Disaster Recovery and Business Continuity

QUESTION
We are a mortgage lender in the northwest. Our largest investor asked us for a Disaster Recovery Plan and a Business Continuity Plan.

We sent them the former because we consider it the same as the latter. While the investor accepted that we have a Disaster Recovery Plan, it rejected it as being also a Business Continuity Plan. We always thought these plans were basically the same thing.

Now we are scrambling to get them a Business Continuity Plan.

So, what is the difference between a Disaster Recovery Plan and a Business Continuity Plan?

ANSWER
It may seem like a Disaster Recovery Plan is just another way of saying Business Continuity Plan. But they are fundamentally different, and each serves different purposes. Both plans should interface with each other in complementary ways.

You cannot expect a Disaster Recovery Plan to act as a proxy for a Business Continuity Plan. Nor can you use a Business Continuity Plan to act as a proxy for a Disaster Recovery Plan. If you try that tactic with regulators, they will cite you with adverse findings. If you are state licensed, banking departments may share those findings with other states where you’re licensed. Federal prudential regulators will also likely issue adverse results.

And what are we describing here?

We are describing how to ensure the company remains viable when faced with significant threats to its existence. So, I will give you some pointers that will help you to know the difference between these two essential documents. But be advised: just as a bird does not fly on one wing, a company cannot depend on only one of these plans. It must have both!

Our firm has identified six factors to disaster recovery and business continuity. 

These are:

1. Disaster Planning

2. Business Impact Analysis

3. Business Continuity management

4. Business Continuity Plan

5. Recovery Time Objectives

6. Deployment

Without getting too detailed about each of these factors, I am going to focus on your specific question, which is: what is the difference between a Disaster Recovery Plan and a Business Continuity Plan?

Let’s begin with this concept: every Business Continuity Plan (BCP) contains a Disaster Recovery Plan (DRP). This is because the DRP is focused on data recovery and integrity, whereas the BCP is focused not only on data recovery and integrity but also on the many elements involved in the continuation of a business enterprise. Think of it this way: the BCP is business-centric, whereas the DRP is data-centric.

The BCP resolves certain tactical questions involving business operations confronted with the disruption of the business entity, such as:

- Does the company have a business continuity plan in place for continuation?

- Who are the management and staff personnel in charge of business operations?

- How does the company respond to vendors and third-party relationships?

- What challenges are anticipated and readied to fulfill obligations?

- How does the company maintain customer loyalty and public confidence?

- What aspects of the company need to be first recovered to stay in business?

- How prepared is the company to operate remotely?

- What are the financial costs of downtime to the company?

Some of the foregoing depend on the ability of the company to recover its data quickly, effectively, and broadly. If the DRP is flawed, all of that is imperiled; to wit, loss of reliability, diminished scope, inability to scale up, and persistence of downtime after the disruption has passed. Typical disasters and disruptions are wars, terrorist attacks, storms, hurricanes, tornados, pandemics, epidemics, fires, earthquakes, electric outages, and floods.

From the point of the various risks – for instance, risks to reputation, legal, regulatory, operational, financial, compliance, security, fraud, and competition – failure to implement the requirements of a DRP and BCP could mean the company will not survive the disaster.

The DRP resolves specific tactical questions involving data recovery and data integrity if there is a disruption of the business entity, such as:

- Does the company have a disaster recovery solution in place for its data?

- Can the company rely on and trust the data that is recovered?

- How long will it take to recover the data from backup solutions?

- What is the projected downtime caused by the impedance to data?

- Is there an offsite copy or data center for managing data?

- What are the recovery goals and staged recovery plans?

- Are applicable network resources available to users?

- Are critical systems identified and prioritized?

It doesn’t matter if the DRP and the BCP are in separate documents or situated as sections in a single document. Many companies choose to combine them for ease of use and training of employees. Lenders Compliance Group has three primary elements in a single document: disaster recovery; business continuity; and pandemic response. More information HERE.

Whatever the case, it is essential to keep these plans updated, as multifarious new requirements and challenges present themselves in an ongoing, dynamic business environment.

Ideally, a BCP due diligence should begin with a Business Impact Analysis (BIA). Although it has a kind of ominous title, this process is no more than a set of procedures that identify how a disaster could impact a company. If that is not known, how can the company develop strategies to survive a disruptive event?

