TOPICS

Thursday, April 27, 2023

Appraisal Compliance – Required Procedures

QUESTION 

We revised our appraisal management policy. Our banking department told us it should include both required and Best Practices. We do not know much about the Best Practices involved in appraisal management. 

Last year we got approved by Fannie Mae, and yesterday we received their MORA letter to come here and do an audit. I think we're unprepared for the appraisal management policies and procedures. 

Our main concern involves the required procedures. We appreciate your response. Thank you! 

What are some required appraisal management procedures for an appraisal management policy? 

ANSWER 

Your Appraisal Management policy and its references to Appraiser Independence Requirements (AIR) should contain a checklist to support your self-assessment. I will provide a responsive but not necessarily comprehensive reply because these aspects of appraisal compliance are somewhat vast. You can contact me here to discuss your concerns or retain us to review your Appraisal Management policy. 

Indeed, it is the case that many state banking departments and the GSEs expect companies to conduct self-assessments. If you've been following my articles, hopefully, you have noted my descriptions of the importance of these self-assessments. 

There are many required self-assessment criteria relating to appraisal compliance. When we conduct an Appraiser Tune-up®, we consider these criteria. We also consider many recommended or Best Practices criteria in our evaluation. Required assessments and Best Practices should be part of your Appraisal Management and AIR initiatives. 

I am offering an outline below; however, depending on a financial institution's size, complexity, and risk profile, the list may need to contain many more processes. 

Required Review Criteria for Appraisal Compliance 

·      Qualified appraisers and appraisal management companies (AMC) should be selected according to GSE guidelines – essentially, the industry standard. 

·      Sales and loan production employees should be restricted from the appraisal process (i.e., ordering appraisals and communicating with the appraiser). 

·      Be sure to have "firewalls" in place to ensure no employee, director, agent of your company, or any third party acting on behalf of your company influences the ordering, development, reporting, result, or review of an appraisal through coercion, extortion, collusion, compensation, inducement, intimidation, bribery, or in any other manner. Review these actions with counsel if unsure of what legally constitutes them. Include examples, as needed. 

·      If you are a wholesale lender, implement controls to prevent the mortgage broker from selecting from an approved appraiser AMC list. 

·      At least annually, AMC and appraiser lists should be reviewed for credentials and licensing. 

·      Include a process flow regarding AIR to manage appraisal assignment distribution properly. 

·      Be sure there is a systemic means to provide a copy of the appraisal to borrower(s). Alternatively, make sure there is a systemic means to get a signed waiver at least three days before closing. And, be sure there is a systemic means to ordering transferred conventional appraisals in adherence to AIR. 

·      Before ordering the appraisal, be sure that the assigned appraiser has the active credentials and appropriate license level to complete appraisal assignments based on the complexity and transaction amount, among other things. 

·      Appraisers should evince sound reasoning and provide evidence to support the methodology chosen to develop the value opinion; therefore, there should be a procedure to ensure such oversight, particularly in cases not explicitly covered by GSE guidelines. 

·      Before the loan delivery, priority procedures should be established for appraisals to be successfully submitted to the GSE portals (i.e., to Fannie Mae through the Uniform Collateral Data Portal (UCDP)). 

·      Continually evaluate the appraiser's work through the quality control process. 

·      A dedicated staff should be designated to be responsible for appraisal quality. 

·      If you use an AMC, an oversight process must be implemented to monitor the outcomes of the work produced. All defects should be noted and cured. 

·      Compare potential new appraisers to an in-house exclusionary list, other investor exclusionary lists, and, for instance, Fannie Mae’s Appraiser Quality Monitoring (AQM) list. (The AQM list  includes appraisers whose work is subject to 100% post-acquisition review or is no longer accepted by Fannie Mae.) If you encounter appraiser misconduct, you should refer the matter to the applicable state appraiser certifying and licensing agency or other relevant regulatory bodies. 

·      Report fraudulent appraisal practices to the Mortgage Asset Research Institute (MARI), the GSEs, The Appraisal Foundation, and state and/or local regulatory authorities. 

·      If you use Desktop Underwriter (DU), validate that the property condition has not materially changed in areas identified as disaster areas, and procedures should provide the requirements to resubmit loan case files to DU. 

