Digital Mortgage Comparison Platforms

QUESTION 

We are a large mortgage lender that puts its listing on a website aggregator. We are one of many lenders that are on their website. They even put themselves on their website, which competes with our listing. The aggregator generates leads for us. We compensate this online lead generator for advertising our rates and loan products. 

Although the online aggregator provides information about our company and other companies, it does not do any business with us other than advertise our rates and products – although it does provide a page about how customers rate our services – and it’s not involved in making loans, loan approvals, credit screening, or making loans. 

Essentially, their role just involves collecting information about potential customers and passing it on to us. We then contact the customer. We’ve been with them for a while; however, now we’re getting complaints. And recently, the CFPB seems to be looking into these types of aggregators. We are concerned that we may get caught up in the CFPB’s investigation. 

Maybe you can shed some light on the CFPB’s investigation into online lead-generating platforms like the one we’re on. Supposedly, the customers can compare rates and products and choose a lender.

What is the CFPB’s position on these online platforms that generate leads by online aggregators? 

ANSWER 

From time to time, we are contacted by these types of lead generators. We’ve provided quite a bit of regulatory guidance in this area. We worked with one such company recently. Early on, we noted RESPA violations. Instead of wanting to fix the compliance challenges, they decided not to change anything, thereby exposing themselves to excessively high legal and regulatory risk. At that point, we terminated the relationship. 

Listen, those who know me know I do not tolerate companies that want to mess with legal and regulatory compliance. Our motto is Creating a Culture of Compliance, and we take our mission seriously. We work with the smallest of the small and the largest of the large, and our goal is to ensure that a client stays compliant. Don’t expect to retain us if you’re looking for ways to skirt regulatory compliance. 

Technically, the term for the online lead generator that aggregates lenders’ products, services, and rates is Digital Mortgage Comparison-Shopping Platforms.   

The CFPB issued an Advisory Opinion on February 7^th detailing the implications for companies that operate online mortgage and settlement service comparison platforms and the lenders and service providers who pay to be featured on such platforms.[i] More about that momentarily. 

The CFPB is using HUD’s 1996 Policy Statement, which is focused on digital platforms that allowed consumers to comparison shop for settlement services.[ii] HUD called these platforms “computer loan origination systems” or “CLOs.” The CLO Policy Statement was issued back when HUD had substantive authority over RESPA before that authority was transferred to CFPB in Dodd-Frank.

It is probably best to view the Advisory Opinion as a warning to market participants of specific conduct that the CFPB believes may violate RESPA. It may be that the Advisory Opinion will manifest in the form of enforcement activities. 

The main subject of the Advisory Opinion is the conduct in the operations of online comparison platforms that it refers to as “non-neutral.” That term harks back to the CLO Policy Statement. By “non-neutral,” the CFPB means listing provider names or information in a way that singles out or prefers one lender over another for reasons other than neutral criteria, such as an interest rate for a potentially available loan. The legal segue is that the CFPB is stating that such non-neutral presentations can affirmatively influence the selection of the favored provider. An example of such preference could be the preference in rankings of positioning of a lender on the first page of selection results. 

The CFPB states[iii] its position regarding RESPA violations involving online mortgage comparison platforms in these two descriptions:

 

1) Presenting one or more service providers in a non-neutral way:

 

The platform’s operator presents lenders based on extracted referral payments rather than the shopper’s personal data or preferences or other objective criteria. For example, the operator presents a lender as the best option because that lender pays the highest referral fee. However, the shopper is led to believe the lender was selected based on their shared personal data or preferences. In one variation, digital mortgage comparison-shopping platforms may receive payments from lenders to rotate them as the top presented option regardless of whether the highlighted lender is the best fit for the shopper.

 

2) Biasing the platform’s internal formula to favor preferred providers:

 

The platform’s inputs or formula are manipulated to generate comparison options favoring higher-paying or preferred providers. For example, a platform’s formula is designed to steer shoppers to use providers in which the operator has a financial stake. In this case, the shopper is unaware that the platform’s formula was potentially designed to steer them away from non-preferred providers.

The summary section of the Advisory Opinion asserts an outline that infers that online comparison platforms receive an illegal referral payment in violation of Section 8 of RESPA when the following three factors are all present: 

1.   The platform non-neutrally uses or presents information about one or more settlement service providers participating on the platform;

2.   That non-neutral use or presentation of information has the effect of steering the consumer to use, or otherwise affirmatively influences the selection of, those settlement service providers, thus constituting referral activity; and

3.   The platform receives a payment or other thing of value that is, at least in part, for that referral activity.

The CFPB discusses many different examples of types of conduct that would constitute either a RESPA violation or potential evidence of one (at least in the CFPB’s view). 

