State and federal law enforcement agencies are now taking aim, on both the consumer protection and fraudulent loan securitizations fronts, at what they consider to be questionable practices by automobile lenders.

On the consumer protection front, the Consumer Financial Protection Bureau (CFPB) initially dipped a toe into this area through a bulletin in May 2013, claiming that lenders that offer auto loans through dealerships are responsible for unlawful, discriminatory pricing. According to the CFPB, the main culprits are indirect auto lenders that allow the dealer to charge a higher interest rate than the rate the lender offers the dealer, with the result that the lender shares a portion of this markup with the dealer. Under the Dodd Frank Act, such a practice would be illegal if it involved payments to mortgage brokers that sell their customers into higher rate mortgage loans. The auto lending industry, however, was not similarly regulated by Dodd Frank. The CFPB suggests it will seek to attack such practices in the auto loan industry as illegal discrimination if it finds that protected minorities have been charged higher rates as a result.

In September 2014, the CFPB proposed rules that would extend its supervision authority to the larger participants of the nonbank auto finance market. The proposal would allow the CFPB to supervise finance companies with respect to federal consumer financial laws if those companies make, acquire, or refinance 10,000 or more loans or leases in a year. The CFPB estimates 38 auto finance companies, which originate about 90 percent of nonbank auto loans and leases, would be subject to this new jurisdiction.

On the securitization front, subprime auto lender Consumer Portfolio Services disclosed earlier this month that it had received a subpoena from the U.S. Department of Justice (DOJ) requesting documents relating to its auto lending and securitization activities. In December 2014, Ally Financial Inc. had received a similar request from the DOJ, and in October, the Securities and Exchange Commission (SEC) began an investigation into Ally’s lending and securitization practices. GM Financial announced in November that it had received document requests from the SEC relating to its securitization practices. Santander Consumer USA Holdings Inc. announced in August that it also was under DOJ investigation, and in November the New York Department of Consumer Affairs announced that it was looking into Santander’s lending practices.

It appears that these investigations, which include potential criminal enforcement, are looking into whether these lenders are securitizing and packaging loans for sale to investors without ensuring the quality of loans or fully disclosing their risks. If so, this would suggest that they may be engaging in some of the same practices that were alleged against the mortgage industry. Those ultimately led to numerous settlements between prosecutors and many of the large mortgage lenders.

Auto loan quality and risks could be impacted by lending discrimination, failure to comply with consumer protection regulations, or lax underwriting standards. If these risks are not being appropriately disclosed to investors, auto lenders could face the same enforcement liability as were a number of the mortgage lenders.

The risks to the global economy of risky auto loan securitizations may not be as high as they were for mortgage loan securitizations, given that it is easier to repossess a car than it is to foreclose on a mortgage, and given the generally smaller dollar amounts involved. This time, however, it appears that federal regulators will not be waiting until an economic crash before attempting to address the problems the problems they suspect, and costly criminal and civil actions may be more aggressive and occur more quickly.

As we begin 2015, it is worth noting the various federal regulations that will or might take effect. This article summarizes the key regulations that took effect late in 2014, that will take effect in 2015, and that have at least some potential of taking effect in 2015. We focus here on those regulations directly impacting consumer financial services.

Rules Taking Effect in 2015 (and Late 2014)

Integrated Disclosures under the Real Estate Settlement Procedures Act (Regulation X) and Truth in Lending Act (Regulation Z)

Perhaps the most significant new consumer regulations to take effect in 2015 are the integrated disclosure regulations under the Real Estate Settlement Procedures Act (Regulation X) and Truth in Lending Act (Regulation Z) (the Final Integrated Disclosure Rule). Released on November 20, 2013, by the CFPB, the Final Integrated Disclosure Rule will be effective on August 1, 2015. 78 Fed.Reg. 79730, December 31, 2013. For loan applications received prior to August 1, 2015, the existing Regulation X and Regulation Z rules would apply and, for loan applications received on or after August 1, 2015, the new disclosure requirements would apply.