Then, it is important to use the BIA to design survival strategies. This is done by filling the gaps in the existing capabilities by mitigating them through using the BIA recommendations. Next, develop a plan, which reduces to writing the ways and means to ensure business continuity. That plan should be made available to all affected employees. Finally, the company should test the plan periodically, simulate a disruption, and learn from each test how to improve.

Ideally, a DRP review undertakes an evaluation of a company’s ability to tolerate minor to major data failures. It considers such adverse events as hacking, malware, data corruption, data breaches, and many potential IT infrastructure failures. As a subset of the BCP, the DRP is meant to keep the business running, reducing the effects of the disruption, and allowing the company to gradually emerge from a disaster intact and capable of continuation.

Whereas the BCP aims at an overall approach to surviving a disaster, the DRP must proceed along certain steps to effectuating its design. The process begins with outlining needs and objectives; that is, the DRP must reflect the company’s business model, meet risk analysis guidelines, determine the files and infrastructure features to maintain, and set forth some of the threats it seeks to mitigate. Without that information, it is not really possible to restore information adequately or regain productivity.

Then, the DRP needs to take stock of its components, such as hardware; software; and data. Finally, the plan should be developed with specificity, clarity, practicality, and ease of use. Affected employees should be trained appropriately, and, importantly, ongoing monitoring and testing must be implemented.

There is a natural ebb and flow to updating the DRP and BCP. Keep them updated as changes occur in the business model, regulatory and legal environment, and technology. Management should be focused like a laser beam on Disaster Recovery and Business Continuity.

Jonathan Foxx, Ph.D., MBA

Chairman & Managing Director

Lenders Compliance Group

COVID-19 Online Resources

QUESTION
We purchased your Business Continuity Plan recently. Over the last few weeks, we have been using it as a guide. We like the idea that one of the Directors spends time with us at the outset to make sure we understand the plan’s requirements. 

Now, we are building an online website for our employees to handle disaster recovery, business continuity, and pandemic issues. We want a website page with resources for all these areas, and especially we need resources for the COVID-19 challenges. 

Your Business Continuity Plan Checklist provides a huge number of resources and informative links. 

Do you have any suggested COVID-19 links that we can put on our new website?

ANSWER
Thank you for this question, as it gives me a chance to provide some additional feedback. I think you should be using - 

(A) our complimentary Checklist – Business Continuity Plan Checklist (Includes COVID-19 Pandemic Response) – along with -

(B) our inexpensive Plan – Business Continuity Plan – Disaster Recovery & Business Continuity Plan, Includes Pandemic Response. 

Taken together, they provide a considerable amount of information that will strengthen your business continuity as well as your pandemic response.

The Checklist is now 208 pages and is on Update # 7. Update # 8 will be published as soon as the next stimulus is signed into law. The Plan is available, of course, and one of our Directors does a “walkthrough” with you to answer questions and show you how to use it.

I do have some suggested resource links that, in my view, should be placed on your new website. It is a good idea to notify your visitors that a new link has been added. Keep your visitors current all the time, because the pandemic is dynamic, meaning it spreads and mutates in complex ecosystems. Today’s medical and statistical information may differ from yesterday’s analyses.

Following basic hygienic guidelines will not change: wear protective masks (viz., protect yourself and others), maintain social distancing, wash hands, avoid meetings where people are arranged closely together, stay clear of settings where aerosol transmission easily happens. 

Be alert to changes in federal and state responses to the coronavirus, as politics has unfortunately been contaminating scientifically derived guidance. That places an extra burden on your website because visitors are going there for facts, not politics; and they want reliable scientific and medically reliable resources, not controversy and opinions.

Providing online resources is a great idea. Don’t be concerned if some visitors dispute the reliability of some links. People tend toward confirmation bias, so they screen out what they don’t want to believe. Don’t be surprised if some visitors say they do not believe in science. Science is not a belief; it is not subject to faith; it does not accept unfalsifiable theories. To date, the scientific method is the best means known to humankind to validate and verify physically identifiable aspects of life. Give visitors a chance to use the links, and most of them will be grateful that your organization takes everyone’s health and welfare seriously.

The following are some online links that I suggest you consider for the COVID-19 pandemic. They run the range from statistical information to preparation and also to progress regarding treatments and vaccines.