It’s worth noting that the CFPB’s Director Chopra issued an accompanying statement that warned the Advisory Opinion is “part of a broader all-of-government effort to end the illegal biasing of ostensibly neutral platforms.” I think we can construe that enforcement implications are prevalent. 

With respect to the CFPB’s investigations reaching you, as a lender that puts its listing on a digital platform, there are two types of entities directly affected by the Advisory Opinion: (1) the operators of online comparison platforms and (2) the mortgage lenders who use them to advertise and generate consumer leads. 

In my view, there are at least three essential concerns: 

1.       What information is being presented to consumers? 

2.       How is it being presented? 

3.       What payments are flowing from lenders to the platform operator?

The Advisory Opinion extensively discusses how a RESPA violation may occur in these arrangements, and determining a RESPA violation will depend on the facts and case-by-case analyses. That said, some of the examples of RESPA violations mentioned in the Advisory Opinion are views seemingly fashioned without the benefits of notice-and-comment rulemaking. For instance, it may be putting the cart before the horse to opine on what customers of online comparison platforms want from the lead generator service or whether they expect that information will be “non-neutral” in all instances. 

This gets us to the potential problem of a lender paying compensation to be listed as a “sponsored” or “featured” provider. The CFPB appears to suggests that RESPA may be violated even where every lender pays the same compensation to the platform operator, if the information provided has the effect of steering a consumer to a particular lender. 

The HUD 1996 Policy Statement mentions that the presentation of only a single lender as a lender option may be problematic. However, the Advisory Opinion does not offer guidance on how this could be affected by scenarios where only one available provider meets the consumer’s needs or stated preferences. Yet, there is theory, and there is practice, and in practice, there is the existing mortgage market, where, absent guidance, uncertainty ensues. 

Then there is the matter of “warm handoffs.” That is the term describing the sequence wherein a platform operator facilitates direct contact between a consumer and a particular lender. Warm handoffs can be problematic if the identification of the lender is not based on non-neutral criteria. Yet again, there is not much guidance in the Advisory Opinion on what is a “non-neutral” selection in this context and when and how a handoff becomes a “warm handoff.” Is it non-neutral for the lender’s selection to be based on its speed of response? Is it non-neutral to be based on the available loan product meeting all of the consumer’s identified criteria? We need substantive guidance to know what is a warm handoff and, from the view of regulatory risk, what response could cause a RESPA violation. 

Some mortgage comparison platforms do not disclose their arrangements in a way that the customer can easily read them. Sometimes, the disclosures are found by clicking on a site map or footer link to find them. This is a marketing ploy, a workaround, where disclosure is provided but not readily seen. But an online comparison platform should provide clear and conspicuous disclosure of how it uses and presents participating lenders’ information. Whatever the case, however, these disclosures by themselves do not prevent a RESPA section 8 violation. 

Thus, even if an online comparison platform clearly discloses to a consumer exactly how lenders are ranked or presented, the CFPB may still view it as a RESPA violation if the presentation or ranking methodology is not conducted in a sufficiently “neutral” manner. 

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 

Lenders Compliance Group

---

[i] Real Estate Settlement Procedures Act (Regulation X); Digital Mortgage Comparison-Shopping Platforms and Related Payments to Operators, Advisory Opinion, 12 CFR Part 1024, Bureau of Consumer Financial Protection. https://files.consumerfinance.gov/f/documents/cfpb_respa-advisory-opinion-on-online-mortgage-comparison-shopping-tools_2023-02.pdf

[ii] RESPA Statement of Policy 1996–1, Regarding Computer Loan Origination Systems (CLOs), HUD, 61 FR 29255 (June 7, 1996). The HUD CLO Policy Statement was issued as part of a broader set of HUD regulations and interpretations that addressed employer-to-employee payments. See 61 FR 29238 (June 7, 1996). Because some of these regulations and interpretations were never finalized, see 61 FR 58472 (Nov. 15, 1996), certain aspects of the HUD CLO Policy Statement not relevant to this Advisory Opinion—for example, section 4, addressing “Payments of Commissions or Bonuses to Employees”—were not made effective by HUD and would not be applied by the CFPB. 

