In This Issue:
- Podcast: Using Artificial Intelligence in Underwriting Consumer Loans, With Special Guest Teddy Flo, General Counsel and Secretary of Zest AI
- Trade Groups Take Aim at CFPB’s Expansion of UDAAP Authority
- CFPB Issues Advisory Opinion on Permissibility of “Convenience Fees” Charged by Debt Collectors Subject to the FDCPA
- HUD Provides New Flexibility for Calculating Effective Income for FHA Loan Applicants Affected by a COVID-19 Related Economic Event
- An Open Letter to Rohit Chopra, CFPB Director: Isn’t It Time for the CFPB to Restart Its Best Vehicle for Interpreting the Federal Consumer Financial Laws–the Official Staff Commentaries?
- FinCEN and Federal Functional Regulators Issue Coded Warnings Against De-Risking
- CFPB Publishes Spring 2022 Rulemaking Agenda
- Podcast: Innovative Products - Understanding the Regulatory and Enforcement Risks
- CFPB Terminates Payactiv Sandbox Approval Order
- State Developments Regarding Work From Home (Non-Depository)
- Did You Know? Virginia Amends Mortgage Lenders and Mortgage Brokers Act to Permit Dual Compensation
Together with our special guest whose company provides software enabling lenders to use AI to underwrite loans, we explore a wide range of issues of importance to lenders using AI to underwrite loans. Our discussion topics include: the CFPB’s position on how ECOA adverse action notice requirements apply to credit decisions based on the use of AI; what is meant by explainability and interpretability of AI; fair lending and other compliance risks and steps to reduce risk; preparing for CFPB exams; and the CFPB’s call for tech workers to act as whistleblowers to report potential discrimination arising from the use of AI.
Alan Kaplinsky, Ballard Spahr Senior Counsel hosts the conversation, joined by John Culhane and Michael Gordon, partners in the firm’s Consumer Financial Services Group.
Click here to listen to the podcast episode.
Michael Gordon, John L. Culhane, Jr., Alan S. Kaplinsky
Trade Groups Take Aim at CFPB’s Expansion of UDAAP Authority
Four leading trade groups are calling on the CFPB to rescind the recent updates to the UDAAP section of its Supervision and Examination Manual that instruct examiners to consider discrimination in connection with non-credit products and services as an unfair act or practice. The four groups are the American Bankers Association, the Consumer Bankers, the Independent Community Bankers of America, and the U.S. Chamber of Commerce.
The trade groups made their request in a letter to Director Chopra, which was accompanied by a white paper setting forth the legal basis for their position: “Unfairness and Discrimination: Examining the CFPB’s Conflation of Distinct Statutory Concepts.” The primary legal flaws identified in the white paper consist of the following:
- In conflating the concepts of “unfairness” and “discrimination,” the CFPB ignores the Dodd-Frank Act’s text, structure, and legislative history. For example, Dodd-Frank discusses “unfairness” and “discrimination” as two separate concepts and defines “unfairness” without mentioning discrimination. Also, its legislative history refers to the Bureau’s antidiscrimination authority in the context of ECOA and HMDA, while referring to the Bureau’s UDAAP authority separately.
- The CFPB’s treatment of “unfairness” is inconsistent with decades of understanding and usage of that term in the Federal Trade Commission Act and with the enactment of ECOA. In Dodd-Frank, Congress gave the same “unfairness” authority to the CFPB that it gave to the FTC in 1938. That authority has never included discrimination. It makes no sense that Congress would have enacted ECOA in 1974 to address discrimination in credit transactions if it had already prohibited discrimination through the FTC’s unfairness authority.
- In conflating unfairness with disparate impact, or unintentional discrimination, the CFPB is disregarding U.S. Supreme Court precedent. The Supreme Court has recognized disparate impact as a theory of liability only when Congress uses certain “results-oriented” language in antidiscrimination laws, such as the Fair Housing Act. Dodd Frank neither contains the requisite language, nor is it an antidiscrimination law.
- The CFPB’s action is subject to judicial review because it constitutes final agency action – a legislative rule – that is invalid, both substantively and procedurally. Because the CFPB’s action carries the force and effect of law and imposes new substantive duties on supervised institutions, it is subject to the Administrative Procedure Act’s requirements for notice-and-comment rulemaking.
- Because the CFPB’s action constitutes a rule, it is subject to Congressional disapproval under the Congressional Review Act (CRA). A member of Congress can request a GAO opinion on whether the CFPB’s actions are a rule, which can trigger CRA review.
The white paper concludes as follows:
The CFPB’s action has tremendous implications for consumers, banks, and for financial markets at large. It represents an enormous self-expansion of the CFPB’s authority that stands contrary to law and the intent of Congress. Such sweeping changes that alter the legal duties of so many are the proper province of Congress, not of independent regulatory agencies, and the CFPB cannot ignore the requirements of the Administrative Procedures Act and Congressional Review Act. The CFPB may well wish to ‘fill gaps’ it perceives in federal antidiscrimination law. But Congress has simply not authorized the CFPB to fill those gaps. If the CFPB believes it requires additional authority to address alleged discriminatory conduct, it must obtain that authority from Congress, not take the law into its own hands. The associations and our members stand ready to work with Congress and the CFPB to ensure the just administration of the law.
Law360 reported that in response to the trade groups’ letter, a CFPB spokesperson stated as follows:
Scare tactics orchestrated by lobbyists for Big Tech and Wall Street won’t deter the work of the CFPB to enforce the law. Less than a year in, our approach is already paying dividends, with significant changes in bank overdraft policies and major reforms in the reporting of medical debt to consumer credit reports. Big corporations and their lobbyists want to preserve a system where American families and small businesses are left to fend for themselves against those that repeatedly violate the law.