CNN.com – Tracking COVID-19  

Coronavirus Dashboard 

Coronavirus Tracker  

COVID-19 Tracking Project

COVID World Map, The Guardian 

GlobalEpidemics.org 

Health.com – Coronavirus 

Johns Hopkins – DOVID-19 Dashboard 

StatNews.com 

Rt (Effective Reproduction Number) 

Worldometer – Coronavirus (Countries) 

Worldometer – Coronavirus (USA) 

Worldometer – Coronavirus (World) 

A word about the Rt (Effective Reproduction Number) listed above. 

Rt (Effective Reproduction Number) 

The statistic, Rt, measures how fast the virus is growing. It is the average number of people who become infected by an infectious person. If Rt is above 1.0, the virus will spread quickly. If Rt is below 1.0, the virus spread slows down and eventually stops. The idea is that it is not possible to capture the exact moment when somebody becomes infected. Instead, scientists do a sort of reverse engineering. Thus, data such as derived from testing, hospital admissions, and deaths, are used to estimate the velocity of propagation of the virus.

Mathematically, if the Rt (effective reproduction number) is greater than one (viz., >1.0), the rate of spread increases exponentially; that is, the rate of change accelerates rapidly, and the virus propagates quicker and quicker. 

Medically, this means that there are more and more infections and many more deaths involving the coronavirus and deaths related to comorbidities - the coexistence of two or more disease processes (such as heart disease, diabetes, asthma, cancer) - affected by the coronavirus infection.

Economically and logistically, any population growing exponentially must, sooner or later, encounter shortages of various resources, such as beds in ICU, availability of medications, medical staff, medical supplies, and gradual financial incapacitation. 

It is only by bringing the effective reproduction rate down that we can return to some semblance of normality. Monitor the Rt for your state, and proceed with appropriate caution and care.

Finally, I recommend that you hold periodic calls to discuss the new website, particularly emphasizing your company’s safe hygiene plans. Encourage questions and suggestions. Act as a team, as a corporate family, and you will get through the pandemic knowing that you have done all you could to ensure a safe and healthy world for you, your colleagues, and your families.

Jonathan Foxx, Ph.D., MBA

Chairman & Managing Director

Lenders Compliance Group

COVID, CARES ACT, and FCRA

QUESTION
We are involved in doing an annual update of the policy for the Fair Credit Reporting Act. During this review, we realized that we did not have a section for the CARES Act. Our compliance department provided guidance all along in implementing the requirements, but nobody had yet updated the policy itself.

We are writing to you to get some guidance on the important areas to cover in our FCRA policy with regard to the CARES Act. I realize you can’t discuss every possibility, but some general guidance would really be appreciated.

What are some important FCRA compliance areas that must be implemented in regard to the CARES Act?

ANSWER
In my view, policy documents should be reviewed annually and updated periodically as changes occur in applicable laws, rules, best practices, regulations, and implications of case law – federal and state. It seems you’re on the right track, inasmuch as you are doing an annual update, which, in this instance, helps to show the need for an additional section.

Congress enacted the Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”).[i] It was a $2.2 trillion economic stimulus bill passed by the 116th U.S. Congress. It was signed into law by the President on March 27, 2020, in response to the economic challenges caused by the COVID-19 pandemic in the United States. We have outlined it at length in our complimentary Business Continuity Plan with Pandemic Response.

Thus, Congress passed the CARES Act to minimize the impact of the COVID-19 pandemic. The CARES Act places essential requirements on companies that furnish information to consumer reporting agencies about consumers affected by the COVID-19 pandemic.[ii]

Briefly described, the CARES Act initially included spending of $300 billion in one-time cash payments to individual Americans (with most single adults receiving $1,200 and families with children receiving more), $260 billion in increased unemployment benefits, the creation of the Paycheck Protection Program that provides forgivable loans to small businesses with an initial $350 billion in funding (later increased to $669 billion by subsequent legislation), $500 billion in aid for large corporations, and $339.8 billion to state and local governments. Lawmakers refer to it as Phase 3 of Congress's coronavirus response.[iii]

On April 1, 2020, the CFPB issued a document with a title worthy of a gargantuan Elizabethan treatise: 

Statement on Supervisory and Enforcement Priorities 

Regarding the Fair Credit Reporting Act

and Regulation V

in Light of the CARES Act.[iv] 

In this issuance, the CFPB sought to inform furnishers of their responsibilities under the CARES Act amendments to the Fair Credit Reporting Act (FCRA), stating that the “Bureau expects furnishers to comply with the CARES Act.” Under the CARES Act’s amendments to the FCRA, a consumer whose account was not previously delinquent is current on their loan if they have received an “accommodation” and make any payments the accommodation requires. 