·      Pay attention to high risk scores, escalating through a process to review appraisals with high Collateral Underwriter (CU) risk scores (viz., 4 or 5 on a scale of 1 to 5, with 5 being the riskiest)

Note: You must establish policies and procedures to ensure that loans - whether or not your financial institution originated them - are not secured by properties encumbered with a private transfer fee.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director
Lenders Compliance Group

Thursday, April 20, 2023

Safe Harbor Protection to Avoid Steering Violations

QUESTION 

I am the CEO of a Midwest mortgage lender. We are being sued in a class action alleging that we violated the steering prohibitions. They're claiming that we can’t use the safe harbor protection. Our General Counsel and outside counsel are fighting back. 

However, I would like your review, and I especially want other companies to know about their potential vulnerability. Since your newsletter is hugely followed, I hope you will provide the safe harbor elements to your readers. 

What are the elements of the safe harbor to avoid steering violations? 

ANSWER 

Although originators know the anti-steering disclosure and anti-steering requirements, many do not realize that there is a legal safe harbor. A transaction does not violate the steering prohibition if the consumer is presented with loan options that meet the conditions regarding the presentation of loan options. This applies to each type of transaction in which the consumer expressed an interest. 

Let’s clarify what I mean by “each type of transaction” for purposes of the safe harbor. 

These three criteria relate to the meaning of each type of transaction:[i] 

1. A loan has an annual percentage rate that cannot increase after consummation; 

2. A loan has an annual percentage rate that may increase after consummation; or 

3. A loan is a reverse mortgage transaction. 

Now, concerning the presentation of loan options, there are three dispositive factors. 

I will outline the factors because they can be a bit complex. 

The transaction satisfies the safe harbor only if the loan originator presents loan options for each type of transaction in which the consumer expressed an interest and all of the following conditions are met:

 

1. The loan originator must obtain loan options from a significant number of creditors with which the originator regularly does business and, for each type of transaction in which the consumer expressed an interest, must present the consumer with the loan options that include:

 

a. The loan with the lowest interest rate;

 

b. The loan with the lowest interest rate without

                                           i. negative amortization,

                                          ii. a prepayment penalty,

                                         iii. interest-only payments,

                                         iv. a balloon payment in the first seven years of the life of the loan,

                                          v. a demand feature,

                                         vi. shared equity, or

                                        vii. shared appreciation; or

                                       viii. in the case of a reverse mortgage transaction,

A. a loan without a prepayment penalty, or

B. shared equity, or

C. shared appreciation; and

                                        ix. The loan with the lowest total dollar amount for origination points or fees and discounts points;

 

2. The loan originator must have a good faith belief that the options presented to the consumer are loans for which the consumer likely qualifies; and

 

3. For each type of transaction, if the originator presents more than three loans to the consumer, the originator must highlight the loans that satisfy the criteria specified in item 1 above.[ii]

 

Note: The loan originator can present fewer than three loans and satisfy the safe harbor conditions if the loan(s) presented to the consumer satisfy the criteria of the options set forth above in item 1 and the conditions in items 1 to 3 are otherwise met.[iii]

Jonathan Foxx, Ph.D., MBA 

Chairman & Managing Director
Lenders Compliance Group


[i] 75 FR 58,509, 58,534, codified in 12 CFR § 226.36(e)(2)

[ii] 75 FR 58,509, 58534, codified in 12 CFR § 226.36(e)(3)

[iii] 75 FR 58,509, 58534, codified in 12 CFR § 226.36(e)(4)


Thursday, April 13, 2023

Material Interference in UDAAP

QUESTION 

We are a small mortgage lender in the Midwest. Our compliance department consists of only me. Our legal support is an outside attorney. Last week we received the report from our banking department about their recent examination. Their report claimed that our marketing campaign led to "material interference" and, therefore, was a UDAAP violation. 

Their whole gripe is about them saying we "omitted" some details in our marketing to mislead potential borrowers. First of all, it's not true that we left out details! Secondly, even if we did omit details, it wasn't intentional, and I don't see how they can prove we intended to leave them out. 

Our attorney asked me to write you. I was a little shy, but my CEO said I should write you. We hope you can shed some light on how we wound up with this violation. 

How does intent get factored into a material interference violation? 

What is the meaning of "material interference" in UDAAP? 

ANSWER 

Please be assured that you should never be shy about writing me. My firm and I are devoted to the mortgage community, and these newsletters are one of the ways we can serve and participate. 