In a blog post, the Bank Policy Institute called the CFPB spokesperson’s statement “unprofessional” for “demoniz[ing] commenters and dismiss[ing] their ideas out of hand” and failing to “recognize that people who work in a regulated industry are uniquely positioned to provide insights on the practical effects of a regulation.” BPI also called the CFPB spokesperson’s statement “false and misleading,” stating:
Letters such as the one that the CFPB received are not written by lobbyists; they are written by lawyers, after consulting the executives who run the businesses affected by the agency action. The banking…industry is not filled with people who repeatedly violate the law, or prey on defenseless consumers. Successful businesses craft products that are valuable to consumers, and they retain those customers by serving them well.
In addition to joining with the other trade groups in sending the letter and white paper to Director Chopra, the U.S. Chamber of Commerce also sent two separate letters to Director Chopra as part of its announced campaign “to expose and defeat [Director Chopra’s] ideologically driven agenda to radically change the nature of America’s financial services industry.”
One letter addresses the UDAAP updates to the CFPB’s examination manual and raises legal arguments similar to those set forth in the white paper for why the Bureau’s action exceeds its authority. The second letter takes aim at four other CFPB actions that the Chamber calls “imprudent and unlawful.” These actions are: the Bureau’s “Policy Fellowship Program;” revisions to the Bureau’s Rules of Practice for Adjudication Procedures; the effective repeal of the Bureau’s 2013 rule that established the Bureau would not publish a final decision or order establishing supervisory authority over a covered person using its risk-based authority; and the Bureau’s interpretive rule regarding the authority of state attorney generals to enforce the enumerated consumer financial protection rules.
The Chamber concludes both letters with the statement that if the Bureau does not rescind its actions, the Chamber “will not hesitate to take legal action to defend businesses against the Bureau’s unlawful actions.”
Also part of the Chamber’s campaign are Freedom of Information Act requests submitted to the CFPB seeking detailed information on the following topics:
- Communications with State Attorneys General regarding enforcement of the CFPA;
- The establishment and use of the CFPB’s “Policy Fellowship Program;”
- The CFPB procedures manual and operating manual;
- Director Chopra’s determination that the FDIC should hold a vote without the consent of its chair;
- The CFPB’s communications with non-U.S. Government policy or interest groups including the Student Borrower Protection Center with respect to changes to the CFPB’s examination procedures; and
- All records regarding the President’s Executive Order on Promoting Competition in the American Economy, including communications between the CFPB and the White House
The arguments made by the four trade associations regarding the invalidity of the recent UDAAP updates to the CFPB’s Supervision and Examination Manual are heavily strengthened by the U.S. Supreme Court’s decision on June 30, 2022 in West Virginia v. Environmental Protection Agency in which the Court struck down an EPA regulation pertaining to carbon dioxide emissions because it constituted a major change in the law which was not contemplated by Congress. Similarly, the CFPB’s update to its Manual expanding the definition of a UDAAP violation to include discriminatory conduct in connection with non-credit products and services is a major change in UDAAP law which was not contemplated by Congress. We soon will be publishing a separate blog post about the implications of the EPA opinion for rules adopted by the CFPB, FTC, and other agencies that conduct rulemaking in the consumer financial services area.
The CFPB has issued an advisory opinion that addresses when the Fair Debt Collection Practices Act permits a debt collector to charge “pay-to-pay” or “convenience fees,” such as fees imposed for making a payment online or by phone.
FDCPA section 808(1) prohibits debt collectors from collecting “any amount (including any interest, fee, charge, or expense incidental to the principal obligation) unless such amount is expressly authorized by the agreement creating the debt or permitted by law.” In the advisory opinion, the CFPB first interprets section 808(1) to apply to “any amount” collected by a debt collector in connection with the collection of a debt, even if such amount is not “incidental to” the principal obligation. It then interprets section 808(1) to prohibit a debt collector from collecting any amount unless such amount either is expressly authorized by the agreement creating the debt (and is not prohibited by law) or is expressly permitted by law. Thus, under the CFPB’s interpretation, a charge is impermissible under section 808(1) if both the agreement creating the debt and other law are silent.
The CFPB also states that, under its interpretation, amounts are impermissible if they are neither expressly authorized by the agreement creating the debt or by law, “even if such amounts are the subject of a separate, valid agreement under State law.” The CFPB declines to follow the interpretation of some courts that fees authorized by a separate agreement are permissible under section 808(1) because such fees are “permitted by law” (i.e. because they are authorized by a lawful agreement).
The CFPB also addresses debt collectors’ use of payment processors who charge convenience fees. It states that a debt collector may violate section 808(1) in that situation. According to the CFPB, “a debt collector collects an amount under section 808(1) at a minimum when a third-party payment processor collects a pay-to-pay fee from a consumer and remits to the debt collector any amount in connection with that fee, whether in installments or a lump sum.”
The CFPB’s interpretation of section 808(1) is not surprising. In 2017, the CFPB issued a compliance bulletin (2017-11) on pay-by-phone fees. Although the bulletin was primarily directed at UDAAP issues arising from such fees, it also addressed the application of section 808(1) to such fees. The CFPB discussed the finding of its examiners that one or more mortgage servicers meeting the FDCPA “debt collector” definition had violated the FDCPA by charging fees for taking mortgage payments by phone to borrowers whose mortgage instruments did not expressly authorize such fees and who resided in states where applicable law did not expressly permit collection of such fees.
Although the advisory opinion is directed at convenience fees and by its terms only applies to “debt collectors” subject to the FDCPA, it has much broader implications. First, the CFPB’s interpretation of section 808(1) would apply to any type of fee charged by a debt collector. Second, the debt collection laws of many states broadly apply the FDCPA’s prohibitions to first-party collections and other persons engaging in collection activity who are not “debt collectors” under the FDCPA. For example, the U.S. Court of Appeals for the Fourth Circuit recently ruled that a mortgage servicer, even if not a “debt collector” under the FDCPA, had violated the Maryland Consumer Debt Collection Act, which incorporates FDCPA prohibitions, by charging a $5 convenience fee to borrowers for monthly payments made by phone or online that was not expressly authorized by the mortgage documents or by law.
