TOPICS

Thursday, April 28, 2022

Gagging the Customers

QUESTION

We are a mortgage broker in the Midwest. Our loan officers work hard for our borrowers. And we are dependent on our borrowers recommending us to friends and family. 

One of the ways we also get attention is on social media, such as Google. People who use us can give their comments about our service. Usually, we get fantastic recommendations from Google reviews. On Google, we usually get 4 or 5 stars! 

One of our former customers has given us a 1 star and said some pretty nasty things about us, none of which is true. Now the customer is putting negative reviews on other social media. We’ve tried to talk to her, but she hates our guts. 

We want to find a way to ban this person from telling lies about us and make her stop posting. I spoke with our attorney, and she told us to back off and move on. There must be something we can do. 

What can we do to stop a disgruntled customer from posting negative reviews about us? 

ANSWER

If you typically get 3, 4, or 5 stars, consider yourself fortunate to have such a good reputation. Ratings in that range are viewed as positive and bring several benefits, such as better search visibility and clickthrough rates, stronger brand trust and recognition, and reduced opportunity costs due to higher visibility. 

I understand your frustration. However, your attorney gave you good advice. 

There is a phrase for what you want to do. It is called suppressing consumer reviews. There are adverse consequences if you get caught. Some companies go so far as to manipulate consumer reviews. That is illegal. 

The Consumer Financial Protection Bureau (CFPB) has issued policy guidance on contractual “gag clauses” and fraud associated with fake reviews.[i] The guidance describes certain business practices related to customer reviews that are generally unlawful under the Consumer Financial Protection Act (CFPA). 

According to the CFPB, reviews of products and services help to promote fair, transparent, and competitive markets. However, when a company frustrates the ability of consumers to post honest reviews of the products and services used, those firms may be engaged in conduct prohibited by the CFPA. 

The CFPB’s guidelines describe certain business practices related to customer reviews that are generally unlawful under the CFPA, including: 

·       Contractual gag clauses. Banks and financial companies that include clauses in form contracts that forbid a consumer from posting an honest review may be engaged in unfair or deceptive practices; 

·       Fake reviews. Laundering fake reviews in ways that appear completely independent from the company to improve the company’s ratings may constitute a deceptive practice; and 

·       Review suppression or manipulation. Practices limiting the posting of negative reviews or manipulating reviews to trick or confuse customers may be unlawful. 

I do not think this is a hill you should die on. It’s not worth it! The CFPB regulates the CFPA’s requirements and will exercise its enforcement and supervisory authorities on this issue. 

Let me explain gag clauses and faked, suppressed, or manipulated customer reviews. 

Gag Clauses 

In 2016, Congress enacted the Consumer Review Fairness Act (CRFA). It became law in response to abuses by companies that restricted consumer reviews. As the statute’s legislative history explains, the wide availability of consumer reviews caused consumers to rely on them more heavily as credible indicators of product or service quality. 

But businesses didn’t want to get negative reviews for obvious reasons, so they sought to avoid negative reviews through form contract[ii] provisions with consumers that restrict such reviews. These provisions typically impose monetary or other penalties for publishing negative comments regarding providers’ services or products. The legislative history explains that these “gag clauses or non-disparagement clauses” are harmful to consumers. 

The CRFA protects covered communications. A covered communication is defined as 

“a written, oral, or pictorial review, performance assessment of, or other similar analysis of, including by electronic means, the goods, services, or conduct of a person by an individual who is party to a form contract with respect to which such person is also a party.” 

The CRFA provides, with limited exceptions, that “a provision of a form contract is void from the inception of such contract” if the provision: 

·     Prohibits or restricts the ability of an individual who is a party to the form contract to engage in a covered communication; 

·     Imposes a penalty or fee against an individual who is a party to the form contract for engaging in a covered communication; or 

·     Transfers or requires an individual who is a party to the form contract to transfer to any person any intellectual property rights in review or feedback content, with the exception of a nonexclusive license to use the content, that the individual may have in any otherwise lawful covered communication about such person or the goods or services provided by such person. 