Let's take a quick look at what constitutes an abusive act or practice, as described by the Consumer Financial Protection Act (CFPA) in its guidelines relating to UDAAP (viz., Unfair, Deceptive, or Abusive Acts or Practices). 

Generally, UDAAP violations are triggered if a company[i] 

(1) obscures important features of a product or service, or 

(2) leverages certain circumstances to take an unreasonable advantage. 

Broadly stated, UDAAP allegations result from concerns over gaps in understanding, unequal bargaining power, and consumer reliance on information.[ii] 

Two critical analytical elements build on the foregoing criteria in alleging a UDAAP violation: (a) material interference and (b) unreasonable advantage. 

Material inference is the ability of a consumer to understand a term or condition of a consumer financial product. I'll elaborate further on this element in a moment. 

Unreasonable advantage is more nuanced. It consists of three parts, all or any of which can cause a UDAAP violation. Unreasonable advantage happens when the following situations exist:[iii] 

1. There is a lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service. 

2. The consumer has the inability to protect the consumer's interests in selecting or using a consumer financial product or service. 

3. When the consumer reasonably relies on a company to act in the consumer's interests. 

An act or practice only needs to fall into one of the categories above to be abusive, but an act or practice could fall into more than one category. 

Turning to your questions, we'll discuss intent concerning material interference, and then we'll discuss the meaning of material interference in UDAAP 

How does intent get factored into a material interference violation? 

Intent is not a required element to show material inference. Although evidence of intent would provide a basis for inferring material interference, it is not necessary to show material interference. 

It is reasonable to infer that an act or omission materially interferes with a consumer's ability to understand a term or condition when a company intends it to interfere. This view has become enshrined in a policy statement from the Federal Trade Commission, as follows: 

When evidence exists that a seller intended to make an implied claim, the Commission will infer materiality.[iv] [Emphasis added.] 

From this policy position, a sort of domino effect may take place. Material interference can be established with evidence that the act's or omission's natural consequence would impede a consumer's ability to understand. And then material interference can be shown with evidence that the act or omission did in fact impede a consumer's actual understanding. 

Put otherwise, UDAAP prohibitions occur where an entity "materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service."[v] 

What is the meaning of "material interference" in UDAAP? 

UDAAP has its very own "sins of commission and omission." The former involves acts or practices, and the latter omits essential terms or conditions of a financial product or service. Indeed, both "sins" can occur simultaneously. 

Material interference may, among other things, include actions or omissions that obscure, withhold, de-emphasize, render confusing, or hide information relevant to the ability of a consumer to understand terms and conditions. Interference takes numerous forms, including buried disclosures, physical or digital interference, overshadowing, and various other means of manipulating a consumer's understanding. 

For instance, concerning buried disclosures – what sometimes is referred to as "fine print" disclosure – these disclosures are designed to limit a consumer's comprehension of a term or condition, including, but not limited to, through the use of fine print, complex language, jargon, or the timing of the disclosure.[vi] Entities can also interfere with understanding by omitting material terms or conditions.[vii] 

Physical interference happens when any physical conduct impedes a consumer's ability to see, hear, or understand the terms and conditions, including, but not limited to, physically hiding or withholding notices.[viii] 

Digital interference impedes a consumer's ability to see, hear, or understand the terms and conditions when presented to someone in an electronic or virtual format. This form of interference includes, but is not limited to, user interface and user experience manipulations – such as the use of pop-up or drop-down boxes, multiple click-throughs, or other actions or "dark patterns" that have the effect of making the terms and conditions materially less accessible or salient.[ix] 

Overshadowing happens when the prominent placement of certain content, such as an opt-in form, interferes with comprehending other content, such as a form that provides terms and conditions.[x] For instance, overshadowing happens when a consumer's ability to consider the contents of a terms and conditions disclosure is overshadowed by the consumer's attention being directed by focusing on an opt-in disclosure (or some other disclosure). 

As to other means of material interference aimed at manipulating a consumer's understanding, there are many ways. Amongst them are excluding important (i.e., material) terms. Certain transaction terms are so consequential that if they are not conveyed to a consumer prominently, clearly, and unambiguously, it may be reasonable to presume that the entity has engaged in acts or omissions that materially interfere with a consumer's ability to understand. That information includes, but is not limited to, pricing or costs, limitations on the consumer’s ability to use or benefit from the product or service, and contractually specified consequences of default. 