John L. Culhane, Jr. & Reid F. Herlihy
In Mortgagee Letter 2022-09 dated July 7, 2022, the U.S. Department of Housing and Urban Development (HUD) sets forth new flexibility in underwriting guidelines for calculating effective income for Federal Housing Administration (FHA) insured loan applicants who incurred a reduction or loss in income as a result of a COVID-19 Economic Event. The guidance in the Mortgagee Letter is effective for Title II single family forward mortgage loans with case numbers assigned on or after September 5, 2022, although lenders may begin using the policies announced in the Mortgagee Letter immediately. HUD will accept feedback on the Mortgagee Letter for 30 days from the date of the letter.
The Mortgagee Letter addresses both the underwriting of loans with the Technology Open To Approved Lenders (TOTAL) Mortgage Scorecard, and manual underwriting. For purposes of both types of underwriting, a COVID-19 Related Economic Event refers to a temporary loss of employment, temporary reduction of income, or temporary reduction of hours worked during the Presidentially-Declared COVID-19 National Emergency. Guidance is provided on the following aspects of FHA underwriting guidelines:
- Primary Employment
- Part-Time Employment
- Overtime, Bonus, or Tip Income
- Employed by Family-Owned Business
- Commission Income
- Self-Employment Income
- Additional Required Analysis of Stability of Employment Income
We address certain portions of the guidance below.
Primary Employment
Calculation of Effective Income—TOTAL and Manual
Salary—Standard. For employees who are salaried and whose income has been and will likely be consistently earned, the lender must use the current salary to calculate Effective Income.
Salary—Exception Due to COVID-19 Related Economic Event. For employees who are salaried and whose current income will likely be consistently earned, the lender must use the current salary to calculate Effective Income.
Hourly—Standard. For employees who are paid hourly and whose hours do not vary, the lender must consider the borrower’s current hourly rate to calculate Effective Income.
For employees who are paid hourly and whose hours vary, the lender must use the average of the income over the previous two years. If the lender can document an increase in pay rate the lender may use the most recent 12-month average of hours at the current pay rate.
Hourly—Exception Due to COVID-19 Related Economic Event. For employees who are paid hourly and whose hours do not vary, the lender must use the current hourly rate to calculate Effective Income.
For employees who are paid hourly and whose hours vary, the lender must calculate the Effective Income by using the lesser of:
- The average of the income in accordance with the standard guidance for the time period prior to the COVID-19 Related Economic Event; or
- The average of the income earned since the COVID-19 Related Economic Event.
Part Time Employment
Calculation of Effective Income—TOTAL and Manual
Standard. The lender must average the income over the previous two years. If the lender can document an increase in pay rate the lender may use a 12-month average of hours at the current pay rate.
Exception Due to COVID-19 Related Economic Event. For employees who are paid hourly and whose hours do not vary, the lender must use the current hourly rate to calculate Effective Income.
For employees who are paid hourly and whose hours vary, the lender must calculate the Effective Income by using the lesser of:
- The average of the income in accordance with the standard guidance for the time period prior to the COVID-19 Related Economic Event; or
- The average of income earned since the COVID-19 Related Economic Event.
Overtime, Bonus, or Tip Income
Calculation of Effective Income—TOTAL and Manual
Standard. For employees with Overtime, Bonus, or Tip Income, the lender must calculate the Effective Income by using the lesser of:
- The average Overtime, Bonus, or Tip Income earned over the previous two years or, if less than two years, the length of time Overtime, Bonus, or Tip Income has been earned; or
- The average Overtime, Bonus, or Tip Income earned over the previous year.
Exception Due to COVID-19 Related Economic Event. For employees with Overtime, Bonus, or Tip Income, the lender must calculate the Effective Income by using the lesser of:
- The average of the income in accordance with the standard guidance for the time period prior to the COVID-19 Related Economic Event; or
- The average Overtime, Bonus or Tip Income earned since the COVID-19 Related Economic Event.
Commission Income
Calculation of Effective Income—TOTAL and Manual
Standard. The lender must calculate Effective Income for commission by using the lesser of:
- Either, (i) the average Commission Income earned over the previous two years for Commission Income earned for two years or more, or (ii) the length of time Commission Income has been earned if less than two* years; or
- The average Commission Income earned over the previous year.
*In the TOTAL guidance the reference to “two” does not appear, apparently in error.
Exception Due to COVID-19 Related Economic Event. For employees with Commission Income, the lender must calculate the Effective Income by using the lesser of:
- The average of the income in accordance with the standard guidance for the time period prior to the COVID-19 Related Economic Event; or
- The average of the Commission Income earned* since the COVID-19 Related Economic Event.
*In the Manual guidance the reference to “earned” does not appear, apparently in error.
Self-Employment Income
In addition to the guidance provided below, the Mortgagee Letter addresses standard guidance, and guidance regarding exceptions due to a COVID-19 Related Economic Event, for the ability to consider self-employment income, required documentation, and an additional required analysis of stability of employment income.
Calculation of Effective Income—TOTAL and Manual
Standard. The lender must analyze the borrower’s tax returns to determine gross Self-Employment Income. (Requirements for analyzing self-employment documentation are found in Analyzing IRS Forms (Appendix 2.0) to HUD Handbook 4000.1.)
The lender must calculate gross Self-Employment Income by using the lesser of:
- The average gross Self-Employment Income earned over the previous two years; or
- The average gross Self-Employment Income earned over the previous one year.
Exception Due to COVID-19 Related Economic Event. For self-employed borrowers with a COVID-19 Related Economic Event that have since regained income at a level greater than or equal to 80 percent of their income prior to COVID-19 Related Economic Event for a minimum of six months, the lender must calculate gross Self-Employment Income by using the lesser of:
- The average gross Self-Employment Income earned over the previous two years prior to the COVID-19 Related Economic Event; or
- The average gross Self-Employment Income earned over the previous six months after the COVID-19 Related Economic Event.