Therefore, consistent with these principles, it would generally be deceptive to include a restriction on consumer reviews in a form contract, given that the restriction would be void under the CRFA. In addition, if a financial institution or service provider attempts to pressure a consumer to remove an already posted negative review by invoking a restriction on consumer reviews that is void under the CRFA, that would also generally be a deceptive act or practice. In other words, doing so would place the company in violation of UDAAP.

Friday, April 22, 2022

Servicing Quality Control – Missing in Action

QUESTION

We are a lender that is also a Master Servicer. We use a subservicer to handle our servicing. I was hired last month to manage the servicing platform. Our servicing volume is three billion at this time. Our company is on with Fannie Mae and Freddie Mac. We will be applying to Ginnie Mae at the beginning of next year. 

One of the first things I looked for was the servicing quality control reports. I was shocked that servicing quality control was not done – ever! I am panicking because we are applying to Ginnie Mae, and we also have never done servicing quality control to show Fannie and Freddie. On top of that, Fannie will be doing a MORA review in the next few months. 

What should we do to get current with servicing quality control? And, what are the requirements? Our CEO reads your articles, and I want to show him your response. 

ANSWER

First and foremost, you will need to go back at least twelve months, maybe longer, to get servicing quality control to the point that it is acceptable to the GSEs. Ginnie Mae will undoubtedly expect to receive the reports for the twelve months previous to the application’s formal commencement. 

The GSEs conduct their own performance tests. They will communicate any performance deficiencies noted to the servicer. But, the GSEs could elect to terminate a servicer’s right to service their mortgage loans, although the servicer will still have an opportunity to explain any mitigating circumstances or factors that justify the servicing actions it took or did not take, given the timeframe specified by the GSEs in their communication of the performance deficiencies. 

Servicing quality control is implemented for a variety of reasons, such as complying with insurer and guarantor requirements; proper servicing to private institutional investors; conforming to company policies and procedures; complying with applicable federal, state, and local laws and regulations; complying with HUD FHA guidelines; implementing quality control requirements for various types of loans (i.e., FHA, VA, USDA, conventional); meeting Fannie Mae, Freddie Mac, and specific investor requirements; and, meeting quality control guidelines appropriate to a Ginnie Mae Issuer. 

Furthermore, quality control servicing identifies inadequacies, errors, or abuses relating to particular persons or practices involved in the loan servicing process, which becomes an alert to initiate corrective action. And it helps to prevent fraud by evaluating, documenting, and monitoring the general quality of loans serviced, thereby expanding the scope of quality control reviews when fraudulent activity or patterns of deficiencies are identified. 

The evaluation of the actions the servicer takes in servicing the mortgage loans will focus primarily on determining whether the servicer took all of the appropriate steps to cure the delinquency and deficiency or avoid foreclosure and if foreclosure could not be avoided, confirming that the servicer completed the legal actions within the GSEs’ required timeframes. 

In all our years of providing servicing quality control, we find that some companies have been remiss in consistently conducting quality control of loan servicing. This baffles me, frankly. Sometimes, company representatives tell us they didn’t realize they should be performing quality control audits on their loan servicing. Not implementing servicing quality control is a substantive regulatory mistake. Once you recognize a mistake, you should fix it; problems propagate and lead to regulatory and investor actions if the error is not quickly resolved. 

Every Master Servicer should have a Servicing Quality Control Plan (“Plan”). It should provide detailed sections that include, though are not limited to: 

  • Assumptions
  • Borrower Contact
  • Collection & Loss Mitigation
  • Default System (i.e., SFDM)
  • Deficiency Identification
  • Delinquencies
  • Discretionary Reviews Criteria
  • Early Payment Defaults
  • Foreclosure
  • Loans in Default
  • Loss Mitigation
  • Maintenance
  • Methodology
  • Notification Requirements
  • Payoffs
  • Quality Control Auditor Information
  • Quality Control Parameters
  • Record Keeping
  • Reporting
  • Responsibilities and Authorities
  • Risk Categories
  • Risks and Ratings
  • Selection and Timing
  • Selection by Loan Type
  • Servicing Review Timeframes
  • Servicing Standards
  • Servicing Transfer
  • System Integrity
  • Taxes, Insurance, Escrow Administration
  • Third-Party Auditor Information
  • Timeliness and Frequency