Therefore, the CFPB has issued substantive guidance on consumer reporting during the COVID-19 pandemic. It issued its own FAQs to address the responsibilities companies have under the CARES Act and the Fair Credit Reporting Act (FCRA) when they furnish information to consumer reporting agencies about consumers impacted by the crisis.[v] The FAQ was meant to be a “Compliance Aid” – which is CFPB Newspeak for Consult a Compliance Professional.

Here are a few important provisions to put into the new FCRA section relating to the CARES Act. I provide some citations for you to reference in your research and policy development.

Enforcement
Furnishers must report as current certain accounts for consumers affected by the pandemic. The CFPB expects furnishers to comply with the CARES Act, and it is enforcing the FCRA, as amended by the CARES Act, and its implementing regulation, Regulation V.

Violations of the FCRA
The FCRA requires furnishers and consumer reporting agencies to conduct investigations of disputes within specified timeframes. Furnishers and consumer reporting agencies remain responsible for conducting reasonable investigations of consumer disputes in a timely fashion. CFPB expects furnishers and consumer reporting agencies to make good faith efforts to investigate disputes as quickly as possible when they are impacted by COVID-19.

Accommodations
The CARES Act addresses accommodations to consumers impacted by COVID-19. An accommodation includes any payment assistance or relief granted to a consumer who is affected by the COVID-19 pandemic during the period from January 31, 2020, until 120 days after the termination of the COVID-19 national emergency declared by the president on March 13, 2020 under the National Emergencies Act.[vi] Such an accommodation includes, for instance, agreements to defer one or more payments, make a partial payment, forbear any delinquent amounts, or modify a loan or contract.[vii]

Pandemic Accommodations
Under the CARES Act, there is a requirement that furnishers provide accommodations to consumers impacted by the pandemic. The CARES Act requires accommodations for two specific types of loans: (1) consumers with a federally backed mortgage loan (as that term is defined in the CARES Act) may obtain a forbearance from their mortgage servicer upon request, and the borrower’s attestation of a financial hardship due to the COVID-19 emergency;[viii] and (2) the CARES Act provides automatic suspension of principal and interest payments on federally held student loans through September 30, 2020.[ix]

Reporting Obligations
If the credit obligation or account was current before the accommodation, during the accommodation the furnisher must continue to report the credit obligation or account as current. If the credit obligation or account was delinquent before the accommodation, during the accommodation the furnisher cannot advance the delinquent status.

Reporting Considerations
If furnishers are reporting information about a credit obligation or account that is current, they should consider all of the trade line information they furnish that reflects a consumer’s status as current or delinquent. For instance, information that a furnisher provides about an account’s payment status, scheduled monthly payment, and the amount past due may all need to be updated to accurately reflect that a consumer’s account is current consistent with the CARES Act.[x]

Special Comment Codes
Reporting of accommodations simply by using a special comment code to report a natural or declared disaster or forbearance is not permitted. Furnishing a special comment code indicating that a consumer with an account is impacted by a disaster or that the consumer’s account is in forbearance does not provide consumer reporting agencies with the information required by the CARES Act and, therefore, furnishing such a comment code is not a substitute for complying with the requirements.

Product Line Reporting
A furnisher may want to report all of their consumers’ accounts or all of their consumers’ accounts in a particular product line as in forbearance. However, the CFPB cautions against this approach, as it may increase the risk of inaccurate reporting and customer confusion.[xi]

Reporting Delinquencies and Terminations 

The consumer reporting protections of the CARES Act continue to apply to the time period that was covered by the accommodation after the accommodation ends. Assuming payments were not required or the consumer met any payment requirements of the accommodation, a furnisher cannot report a consumer that was reported as current pursuant to the CARES Act as delinquent based on the time period covered by the accommodation after the accommodation ends. A furnisher also cannot advance the delinquency of a consumer that was maintained pursuant to the CARES Act based on the time period covered by the accommodation after the accommodation ends.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director
Lenders Compliance Group