The Final Integrated Disclosure Rule consolidated the RESPA and TILA initial disclosures, and the RESPA and TILA loan closing disclosures for most closed-end consumer mortgage transactions, resulting in a single Loan Estimate disclosure and a single Closing Disclosure. The new rules do not apply to home equity lines of credit, reverse mortgages, or loans secured by a mobile home or other dwelling that is not attached to real property.

Countless articles and seminars have provided details of the Final Integrated Disclosure Rule, and vendors have stepped into the breach to provide the forms and systems needed to create new disclosures. This article therefore does not address the new Integrated Disclosure Rules in detail. However, a proposal issued on October 10, 2014, (the “October Proposal”) should be noted.

On May 6, 2014, the CFPB issued proposed amendments to the mortgage rules under the Truth in Lending Act (TILA) affecting Regulations Z and X.  The proposed amendments affect the small servicer/small creditor exceptions to the mortgage rules and the “Qualified Mortgage” determination.  The CFPB proposes to partially re-define who may qualify as a “small servicer” under § 1026.41 of Regulation Z (incorporated by cross reference in Regulation X), revise the scope of the nonprofit small creditor exemption from the ability-to-repay rule in § 1026.43(a)(3)(v)(D) of Regulation Z, and establish a limited cure procedure where a creditor inadvertently exceeds the “Qualified Mortgage” points and fees limits.

Amendment to the “Small Servicer” Definition:  The CFPB originally presumed that most nonprofits would qualify for the “small servicer” exemptions.  However, during implementation of the mortgage rules, the CFPB learned that certain nonprofits might not qualify as “small servicers” because they were part of a larger association of nonprofits that are separately incorporated but that may operate under mutual contractual obligations, share a charitable mission, and use a common name or trademark.  In order to save resources, such associations sometimes consolidate servicing activities, with one of the associated entities providing loan servicing to one or more others, for a fee.  Under current rules, such nonprofit servicers would not qualify for the “Small Servicer” exemptions because they service, for a fee, loans on behalf of a non-“affiliated” entity.  The CFPB proposes to amend the definition of “Small Servicer” so as not to exclude qualified nonprofit entities within such formal associations where certain requirements are met.  Related changes to the section’s formal comments are also proposed.

Both Banks and Their Vendors Must Pay Attention

Introduction

First there was the bulletin about third-party vendors issued by the Consumer Financial Protection Bureau (CFPB) in April 2012. Then it was the FFIEC’s guidance on IT service providers in October 2012.  Next came the FDIC’s September 2013 Financial Institution Letter about payment-processing relationships with high-risk merchants.  Then there was the news on October 30, 2013 about the OCC’s guidance on third-party relationships, followed shortly by the Federal Reserve Board’s guidance on managing outsourcing risks in December 2013.

Let’s face it. There has always been guidance and concern about banks and their relationships with third-party service providers. But in recent years it has become quite obvious that the bar has been raised on how banks relate to their third-party processors, program managers, and other service providers. These changes have occurred over time, by a matter of degrees. But it is increasingly plain that we are seeing a significant sea change in how regulators approach the relationships between banks and their third-party vendors. Examiners are digging deeper — especially into the content of bank contracts — and the scope of review is extending to more and more vendors.

In recent months, public commentary from some of the regulators has revealed even more clearly how this recent guidance will impact banks and their vendors. In this article we will describe the regulatory developments and provide some practical guidance as to what this will mean — not only for banks, but for their processors and other service providers.  (A print-friendly version is also available.)

Recent Regulatory Developments

Banks and other financial institutions have always been expected to choose their vendors carefully and to monitor the performance of those vendors. Most institutions have done a reasonably good job in this regard. However, recent regulatory publications and the focus of recent regulatory examinations and enforcement actions indicate that the standards and expectations are now much higher.

The CFPB issued a bulletin on April 13, 2012 regarding the use of service providers, accompanied by a press release stating, “CFPB to Hold Financial Institutions and their Service Providers Accountable.”  This bulletin, CFPB Bulletin 2012-03 (the CFPB Bulletin), states that the CFPB “expects supervised banks and nonbanks to oversee their business relationships with service providers in a manner that ensures compliance with Federal consumer financial law.” (emphasis added).

