition

QUESTION:

With all the news about debt collection practices, it would be good to know just what a debt collector does. So, what is a “debt collector?”

ANSWER:

The term “debt collector” largely defines what types of entities are subject to the provisions of the Fair Debt Collection Practices Act (FDCPA). The definition of “debt collector” includes two general parts: 1) affirmative inclusions of persons covered by the definition and 2) the express exclusions of persons from the definition. This can be somewhat confusing, so let’s clarify further.

The following outline provides the affirmative inclusions of persons in the definition of “debt collector,” given three basic prongs of the definition. In this answer, I am only going to treat the inclusions, not the exclusions.

As defined under the FDCPA, the term “debt collector” is:

1. Any person who uses any instrumentality of interstate commerce or the mails in any business the principal purpose of which is the collection of any debts;
2. Any person who regularly collects or attempts to collect, directly or indirectly, debts owed or due or asserted to be owed or due another; or
3. Notwithstanding the exclusion provided in the FDCPA § 1692a(6)(F) (viz., which is the section that excludes from being a “debt collector” any persons collecting on an obligation they originated or obtained while not in default), any creditors who, in the process of collecting their own debts, uses any name other than their own that would indicate that a third person is collecting or attempting to collect such debts.[15 USC § 1692A(6)]

The section I have referred to above - 15 USC § 1692A(6) – also includes a special definition of “debt collector” solely for the purpose of the section in the FDCPA that involves unfair practices [(§ 1692f(6)]. This special definition covers “any person who uses any instrumentality of interstate commerce or the mails in any business the principal purpose of which is the enforcement of security interests.”

Jonathan Foxx

Managing Director

Lenders Compliance Group

Department and Function Reviews

QUESTION:

What department and/or functions are subject to review from regulators or investors?

ANSWER:

As the world of mortgage compliance continues to evolve and grow, virtually every department/function is subject to review.

More specifically, Fannie’s Mortgage Origination Risk Assessment guide outlines areas that are subject to review, which include:

• Organizational Structure and Governance
• Origination Channels – Retail (as applicable) and Correspondent (as applicable)
•  Underwriting and Approval
• Closing/Post-Closing/Funding
• Pre-Funding and Post-Closing Quality Control
• Compliance/Internal Audit
• Secondary Marketing
• Technology
• Business Continuity and Disaster Recovery 

While Quality Control, as it relates to timely and proper execution of documents, seems to gather much of the attention in the press, it has become increasingly important to ensure that all of the departments/functions noted above are prepared to answer the bell when your investor or regulator comes knocking.

It is critical to not only have your policies and procedures in place but also that you have demonstrated you are acting in accordance with your policies and procedures.

In addition, you should be prepared to provide evidence that your senior management team and/or Board of Directors has approved the policies and procedures that provide the blueprint for your mortgage banking functions.

From a Risk Management and Secondary Marketing perspective it is important to identify, monitor and adhere to specific risk tolerance metrics that are used to manage the interest rate risk associated with your pipeline. An internal audit and/or review by an independent third party can help you identify your areas of strength and weakness.

Dan Duggan 

Director/Secondary & Capital Markets 

Lenders Compliance Group

Discretionary Post-Closing Reviews

Question

Our firm has recently been informed that we need to perform discretionary reviews on conventional loans. What is the criteria for review and do we include government loans in the selection?

Answer             

The purpose of a discretionary review – not to be confused with a “targeted review” – is to focus on areas that may pose an elevated risk for errors, misrepresentation and fraud. There are no volume requirements and there is no minimum or percentage of production.

It is at the lender’s discretion as to how many loans will be included in any audit period. For instance, selected loan files could be one loan or ten loans or more, depending on the need of the lender and based on the suggested criteria below.    

A targeted review is directed more in the vein of specific employees’ performance, new branch offices, new processors or underwriters, new processes and/or reviews of findings derived from pre-closing and post-closing reports.

Example of discretionary selections include:

• LTV ratios over 90%
• Investment properties
• High risk credit scores
• Cash-out refinances
• 10% of new loan originators
• All high LTV loans
• Low FICO scores
• Manufactured homes 

Discretionary reviews are required for FNMA and FHLMC products, although at this time FHA only suggests discretionary audits. Depending on your own reason for the review, it would seem prudent and necessary to include the entire portfolio of loan products in the selection process.