When the Truth in Lending Act became law in 1969, the Federal Reserve Board soon thereafter promulgated its implementing regulation, Regulation Z. For many years, the Fed would respond to questions about TILA and Reg. Z orally over the phone or in writing through the issuance of unofficial staff letters and, infrequently, official staff letters. Although some commercial publications like CCH would publish excerpts from the staff letters, the letters were never published by the Fed in the Federal Register and the unofficial staff letters were sent only to the person asking the question.
The unofficial staff letters were often treated by the courts as if they had no binding effect. While the official staff letters were viewed as more worthy of deference than the unofficial staff letters, until the U.S. Supreme Court’s decision in Ford Motor Credit v. Milhollin which held that the official staff letters were controlling unless demonstrably irrational, courts varied in the level of deference they would give to even the official staff letters.
Writing letters to respond to the huge volume of inquiries absorbed an inordinate amount of Fed staff time. After considerable debate within and outside the agency about how to deal with this problem, the Fed developed the idea of substituting an Official Staff Commentary for the staff letters and issuing annual (and sometimes semiannual) updates that would be proposed for comment and be binding to the same extent as Reg. Z.
Although the Fed never officially voted to approve or disapprove the Official Staff Commentary, the Fed delegated to the Director of the Office of Community and Consumer Affairs the authority to issue Official Staff Commentary. Creditors relying in good faith on the provisions of the Official Staff Commentary were given a complete defense to liability under Section 130(f) of TILA. The Official Staff Commentary was widely accepted by the industry and consumer advocates because it provided the predictability and transparency that was lacking in the staff letters. The Fed subsequently began using Official Staff Commentaries for the other consumer finance regulations that it was charged with interpreting.
As everyone knows, the Dodd-Frank Act became law on July 21, 2010, and one year thereafter, jurisdiction to interpret the Fed’s consumer finance regulations was transferred to the CFPB. While most observers thought that the CFPB would continue the Fed’s tradition of issuing annual or semi-annual updates to the Official Staff Commentaries, that turned out not to be the case. The CFPB dropped the tradition like a hot potato. With the exception of new regulations issued by the CFPB for which the CFPB issued new or revised existing Official Staff Commentary, the CFPB has not made a single change to the Official Staff Commentaries that existed on July 21, 2011 when it assumed jurisdiction from the Fed over these regulations.
I initially attributed that to the fact that the CFPB had a very full plate on July 21, 2011, when it became operational. However, the fact that the non-use of the Official Staff Commentary has persisted for the 11 years of its existence suggests to me, cynic that I am, that the CFPB intentionally decided not to use the Official Staff Commentary because it would require them to first publish changes in proposed form for comment and to then deal with adverse comments. Admittedly, it is much easier for the CFPB to issue “guidance” by fiat from the Director. But doing that comes with a great cost – a lack of transparency and predictability and much less certainty that it will be binding.
So what has the CFPB been doing to interpret the regulations over which it has jurisdiction? The CFPB has done a potpourri of things including no-action letters, bulletins, Compliance Assistance Sandbox orders, Circulars, advisory opinions, blogs, interpretations, guidance, changes to exam manuals, speeches, etc. None of these communication methods involve seeking comments from the public. As a result, they all suffer from a lack of predictability and transparency. And courts are not required to defer to them as they would be if they were in the form of Official Staff Commentary.
As the old adage goes, if it (the use of Official Staff Commentaries) ain’t broke, don’t fix it! We encourage the CFPB to jettison these haphazard and seemingly arbitrary attempts to interpret its regulations with a revivification of the Official Staff Commentaries.
As a starting point in this process, I urge Director Chopra to convene a meeting of outside experts in the fields of consumer financial services and administrative law to take a fresh look at the potpourri of media that the CFPB has been using to provide guidance and to recommend what it should do to best serve its stakeholders. As part of that review, the experts should consider if Official Staff Commentaries should be used. Perhaps, the meeting should be jointly sponsored by the CFPB and the Penn Program on Regulation at the University of Pennsylvania. (Director Chopra recently spoke at a session sponsored by this Penn Program.)
If Director Chopra refuses to convene such a meeting, then I think it is time for Congress to intervene through holding a public hearing on this topic.
FinCEN and Federal Functional Regulators Issue Coded Warnings Against De-Risking
On July 6, the Financial Crimes Enforcement Network (FinCEN), Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency (collectively, the Agencies) issued a Joint Statement to “remind” banks that they, of course, should apply a risk-based approach to assessing customer relationships and conducting customer due diligence (CDD).
The Joint Statement appears to echo FinCEN’s June 22 Statement on Bank Secrecy Act Due Diligence for Independent ATM Owners or Operators (ATM Statement), in which FinCEN also “reminded” banks that “that not all independent ATM owner or operator customers pose the same level of money laundering, terrorist financing (ML/TF), or other illicit financial activity risk, and not all independent ATM owner or operator customers are automatically higher risk.”
Combined – and although generally worded – these publications appear to urge financial institutions (FIs) to not pursue broadly-applied “de-risking” strategies. De-risking is the term for a FI’s decision to terminate a business relationship, or refuse to do business, with a type of customer because that type is associated with a perceived heightened risk of involvement in money laundering or terrorist financing. Indeed, both new publications caution FIs against turning away potential customers, or closing the accounts of existing customers, on the basis of general customer types. However, regulators themselves have been criticized for encouraging de-risking by driving highly risk-adverse decisions by FIs, who are unwilling to take the chance and assume the compliance costs of doing business with specific customers who may in fact be “legitimate,” but whose risk profile is deemed to be high due to their group affiliation. Some front-line regulatory BSA/AML examiners arguably may review a FI’s compliance in a narrow and check-the-box manner versus a more holistic approach, and will not truly value broader societal and equity issues such as the need for equal access to the global financial system, particularly by certain industries and persons living in less-developed countries. Accordingly, although these new publications are welcome, it might have been better if they had been more explicit – particularly because it is arguably ironic for regulators to be chiding FIs for conforming to de-risking behavior that regulators themselves have encouraged.
