Internal Audit - Pitfalls

QUESTION

The last few months have been an upsetting time for our bank. We recently were criticized by our regulator for a deficient internal audit. We were accused of being understaffed and undereducated. They said we did not follow our own standard procedures, did not conduct a timely audit, and they said that our directors and officers could be liable for negligence and breach of fiduciary duties. The head of our internal audit department quit, and two of her staff were fired. Now, we are being left to pick up the pieces and get ready for another regulatory review.

We feel unprepared for it and would like you to come in and do an internal audit for us, as the regulator would like an independent internal audit. We plan to retain your firm. 

In the meantime, I want to share this experience and ask you to provide some guidelines to follow in the future. We do not want to go through anything like this mess ever again.

So, what are some pitfalls that we need to be watching out for in an internal audit?

ANSWER

It probably does not assuage your sense of concern, but I will let you know a little-known fact: many banks are ill-prepared for complying with the regulatory requirements of an internal audit. It takes quite a lot for a regulator to make a convincing case that a bank’s directors and officers are liable for negligence and breach of fiduciary duties. 

Usually, the regulator will undertake a supervisory examination of the bank to ensure it has a credible case. Sometimes a federal agency will retain an independent banking consultant to evaluate the legal and regulatory issues that may be subject to potential administrative action.

I suggest you contact us for the internal audit engagement soon.

Time is not on your side! HERE is the contact link.

Regulators take the position that internal audits are a primary control for proactively identifying and remediating internal control weaknesses, including weaknesses relating to loan underwriting and credit administration.

We often see a host of issues that need remediation as a result of an internal audit. Occasionally, find repeated deficiencies, where the financial institution ignored findings or left them in an unresolved status. These become red flags to examiners when they conduct a regulatory review.

As to the pitfalls, the list is more like a litany of potential deficiency issues. If I set out to compile such a list, I could probably mention literally hundreds of possible pitfalls. That said, I would like to give you some pragmatic takeaways to prepare your institution for an internal audit. Here are but a few suggestions.

• Internal auditors should not be charged with both audit and operational responsibilities in several areas, which diminishes their respective independence. Management may be held to a governance violation for allowing this kind of administrative defect.
• Auditors should always have the necessary knowledge and training to conduct certain audits effectively.
• Audit risk analysis and planning must ensure that the audit’s scope covers the range of criteria commensurate with risk. For instance, the rapid growth of a loan product, origination channel, or servicing platform is inherently prone to higher risk.
• In general, audits should be performed on time and concluded within reasonable timeframes.
• An internal audit should be scoured for a scope that is not sufficiently broad or deep enough to ensure reliable findings.
• Audit reports should provide at least a description of the scope of work performed, a determination of the underlying causes, a judgment about the significance of the findings, and conclusions regarding the severity and pervasiveness of findings.
• Importantly, a bank’s internal audit department must be tracking exceptions identified by outside entities, including recommendations made by regulators and other third parties, to ensure that such exceptions are appropriately corrected or scheduled for corrective action.
• Furthermore, I highly recommend that banks develop and implement (1) a comprehensive corporate-wide risk assessment program, (2) enhance their audit exception tracking, (3) better monitor corrective action plans, 4) revise its internal audit policies, and (5) fortify the oversight of the Audit Committee.

Jonathan Foxx Ph.D., MBA

Chairman & Managing Director

Lenders Compliance Group

Employee Surveillance

QUESTION

I am the Assistant General Counsel for a large mortgage lender. We are licensed in all states and have several origination platforms. Your weekly FAQs are often used as topics of discussion in our compliance meetings. Thank you for providing this fine service!

Recently, we undertook a review of the expectation of privacy relating to our employees, especially those working in our online and call platforms. I know that you are one of the few compliance companies that provide Call Calibration reviews, so you may know the ins-and-outs of employee privacy.

We want to add a brief outline to our employee privacy policy, supported by case law, that sets forth our guidelines.

In general, what is a reasonable expectation of privacy for employees?

In particular, given our extensive branch structure and multiple platforms, what are some protected employee privacy interests with respect to an employee’s physical person and electronic locations?

ANSWER

Thank you for reading our FAQs and using them in your compliance commitments. Your questions require an extensive response; however, due to the constraints of the FAQ format, I will only provide a brief response. Hopefully, my response will help to contribute to your deliberations. Given the implications of your inquiry, I will write more about this subject from time to time.

Yes, we provide Call Calibration reviews, which is the tracking and compliance evaluation of calls. We offer quality assurance Call Calibration in various settings, such as between online platforms and consumers, telemarketing initiatives, and call center marketing. We also provide a Call Center Manual and a plan for Call Calibration Methodologies. To receive a presentation for Call Calibration, Click Here.

Let’s be clear, privacy is, to some extent, the “right to be left alone.” That said, no one living in our society today can be left entirely alone. It is important to balance the interest of society and that of the individual using some objective standard to determine whether an intrusion on privacy is actionable.