__________________________________________
[i] Pub. L. 116-136
[ii] The CFPB previously issued a statement informing lenders that they must comply with the credit reporting requirements of the CARES Act. The CFPB released FAQs on June 16, 2020, to “ensure that consumers receive the credit reporting protections required by the CARES Act.”
[iii] Phase 1 was an $8.3 billion bill spurring coronavirus vaccine research and development (the Coronavirus Preparedness and Response Supplemental Appropriations Act, 2020), which was enacted on March 6, 2020. Phase 2 was an approximately $104 billion package largely focused on paid sick leave and unemployment benefits for workers and families" (the Families First Coronavirus Response Act), which was enacted on March 18, 2020.
[iv] https://files.consumerfinance.gov/f/documents/cfpb_credit-reporting-policy-statement_cares-act_2020-04.pdf
[v] The FAQs can be accessed at https://files.consumerfinance.gov/f/documents/cfpb_fcra_consumer-reporting-faqs-covid-19_2020-06.pdf
[vi] CARES Act, Pub. L. 116-136, section 4021, codified at FCRA section 623(a)(1)(F)(i)(I), 15 U.S.C. 1681s-2(a)(1)(F)(i)(I)
[vii] Idem
[viii] See Joint Statement on Supervisory and Enforcement Practices Regarding the Mortgage Servicing Rules in Response to the COVID-19 Emergency and the CARES Act, April 3, 2020, CFPB, FRB, FDIC, NCUA, OCC, CSBS https://files.consumerfinance.gov/f/documents/cfpb_interagency-statement_mortgage-servicing-rules-covid-19.pdf. See also The Bureau’s Mortgage Servicing Rules FAQS related to the COVID-19 Emergency, CPFB, April 3, 2020 https://files.consumerfinance.gov/f/documents/cfpb_mortgage-servicing-rules-covid-19_faqs.pdf
[ix] For more information on the CARES Act requirement to suspend payments for Federally held student loans, see CARES Act, Pub. L. 116-136, section 3513.
[x] See FCRA section 623, 15 U.S.C. 1681s-2; 12 CFR part 1022, subpart E
[xi] Idem

Marketing Services Agreements: RESPA Section 8 Pitfalls

QUESTION
We are a large mortgage lender that uses a Marketing Service Agreement (“MSA”) in many relationships. I am the company’s General Counsel. We have a Compliance Manager. 

Recently, the Consumer Financial Protection Bureau (CFPB) cited us for violations of RESPA Section 8 with respect to defective MSAs. I realize that this is a highly litigious area. We have retained outside counsel for these agreements, yet we still seem to be locking horns with the CFPB.

My staff and the compliance people are avid readers of your Mortgage FAQs. We believe that you can shed additional light on how to go about training our management on the risks of MSAs.

We are drafting a PowerPoint for our Executive Management on the risks associated with MSAs. In preparing it, we would like to get your view of the following four areas in particular.

(1) What are Marketing Services Agreements?

(2) What distinction may be made between referrals and marketing services?

(3) What criteria may be applied to determine if an MSA is unlawful?

(4) Are there some examples of MSAs that are prohibited?

ANSWER
Thank you for your question. The risks relating to MSAs are enormous not only in incurring potential litigation but also in operational, strategic, financial, and regulatory risks. Enter these waters very cautiously and guardedly. If you are not thoroughly versed in MSAs, bring in legal counsel or highly competent compliance professionals to guide you. As General Counsel, you must understand that MSAs have far-reaching implications beyond contract law.

I will answer each of your questions with the proviso that you understand I cannot here provide legal advice and my remarks are not to be construed as such. Each MSA must be separately evaluated, and the entire corporate and legal structure on which each and every MSA sits must be taken into consideration.

(1) What are Marketing Services Agreements?

First, let us define a Marketing Services Agreement (“MSA”). It is an agreement that commonly involves an arrangement where a person or entity agrees to market or promote the services of another and receives compensation in return.

MSAs may involve only settlement service providers or may also involve third parties that are not settlement service providers. For instance, an MSA exists when a mortgage loan originator agrees to market or promote the services of a real estate agent in return for compensation.

Now, what is a lawful MSA? A lawful MSA is an agreement for the performance of marketing services where the payments under the MSA are reasonably related to the value of services actually performed.[i] To be clear, this is distinguished from an MSA that – whether oral, written, or indicated by a course of conduct, and looking to both how the MSA is structured and how it is implemented – involves an agreement for referrals. But, unlike referrals, marketing services are compensable services under RESPA.[ii]

Moreover, when a person performing settlement services receives payment for performing marketing services as part of a real estate transaction, the marketing services must be actual, necessary, and distinct from the primary services performed by the person. These marketing services cannot be nominal, and the payments cannot be for a duplicative charge or referrals.[iii]

(2) What distinction may be made between referrals and marketing services?