[iii] CFPB Issues Guidance to Protect Mortgage Borrowers from Pay-to-Play Digital Comparison-Shopping Platforms, (Financial arrangements that influence or manipulate search results are illegal), Press Release, February 7, 2023, Consumer Financial Protection Bureau https://www.consumerfinance.gov/about-us/newsroom/cfpb-issues-guidance-to-protect-mortgage-borrowers-from-pay-to-play-digital-comparison-shopping-platforms/

Risqué Advertising

QUESTION

Our Compliance Manager was contacted by the state banking department over an advertisement that, to quote them, was in “poor taste” and was close to violating UDAAP issues. The advertisement may be a little risqué, but I can’t find anything in it that is really in “poor taste.” 

And, anyway, as the marketing manager, I was taught that UDAAP violations involve misleading the consumer in various ways. But “poor taste” was not on that list! Is the banking department now becoming an art critic? 

I want to know how an advertisement can wind up in “poor taste” in a way that we get in trouble for a UDAAP violation. 

What causes a banking department to complain about an advertisement with some risqué elements? 

ANSWER

You included an image of your advertisement. I believe the banking department was kind in saying it is in poor taste. 

Your advertisement is not merely risqué, which can be indelicate, insensitive, and even provocative, but also gross, indecent, salacious, and ribald. Your advertisement falls into the latter description. You should be grateful that the banking department only called and didn’t write you up. 

Maybe you need to revisit your advertising manual. Your manual should require that all advertising be true, honest, in good taste, and not misleading. Note the emphasis on “good taste.” 

Although you are the marketing manager, each staff member who plays a part in preparing advertising has the responsibility to see that all advertising conforms to your advertising policies and other standards. 

I will provide certain guidelines but do not take them as comprehensive. Most states and the federal government have adopted statutes or regulations prohibiting unfair or deceptive advertising. These often are called “unfair and deceptive acts and practices” (UDAP) or “unfair, deceptive and abusive acts and practices” (UDAAP) laws. 

There is much more to evaluating an advertisement for potential UDAAP violations than just focusing on misleading content or inappropriate images.   

Here’s a list of nine rules that should be outlined in your advertising manual and handed out to everyone in the advertising process flow. 

1. Advertising copy should not have a tendency or capacity to deceive, even if no one would be expected actually to rely on the statements made. The safest approach is to avoid any statement or information that might be perceived as stretching the truth. You do not want to mislead the public, and you do not want your customers or potential customers to think you are in any way trying to “pull a fast one.” 

2. You should review each statement in your advertising to be absolutely sure members of the public are not likely to be deceived by it. You should consider the advertising from the viewpoint of a trusting consumer who does not know much about your products and services. If your advertising is challenged in court by someone who claims it was misleading, the court might find the advertising unfair or deceptive even if it does not have the tendency or capacity to deceive everyone. In fact, it might be considered unfair or deceptive if it even has a tendency to deceive only a small portion (such as, say, 10 percent) of the public. 

3. If advertising is directed toward a particular group, you should carefully review the ad from the perspective of that group. 

4. You should ensure your advertising is not false or deceptive and should investigate and verify its accuracy. 

5. You should review the total impression given by the advertising. Even if everything in your advertising is true, the advertising might be considered deceptive if true statements are combined deceptively. 

6. Whenever advertising states a benefit, it should describe any conditions that must be satisfied to obtain the benefit. For example, advertising copy that mentions low initial payments for a graduated payment mortgage loan also should mention the higher payments in later years and any required subsidy. 

7. You should not rely on other language, such as fine print, to qualify a possibly misleading statement. Instead, you should delete the possibly misleading statement. 

8. Advertising should not fail to disclose a material fact. This is particularly true when a consumer is likely to assume something that is not correct. 

9. Advertising should avoid any statement that could be interpreted in more than one way. 

You must be able to substantiate any factual claim you make in your advertising. For example, if you state that your rates are competitive, you must be prepared to prove the statement is true by producing documents that compare your rates to the rates offered by your competitors during the period of time you claimed your rates were competitive.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 

Lenders Compliance Group

Imposter Robocalls

QUESTION

Our regulator has referred our company to the FTC. The problem began with a consumer complaint about the telemarketer. We had unwittingly hired a company that does robocalls. We didn’t even know they did robocalls. We thought they were doing live telemarketing for us. 

That company is now facing FTC action because they impersonated themselves as providing debt reduction. We are now apparently swept up in this situation, even though we did not hire the company for debt reduction marketing. 

We just terminated the robocall company. But the damage is done. Now our regulator and the FTC are doing an investigation. They are digging into every marketing program, complaint, telemarketing strategy, marketing script, policy, procedure, and media initiative. 

If we had known how much of this impersonating is going on, we could have avoided this robocall company or at least made sure our third-party vendor approval process would have included procedures to evaluate such risks. 

