At the Online Lending Policy Institute’s (OLPI) annual summit in Washington, D.C. earlier this week, the OCC’s recent decision to accept applications from non-depository financial technology firms for a special purpose national bank (SPNB) charter was the focus of considerable discussion.

The summit speakers included Grovetta Gardineer, the Senior Deputy Comptroller for Compliance and Community Affairs at the OCC.  Comments made by attendees indicated that there is substantial interest in the SPNB charter but a reluctance to be the first applicant due to concerns about litigation risk and regulatory requirements.  After the OCC announced its decision to accept applications, the Conference of State Bank Supervisors (CSBS) announced that it would again pursue litigation challenging the OCC’s recent decision [link to follow].  While the CSBS has not yet filed another lawsuit and there is speculation that it is waiting until the first SPNB charter is granted to do so, a second lawsuit challenging the OCC’s authority to issue SPNB charters was filed last month by the New York Department of Financial Services (DFS) in New York federal district court.  (For an analysis of the DFS lawsuit, click here.)

In her remarks and responses to questions, Ms. Gardineer indicated that, although the Community Reinvestment Act does not apply to non-depository institutions, financial inclusion commitments from the SPNB charter applicant will be required and be subject to scrutiny by the OCC.  Questions directed at Ms. Gardineer raised concerns about the application of bespoke capital, liquidity, and risk management requirements for SPNB charter applicants.  And in response to questions about the charter’s implications for Federal Reserve requirements and access to Federal Reserve services, Ms. Gardineer indicated that the Federal Reserve was considering these issues and that they were the subject of ongoing discussions between the OCC and Federal Reserve.

Paul Watkins, recently named by CFPB Acting Director Mulvaney to serve as Director of the Bureau’s Office of Innovation, was also a speaker at the summit.  Mr. Watkins was formerly in charge of fintech initiatives in the Arizona Attorney General’s office, and Arizona is the first state to create a “regulatory sandbox” that allows new financial technologies and products to be tested in a controlled environment with reduced regulatory risk.  Mr. Watkins discussed the CFPB’s proposal to revise its Trial Disclosure Policy and suggested that the program could be used to address a broad range of issues.  For example, Mr. Watkins noted that a trial disclosure could be used to address challenges faced by creditors in supplying reasons for an adverse action where a decision is made through artificial intelligence or mechanical learning.  Mr. Watkins indicated that the CFPB’s no-action letter policy may also be subject to review by the Bureau.  Taken together, the trial disclosure and no-action letter policies appear to be the CFPB’s tools of choice for advancing its efforts to facilitate innovation that might be unduly limited by regulatory constraints.

A third summit speaker was Maria Vullo, DFS Superintendent.  Ms. Vullo expressed concern regarding the risks that “regulatory sandboxes” and trial disclosures can create for consumers where they are used for products and services actually offered in the marketplace rather than in a mock setting.  She also expressed concern about the potential for alternative data used in credit decisions to serve as a proxy for prohibited characteristics and suggested that an ability to repay standard should apply to all consumer credit and not be limited to mortgages and credit cards.

Finally, Adam Maarec, Of Counsel in Ballard’s D.C. Office, participated in a panel on data, privacy, and fraud prevention policy.  The panelists discussed the California Consumer Privacy Act’s potential application to financial institutions as a result of shortcomings in the exception for information “collected, processed, sold, or disclosed pursuant to” the Gramm-Leach-Bliley Act.  They also discussed ways for companies to manage the tension between data minimization and artificial intelligence/machine learning priorities, the latter of which depends on the accumulation of large data sets to identify insights.

As we reported previously, in June 2018 Zillow Group (Zillow) announced that it is no longer under investigation by the CFPB for Real Estate Settlement Procedures Act (RESPA) and UDAAP compliance with regard to its co-marketing program. The CFPB investigation triggered a securities lawsuit filed in the United States District Court for the Western District of Washington (C17-1387-JCC). The plaintiffs alleged in a putative class action that they purchased Zillow shares at an inflated price and were damaged by alleged material misrepresentations by the defendants regarding the Zillow co-marketing program and CFPB investigation of the program. The court noted that there was a decline in the price of Zillow stock in the two days after Zillow provided an update in August 2017 regarding the status of the CFPB investigation. Underlying the plaintiffs’ claims were alleged violations of RESPA with regard to the co-marketing program, which are the focus of this blog post.