I could go on, but hopefully, you get the point! Depending on the size, complexity, and risk profile of the financial institution, more sections would be needed. You must have a Plan that adequately provides the audit guidelines. If you want more information about our Servicing Quality Control Plan or Servicing Audits, please ask for it HERE

The Plan should be sufficient in scope to enable the company to evaluate the accuracy, compliance, and consumer protection within loan servicing operations. It should also provide independent evaluation, separated from the required operational functions. 

Monthly quality control of your loan servicing – whether single-family or multi-family – is a critical obligation. It is an essential requirement of your relationship with investors. If you are not conducting servicing quality control, you are bucking for an adverse rating from the GSEs. Without sequential monthly reports for servicing quality control, a Ginnie Mae Issuer application will be dead in the water.

Thursday, April 14, 2022

Romance Gone Awry: A Tale of AML and Negligence

QUESTIONS 

We sometimes report unusual transfers of deposits and payments to FinCEN when they are not typical for the account holder. However, every once in a while, we have to prevent wire transfers if we believe there is fraud or other potentially criminal activity. 

Our concern is not only about the filing of the SAR. Sometimes we don’t. Recently, we got a complaint from the account holder because we stopped the transfer due to issues involving the unusual payments going out of the account. He has retained a lawyer and threatened us with a lawsuit. 

Eventually, we resolved the situation. But that leaves open the possibility of being sued again by somebody else for the same efforts we have made to protect the account holder. We’re protecting their interests! It feels like we’re damned if we do and damned if we don’t. 

What happens if we were right all along in protecting the account holder? 

ANSWER 

There are a variety of claims that can be made in the scenario you pose. Perhaps somewhere on the list would be a negligence claim. And I think I have just the right case for you to consider. It involves Anti-Money Laundering (AML) requirements, a negligence claim, and romance. Stay with me! I’ll explain. 

It was in early 2018 that Patricia O’Rourke, a recently divorced 64-year-old who had banked with PNC for many years, enrolled with the online dating service “Plenty of Fish.” In this dating service, she began to cultivate a virtual relationship with an individual identifying himself as “William Riccardo.” Riccardo represented to O’Rourke that he was a doctor in the military stationed in Afghanistan and would be returning to the United States for good following the end of his mission. 

After gaining O’Rourke’s trust, Riccardo told her that he acquired five million dollars worth of “gifts” while in Afghanistan but was having trouble facilitating their transfer to the U.S. because of the sudden death of the lawyer who handled all of his financial interests. At this point, Riccardo began soliciting monetary transfers from O’Rourke under the guise of eventually freeing up the alleged five million dollars of “gifts.” 

She trusted him and agreed to help. Soon thereafter, she received one request after another from him for funds needed to transfer the package. At Riccardo’s request and direction, O’Rourke paid various persons and companies. The payments totaled $246,600. Of that sum, $75,000 was transferred through PNC Bank. 

O’Rourke alleged that she tried on three separate occasions to wire funds from her PNC account, but each time the bank suspected she was “being abused by someone committing a fraud upon her” and declined to wire the funds. But after these refusals, the bank let O’Rourke draw a cashier’s check in the same amount she had sought to wire on those previous occasions. 

The drawing of the cashier’s check was the basis of her negligence claim against PNC. O’Rourke alleged that PNC’s refusals to wire funds from her account demonstrated the bank knew that she was being defrauded and had a duty to investigate and warn her. 

Thus, the lawsuit O’Rourke v. PNC Bank[i], a Delaware case. In her suit, plaintiff O’Rourke alleged PNC violated “the Banking Law and Regulations,” specifically, the Bank Secrecy Act” (BSA). PNC had not filed a Suspicious Activity Report (SAR). PNC responded by filing a Motion to Dismiss the Complaint, arguing that the BSA does not provide the plaintiff a private right of action. In response, O’Rourke then filed a First Amended Complaint; however, the only difference between the Complaint and the First Amended Complaint was an alteration to the only count in which PNC was implicated, to wit, a substituted negligence claim for the failed BSA claim. PNC moved to dismiss that case. 