While the issue of vendor oversight and management is not new to the financial services industry, recent enforcement actions by the Office of the Comptroller of the Currency (OCC) and the Consumer Financial Protection Bureau (CFPB) manifest heightened attention by federal regulators.  A bank’s board of directors is required to remain vigilant to the hazards posed by outsourcing functions to third parties, or else risk significant financial and reputational harm to its institution.

Federal regulators traditionally have looked with an understanding, yet skeptical, eye towards the issue of outsourcing. Current guidance is clear, however, as to where the responsibility lies. As summarized by the Federal Deposit Insurance Corp. (FDIC) in FIL-44-2008, “An institution’s board of directors and senior management are ultimately responsible managing activities conducted through third-party relationships, and identifying and controlling the risks arising from such relationships, to the same extent as if the activity were handled within the institution.”

Meet the New Boss

Armed with its mandate by Title X of the Dodd-Frank Act to protect consumers, the CFPB entered the vendor management fray by issuing Bulletin 2012-03. Although the message contained in the bulletin was nearly identical to previously issued guidance by the OCC and FDIC, it did provide additional insight. First, the bulletin noted that Title X of Dodd-Frank provides a definition of a “service provider,” which includes “any person that provides a material service to a covered person in connection with the offering or provision by such covered person of a consumer financial product or service.” (Although the legislation did not specifically define the word material, bankers should assume such subjectivity will be interpreted broadly by federal regulators.)  Secondly, and more importantly, the bulletin provided banks a non-exhaustive list of “steps to ensure that their business arrangements with service providers do not present unwarranted risks to consumers,” which include:

• Conducting thorough due diligence to verify that the service provider understands and is capable of complying with federal consumer financial law;
• Requesting and reviewing the service provider’s policies, procedures, internal controls, and training materials to ensure that the service provider conducts appropriate training and oversight of employees or agents that have consumer contact or compliance responsibilities;
• Including in the contract with the service provider clear expectations about compliance, as well as appropriate and enforceable consequences for violating any compliance-related responsibilities, including engaging in unfair, deceptive, or abusive act or practices;
• Establishing internal controls and on-going monitoring to determine whether the service provider is complying with federal consumer financial law; and
• Taking prompt action to address fully any problems identified through the monitoring process, including terminating the relationship where appropriate.

Expect 2014 to be a banner year for enforcement actions under the Unfair or Deceptive Acts or Practices law (UDAP) and the new Unfair, Deceptive or Abusive Acts and Practices law (UDAAP).  While predicting regulatory trends can be difficult, we believe this to be a safe bet in light of the trends in 2013 and early indications in bank examinations already this year.

Below are some of the enforcement trends from last year and tips highlighting what can be done to reduce the risks of UDAP and UDAAP enforcement actions in 2014.

In 2013, the FDIC imposed civil money penalties against banks in 89 instances, 16 of which were for UDAP violations and many of those also required consumer restitution.  The only compliance area triggering more civil money penalties in 2013 was the Flood Disaster Protection Act, accounting for 27 of the 89 cases, which is roughly consistent with the percentages in that area since Katrina.

Prior to Dodd-Frank, Section 701(e) of the Equal Credit Opportunity Act provided that a loan applicant had the right to request copies of any appraisals used in connection with his or her application for mortgage credit.  Section 1474 of Dodd-Frank amended Section 701(e) to require that lenders affirmatively provide copies of appraisals and valuations to loan applicants at no additional cost and without requiring applicants to affirmatively request such copies.

The appraisal documentation must be provided to the loan applicant in a timely manner and no later than three days prior to the loan closing unless the applicant waives the timing requirement.  The lender must provide a copy of each written appraisal or valuation at no additional cost to the applicant, though the creditor may impose a reasonable fee on the applicant to reimburse the creditor for the cost of the appraisal.

