THE MOST COMPREHENSIVE MORTGAGE COMPLIANCE SOLUTIONS IN THE UNITED STATES.

LENDERS COMPLIANCE GROUP belongs to these National Organizations:

ABA | MBA | NAMB | AARMR | MISMO | ARMCP | ALTA | IIA | ACAMS | IAPP | MERSCORP

Thursday, July 28, 2022

Ex-Spouse’s Right to Cancel a Mortgage Loan

QUESTION

We have two refinance loans that the borrowers want to rescind. In each case, the borrowers had gone through a divorce and wanted to buy out their former spouses’ ownership by refinancing their primary residences. Each of them tried to rescind. But our attorneys said they couldn’t do a rescission because they were acquiring an interest in the property. They base their view on a Comment in TILA about an exemption to the “Right to Cancel.” 

I am the General Counsel and do not agree with that opinion. I read the Comment, and, frankly, our attorneys’ interpretation makes no sense. Their view seems to contradict the purpose of the Comment in the first place. I want your view. The borrowers are now threatening litigation. I respectfully request your response as soon as possible. 

Is there a right to cancel exemption for refinances of a joint owner’s interest? 

ANSWER

Given the urgency, we have prioritized this Mortgage FAQ. 

First, a few necessary points of order. 

For any credit transaction in which a security interest is or will be retained or acquired in a consumer’s principal dwelling, the Truth-in-Lending Act (TILA) gives each consumer residing in the dwelling whose ownership interest is or will be subject to the security interest the right to rescind the transaction (otherwise known as the “Right to Cancel”).[i] This right does not apply to transactions expressly exempted[ii] and for instances where the consumer has appropriately waived rescission.[iii] 

One exemption to the Right to Cancel applies to “residential mortgage transactions.” 

The applicable section of TILA[iv] defines the term “residential mortgage transaction” to mean 

“a transaction in which a mortgage, deed of trust, purchase money security interest arising under an installment sales contract, or equivalent consensual security interest is created or retained in [against, in the statutory version] the consumer’s principal dwelling to finance the acquisition or initial construction of that dwelling.” 

The term “residential mortgage transaction” is not limited to a first lien or equivalent security interest. The term includes junior security interest transactions when created or retained in the consumer’s principal dwelling to finance the acquisition or initial construction of that dwelling. 

Let’s look at the specific Commentary.[v] 

Comment 2(a)(24)-5 (“Comment”) offers additional guidance regarding what falls within the meaning of “residential mortgage transaction.” 

Here are the relevant parts: 

·       Acquisition. (My emphasis.) 

·       A residential mortgage transaction finances the acquisition of a consumer’s principal dwelling. The term does not include a transaction involving a consumer’s principal dwelling if the consumer had previously purchased and acquired some interest to the dwelling, even though the consumer had not acquired full legal title. 

·       Examples of new transactions involving a previously acquired dwelling include the financing of a balloon payment due under a land sale contract and an extension of credit made to a joint owner of property to buy out the other joint owner’s interest. In these instances, disclosures are not required under § 1026.18(q) (assumability policies). However, the rescission rules of §§ 1026.15 and 1026.23 do apply to these new transactions. 

·       In other cases, the disclosure and rescission rules do not apply. For example, where a buyer enters into a written agreement with the creditor holding the seller’s mortgage, allowing the buyer to assume the mortgage, if the buyer had previously purchased the property and agreed with the seller to make the mortgage payments, § 1026.20(b) does not apply (assumptions involving residential mortgages). 

In contemplating your question, I looked at several cases that might resolve the issue you are faced with. I believe I have found one, in particular, that is serviceable and supports your view! The recently adjudicated case, Suttle v. Calk[vi], is a recent decision by a federal district court in Illinois, where the litigation centered on a lender’s challenge to this Comment. 

In 2016, Suttle sought to resolve lingering issues from her 2013 divorce. Among other things, she wanted to buy her ex-husband’s interest in their marital home. She needed to provide the funds to the trustee overseeing the divorce proceeding to do so. Consequently, she decided to obtain a loan from Federal Savings Bank (“FSB”). 

About October 21, 2016, Suttle opened an account at FSB and began transferring funds to it. She ultimately transferred $417,000 to FSB. The parties disputed whether Suttle knew the funds would serve as collateral for the loan and she would not be able to access them. 