This is a fact-specific question as to whether a particular activity is a referral or a marketing service for purposes of the analysis under RESPA Section 8(a).

In RESPA Section 8(a), referrals include any oral or written action directed to a person where the action has the effect of affirmatively influencing the selection of a particular provider of settlement services or business incident thereto by a person paying a charge attributable to the service or business.[iv] For instance, referrals include a settlement service provider directly handing clients the contact information of another settlement service provider that happens to result in the client using that other settlement service provider.

However, a marketing service is not directed to a person; rather, it is generally targeted at a wide audience. Thus, placing advertisements for a settlement service provider in widely circulated media (i.e., a newspaper, a trade publication, or a website) is a marketing service.

MSAs that involve payments for referrals are prohibited under RESPA Section 8(a), whereas MSAs that involve payments for marketing services may be permitted under RESPA Section 8(c)(2), based on the facts and circumstances of the structure and implementation. In furtherance of explicating this question about referrals and marketing services, please read my answers to questions (3) and (4).

(3) What criteria may be applied to determine if an MSA is unlawful?

MSAs are not referenced in RESPA or Regulation X. Although entering into, performing services under, and making payments under MSAs are not, by themselves, prohibited acts under RESPA or Regulation X, the determination of whether an MSA itself or the payments or conduct under an MSA is lawful depends on whether it violates the prohibitions under RESPA Section 8(a) or RESPA Section 8(b), or is permitted under RESPA Section 8(c). And that analysis under RESPA Section 8 depends on the facts and circumstances, including the details of the MSA and how it is both structured and implemented.

The following describes how specific provisions of RESPA may be used to frame that analysis.

Under RESPA Section 8(a), if an MSA involves an agreement or understanding to refer business incident to or part of a settlement service in exchange for a fee, kickback, or thing of value, then the MSA or conduct under the MSA is prohibited. Therefore, this includes, but is not limited to, agreements structured or implemented to provide payments based on the number of referrals received.

Under RESPA Section 8(b), if the MSA serves as a method of splitting charges made or received for real estate settlement services in connection with a federally related mortgage loan, other than for services actually performed, the MSA or the conduct under the MSA is prohibited. MSAs would violate RESPA Section 8(b) if they disguise kickbacks by purporting to provide payment for services, but a split charge is paid even though the person receiving the split charge does not actually perform services. Or, a violation of RESPA Section 8(b) occurs if the services are performed, but the amount of the split charge exceeds the value of the services performed by the person receiving the split.

Under RESPA Section 8(c)(2), however, if the MSA or conduct under the MSA reflects an agreement for the payment for bona fide salary or compensation or other payment for goods or facilities actually furnished or for services actually performed, the MSA or the conduct is not prohibited.[v]

RESPA Section 8(c)(2) does not apply to MSAs that involve payments for referrals because they are not agreements for marketing services actually performed. RESPA Section 8 does not prohibit payments under MSAs if the marketing services are actually provided, and if the payments are reasonably related to the market value of the provided services only.

Note: Under Regulation X, the value of the referral (i.e., any additional business that might be provided by the referral) cannot be taken into consideration when determining whether the payment has a reasonable relationship to the value of the services provided.[vi]

(4) Are there some examples of MSAs that are prohibited?

Obviously, there are a plethora of scenarios where MSAs are prohibited.

Let’s reiterate that an MSA can be lawful under RESPA if it is structured and implemented consistently as an agreement for the performance of actual marketing services and where the payments under the MSA are reasonably related to the value of the services performed.[vii]

However, MSAs can be unlawful when entered into based on their structure or can become unlawful based on how they are implemented. The CFPB has enforced violations of RESPA Section 8 in investigations that involved the use of oral or written MSAs. An MSA is or can become unlawful if the facts and circumstances show that the MSA as structured, or the parties’ implementation of the MSA – in form or substance, and including as a matter of course of conduct – involves the following features:

• An agreement to pay for referrals.
• An agreement to pay for marketing services, but the payment is in excess of the reasonable market value for the services performed.
• An agreement to pay for marketing services, but either as structured or when implemented, the services are not actually performed, the services are nominal, or the payments are duplicative.
• An agreement designed or implemented in a way to disguise the payment for kickbacks or split charges.