In September of 2013 the Consumer Financial Protection Bureau adopted final regulations amending Regulation B to implement the statutory changes. The amendments to Regulation B went into effect on January 18, 2014. Among other things, the revised Regulation requires lenders to provide a notice to a loan applicant not later than the third business day after the creditor receives an application for credit that is to be secured by a first lien on a dwelling, a notice in writing of the applicant’s right to receive a copy of all written appraisals developed in connection with the application.

On November 20, 2013, the CFPB published the final rules required by the Dodd Frank Act to provide for integrated mortgage disclosures under the Real Estate Settlement Procedures Act (“RESPA”) and the Truth in Lending Act (“TILA”).  The new rules provide for two new forms of disclosure to replace the existing RESPA Good Faith Estimate and HUD-1 disclosures and the corresponding early and final TILA disclosures.

The first new form (the Loan Estimate) will provide disclosures to help consumers understand the key features, costs, and risks of the mortgage for which they are applying, and will replace the RESPA Good Faith Estimate and the “early” TILA mortgage disclosure form.  This form will be provided to consumers within three business days after they submit a loan application. The second form (the Closing Disclosure) combines the RESPA HUD-1 and final TILA disclosures regarding all of the costs of the loan transaction.  The Closing Disclosure will be provided to consumers three business days before they close on the loan.

The rules will take effect on August 1, 2015.  Watch this BankBryanCave.com site for more details over the coming weeks and months.  In the meantime, the CFPB’s publication, exceeding 1800 pages, is available on the CFPB’s website.

In January of 2013, the Consumer Financial Protection Bureau (“CFPB”) issued the new Mortgage Servicing Rules (the “Rules”), which go into effect on January 10, 2014.  The Rules establish extensive protections for borrowers, particularly delinquent borrowers who are facing foreclosure.

On October 15, 2013, the CFPB issued new guidance on the Rules in order to resolve certain issues of interpretation regarding servicer communications with borrowers.  The bulletin (CFPB Bulletin 2013-12) and interim final rule issued on October 15, 2013 clarify three main issues: (1) how mortgage servicers should communicate with family members of a deceased borrower; (2) how mortgage servicers should contact delinquent borrowers under the Early Intervention Rule; and (3) how certain provisions of the Rules interact with the “cease communications” requirement of the Fair Debt Collection Practices Act.

1. Communications with Family Members of a Deceased Borrower

The Rules require mortgage servicers to implement policies and procedures for identifying and communicating with the successor in interest of a deceased borrower regarding the property securing the deceased’s mortgage loan.  (See 12 CFR 1024.38(b)(1)(vi)).  The CFPB designed the successor in interest requirement in response to consumer complaints that servicers were refusing to speak with successors or were requesting documents that may not exist from a deceased borrower’s successor, thus potentially preventing successors from assuming the loan or pursuing a loan modification.  The CFPB’s guidance is intended to help servicers implement the policies and promote home retention by the successors in interest.

While Employers Can Mandate Electronic Direct Deposit, Employers Are Prohibited From Requiring the Use of a Specific Payroll Card Selected by the Employer.

On September 12, 2013, the Consumer Financial Protection Bureau (“CFPB”) published Bulletin 2013-10 (“Bulletin”) establishing that any “financial institution or other person” is prohibited from requiring that an employee receive wages only on a payroll card issued a particular financial institution of the employer’s choosing, based on the application of federal law to payroll card accounts. In particular, the Bulletin affirms that the Electronic Fund Transfer Act (“EFTA”) and its implementing regulation Regulation E (“Reg E”), prohibit mandatory payment of wages through a payroll card issued by a particular financial institution. Although “Regulation E permits an employer to require direct deposit of wages by electronic means,” the employee must be “allowed to choose the institution that will receive the direct deposit.” The CFPB explicitly states, however, that employers may offer employees “the choice of receiving their wages on a payroll card or receiving it by some other means.” (emphasis added). According to the Bulletin, “payroll card accounts” refer to those “accounts that are established directly or indirectly through an employer, and to which transfers of the consumer’s salary, wages, or other employee compensation are made on a recurring basis.”

The CFPB’s Bulletin was issued following reports that New York State Attorney General Eric Schneiderman was investigating some of the nation’s largest employers in connection with their payroll card programs.