O’Rourke argued that PNC “provides a government related service to individuals and at all times it owes to those individuals it serves a duty of reasonable care,” which includes the obligation to take reasonable care when making payments from her account. She also asserted that, as a result of the bank’s knowledge of her banking history, practices, and its awareness of the types of fraud persons such as she was subjected to, once PNC acquired a reasonable suspicion that her requested wire transfers were for a fraudulent purpose, the bank owed her a duty to protect her from the malicious third party, which it failed to do. That’s quite an assertion, is it not? 

Specifically, she said that her negligence claim was premised on “the legal principle that when a party knows another is being abused, it cannot stand idly by and allow the abuse to occur and it certainly cannot aid the abuser, as PNC did here, by facilitating the withdrawal of her funds.” (sic) 

O’Rourke did not cite any authority supporting this purported “legal principle,” Judge Jan R. Jurden said. O’Rourke also alleged that, as a regulated banking entity, PNC had a duty to “follow Federal mandates designed to protect its depositors from the type of exploitation suffered by O’Rourke. 

PNC argued that the negligence claim was nothing more than an attempt to recast O’Rourke’s abandoned BSA claim. As such, it failed to state a claim because the BSA does not establish a standard of care. 

PNC maintained that O’Rourke fails to cite any cases that support the proposition that a bank can be held liable in negligence where the customer has fallen victim to a scam. The bank also asserted that, under Delaware law, a bank’s duty of care is preempted by the Uniform Commercial Code. And, even if the UCC did not preempt a common law negligence claim, the duty owed by PNC to O’Rourke was defined by her customer agreement. PNC contended that the customer agreement imposes no “duty to warn” on PNC. In point of fact, it expressly permits O’Rourke to withdraw her funds freely and states that it is O’Rourke’s “duty and responsibility to maintain [her account. . .”]. 

The judge wrote in the Court’s opinion that the issue was whether PNC owed O’Rourke a duty to investigate and thwart a “romance scheme” to which she fell victim. Barred from asserting her original BSA claim, O’Rourke then recast her claim as a common law negligence claim. The elements of a common law negligence claim are duty, breach, causation, and harm. The judge opined that if any one of these elements is missing, the claim cannot succeed. 

So, it seems quite clear that O’Rourke has not and cannot, based on the law, establish that the bank owed her a duty to stop her from drawing money from her account. The judge held that O’Rourke made numerous, uncited references to general duties (i.e., the “duty to warn” and “the legal principle that when a party knows another is being abused, it cannot stand idly by and allow the abuse to occur”) but failed to assert a cognizable legal duty applicable to PNC under the facts. 

Or, to put a fine point on it, quoting the judge: “While O’Rourke tries mightily to save her claim, she cannot.” 

As pleaded, the bank’s purported liability to her was still based upon the BSA and PNC’s alleged failure to file a Suspicious Activity Report. In the absence of viable allegations of an applicable duty of care, the plaintiff’s negligence claim against PNC could not survive. As a result, PNC Bank’s Motion to Dismiss the plaintiff Amended Complaint was granted.

The court dismissed O’Rourke’s negligence action against the bank because the customer had not and could not establish that the bank owed her a duty to stop her from drawing money from her account.

Ah, "love goes by haps; some Cupid kills with arrows, some with traps!" 
- Shakespeare, Much Ado About Nothing  

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 
Lenders Compliance Group


[i] O’Rourke v. PNC Bank, 2022 Del. Super. (Del. Sup. Ct. February 15, 2022)

Thursday, April 7, 2022

ECOA Self-Tests

QUESTION

Our regulator suggested that we do a self-test of our ECOA Regulation B compliance. 

We originate loans in 24 states. Also, we have a multi-billion dollar servicing portfolio. 