The court noted that because the plaintiffs alleged securities fraud under section 10(b) of the Securities Exchange Act of 1934 and section 10b-5 of Securities and Exchange Commission rules, in order to survive a motion to dismiss the complaint must satisfy the general standard of setting forth sufficient factual matter, accepted as true, to state a claim for relief that is plausible on its face, and meet additional standards. One additional standard is that that the complaint must state with particularity the circumstances constituting fraud or mistake.

With regard to RESPA, the plaintiffs asserted that the co-marketing program (1) acted as a vehicle to allow real estate agents to make illegal referrals to lenders in exchange for the lenders paying to Zillow a portion of the agents’ advertising costs, and (2) facilitated RESPA violations by allowing lenders to pay to Zillow a portion of their agents’ advertising costs that was in excess of the fair market value of the advertising services that the lenders received from Zillow. The court found that the plaintiffs failed to sufficiently plead either theory of RESPA liability.

In support of the theory that when lenders pay a portion of the real estate agent’s advertising costs to Zillow they are effectively paying to receive unlawful mortgage referrals from the agent, the plaintiffs cited the CFPB enforcement action against PHH Mortgage Corporation regarding mortgage reinsurance arrangements. We have extensively reported on the matter, in which the CFPB deviated from prior government interpretations of RESPA by effectively reading out of RESPA the section 8(c)(2) safe harbor that permits payments for goods and services between parties even when there are referrals of settlement services business between the parties. The U.S. Court of Appeals for the D.C. Circuit rejected the CFPB’s interpretation of RESPA. Summarizing the holding of the D.C. Circuit, the court in the Zillow case stated the “D.C. Circuit held that RESPA’s safe harbor allows mortgage lenders to make referrals to third parties on the condition that they purchase services from the lender’s affiliate, so long as the third party receives the services at a “reasonable market value.””

The court in the Zillow case determined the plaintiffs’ assertion that the co-marketing program violates RESPA because it allowed agents to make referrals in exchange for lenders paying a portion of their advertising costs “is neither factually nor legally viable.” The court first noted that the complaint does not contain particularized facts demonstrating that real estate agents participating in the co-marketing were actually providing unlawful referrals to lenders. The court then stated that, even if it “draws an inference that co-marketing agents were making mortgage referrals, such referrals would fall under the Section 8(c) safe harbor because lenders received advertising services in exchange for paying a portion of their agent’s advertising costs.”

Addressing the plaintiffs’ second theory of liability—that the co-marketing program facilitated RESPA violations by allowing lenders to pay more the than fair market value for advertising services they received from Zillow—the court states that the plaintiffs failed to provide particularized facts that demonstrate that the lenders actually paid more than the fair market value of the advertising services they received from Zillow.

While the mortgage industry will welcome the favorable decisions on the RESPA issues, industry members should be mindful that the context is a securities fraud case with specific pleading standards.

 

Five U.S. regulatory agencies—the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the U.S. Department of Treasury’s Financial Crimes Enforcement Network (“FinCEN”)—released on October 3, 2018 an Interagency Statement on Sharing Bank Secrecy Act Resources (“Statement”).  This guidance addresses instances in which certain banks and credit unions can enter into “collaborative arrangements” to share resources to manage their Bank Secrecy Act (“BSA”) and anti-money laundering (“AML”) obligations more efficiently and more effectively.

The Statement contemplates banks sharing resources such as internal controls, independent testing, and AML/BSA training (but does not apply to collaborative arrangements formed for information sharing among financial institutions under Section 314(b) of the U.S. Patriot Act.)  Such resource sharing contemplates reducing costs and increasing efficiencies in the ways banks manage their BSA and AML obligations.  The Statement clearly is addressed primarily to community banks, for which the costs of AML/BSA compliance can be significant, and which presumably engage in “less complex operations [and have] lower risk profiles for money laundering or terrorist financing.”  The Statement potentially represents another step in an ongoing AML reform process, which increasingly acknowledges the costs of AML compliance to industry.

The term “collaborative arrangement” is defined by the Statement as two or more banks with the objective of participating in a common activity or pooling resources to achieve a common goal.  Such resources include human and technological resources, and goals include reducing costs, increasing operational efficiencies, and leveraging specialized expertise.  The Statement elaborates on three, non-exhaustive examples of appropriate resources to share.