The Joint Statement
The Joint Statement, which stresses that it does not alter existing Bank Secrecy Act/ Anti-Money Laundering (BSA/AML) requirements or establish new supervisory expectations, announces that “the Agencies are reinforcing a longstanding position that no customer type presents a single level of uniform risk or a particular risk profile related to money laundering, terrorist financing, or other illicit financial activity.” Rather, banks should “apply a risk-based approach to CDD, including when developing the risk profiles of their customers.” This is because “[c]ustomer relationships present varying levels of money laundering, terrorist financing, and other illicit financial activity risks. The potential risk to a bank depends on the presence or absence of numerous factors, including facts and circumstances specific to the customer relationship. Not all customers of a particular type automatically represent a uniformly higher risk of money laundering, terrorist financing, or other illicit financial activity.” So long as a bank complies with “applicable BSA/AML legal and regulatory requirements, and effectively manage[s] and mitigate[s] risks related to the unique characteristics of customer relationships,” the bank is “neither prohibited nor discouraged from providing banking services to customers of any specific class or type.” Further, “the Agencies do not direct banks to open, close, or maintain specific accounts” – a decision which turns on a financial institution’s business objectives, coupled with a risk-based AML assessment.
The Joint Statement notes specifically that its warning that “certain customer types should [not] be considered uniformly higher risk” applies in part to customer relationships with “independent automated teller machine owners or operators, nonresident aliens and foreign individuals, charities and nonprofit organizations, professional service providers, cash intensive businesses, nonbank financial institutions, and customers the bank considers politically exposed persons.”
The ATM Statement
The above comment in the Joint Statement aligns with the earlier ATM Statement, which FinCEN described as being issued because “[s]ome independent ATM owners and operators have reported difficulty in obtaining and maintaining access to banking services, which jeopardizes the important financial services they provide, including to persons in underserved markets.” ATMs are valuable, according to FinCEN, because they “offer fast and convenient access to cash and are an important channel in providing financial services.” Similar to the Joint Statement, the ATM Statement sought to remind banks “that not all independent ATM owner or operator customers pose the same level of money laundering, terrorist financing (ML/TF), or other illicit financial activity risk, and not all independent ATM owner or operator customers are automatically higher risk.” This language in the ATM Statement mirrors current language in the section on independent ATMs in the Federal Financial Institutions Examination Council’s (FFIEC) BSA/AML Examination Manual.
Likewise, the CDD Rule “does not require banks to conduct additional due diligence or to institute due diligence processes unique to independent ATM owner or operator customers.” Rather, “[n]o specific customer type, including independent ATM owners and operators, automatically presents a higher risk of ML/TF or other illicit financial activity; rather, the potential risk to a bank depends on the presence or absence of numerous factors.” One important factor is whether an independent ATM owner or operator funds its ATMs solely with cash withdrawn at a bank (thereby posing a relatively lower money laundering and terrorist financing risk), or whether the owner/operator replenishes its ATMs from other sources of cash, which may be difficult to verify. The ATM Statement also provides a list of factors which may be relevant to determine the risk profile of ATM owner or operator customers, such as information pertaining to the internal policies and controls of the ATM owner or operator; information regarding the sources of funds if the bank account is not used to replenish the ATM; and expected and actual ATM activity levels.
FinCEN’s release of these statements appears to be a trend over the last few years. In addition to the more recent ATM Statement, FinCEN previously has made a similar statement regarding PEPs. Recognizing again that the CDD rule does not require additional due diligence for PEPs, and instead will depend on the level of CDD analysis appropriate for the customer risk. Corresponding changes were made to the FFIEC’s BSA/AML Examination Manual to mirror the statement. A FI should continue to assess customers using risk-based policies and procedures.
If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.
Peter D. Hardy & Kaley Schafer
CFPB Publishes Spring 2022 Rulemaking Agenda
The CFPB has published its Spring 2022 rulemaking agenda as part of the Spring 2022 Unified Agenda of Federal Regulatory and Deregulatory Actions. The agenda’s preamble indicates that the information in the agenda is current as of April 1, 2022, and identifies the regulatory matters that the Bureau “reasonably anticipates having under consideration during the period from June 1, 2022, to May 31, 2023.
Perhaps the most noteworthy aspect of the agenda is its brevity. Only five items are listed as active rulemakings and there are no long-term actions. The preamble to the CFPB’s Fall 2021 rulemaking agenda, which represented the CFPB’s first rulemaking agenda under Director Chopra, indicated that it was not necessarily reflective of his priorities. It stated that “[t]he Bureau expects that its new Director, will assess what regulatory actions the Bureau should prioritize to best further its consumer protection mission and the Spring 2022 Agenda will reflect his priorities.” The small number of active rulemakings listed on the Spring 2022 agenda, coupled with the absence of any long-term actions, appears to lend strong support to the view of many observers that Director Chopra intends to use supervision and enforcement as the primary vehicles for furthering his priorities rather than rulemaking.
Among the potential areas of rulemaking absent from the new agenda are any “larger participant” rulemakings and rulemakings concerning overdrafts, small-dollar lending, debt collection, or arbitration. Even the two items that appeared as long-term actions in the Fall 2021 agenda, artificial intelligence and mortgage servicing, no longer appear in the Spring 2022 agenda. In addition, in a blog post published last month, Director Chopra indicated that the CFPB was looking at using its authority to issue rules regarding the registration of nonbanks, the CARD Act (Regulation Z) rules establishing safe harbors for credit card late charges, and the Regulation Z qualified mortgage rules. Although the agenda is current only as of April 1 and the CFPB issued its ANPR on late fees last month, it is surprising that none of these items appear even as long-term actions in the agenda.