If you would like to know more about discretionary reviews, please contact me!

Brandy George

Director/Underwriting Operations Compliance

Executive Director/LCG Quality Control

Compliance Management Systems for Mortgage Brokers

QUESTION 

I am a mid-sized broker and was recently examined by our state regulator. We had a very good outcome, but was surprised that the only written policy that was asked for was Anti-Money Laundering. In light of this, do I need to continue maintaining written policies and procedures?

ANSWER 

The CFPB has passed federal consumer law requiring brokers to develop and implement a Compliance Management System (“CMS”). This includes written policies and procedures that reflect the way that you do business, evidence that training is being conducted throughout the year on various policy topics, and that you are adhering to the policies set forth in your various policies. At the time of passage, the CFPB advised that mortgage brokers need to show that they were making a good faith effort to comply with these requirements. Now that these requirements have been law for a few years, it is uncertain how forgiving the CFPB and many state regulators are going to be if, in fact, a broker has not complied with these requirements.

As a practical matter, it makes good sense to have written policies and procedures. Recently, I had a conversation with a senior executive of a large non-depository lender. I was reviewing our Brokers Compliance Group’s risk management program. I explained that we had some twenty-five policy topics available to brokers and mini-correspondents and also provided some additional services with these policies. The executive told me that they were of the opinion that most brokers were going online and getting their policies for free. Really not a good idea, as most of what is scraped off of the Internet is not compliant!

Many mortgage brokers have chosen to do nothing and so they take the risk of being the target of regulatory examinations or inquiries.

The CFPB expectation is that state regulators would examine licensees and ask for evidence that a CMS is in place. While some states are a mirror image of the CFPB examination protocols, others are still working on developing this capability. Some states are doing operational type exams, focusing on compliance with state regulations and statutes. Anti-money laundering is one of the more popular policies being requested. You should also know that brokers are required to conduct an AML Audit every twelve to eighteen months. This audit is a check on whether you are following the policies and procedures contained in your actual AML Policy. The audit (or test) reviews any Suspicious Activity Reports (SARs) that you have filed. In the event that you did not file any SARs, some closed loan files may be requested and reviewed.

While you may not be asked for policies and procedures by a regulator, you can pretty much count on your lender to do so. We have seen a noticeable increase in the number of lenders asking for policies and procedures as part of a broker’s application or recertification. I was particularly drawn to a lender compliance certification document from a large non-depository lender. The document that is used for broker recertification was about twenty pages long! A large portion of the document was dedicated to questions relating to whether the broker had certain policies and procedures in place. Specific policies referenced were RESPA, TILA, MLO Compensation, SAFE Act, Anti-Money Laundering, Privacy, Fair Lending, Fair Credit Reporting Act and Customer Identification Program.

Additional questions were about training. How frequent is the training, is it conducted internally or externally, what topics have been trained on, how frequent is the training and who is conducting the training?

Also, many lenders are asking about the existence of a Quality Control Plan. Is it internal or external and, if internal, is the individual doing it independent from production functions?

Increased emphasis is being placed on Information Technology, Information Security, and Cybersecurity. Do you have written procedures for securing records? Disaster Recovery Plans (“DRP”) are frequently requested. Do you have a written DRP and is it managed internally or externally?

It is important to understand that you need to answer truthfully when asked to complete a lender questionnaire such as this one. We are receiving numerous requests from brokers asking us to provide policies on an expedited basis to put them in a position of being able to respond affirmatively to their lenders.

There are roughly twenty-five policies and procedures that cover the various subject matters but there are ten or twelve policies and procedures that are deemed to be essential. One way of easing the financial burden and at the same time create a culture of compliance is to focus on the core policies. Some of them have already been mentioned.

One of the other keys to success is to associate with a group of independent subject matter experts, such as we provide in Brokers Compliance Group, so that you have a resource for customized policies and all of the questions that come up in the normal course of doing business.

You can begin to build your program now or you can wait and catch up later. Remember that compliance or lack of compliance leaves a trail. The choice is yours! 

Alan Cicchetti 

Director/Agency Relations 

Executive Director/Brokers Compliance Group