Consider this scenario: a lender enters into an MSA with a real estate agent that also makes referrals to the lender. The MSA requires the real estate agent to perform marketing services, including deciding on and coordinating direct mail campaigns and media advertising for the lender. But, the real estate agent either does not actually perform the MSA’s identified marketing services or the real estate agent is paid compensation that is in excess of the reasonable market value of those marketing services.

In this scenario, the lender and real estate agent would not meet the standard in RESPA Section 8(c)(2), because the marketing services are not actually provided or the payments are not reasonably related to the value of the marketing services provided.[viii] Furthermore, in this scenario if the MSA was structured or implemented as a way for the lender to compensate the real estate agent for client referrals to the lender, the MSA would violate RESPA Section 8(a).

Jonathan Foxx, Ph.D., MBA

Chairman & Managing Director

Lenders Compliance Group
_____________________________
[i] 12 USC § 2607(c)(2); 12 CFR § 1024.14(g)(1)(iv)
[ii] 12 CFR § 1024.14(b) and (g)(2)
[iii] 12 CFR § 1024.14(b), (c), and (g)(3)
[iv] 12 CFR § 1024.14(f)(1)
[v] 12 USC § 2607(c)(2); 12 CFR § 1024.14(g)(1)(iv)
[vi] 12 CFR § 1024.14(g)(2). See also 12 CFR § 1024.14(b)
[vii] 12 USC § 2607(c)(2); 12 CFR § 1024.14(g)(1)(iv) and (g)(2)
[viii] 12 CFR § 1024.14(g)(1)(iv)

Electors and the Will of the People

QUESTION
We are grateful for your Business Continuity Plan. Over the last few months, we have relied on it to keep the company safe through the pandemic. We put up a bulletin board that posts all the updates and pandemic news, too. 

We are giving everyone off to vote on Election Day, even those of us who have been working remotely. Everyone will be paid, and that is hundreds of people! Last week a poster said that it didn’t matter if we voted because our state’s electors are able to overrule our vote. 

We need some guidance in responding to that poster because others are now saying the same thing, and it is demoralizing a lot of employees. We want to know that our vote counts! 

Can you provide some guidance or a statement that tells us if this poster’s view – that electors can overrule our vote – is correct?

ANSWER
Thank you for working with our Business Continuity Plan. It would be best if you were keeping it current at all times, as business continuity is critical to a company’s survival in the face of a range of debilitating events. Our Business Continuity Plan is inexpensive, comprehensive, user friendly, and collaboratively drafted with one of our Subject Matter Experts. You can get information about the Business Continuity Plan by clicking HERE.

I will answer your question, although it is a bit off the beaten path of regulatory compliance. However, inasmuch as your concerns derive from providing business continuity initiatives to your fellow employees, I think it is important to set forth certain salient facts. I make no claim here to providing legal advice, and I am certainly not an expert in election law. If you have further questions, I suggest you contact the election authorities in the states where your employees vote.

Let me begin by restating your question, as follows: May a state legislature appoint a preferred slate of electors to override the will of the people after the election?

First, allow me to provide a brief overview. As you may know, the president is chosen by the Electoral College. The Electoral College consists of electors from each state. The Electoral College is established in Article II, Section 1 of the U.S. Constitution, and it was given specific procedures, as set forth in Article II, Section 1, Clause 3. But the Twelfth Amendment to the Constitution replaced the initial procedures with the procedures for electing the president and the vice president, which essentially provided for separate votes for president and vice president, and specified that those individuals must be from different states.

The term “Electoral College” is found nowhere in the Constitution.[i] The body or entity that is called the Electoral College meets every four years exclusively to elect the president and vice president. Currently, there are 538 electors. A majority of at least 270 electoral votes wins. Article II, Section 1, Clause 2 of the Constitution provides that each state legislature is required to determine how electors for that state are to be chosen. Any person holding a federal office, either elected or appointed, is disqualified from being an elector.

The Constitution gives Congress the choice of when presidential electors must be appointed. It gives state legislatures the power to choose the manner of appointing them. In carrying out these constitutionally delegated powers, Congress designated Election Day as “the Tuesday after the first Monday in November.” For more than a century, all states have selected their electors based on the popular vote.

Although the power to choose the manner in which electors are appointed means that state legislatures theoretically could reclaim the ability to appoint electors directly before Election Day,[ii] they may not substitute their judgment for the will of the people by directly appointing their preferred slate of electors after Election Day. Nor may they use delays in counting ballots or resolving election disputes as a pretext for usurping the popular vote.[iii] Doing so would violate federal law and undermine fundamental democratic norms, and it could also jeopardize a state’s entitlement to have Congress defer to its chosen slate of electors. I will return to counting ballots and disputes shortly.