Maybe “intrusion” seems like a harsh word. Some people would find any intrusion to be objectionable even if it is not outrageous to a person of ordinary sensibilities.[i] Many courts have found that persistent attempts to interview and photograph a plaintiff, soliciting sex under non-aggravated circumstances, using harsh names and insulting gestures, are intrusions that may invoke a feeling of being highly offensive to a reasonable person, but may not be actionable under an “intrusion upon seclusion cause of action.” In general, courts have held that conduct that is merely offensive, insensitive or intrusive is non-actionable if it does not involve outrageously unreasonable conduct. Defining the word “outrageous” is what lawsuits are supposed to determine.

You likely know about the tort of intrusion, which could be brought against those parties who assist in, cooperate in, instigate, command, encourage, ratify, condone, aid, assist or advise in the intrusion.[ii] This might infer that a systems operator or network service provider could also be liable under the tort of intrusion because these may furnish the means and opportunities for the intrusion and have some knowledge or intention to cooperate in that manner.

Obviously, this is not the place to discuss the extensive features and elaborations of the tort of intrusion, but a majority of the applicable cases require that the defendant must have acted with knowledge or the intention to create the tortious intrusion. Most case law has recognized that the intrusion tort does not depend upon any publicity given to the person whose interest is ‘invaded’ or to his or her affairs but consists solely of an intentional interference with his or her interest in solitude or seclusion. It is may not be necessary that the defendant has disclosed the fact of the interference or the contents of any information contained in any of the communications. However, in some cases, the invasion of privacy may not have occurred unless the information was disclosed to a third party and that the disclosure represents the invasion of privacy.

You mention “physical person” and “electronic locations.” Cases dealing with the tort of intrusion have determined that it is not necessary for there to have been a trespass or physical intrusion. This view is true in cases of the installation of wiretaps or monitoring devices that do not involve an actual trespass onto the plaintiff’s property, or in cases of publicity that brings the plaintiff into a position of having many strangers intrude into the life of the plaintiff or concerning telephone or mail collection tactics. In most cases, there has not been a physical intrusion or trespass though there is an intrusion for purposes of this tort on the privacy of the plaintiff.

Acting as Buyer’s Real Estate Agent and Attorney

QUESTION

We have a loan officer who has a relationship with a real estate attorney from whom the loan officer receives referrals. 

The attorney is also a newly licensed realtor who intends to act both as the realtor and an attorney on a transaction. 

Is that permissible? It seems like a conflict to me. 

ANSWER

As the loan officer will be receiving referrals from the attorney, the presumption is that the attorney will be representing buyers in real estate transactions both as a real estate agent and attorney.

Several state bar associations, including the Connecticut, Massachusetts, and New York State Bar Associations, have opined on this issue.[*]

Assuming the attorney is being compensated as a real estate agent by the seller in an amount equal to a percentage of the sales price and receipt of such compensation is conditioned on the transaction closing, the short answer is no, the individual cannot act in a dual capacity of real estate agent and attorney.

DISCUSSION

An individual functioning as both the buyer’s attorney and real estate agent in a residential real estate transaction raises the issue of the existence of a conflict of interest and the individual’s ability to adequately represent the buyer in both capacities. The role of the buyer’s real estate agent is to guide the buyer through the preliminary process of purchasing a property, including ascertaining the type of property and location that suits the buyer’s needs, responding to questions regarding a listing, showing the buyer the properties, and presenting and negotiating the purchase price. Typically, the buyer’s real estate agent is paid by the seller.

The seller enters a listing agreement with seller’s real estate broker which sets forth the commission, typically a percentage of the purchase price and contingent upon the transaction actually closing. That commission is usually split between the buyer’s and seller’s real estate brokers, with a portion going to the agents themselves. Thus, both buyer’s and seller’s real estate agents have an interest in not only having the transaction closed (otherwise they do not get paid) but also in having the sales price at the highest amount possible so they can maximize their commission.

The buyer’s attorney works with the buyer’s real estate agent to bring the transaction to closing. Typically, the attorney will prepare and negotiate the purchase contract or in some states, review and revise the broker prepared contract; review the title commitment to ensure there are no title defects; review the term of the mortgage and the purchase agreement to ensure the documents reflect the buyer’s wants and needs; prepare closing documents; and, attend the closing. Throughout this process, it is incumbent upon the attorney to zealously represent the buyer’s interests.

Therein lies a personal conflict of interest for the real estate agent/lawyer. As the real estate agent, not only is the individual interested in the highest purchase price but also in closing the transaction; otherwise, he will not get paid. By contrast, the buyer’s lawyer’s role is to protect the buyer’s interests, which in some circumstances may include renegotiating a lower purchase price due to inspection issues or even advising the client that it is in his best interest to walk away from the deal even though doing so may preclude the real estate agent from receiving a commission.

Most, if not all, states’ Rules of Professional Conduct prohibit an attorney from entering a “business transaction” with a client unless certain conditions are satisfied, including that the transaction is fair and reasonable, that the client has been advised in writing to consider the desirability of seeking the advice of other legal counsel, and that the client has provided informed consent to the representation in writing. However, many states’ bar associations and state court opinions have opined that the personal conflict of interest of an individual acting in the dual capacity of a buyer’s real estate agent and lawyer is not one that may be waived by the parties; it is essentially “non-consentable by the client” and thus an individual may not act as both the buyer’s attorney and buyer’s real estate agent in the transaction.[†]

Note that the foregoing analysis only applies in situations wherein the real estate agent/lawyer is receiving a commission paid by the seller. It may be permissible for the individual to act in a dual capacity in other circumstances such as if - in his capacity as a real estate agent – he is being paid a flat fee regardless of whether the closing transaction is being paid by the buyer.