The Spring 2022 agenda designated two rulemakings to be in the “final rule stage.” In addition to the Bureau’s rulemaking concerning the reporting of adverse information on survivors of human trafficking by consumer reporting agencies finalized last month, the other “final rule stage” item is the rulemaking on “Small Business Lending Data Under the ECOA.” Section 1071 of Dodd-Frank amended the ECOA, subject to rules adopted by the Bureau, to require financial institutions to collect and report certain data in connection with credit applications made by small businesses, including women- or minority-owned small businesses. The Bureau issued a NPRM in August 2021 and the comment period ended on January 6, 2022. The agenda indicates that the Bureau estimates issuance of a final rule in March 2023.
The two items designated in the Spring 2022 agenda to be in the “proposed rule stage” are:
- Amendments to FIRREA Concerning Automated Valuation Models. The Bureau is participating in interagency rulemaking with the Federal Reserve, OCC, FDIC, NCUA and FHFA to develop regulations to implement the amendments made by the Dodd-Frank Act to the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (FIRREA) concerning appraisals. The FIRREA amendments require implementing regulations for quality control standards for automated valuation models. The Bureau released a SBREFA outline in February 2022 and estimates in the agenda that the agencies will issue an NPRM in December 2022.
- Property Assessed Clean Energy Financing. In March 2019, the CFPB issued an ANPR to extend TILA ability-to-repay requirements to Property Assessed Clean Energy transactions. The Bureau gives a May 2023 estimate in the agenda for issuance of a NPRM.
The only item designated in the Spring 2022 agenda to be in the “pre-rule stage” is “Consumer Access to Financial Information.” Section 1033 of Dodd-Frank addresses consumers’ rights to access information about their own financial accounts, and permits the CFPB to prescribe rules concerning how a provider of consumer financial products or services must make a consumer’s account information available to him or her, “including information related to any transaction, or series of transactions, to the account including costs, charges, and usage data.” In November 2016, the Bureau issued a request for information about market practices related to consumer access to financial information and, after holding a symposium in February 2020, the Bureau issued an ANPR in connection with its Section 1033 rulemaking in November 2020. In the agenda, the Bureau gives an estimated November 2022 date for issuance of a SBREFA outline.
Director Chopra has demonstrated a proclivity toward using other types of pronouncements to create binding law without characterizing them as “rules” for purposes of the Administrative Procedures Act. A good example would be the fairly recent update to the UDAAP section of the CFPB’s Supervision and Examination Manual to include discrimination in connection with non-credit products and services as an unfair act or practice, including both intentional discrimination and discrimination resulting from the use of disparate impact. We suggest that the CFPB include items like this in their rulemaking agenda which are as impactful, if not more impactful, than some of the rules that it did include.
Michael Gordon
Podcast: Innovative Products - Understanding the Regulatory and Enforcement Risks
We discuss key regulatory issues for innovative products such as buy-now-pay later, longer term installment loans, delay pay, and card-based products (such as “virtual cards”). We look at the different ways these products can be structured and the impact of these differences on applicable legal requirements, such as disclosures and licensing. We also look at secondary market considerations, legal issues arising from the offering of products through non-bank/bank partnerships including enforcement trends, and recent CFPB developments impacting innovative products.
Participating in the podcast are Michael Guerrero, Lisa Lanham, and Michael Gordon, partners in Ballard Spahr’s Consumer Financial Services Group, and Rinaldo Martinez, Of Counsel in the Group.
Click here to listen to the episode.
Michael R. Guerrero, Lisa Lanham, Michael Gordon, & Rinaldo Martinez
CFPB Terminates Payactiv Sandbox Approval Order
The CFPB has issued an order terminating the approval order issued in December 2020 to Payactiv, Inc. through the CFPB’s Compliance Assistance Sandbox (CAS) Policy.
The approval order confirmed that Payactiv’s earned wage access (EWA) program described in the order did not involve the offering or extension of “credit” as defined by section 1026.2(a)(14) of Regulation Z, and that Payactiv therefore had a safe harbor from liability under the TILA and Regulation Z in connection with the specified EWA program. EWA products provide employees with access to earned but as yet unpaid wages. Such products typically involve an EWA provider (such as Payactiv) that enables employees to request a certain amount of accrued wages, disburses the requested amounts to employees prior to payday, and later recoups the funds through payroll deduction or bank account debits on the subsequent payday.
The termination order states that the CFPB’s Enforcement Office notified Payactiv on June 3, 2022, that it was considering whether to recommend that the CFPB terminate the approval order “in light of certain public statements the company made wrongly suggesting the CFPB had endorsed Payactiv or its products.” The termination order further states that, in reply, Payactiv submitted a request to terminate the approval order, indicating that it could voluntarily terminate its participation in the sandbox program at any time and that it wanted to make material changes to its EWA program without CFPB review.
The approval order followed the issuance of an advisory opinion (AO) by the CFPB in November 2020 that dealt with EWA products and addressed whether an EWA program with the characteristics set forth in the AO was covered by Regulation Z. Such characteristics included the absence of any requirement by the provider for an employee to pay any charges or fees in connection with the transactions associated with the EWA program and no assessment by the provider of the credit risk of individual employees. The AO set forth the Bureau’s legal analysis on which it based its conclusion that the EWA program did not involve the offering or extension of “credit” within the scope of Regulation Z. In the AO, the Bureau indicated that there may be EWA programs with nominal processing fees that nonetheless do not involve the offering or extension of “credit” under Regulation Z and advised that providers of such programs could request clarification about a specific fee structure by applying for an approval under the CAS Policy.
In October 2021, a group of 96 organizations and individuals, who described themselves as consisting of “consumer, labor, civil rights, legal services, faith, community and financial organizations and academics,” sent a letter to the CFPB urging the Bureau to regulate EWA products as credit subject to the TILA. The letter took aim at the AO and the Payactiv approval order. In January 2022, Seth Frotman, now CFPB General Counsel, indicated that more clarity on EWA products was needed from the CFPB.
In view of these developments, providers of EWA products would be well-advised to prepare for greater regulatory scrutiny.