Maybe you could share some information about these impersonators so that others do not fall into a mess like ours. 

How much impersonation is happening by marketers?

What can my institution do to protect itself? 

ANSWER

Impersonation is amongst the highest complaints to the Federal Trade Commission (FTC). Technically, this type of contact with the public is called “imposter calls.” One of the access points the FTC utilizes for collecting data on imposter calls is the National Do Not Call Registry, known by its acronym “DNC.” 

The DNC, active for fourteen years, lets the public add their phone number to their database, thereby choosing not to receive telemarketing calls. It has nearly 250 million phone numbers registered.[i] You might be interested to know that complaints relating to imposter calls top the list, weighing in at almost 287,000 complaints in FY 2022.[ii] 

The imposters run the gamut, from posing as Social Security Administration representatives to the IRS, to legitimate business entities and their affiliates. As to robocalls, which are prerecorded messages, the FTC received 1.8 million complaints in FY 2022. Complaints older than five years are purged biannually. The five states with the most complaints are Delaware, Ohio, Arizona, Maryland, and Virginia.[iii] 

Drilling down a bit, imposter robocalls constituted 209,000 complaints. The scammers take advantage of Voice over Internet Protocol (VoIP), a technology more and more in use these days, because VoIP allows them to make a high volume of calls. 

Since you had retained a telemarketing firm, you should know that telemarketers and sellers must remove numbers added to the DNC Registry from their call lists at least every 31 days.[iv] But how does your institution know that this is being done? My guess is that you simply do not know if the telemarketer is complying with the requirement to remove numbers. However, there are means and methods available to determine if a certain level of compliance is taking place. 

Now, as to the broader question of your predicament, if a company violates the Do Not Call rules, consumers can report the call to the FTC online or by calling a toll-free number.[v] Law enforcement officials review these complaints, as well as consumer registration and telemarketer access information, through a resource called the Consumer Sentinel Network[vi], which is an online database maintained by the FTC.[vii] 

Unfortunately for your institution, your regulator has brought its concerns to the FTC, and the FTC is currently working to investigate. Ultimately, as you surmise, you should have due diligence protocol to ensure vendor management includes a thorough review of the risks associated with using telemarketers. Get your vendor management policies and procedures in shape, and keep them current with cites to the FTC’s daily complaint data. 

In the situation you find yourself in, those imposter robocalls are impersonating debt reduction enterprises. But you can’t wiggle away from the investigation because your firm has actually retained the telemarketers, albeit for a different purpose. 

You do not say if there was a consumer complaint to the FTC about your institution itself. However, if you have a record of using telemarketers, or even if you have used the telemarketer just once, part of the FTC investigation might include a probe into how pervasive the telemarketer has conducted illicit activity. You are likely not the only institution caught up in the investigation. Implementing strong vendor management compliance is possibly the best way to avoid this debacle from happening again.

Jonathan Foxx, Ph.D., MBA

Chairman & Managing Director
Lenders Compliance Group

---

[i] Do Not Call, Data Book 2022, Federal Trade Commission, November 2022.

[ii] Ibid. FY 2022 Complaints by Topic, National Do Not Call Registry, Compliant Figures for the Year

[iii] The FTC offers interactive data dashboards and data files. These can be accessed online at www.ftc.gov/reports/national-do-not-call-registry-data-book-fiscal-year-2022.  

[iv] Organizations can access the DNC Registry at www.telemarketing.donotcall.gov.  

[v]  For the online consumer complaint line, visit www.donotcall.gov. Consumer calls are handled at 888-382-1222.

[vi] Daily complaint data is available at www.ftc.gov/data.

[vii] About Sentinel, visit www.ftc.gov/sentinel. Law enforcement personnel may join Sentinel at www.register.consumersentinel.gov.

Artificial Intelligence Benefits and Risks

QUESTION

There has been a lot of news these days about AI. Recently, a Fintech firm pitched us on using their AI platform to enhance our customer services. They also offer many other AI services. Frankly, I am “old school.” I am suspicious of all this technology coming in and taking the place of humans. 

Our president, however, is very into tech and gadgets. He wants to use AI for credit decisions, risk management, and even cybersecurity. Our AML officer has climbed aboard the AI bandwagon and wants to use AI to flag potential SAR filings. 

I head up customer services. The human factor is what I know, and it works well. I need somebody to ease my aching mind about all these AI services. And that “somebody” is going to be you. A lot of people in the company read your newsletter. We like your straightforward approach. 

Here are our questions: 

How is AI used in mortgage banking operations? 