First, the Statement suggests that banks can jointly conduct internal control functions, including the drafting and updating of BSA/AML policies and procedures, developing risk-based customer identification and account monitoring processes, and tailoring monitoring systems and related reports regarding the risks.

Second, the Statement suggests that banks can share independent compliance testing personnel: “[t]he shared resource may, for example, be utilized in the scoping, planning, and performance of the BSA/AML compliance program independent test with appropriate safeguards in place to ensure the confidentiality of sensitive business information.”  Further, any shared resource must be qualified and not involved in other AML/BSA functions at the bank being reviewed.

Third, the Statement suggests that banks may share the cost of BSA/AML training personnel, particularly because it may be “challenging” and/or “cost prohibitive” in “some communities” to attract a qualified BSA/AML trainer.

The Statement suggests that the sharing of a BSA/AML officer is possible but could be problematic, given the confidential nature of SAR reporting and potential challenges posed to effective communication between the officer and each bank’s board of directors and senior management.  The clear import of the Statement is that such arrangements should be struck only with great care.

The Statement also generally observes the risks involved in a collaborative arrangement, and suggests that such an arrangement is not appropriate for every bank.  “Ultimately,” the Statement warns, “each bank is responsible for ensuring compliance with BSA requirements.  Sharing resources in no way relieves a bank of this responsibility.  Nothing in this [Statement] alters a bank’s existing legal and regulatory requirements.”  In other words, each bank in a collaborative arrangement is equally responsible for managing the quality of services performed under the arrangement.

Not surprisingly, the Statement counsels that any arrangement – i.e., contract – with a third party should be documented; set forth precisely-defined scope, rights and responsibilities; have a framework for protecting customer data and other confidential information; and set forth a framework for managing the risks of shared resources.  A bank also should provide periodic reports “as appropriate” to senior management and the board of directors regarding the functioning of the arrangement.  Banks and credit unions that wish to enter into a collaborative agreement should refer to existing guidance regarding third-party relationships, such as the OCC’s 2015 publication An Opportunity for Community Banks: Working Collaboratively Together, and remain cognizant of their obligations to maintain confidential information and screen conflicts of interests implicated by a collaborative arrangement with a competitor.

It is unclear how this Statement to share resources will be received and implemented over time.   It is relatively simple to declare in principle that AML resources may be shared, “as appropriate,” but effectively carrying out the details of such sharing may be difficult in practice.  Presumably community banks and credit unions will welcome this opportunity to reduce their AML/BSA compliance costs, but obviously will have to be thoughtful in implementing such arrangements.

(This blog post was also published in Ballard’s Money Laundering Watch, a blog focused on covering the latest trends and developments in enforcement, compliance, and policy involving money laundering, fraud, and other criminal activity.  Click here to subscribe to Money Laundering Watch.)

We have been following closely efforts by state regulators, state legislatures and the courts to restrict, or in some cases prohibit, bank model lending programs, so the recent guidance from the Vermont Department of Financial Regulation (“Department”)  is welcome news.  On September 13, 2018, the Department issued an Order exempting loan solicitation companies from licensure when they partner with FDIC-insured banks to offer commercial loans.

The Order provides that a loan solicitation license is not required provided the following conditions are satisfied: 1) the loan solicitation company has partnered with an FDIC insured bank; 2) the loan solicitation company is soliciting commercial loans; 3) the commercial loan is made by the FDIC-insured bank and the bank is clearly identified as the lender in the loan documents; 4) the loan solicitation company is already subject to ongoing monitoring, training, and compliance programs by the FDIC-insured bank to manage the activities of the loan solicitation company; and 5) the loan solicitation company is subject to supervision, oversight, regulation and examination by the FDIC-insured bank’s state regulator (if any) and federal regulator.

Entities that wish to rely upon this exemption must, upon request, provide the Commissioner of the Department with evidence demonstrating that the company is subject to regulatory supervision, including examinations, by the bank’s regulators in a manner that is at least equivalent to the supervision and examination of a loan solicitation company licensed by the Department.  The Order does not provide details on what level of supervision would be deemed “equivalent” to that imposed upon a licensee.

While the Order is limited to commercial loans, it does represent an acknowledgment by one state regulatory agency that programs involving banks are subject to significant supervision and oversight, and do not necessarily require additional oversight and regulation.