In June 2022, the CFPB terminated a no-action letter issued to Upstart Network, Inc. in connection with Upstart’s automated model for making underwriting and pricing decisions on applications by consumers for unsecured, closed-end loans. That termination followed the CFPB’s May 2022 announcement that as part of a new approach to innovation in consumer finance, it was replacing its Office of Innovation and Operation Catalyst with a new office, the Office of Competition and Innovation. (We subsequently learned from the CFPB’s press office that despite calling its No-Action Letter and CAS programs ineffective in its announcement, the CFPB has not rescinded those programs and is still taking new applications and processing previously submitted applications.)
Michael Gordon & Michael R. Guerrero
State Developments Regarding Work From Home (Non-Depository)
There continues to be a trend towards extending, and in some cases, codifying through regulation or statute, emergency COVID-19 guidance enabling work from home. Most recently:
- The Rhode Island Department of Banking amended Rule 230-RICR-40-10-2 (Lenders, Loan Brokers, Small Loan Lenders, Third-Party Loan Services, and Mortgage Loan Officers) to codify previously issued guidance allowing for remote work locations for mortgage loan originators. Specifically, it added new Section 2.10, setting forth the supervision, training, and security requirements to allow employees of licensed lenders, loan brokers, small loan lenders, third-party loan servicers and mortgage loan originators to work from home. Section 2.10 requires that:
- The employee is subject to the supervision of the licensee;
- The remote location is employee’s residence or other location identified in the records of the licensee and is within a reasonable distance of a place of business named in the licensee’s license or branch certificate;
- The licensee has written policies and procedures for the supervision of employees and employs appropriate risk-based monitoring and oversight processes of work performed by employees working from remote locations;
- Access to licensee’s computer platforms and to customer information is in accordance with the licensee’s comprehensive written information security plan;
- No in-person customer interaction occurs at a remote location and the licensee will not designate the remote location to consumers or customers as a business location;
- Physical records related to the licensee’s business, including consumer information, are not maintained at the remote location;
- The licensee must ensure consumer and licensee information and records remain accessible and available for regulatory oversight and exams; and
- The licensee must provide training to keep all conversations about, and with, consumers conducted from a remote location confidential as if conducted from a licensed commercial location, and to ensure remote employees work in an environment conducive and appropriate to that privacy.
The remote location will not be considered a branch location, but activities conducted therein shall be subject to examination. The amended regulation is effective immediately and is available here.
- In Kansas, legislation was enacted (HB 2568) permitting, effective July 1, 2022, employees or independent contractors of a mortgage company licensee, including mortgage loan originators, to work at remote locations, as long as various conditions are met. In addition, effective July 1, 2022, branch locations are no longer licensed. The conditions required for remote work are as follows:
- The licensed mortgage company's employees or independent contractors do not meet with the public at a personal residence;
- No physical business records are maintained at the remote location;
- The licensed mortgage company has written policies and procedures for working at a remote location and such company supervises and enforces such policies and procedures;
- The licensed mortgage company maintains the computer system and customer information in accordance with the company's information technology security plan and all state and federal laws;
- Any device used to engage in mortgage business has appropriate security, encryption, and device management controls to ensure the security and confidentiality of customer information as required by rules and regulations adopted by the commissioner;
- The licensed mortgage company's employees or independent contractors take reasonable precautions to protect confidential information in accordance with state and federal laws; and
- The licensed mortgage company annually reviews and certifies that the employees or independent contractors engaged in mortgage business at remote locations meet the requirements of this section. Upon request, a licensee shall provide written documentation of such licensee's review to the commissioner. K.S.A. 2021 Supp. 9-2203(d) (as amended by HB 2568, Sec. 2).
- South Dakota recently enacted the following statutory provision (HB 1271) applicable to its money lender and mortgage licensees that provides in each instance that an employee may work remotely if the licensee:
- Ensures in-person interactions with consumers are not conducted at the remote location and the remote location is not represented to consumers as a business location;
- Maintains secure virtual private networks and other appropriate safeguards for licensee and consumer data, information, and records;
- Employs appropriate risk-based monitoring and oversight processes of work performed from a remote location and maintains records of the processes;
- Ensures consumer information and records are not maintained at the remote location;
- Ensures consumer and licensee information and records remain accessible and available for regulatory oversight and examination; and
- Provides appropriate employee training to keep all conversations about and with consumers conducted from the remote location confidential, as if conducted from the business location, and to ensure remote employees work in an environment that maintains confidentiality.
- In Kentucky, legislation effective July 14, 2022, (HB 643) permits employees (including mortgage loan originators engaged as independent contractors) of a licensee to remotely engage at “alternate work locations” in the “mortgage lending process,” including meeting in person at the convenience of the borrower on an infrequent or as-needed basis in order to complete the mortgage ending process so long as the “alternate work location” is not the employee’s home and so long as certain conditions are met. The conditions are as follows:
- The licensee has written policies and procedures for supervision of employees working from alternate work locations;
- Access to the licensee's computer systems and customer information is in accordance with the licensee's comprehensive written information technology security plan;
- Employees are not permitted to conduct in-person customer activities at the alternate work location except as provided in subsection (2)(b)2. of Section 1 of this Act;
- The licensee ensures that no physical or electronic documents are maintained at the alternate work location; and
- No signage or advertising of the licensee or the mortgage loan originator is displayed at any alternate work location.