What are the risks of using AI in banks and nonbanks? 

ANSWER

Thank you for your kind words. I will always have a soft spot for the people in customer service, the unit you head. That’s because customer service is often the first contact a consumer has with a company. How communication is handled can make a big difference between a friendly business relationship and a consumer complaint. Consumer complaints risk damaging reputation and loss of business and can cause a lot of legal and regulatory havoc. 

Artificial Intelligence, known by its acronym “AI,” is with us to stay. I’m going to provide a few of the ways that financial institutions are using AI. The five banking agencies (viz., OCC, FRB, FDIC, CFPB, and NCUA) have reviewed AI use for a few years, including machine learning. My sense is that the agencies are receptive to AI innovation, with the caveat that companies ensure that the AI identifies and manages risks associated with AI use. 

I count at least six areas where banks and nonbanks are using AI. 

Using Artificial Intelligence

1. Flagging Unusual Transactions 

Many institutions use AI to identify potentially suspicious, anomalous, or outlier transactions (i.e., fraud detection and financial crime monitoring). This involves using different forms of data (i.e., email text, audio data), both structured, systematically organized or arranged,  and unstructured). The aim is to identify fraud or anomalous transactions with greater accuracy and timeliness. It also includes identifying transactions for Bank Secrecy Act/Anti-Money Laundering investigations, monitoring employees for improper practices, and detecting data anomalies. 

2. Personalization of Customer Services 

Institutions are using AI technologies to improve the customer experience and to gain efficiencies, thereby better managing the allocation of financial resources. An example would be voice recognition and Natural Language Processing (NLP), which generally refers to the use of computers to understand or analyze natural language text or speech. 

Another example is the use of chatbots. The term “chatbot” may be new to you. Generally, it refers to a software application used to conduct an online chat conversation via text or text-to-speech instead of providing direct contact with a live human agent. The chatbot automates routine customer interactions, including account opening activities and general customer inquiries. Chatbots are used in call centers to process and triage customer calls to provide customized service. In fact, some institutions are using chatbot technology to target marketing better and customize certain responses and recommendations. 

3. Credit Decisions 

Some institutions use AI to inform credit decisions to enhance or supplement existing techniques. This implementation of AI uses traditional data or “alternative data,” which is information not typically found in the consumer’s credit files of the nationwide consumer reporting agencies or customarily provided by consumers as part of credit applications. AI can enhance alternative data by providing cash flow transactional information from a bank account. 

4. Risk Management 

We have clients that use AI to augment risk management and control practices. For example, it can be used in credit analytics, where an AI program can complement and provide a check on another, more traditional credit model. Financial institutions may also use AI to enhance credit monitoring (including through early warning alerts), payment collections, loan restructuring and recovery, and loss forecasting. 

Sometimes, AI assists internal audit and independent risk management to increase the sample size (such as for testing), evaluate risk, and refer higher-risk issues to human analysts. AI may also be used in liquidity risk management. We have a client that uses AI for just such a purpose, seeking to enhance monitoring of market conditions or collateral management. 

5. Textual Analysis 

Textual analysis refers to using NLP (viz., natural language processing, supra) for handling unstructured data (generally text) and obtaining insights from that data or improving the efficiency of existing processes. Various applications include analysis of regulations, news flow, earnings reports, consumer complaints, analyst rating changes, and legal documents. 

6. Cybersecurity 

AI is being implemented in cybersecurity because financial institutions use it to detect threats and malicious activity, reveal attackers, identify compromised systems, and support threat mitigation. There are many examples worth noting, like real-time investigation of potential attacks, the use of behavior-based detection to collect network metadata, flagging and blocking of new ransomware and other malicious attacks, identifying compromised accounts and files involved in exfiltration, and deep forensic analysis of malicious files. 

So, it seems obvious that AI has the potential to provide more accurate, lower-cost, and faster underwriting, as well as expanded credit access for consumers who may not have obtained credit under traditional credit underwriting approaches. 

Risks of Artificial Intelligence

Notwithstanding the foregoing benefits, there are risks associated with AI, although it bears stating that many of the risks associated with using AI are not unique to AI. For instance, using AI could result in operational vulnerabilities, such as internal process or control breakdowns, cyber threats, and information technology lapses; nevertheless, these risks are also associated with the use of third parties, and various modeling risks, all of which could affect an institution’s safety and soundness. 

AI could create or increase consumer protection risks, such as risks of unlawful discrimination, violations relating to Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) under the Dodd-Frank Act, FTC’s UDAP rule (viz., unfair or deceptive acts or practices under the  FTC Act), or privacy concerns.