A few days later, on October 28, 2016, FSB wired $398,276.34 from Suttle’s account to the trustee. Several hours later, Suttle received a Note and Loan Agreement, which Suttle signed and sent to FSB later that evening. FSB did not provide Suttle with TILA disclosures, including a Notice of Right to Cancel. She ultimately received a 1-year bridge loan at an adjustable interest rate, secured by the $417,000 she had deposited, as well as a mortgage on her home. 

In the following months, Suttle and FSB discussed refinancing the bridge loan into a traditional mortgage loan. As part of that process, FSB required Suttle to provide tax returns for 2012 to 2015, which she did not do. Then, in February 2017, FSB informed Suttle that her refinancing application had been denied. 

Finally, on July 5, 2018, Suttle sent FSB a letter rescinding the loan. FSB did not respond. Suttle sued, in 2019, including TILA claims for failure to disclose and rescission. FSB responded that Suttle’s loan was a residential mortgage transaction exempt from TILA’s disclosure and rescission requirements. 

The court granted summary judgment to Suttle on her TILA claims! 

Because it was undisputed that FSB had to provide TILA disclosures, FSB’s only argument for avoiding TILA liability was that the Comment – which provides that the rescission exemption does not apply if the “consumer had previously purchased and acquired some interest to the dwelling” – is inconsistent and should be disregarded. 

Digging deeper, it appears that the court began its discussion of this issue by observing that it had to defer to an agency interpretation, such as the Comment, so long as it was consistent with the statute's general purpose and plain language. The court found the interpretation is consistent!

Friday, July 22, 2022

Nonpublic Personal Information: Lead Generation Minefield

QUESTION

We used a lead generator. We belatedly found out the lead generation company used nonpublic personal information. Our regulator picked up on it in an examination and cited us for violations for every single one of the leads. 

Our CEO fired the lead generator, even though they are big and highly recommended. But now we’re forced to deal with the regulator doing special monitoring as well as the penalties. 

I am an associate in the compliance department. Our Compliance Manager asked me to write you for some advice on how we can go about distinguishing between a customer’s nonpublic personal information and public information. We are revising our policy for lead generators. Your feedback would be really helpful. 

How do we distinguish between nonpublic personal information and public information? 

ANSWER 

Lead generation companies can be a regulatory minefield. Over the years, we have been approached by lead generation companies to offer guidance. Many of these companies do not operate with sufficient regulatory scrutiny. They fly under the radar, grabbing customer information from many obvious and not-so-obvious sources. 

The Gramm-Leach-Bliley Act (GLBA) governs an institution’s distribution of nonpublic personal information (“NPI”) related to consumers. If the information is considered nonpublic personal information, distributing that information to third parties is subject to the GLBA. Information not deemed nonpublic personal information is not subject to GLBA and may be used without regard to the restriction. 

I published an article on this topic a few years ago, entitled The Lead Generation Company: Managing the Risks. Go ahead and download it here. The article offers quite a lot of solid information, including my Four Rules for lead generation marketing. It also provides my Three Concerns about online lead generation companies. I give tips on an institution’s policy and procedures and how to plan for a regulator’s visit. 

Also, request a presentation of our Privacy Tune-up, which evaluates GLBA compliance.

If you use a lead generation company, I suggest you contact a competent compliance professional. There are just too many pitfalls, regulatory traps, and exceedingly high compliance and legal risks to viewing lead generation as a mere marketing matter. 

Let’s start with the concept of Nonpublic Personal Information.[i] There are essentially two interlocking definitions: 

·    Personally identifiable financial information, and 

·    Any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived using any personally identifiable financial information. 

This definition does not include any publicly available information. 

I will discuss consumer lists momentarily. First, however, let’s review essential terminology. 

The term “personally identifiable financial information” is broadly interpreted.[ii] What is considered personally identifiable financial information includes information: 

·    Provided by a consumer to the institution to obtain a financial product or service from the institution when applying for a financial product or service; 

·    About a consumer resulting from transactions between the institution and the consumer involving a financial product or service; and 

·    Otherwise obtained about a consumer in connection with a financial product or service. 