Another means to manipulate a consumer’s understanding is where an entity’s provision of a product or service may interfere with the consumer’s ability to understand if the product or service is so complicated that material information about it cannot be sufficiently explained or if the entity’s business model functions in a manner that is inconsistent with its product’s or service’s apparent terms. 


Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 
Lenders Compliance Group


[i] By “company,” I am referring to covered persons, service providers, and persons that provide substantial assistance to abusive conduct by a covered person or service provider as ‘‘entity’’ or ‘‘entities.’’

[ii] See § 1031(d)(2), Consumer Financial Protection Act (CFPA). Section 1031 of the Dodd-Frank Act (DFA). Note: The principles of “unfair” and “deceptive” practices in the DFA are similar to those under Section 5 of the Federal Trade Commission Act (FTC Act). The Federal Trade Commission (FTC) and federal banking regulators have applied these standards through case law, official policy statements, guidance, examination procedures, and enforcement actions that may inform Consumer Financial Protection Bureau. For the purposes of this article, my outline abbreviates some statutory requirements.

[iii] Idem § 1031(d); 12 U.S.C. 5531(d)

[iv] Policy Statement on Deception at 5, Federal Trade Commission

[v] CFPA § 1031(d)(1); 12 U.S.C. 5531(d)(1)

[vi] See TD Bank, N.A., File No. 2020–BCFP–0007, at 16–20, August 20, 2020

[vii] See TMX Finance LLC, File No. 2016–CFPB–0022, at 6, September 26, 2016

[viii] See Complaint at 6, 18–19, CFPB v. All American Check Cashing, Inc., No. 3:16–cv–00356, S.D. Miss. May 11, 2016

[ix] “Dark Patterns” has been discussed in detail in Bringing Dark Patterns to Light, FTC Staff Report, September 2022

[x] See First Amended Complaint at 12–13, 26–27, CFPB v. TCF National Bank, No. 17–cv– 00166, D. Minn. March 1, 2017. See also CFPB v. TCF Nat’l Bank, No. 17–cv–00166, 2017 WL 6211033, at *2–3, D. Minn. Sept. 8, 2017

Thursday, April 6, 2023

Risk Ratings of the Compliance Management System

QUESTION 

We have retained your firm for several of your Compliance Tune-ups. It has been amazing to find out the strengths and weaknesses of our departments and the implementation of regulatory compliance. We began with the CMS Tune-up almost two years ago, which told us how strong our Compliance Management System was in real time. Your risk ratings gave us a way to gauge our risk. 

As the Compliance Officer and General Counsel, I've come to appreciate that certain elements reflect a strong Compliance Management System. We are now planning another CMS Tune-up to see how effectively we have improved overall since the last CMS Tune-up. 

I understand the features of the Compliance Management System. What I would like to zero in on is the core elements themselves, the ones that are the foundation on which the CMS edifice sits. 

What are the core elements of a strong Compliance Management System? 

ANSWER 

When we developed and pioneered the CMS Tune-up® seven years ago, our goal was to provide a way for financial institutions to respond to the CFPB's position regarding the Compliance Management System (CMS). The Bureau found that there were

 

"… one or more situations in which an effective CMS was lacking across the financial institution's entire consumer financial portfolio, or in which the financial institution failed to adopt and follow comprehensive internal policies and procedures." 

So, our goal was to identify the strengths and weaknesses of a financial institution's Compliance Management System. We wanted to provide a cost-effective tool to evaluate five areas of interest to determine if a company: 

1.   Establishes its compliance responsibilities;

2.   Communicates those responsibilities to employees;

3.   Ensures that responsibilities for meeting legal and regulatory requirements, and internal policies, are incorporated into business processes;

4.   Reviews operations to ensure responsibilities are effectuated, with legal requirements met; and

5.   Takes corrective action and updates tools, systems, and materials as necessary. 

In the CMS Tune-up®, we assess whether an effective CMS accomplishes these four interdependent control components: 

1.   Board and management oversight;

2.   Compliance program;

3.   Response to consumer complaints; and

4.   Compliance audit. 

When all four control components are strong and well-coordinated, a financial institution should successfully manage its compliance responsibilities and risks. Bringing the analytics together can be extrapolated into an overall risk rating of the Compliance Management System. 

In fact, the Federal Financial Institutions Examination Council (FFIEC) endeavored to provide a compliance risk rating system all the way back in 2016.[i] FFIEC called it the CC Rating System. 