Joyce Wilkins Pollison, Esq.

Executive Director

Director/Legal and Regulatory Compliance 

Lenders Compliance Group

---

[*] Connecticut Bar Association Informal Opinion 15-03/Dual Role as Real Estate Attorney and Real Estate Agent in the Same Transaction, February 18, 2015; Massachusetts Bar Association Opinion 82-4, April 1982; New York State Bar Association Committee on Professional Ethics Opinion 1117/Conflicts of Interest; Serving as Lawyer and Broker in Same Real Estate Transaction, April 4, 2017; Oregon State Bar Association Formal Opinion 2006-176/Conflicts of Interest: Lawyer Functioning in Multiple Roles in Client’s Real Estate Transaction, September 2016

[†] New York State Bar Association Committee on Professional Ethics Opinion 1117/Conflicts of Interest at ¶6.

Joint Marketing “Vouchers” – Split of Buyer Incentive

QUESTION

One of our loan officers wants to participate in a joint marketing program with a realtor in which the two of them hand out “vouchers” bearing both of their pictures and contact information and offering $500 off closing costs “courtesy of” the LO, the realtor, and our mortgage company to employees of certain school districts that are highly regarded in our area. Do you see any potential problems with this kind of marketing?

ANSWER

I think you right to be concerned about these vouchers, for a number of reasons, including possible violations of RESPA, Fair Lending laws, and the provisions of the Dodd-Frank Act prohibiting Unfair, Deceptive, and Abusive Acts and Practices (UDAAP) (as well as similar state laws).

1. RESPA Sections 8(a) and 8(b)

Joint marketing pieces like this are problematic in and of themselves because they can often be characterized as mutual endorsements and hence, as implied mutual referrals. Both the realtor and the loan officer are providing “settlement services” as that term is defined in RESPA’s implementing Regulation X (12 CFR 1024.2). So RESPA Section 8 is applicable to both of them. If either party pays more than their fair share of making or distributing the advertisement, that differential itself could potentially be characterized as the payment of a thing of value for purposes of obtaining the referral of a settlement service.

In that regard, all three elements of a RESPA Section 8(a) violation would appear to be present:

• The payment or receipt of a “thing of value”
• Pursuant to an agreement or understanding
• For referral of “settlement service” business involving a federally related mortgage loan.   

Adding the monetary inducement of “$500 off closing costs” makes the vouchers even more problematic. While offering a financial inducement directly to a prospective borrower is probably not itself a RESPA Section 8(a) violation, splitting the cost of that financial inducement may violate RESPA Section 8(b) which prohibits not only “referral fees,” but also “splits” of any charge “made or received” for the rendering of a settlement service on a federally related mortgage loan “other than for services actually performed.”

The applicable language in Regulation X (12 CFR §1024.14) reads as follows:

 (c) No split of charges except for actual services performed. No person shall give and no person shall accept any portion, split, or percentage of any charge made or received for the rendering of a settlement service in connection with a transaction involving a federally related mortgage loan other than for services actually performed. A charge by a person for which no or nominal services are performed or for which duplicative fees are charged is an unearned fee and violates this section. The source of the payment does not determine whether or not a service is compensable. Nor may the prohibitions of this part be avoided by creating an arrangement wherein the purchaser of services splits the fee.

Here, splitting the cost of the $500 borrower inducement would appear to fall squarely within the above prohibition, since no services performed by either the LO, the lender or the real estate broker with respect to each other are identified.

2. Possible Fair Lending/ Discriminatory Impact/redlining

Federal regulators have encouraged mortgage lenders to be careful about advertising patterns or practices that a reasonable person would believe indicate the existence possible discrimination against members of protected classes (i.e., disparate impact). By offering the vouchers only to employees of elite schools, you may be engaging in exactly that kind of prohibited pattern or practice. This means that if you were to go forward with this voucher program, it would need to be carefully drawn to make sure that no protected class of persons is excluded from access to participation, either intentionally or statistically.

3. Possible UDAAP Violation 

Discriminatory practices are inherently UDAAP violations. But there are also potential UDAAP issues if the vouchers ARE offered to everyone equally, but some prospective borrowers are led to believe that the incentive is offered only to them because of their special status as employees of one of the elite schools. That is deceptive on its face and invites further regulatory scrutiny and/or enforcement action. 

In short, if your company wants to offer buyer incentives such as discounts off closing costs, it may be best to offer the incentives to all prospective borrowers on your own and not attempt to also incorporate such efforts into a joint marketing campaign with another settlement service provider. Otherwise, the potential for regulatory violations tends to multiply exponentially.

Michael R. Pfeifer

Director/Legal & Regulatory Compliance

Lenders Compliance Group