In addition, a licensee that allows employees to engage in the mortgage lending process from an alternate work location shall:
- Exercise proper supervision and control over the employees;
- Have written policies and procedures in place that ensure a safe, secure system for the mortgage lending process;
- Oversee compliance, and require all employees to comply, with the policies and procedures referenced in paragraph (b) of this subsection;
- Employ appropriate risk-based monitoring and oversight processes;
- Ensure that:
Customer interactions and communications about consumer accounts are in compliance with federal and state information security requirements, including applicable provisions of: a. The Gramm-Leach-Bliley Act of 1999, Pub. L. No. 106-102, as amended; and b. The Federal Trade Commission's Safeguards Rule, set forth in 16 C.F.R. Part 314;
Any employee that engages in the mortgage lending process at an alternate work location accesses the company's secure systems, including a cloud-based system, directly from any out-of-office device via a virtual private network (VPN) or a comparable system that ensures secure connectivity and requires passwords or other forms of authentication to access;
Appropriate security updates, patches, or other alterations to the security of all devices used at an alternate work location are installed and maintained;
Any employee that engages in the mortgage lending process at an alternate work location agrees to comply with the licensee's processes established under paragraph (d) of this subsection; and
The Nationwide Multistate Licensing System and Registry record of a mortgage loan originator that works from an alternate work location designates a properly licensed location as the mortgage loan originator's official work station;
- Have the ability to:
Remotely lock or erase company-related contents of any device; or
Otherwise remotely limit all access to the company's secure systems; and
- At least annually:
Certify that all employees engaged in the mortgage lending process at alternate work locations meet the appropriate standards and safeguards to continue engaging in the mortgage lending process from the alternate work locations; and
Review each alternate work location and provide proof of the documented review to the department upon request.
An “alternate work location” is not a branch.
- Ohio similarly passed legislation that will be effective September 11, 2022. SB 264 revises the Ohio Residential Mortgage Lending Act (RMLA) and the Consumer Installment Loan Act to permit remote work. Under the Ohio RMLA, the following conditions must be present in order for a registrant or entity holding a letter of exemption to allow a mortgage loan originator or any other person associated with it to transact business on its behalf from a location other than its principal office or a branch office:
- The registrant or entity has a written policy governing the supervision of the mortgage loan originator or other person associated with the registrant or entity while the originator or person transacts business on behalf of the registrant or entity from such location;
- Access to the registrant’s or entity’s platform and customer information is in accordance with the registrant’s or entity’s written security plan;
- The mortgage loan originator or other person associated with the registrant or entity does not interact with a customer at the originator’s or person’s residence, unless the residence is the registrant’s or entity’s principal office or a branch office; and
- Physical records are not maintained at such location.
The Superintendent of Financial Institutions may charge an annual fee to cover the costs associated with administration of this provision, which such fee shall not exceed twenty-five ($25) for each remote location.
Notably, however, not all states have moved in this direction. In West Virginia, the emergency guidance issued in response to COVID-19 expired on June 1, 2022, and the Division of Financial Institutions has indicated that no further extensions are contemplated at this time. Thus, it appears that existing statutory requirements now apply (e.g., licensed mortgage loan originators are prohibited from working from other than approved locations).
As states weigh options about how to proceed, they can consult recently published guidance from the American Association of Residential Mortgage Regulators (AARMR) entitled, Best Practices for Permitting Employees to Work Remotely (the Guidance). The Guidance is written to state agencies, reminding them that COVID-19 changed the industry dramatically by forcing the industry to leverage technology and a fully remote workforce to serve borrowers. The Guidance sets forth the following best industry practices that state agencies should consider when permitting employees of state-licensed residential mortgage lenders to work from an unlicensed home or other location:
“AARMR recognizes that this is a decision that each sovereign jurisdiction must make for itself, but for those states considering changes, AARMR sets forth these best practices that states ought to consider when implementing a permanent remote workforce option:
- First, a mortgage loan originator should not be allowed to meet consumers at the originator’s home unless the home is licensed as a branch location;
- Second, there must be systems in place to ensure that data security and privacy requirements are met regardless of where the company’s personnel are
working; - Third, the company responsible for sponsoring the loan originator must sufficiently supervise the mortgage loan origination activities being conducted from any locations, whether that be licensed location or unlicensed home or other location; and,
- Finally, documents must be available at a licensed location in the United States so that regulators are able to conduct examinations of the mortgage lending activities.
As state agencies and businesses reflect upon pandemic policies, the lack of consumer complaints and the ability to conduct examinations indicate that loan originators and others can work at home safely and effectively if a company is able to provide systems that protect consumer privacy and ensure regulatory compliance.”
Although not a perfect solution to the issue, the Guidance should bring a bit of relief to the industry. As previously noted in earlier posts, the industry has been struggling not only with states’ varying positions on whether individually licensed MLOs may work from “remote locations” after emergency orders expire, but also with states’ varying positions on whether other employees that are not required to be licensed (e.g., processors and underwriters in many states) are permitted to work from home. The Guidance addresses a “permanent remote workforce option” for “permitting [all] employees to work remotely” and specifically points out that the industry has utilized a permanent remote workforce for the duration of the pandemic with relatively few consumer complaints and roadblocks for licensees to be examined. It should also give the industry comfort that AARMR, the national organization representing state residential mortgage regulators, has released the Guidance for its participants, as it may result in fewer examination findings or other regulatory scrutiny for licensees that implement a permanent remote workforce option.
State adoption of remote work continues to evolve. We expect state regulators to react to the Guidance, either by setting forth formal policies that make it clear that “remote locations” are not subject to licensing requirements or by pushing for legislative changes that allow for employees to work from remote locations. We are hopeful for a nationwide adoption of a permanent remote workforce in time.
Lisa Lanham & Stacey L. Valerio
Did You Know? Virginia Amends Mortgage Lenders and Mortgage Brokers Act to Permit Dual Compensation
Effective July 1, 2022, licensed mortgage brokers are permitted to receive compensation for acting as a mortgage broker and a real estate broker in the same transaction, subject to compliance with certain disclosure provisions. Prior to the amendment, dual compensation was permitted only if the mortgage broker was regularly engaged in mortgage brokering activity in Virginia as of February 25, 1989.
Consumer Finance Monitor Blog
Visit the Blog and SubscribeSubscribe to Ballard Spahr Mailing Lists
Copyright © 2024 by Ballard Spahr LLP.
www.ballardspahr.com
(No claim to original U.S. government material.)
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.
This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.