As the Compliance Officer and General Counsel, I believe there are legal privileges relating to the work product derived from a self-test. However, I can’t find much information about such privilege or whether it also applies to self-correction too. 

We are voluntarily conducting the ECOA self-test to ensure compliance with fair lending requirements, among other things. We have done fair lending reviews previously; however, we believe that conducting ECOA self-test and self-correction reviews would provide additional legal protection. 

What is the legal privilege provided by conducting ECOA self-tests? 

ANSWER

In 1996, amendments were made to the ECOA and the Fair Housing Act (FHA) as part of the Economic Growth and Regulatory Paperwork Reduction Act of 1996. These provisions create a legal privilege for information developed by creditors through voluntary self-tests conducted to determine the level or effectiveness of their compliance with the ECOA and the FHA, provided that appropriate corrective action is taken to address any possible violations discovered. 

To elucidate further, a government agency may not obtain privileged information for use in an examination or investigation relating to compliance with the ECOA or the FHA, or by a government agency or credit applicant in any proceeding in which a violation of the ECOA or the FHA is alleged. The 1996 act also provides a challenge to a creditor’s claim of privilege may be filed in any court or administrative law proceeding with appropriate jurisdiction. 

The privilege, therefore, serves as an incentive by assuring that evidence of discrimination voluntarily produced by a self-test will not be used against a creditor, provided the creditor takes appropriate corrective actions for any discrimination that is found. 

Consider using our ECOA Tune-up as a tool to review your Regulation B compliance. It will help you gain an overall readout of your ECOA implementation. 

Regulations implementing the self-test privilege were adopted under the ECOA as section 1002.15 of Regulation B,[i] and the same was done for the FHA provisions. The rules are virtually the same for both, with the primary difference being the scope of the two laws. 

Under the rules, a self-test is defined as 

any program, practice, or study designed and specifically used to determine the extent or effectiveness of a creditor’s compliance with the ECOA or the FHA, if that program, practice, or study creates data or factual information that cannot be derived from loan or application files or other records related to credit transactions. 

This definition of self-test includes, but is not limited to, the practice of using fictitious applicants for credit (i.e., testers). 

A creditor also may develop and use other methods of generating information that is not available in loan and application files, for example, by surveying mortgage loan applicants to assess whether applications were processed appropriately. 

However, there is a fundamental distinction: the definition does not include creditor reviews and evaluations of loan and application files, either with or without statistical analysis. Therefore, the self-test privilege does not protect any analysis or review of loan and application files. 

Appropriate corrective action is required for the privilege to apply when the self-test shows that it is more likely than not that a violation occurred – even though no violation has been formally adjudicated. That said, taking corrective action is not an admission that a violation occurred. 

The lender must take corrective action that is reasonably likely to remedy the cause and effect of a likely violation by:

·       Identifying the policies or practices that are the likely cause of the violation; and 

·       Assessing the extent and scope of any violation. 

Appropriate corrective action may include both prospective and remedial relief, except that to establish a privilege, the lender: 

·       Is not required to provide remedial relief to a tester used in a self-test;

·       Is only required to provide remedial relief to an applicant identified by the self-test as to one whose rights were more likely than not violated; and

·       Is not required to provide remedial relief to a particular applicant if the statute of limitations applicable to the violation expired before the creditor obtained the self-test results or the applicant is otherwise ineligible for such relief. 

The report or results of a self-test are not privileged if the lender or a person with lawful access to the report or results: 

·        Voluntarily discloses any part of the report or results, or any other information privileged under this section, to an applicant, government agency, or the public;

·        Discloses any part of the report or results, or any other information privileged under the self-test rules, as a defense to charges that the creditor has violated the act or regulation; or

·        Fails or is unable to produce written or recorded information about the self-test that must be retained under the rules when the information is needed to determine whether the privilege applies. (In general, self-tests and results must be retained for 25 months after completion.)

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 
Lenders Compliance Group


[i] 12 CFR 1002.15, § 6.14 Incentives for Self-Testing and Self-Correction