For instance, the following information about a consumer is personally identifiable financial information: 

·    Information that a consumer provides on an application to obtain a loan, credit card, insurance, or other financial product or service, including, among other things, medical information; 

·    Account balance information, payment history, overdraft history, and credit or debit card purchase information; 

·    The fact that an individual is or has been a customer or has obtained a financial product or service from the institution, unless that fact is derived using only publicly available information, such as government real estate records or bankruptcy records; 

·    Other information about a consumer if disclosed in a manner that indicates the individual is or has been a customer of the institution (such as a list of consumers who have loans or deposit accounts with the institution); 

·    Any information provided by a consumer or otherwise obtained by the institution or an agent of the institution in connection with collecting on a loan or servicing a loan; 

·    Any information the institution collects through an Internet cookie (an information-collecting device from a web server); and 

·    Information from a consumer report (i.e., a credit report or other report subject to the FCRA). 

In other words, virtually all the information a financial institution has about consumers with whom it does business is personally identifiable financial information under the applicable rule, including the fact that the consumer even conducts business with the institution. 

The only type of information that would not be considered personally identifiable financial information would be whatever information the institution would obtain outside the relationship involving a financial product or service. For instance, personally identifiable financial information does not include: 

·    A list of names and addresses of customers of an entity that is not a financial institution, such as a magazine subscription list, and 

·    Information that does not identify a consumer, such as aggregate information or blind data that does not contain personal identifiers like account numbers, names, or addresses. (An example of this would be something similar to the Home Mortgage Disclosure Act (HMDA) data available to the public. The HMDA list contains a substantial amount of specific information about individual consumer mortgage loans, but it identifies individual loans by random numbers rather than by name, loan number, social security number, and so forth.)

Thursday, July 14, 2022

Working and Originating Remotely

QUESTION 

Most of our employees and loan officers work remotely. Since the pandemic, this is the way it has been, and management supports remote work. 

In our recent state examination, our examiner cited us for not having a written remote policy for employees and loan officers. 

We drafted a policy quickly, but they were not thrilled with our expectations for loan officers, especially when they work from unlicensed locations. They thought it was too “convoluted.”

The examiner wants us to get it down to just a few requirements. That’s in addition to the requirements for all the other employees. 

What are the essential expectations of a loan officer working remotely? 

ANSWER

I gather by “essential,” you mean just a few requirements. With regards to loan officers, I think revising your policy to a few key expectations is possible. 

Many banking departments are asking to review remote employee policies. Obviously, this interest got onto their radar during the pandemic. But it really does pre-date the pandemic by several years. 

Years ago, we drafted a Remote Employee Policy. It has been revised several times due to changes in regulations and, of course, the pandemic. If you want information about it, ask for it HERE. 

Originating mortgages has changed substantially from the days of paper applications and heavy reliance on brick-and-mortar locations. The advancement of technology and the Internet have made it possible for consumers to connect with mortgage personnel from virtually any location and to securely transmit information allowing for remote interaction rather than the traditional face-to-face meetings of days past. 

Consequently, financial institutions were already trending toward a more mobile and remote workforce when the COVID-19 pandemic forced them to consider remote work options. 

Indeed, because of COVID-19, many states temporarily allowed loan originators and other employees to work remotely from their homes or other unlicensed locations for the sake of reducing the spread of the virus. As noted below, I advise against any attempt to originate loans from “unlicensed locations.”

In response to the increasing teleworking numbers, the financial institutions and state regulators began to examine whether allowing originators and others to work from home or other unlicensed locations should become a permanent option as companies start to exit the confines of the COVID-19 pandemic. 

The ability to work from home has become a salient issue for employers and regulators, and adopting policies that protect consumers is a consideration in deciding whether working from home should become a permanent option. 

Banking departments expect financial institutions to set forth Best Practices when permitting employees of state-licensed residential mortgage lenders to work from unlicensed homes or other locations. However, each state banking department makes its own decision. Knowing your state’s guidelines for remote work is critical to complying with applicable statutes.

Remote Work – Four Basic Essentials 

Given the reality of working remotely, I suggest four essential and compelling requirements that must be included in your policy, giving you the regulator’s point of view. Keep in mind that the list should act as a foundation upon which you may build a comprehensive plan. 

One 

A mortgage loan originator should not be allowed to meet consumers at the originator’s home unless the home is licensed as a branch location. 

Two 

There must be systems in place to ensure that data security and privacy requirements are met regardless of where the company’s personnel are working. 