Although it may seem that we are voting directly for the president and vice president, when we cast our votes for president, in reality we do not do so directly. Instead, we vote for electors who then choose the president and vice president. This process is governed by provisions in the U.S. Constitution and federal and state laws.

Secondly, the Constitution provides that each state must appoint its slate of electors for president “in such Manner as the Legislature thereof may direct.”[iv] The legislature in each state, therefore, receives a power called “plenary power” to determine how the state will select its electors.[v] The electors chosen by each state must “meet in their respective states and vote by ballot for President and Vice President,” then transmit lists of all their votes to the President of the Senate for counting “in the presence of the Senate and House of Representatives.”[vi]

While the Constitution gives states, through their legislatures, the power to choose the manner for appointing electors, it delegates to Congress the power “to determine the time of chusing (sic) Electors.”[vii] The Constitution, in turn, provides that all states must appoint their electors on the “Tuesday after the first Monday in November, in every fourth year succeeding every election of a President and Vice President” – which falls on November 3rd this year.[viii]

That November day is widely known to Americans as Election Day.

Thirdly, when a state has held an election, the legislation may not substitute its judgment for the will of the people. To do so would be an instance of a state legislature usurping the popular vote, which would violate federal law.

Once a state has held an election, a state legislature’s post-Election Day appointment of its own preferred slate of electors not only would contravene this fundamental democratic norm, it would also violate federal law requiring that all states must appoint their electors on Election Day (viz., the “Tuesday after the first Monday in November, in every fourth year succeeding every election of a President and Vice President”).[ix]

Furthermore, a state legislature’s attempt to substitute its preferred electors for those chosen through a popular election held pursuant to state law would also deprive the state of protections in federal law that require Congress to honor the state’s chosen electors. Indeed, the Electoral Count Act (“ECA”) includes a “safe harbor” provision that treats as “conclusive” a state’s chosen slate of electors if two criteria are satisfied:

(1) the electors must be chosen under laws enacted prior to Election Day, and

(2) the selection process, including the final resolution of any disputes, must be completed at least six days prior to the meetings of the electors.[x]

This year, the ECA “safe harbor” deadline is December 8, 2020.

A post-Election Day appointment of a state legislature’s preferred slate of electors would almost always deviate from the legal process for appointing electors established by the state prior to Election Day, with the possible exception of North Carolina.[xi] Although the ECA’s “safe harbor” criteria are not mandatory, the consequences of failing to adhere to them are significant. Losing the “safe harbor” protection leaves Congress to decide which electors to count from a state, without mandatory deference to the preferences of either the state’s voters or legislature.[xii]

Fourthly, a state legislature substituting its preferences for the will of the voters raises several Constitutional concerns. To be sure, a state legislature’s post-Election Day substitution of its own preferences for those of voters raises constitutional concerns.[xiii] The Supreme Court has explained that “[w]hen the state legislature vests the right to vote for President in its people, the right to vote as the legislature has prescribed is fundamental,” and is subject to constitutional due process and equal protection guarantees.[xiv]

The due process clause, in particular, protects citizens’ reasonable reliance on the expectation under state law that they will be able to meaningfully exercise their fundamental right to vote.[xv] Even though this due process interest has most commonly been recognized in the context of protecting economic interests or preventing the retroactive application of punitive laws, “the principle is broad enough to encompass changes in voting rules that inappropriately unsettle reasonable expectations concerning the operation of the voting process,” as a post-Election Day legislative usurpation of the popular vote would surely do.[xvi]

Finally, it would take an extraordinary, virtually unprecedented, systemic failure in the election procedures that far exceed mere election delays and disputes to justify a state legislature’s intervention. Congress exercises its authority to decide when states must appoint their electors by designating a uniform federal Election Day. By the way, that does not mean that states cannot allow for early or absentee voting, of course, as all do in some form. In any event, pursuant to the ECA, the election must be held (and the casting of votes generally must be completed) on Election Day. There is a single, narrow exception to that statutory mandate which provides that where a “State has held an election for the purpose of choosing electors, and has failed to make a choice on the day prescribed by law,” the state’s electors may be appointed on a later date “in such a manner as the legislature of such State may direct.”[xvii]