Our firm believes that providing risk ratings offers a financial institution the means to measure its compliance with rules; laws; regulations; guidelines; Best Practices; policy and procedure requirements; federal, state, and investor expectations. Each review in the Compliance Tune-up® series provides an independent risk rating defined and fully disclosed in our reports. 

___________________________________________________



The Compliance Tune-up® is an exclusive review
provided by Lenders Compliance Group.
If you want information about the Compliance Tune-up® series, 
please contact us HERE.

___________________________________________________

Our risk rating system consists of five levels of risk, based on an institution's size, complexity, and risk profile. Risk Rating 1 is the strongest; Risk Rating 5 is the weakest. Generally, depending on the category subject to review, a 1-rating is strong, a 2-rating is satisfactory, a 3-rating is deficient, a 4-rating is seriously deficient, and a 5-rating is critically deficient. We support our risk ratings by providing the appropriate citations and review analyses. Our reports contain recommendations and remediation guidance. 

Now, you put your finger on the importance of identifying the "core elements" on which rest risk ratings and evaluation of the strengths and weaknesses of the CMS. In my view, three fundamental elements secure the edifice of the Compliance Management System. 

The three elements of risk rating in evaluating a CMS are: 

1.       Change Management;

2.       Comprehending, identifying, and managing risk; and

3.       Corrective action and self-identification. 

Let's call this the Three "C" Approach to CMS Risk Rating. 

Change Management 

The first "C" stands for change management. The financial institution that receives our 1-rating is committed to a strong CMS that anticipates and responds promptly to changes in applicable laws and regulations, market conditions, and products and services offered. Management prepares for such changes by defining and providing examples of what constitutes a change, including new and changed vendor relationships and regulatory updates. To get our top rating, the company must demonstrate strong change management through proactive measures in advance of upcoming changes; for instance, management requires the compliance department and impacted business lines to review and approve changes before they take effect to ensure compliance with applicable consumer protection laws and regulations. 

Due diligence is an important activity in our risk rating because it should be conducted before product changes, taking into consideration the entire life cycle of a product or service, and conducting a post-implementation review to determine whether the actions taken have achieved the expected results. For example, as a part of its due diligence on a new product, the institution should develop and follow approval processes associated with implementing the new product and require a post-implementation review. 

Comprehending, Identifying, and Managing Risk 

The second "C" stands for comprehending, identifying, and managing risk. We give our 1-rating to financial institutions that evince a solid comprehension of risks, effectively identifies compliance risks, and actively manages those risks. Indeed, these institutions complete comprehensive risk assessments at established frequencies. 

In our experience, we have found that risk identification and evaluation processes generally become increasingly formal and extensive as an institution's size, complexity, and risk profile increase. For instance, an annual risk assessment may be appropriate for a small, non-complex institution. Completing a risk assessment at a large, complex institution may be an ongoing, collaborative effort among senior management, the compliance department, and the internal and external audit functions. 

Furthermore, institutions with a strong CMS maintain comprehensive risk assessments, including business lines, relevant rules and regulations, and a breakdown of associated inherent risk, risk controls, and residual risk. 

Corrective Action and Self-Identification 

The third "C" stands for corrective action and self-identification. In our view, a financial institution merits the 1-rating because it proactively identifies issues and promptly responds to compliance risk management deficiencies and violations. Such responsiveness invariably reflects a strong CMS. 

We have conducted a CMS Tune-up® that found the institution completed a root cause analysis of deficiencies and violations to ensure that remediation is timely, appropriate, and comprehensive. This is what proactive management does! An institution that completes a root cause analysis of a self-identified violation may find that written policies and procedures do not include sufficient information to ensure that staff complies with relevant regulatory requirements. Thus, the root cause analysis helps to inform appropriate and comprehensive remediation. 

Self-identification and self-assessment are reflections of proactive management. We often find that these institutions may also contact their primary regulator to determine whether their remediation efforts are sufficient. Consequently, we assign a 1-rating to institutions that proactively identify issues and promptly respond to deficiencies and violations, including remediation.

Jonathan Foxx, Ph.D., MBA

Chairman & Managing Director 
Lenders Compliance Group


[i] Uniform Interagency Consumer Compliance Rating System, Final Guidance, Federal Financial Institutions Examination Council, November 14, 2016, Federal Register, Vol. 81, No. 219, Notices