Three 

The financial institution responsible for sponsoring the loan officer must sufficiently supervise the mortgage loan origination activities conducted from any locations, whether a licensed location, unlicensed home, or other location. 

Four 

Documents must be available at a licensed location in the United States so that regulators can examine the mortgage lending activities. 

A final note. We have found that state agencies and businesses have been receptive to remote work. Generally, the view seems to be that loan officers and others can work at home safely and effectively if a financial institution provides systems that, among other things, protect consumer privacy and ensure regulatory compliance. 

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director
Lenders Compliance Group

Thursday, July 7, 2022

There’s Nothing Permanent Except Change

QUESTION 

You have written about something called “change management.” When I first read it, I thought it was some kind of a joke. I know we’re highly regulated, but how can you make us change our management? Then I read on, and I guess it’s no joke. 

Apparently, change management is a thing. It has to do with managing change, not changing management. That was the extent of my interest until an examiner asked for our change management policy. Say what? 

Anyway, we scrambled and put one together. The examiner accepted it. Problem solved. But maybe not. It is missing something I would dearly like to have: a checklist! I want a basic checklist for change management. 

Can you provide a checklist for change management? 

ANSWER 

As Lao Tzu said, ‘if you do not change direction, you may end up where you are heading.’ 

Yes, change management is about managing change. 

But would you know change if you encountered it? 

Would you recognize change after the change has already happened? 

Can you anticipate how to manage change if you realize its necessity? 

As the title of this article says, quoting Heraclitus, “there’s nothing permanent except change.” Are you ready for it? 

Change management is a method for providing an infrastructure to support and sustain change throughout multiple phases. Broadly speaking, it is based on achieving desired business results. If you are a financial institution, you will experience pressure from regulators, borrowers, shareholders, and investors to improve your business continuously. 

Although you don’t need pressure to manage change, it does tend to focus the mind! These pressures tend to lead toward initiating a wide range of company projects, including minor targeted updates, process enhancements, large complex system implementations, and significant business process adjustments and strategic initiatives. 

To the extent that a company standardizes its process and project management practices – the two prongs of change management – there should be improved optimization of organizational processes and mitigation of project failure risks. 

So, I will provide checklists for the two components: process management and project management. I will finish with a high-level, self-assessment checklist, which should be required for senior management and governance objectives. If you want a free copy of these checklists, request it HERE.

Process Management – Checklist

A centralized repository for all policies and procedures.

A dedicated group oversees processes, systems, and policy changes.

Key processes (i.e., policies, procedures, and support documents) are evaluated for completeness and accuracy. 

Key processes (i.e., policies, procedures, and support documents) are evaluated for current revisions.

Regular quality assurance reviews are conducted to ensure the actual performance of employee work processes is consistent with process flows and descriptions.

A change management tool to manage and track process updates. For instance, a standard policy/procedure template across the organization.

Staff responsible for the change management process is well trained or has the necessary skills to perform these functions.

Change management methodology that includes:

Business ownership and governance responsibilities.

An impact analysis before process changes are implemented.

Communication of new or revised processes to impacted business units or areas.

A process that ensures policies, procedures, and processes are updated to reflect remediated control deficiencies.

A procedure for approving new or revised processes.

A procedure for managing and introducing process revisions.

Identification of training based on creating or updating policies and procedures.

Validation of new or revised policies and procedures prior to implementation.

Established controls are in place to ensure the change management methodology is applied consistently between individuals and work groups.

Project Management – Checklist 

Project management tool to track and manage projects.

Project management tracking reports.

Regular project tracking/inventory reports that are communicated to stakeholders. 

Project management methodology that includes:

Communication of project goals and status.

Milestone reviews and approvals.

Identification and mitigation of project risk.

Identification of stakeholders.

Change control documentation.

Escalation process for projects/steps determined to be off track.

Documentation of lessons learned.

Projects across the organization are managed under a central group.

Staff responsible for managing projects is trained and qualified to perform the function.

Finally, here’s a checklist that senior management should review.

Self Assessment Checklist

Description of the prospective change.

Input from stakeholders.

Formal change plan.

Identification of resources and data to be used. 

Communication strategy.

Review of budget risks associated with the change.

If you want a free copy of these checklists, request it HERE.

Jonathan Foxx, Ph.D., MBA

Chairman & Managing Director
Lenders Compliance Group