 

 

Last week, the Connecticut Fair Housing Center, Inc. filed a complaint against Liberty Bank in Connecticut federal district court alleging that the Bank engaged in discriminatory mortgage lending in violation of the federal Fair Housing Act.  The complaint describes the Bank as “the eighth-largest conventional home purchase lender and eleventh-largest refinancer in Connecticut.”

The complaint alleges that the Bank violated the FHA by engaging in the following conduct:

  • According to the complaint, the Bank deliberately drew its CRA assessment area so as to exclude and thereby avoid CRA scrutiny of its banking and lending activities in certain towns with racially diverse populations and generates a disproportionately low number of mortgage loans within its assessment area from non-white applicants, making “significantly fewer than expected loans than nearly all its peers in majority-non-white census tracks, even when controlling for underwriting criteria like income and whether the borrower will live in the property.”  The Bank is also alleged to over-concentrate its branches in white census tracts and, compared to its leading competitors, to have an insufficient number of branches in majority-non-white and racially diverse census tracts.  The complaint alleges that to test for redlining, the plaintiff “used a statistical measure called a shortfall.”   This measure “assumes that the number of loans is constant across the region and then estimates what the distribution of loans would be if they were made solely according to the income of loan applicants rather than some other factor like composition of neighborhood or race of the applicant.”  It then “allows a comparison between expected lending patterns and actual lending patterns for a single mortgage lender, and tests whether differences in origination volume are a result of applicant characteristics or variables such as discrimination against a protected class.”
  • Discrimination in extending credit.  The complaint alleges that the bank denies African-American and Latino loan applicants at a substantially higher rate than substantially similar white applicants after controlling for income and other neighborhood features.
  • Discouraging applications.  The complaint alleges that Bank representatives made statements that would discourage African-American and Latino applicants from applying for loans, provided significantly less information about the home-buying process to African-American and Latino applicants than white applicants, and offered loan terms to African-American and Latino applicants that were inferior to those offered to white applicants.  In support of these allegations, the complaint describes six different tests in which African-American, Latino, and white testers were allegedly sent by the plaintiff to various Bank locations to meet with a loan officer or obtain copies of advertising materials for mortgages.

The complaint serves as a reminder that while fair lending enforcement may appear to no longer be emphasized by the CFPB under Acting Director Mulvaney, lenders should keep fair lending issues front of mind.  In addition to private plaintiffs, state regulators continue to pursue initiatives to enforce fair lending laws.

 

The FDIC’s Center for Financial Research has issued a research paper that discusses the use of the information contained in a “digital footprint,” meaning the information that people leave online by accessing or registering on a website, for predicting consumer default.

The researchers considered ten digital footprint variables that included:

  • The device type (e.g. tablet or mobile)
  • The operating system (e.g. iOS or Android)
  • The channel through which a customer comes to a website (e.g. search engine or price comparison site)
  • Two pieces of information about the user’s email address (e.g. includes first and/or last name and includes a number)

According to the researchers, the results of their research suggest that “even the simple, easily accessible variables from the digital footprint proxy for income, character and reputation are highly valuable for default prediction.”  For example, ownership of an iOS device was found to be one of the best predictors for being in the top quartile of income distribution, customers coming from a price comparison website were found to be almost half as likely to default as customers directed to the website by search engine ads, and customers having their names in the email address were found to be 30% less likely to default.  The researchers also found that digital footprint information complements rather than substitutes for credit bureau information, suggesting that a lender that uses information from both sources can make superior lending decisions.

The researchers observe that “digital footprints can facilitate access to credit when credit bureau scores do not exist, thereby fostering financial inclusion and lowering inequality.”  They indicate that their results “suggest that digital footprints have the potential to boost financial inclusion to parts of the currently two billion working-age adults worldwide that lack access to services in the formal financial sector.”

The researchers also comment that regulators are likely to closely watch the use of digital footprints, noting that U.S. lenders using digital footprint information “are likely to face scrutiny whether the digital footprint proxies for [borrower characteristics such as race and gender that may not be considered under the Equal Credit Opportunity Act] and therefore violate fair lending laws.”

 

The FDIC has issued a request for information that seeks comment on how the FDIC can make its communications with insured depository institutions (IDIs) “more effective, streamlined, and clear.”  Concerned that the amount of information the FDIC provides to IDIs can create challenges for banks, particularly community banks, the FDIC is soliciting input “on how to maximize efficiency and minimize burden associated with obtaining information on FDIC laws, regulations, policies, and other materials relevant to RDIs.”  In addition to IDIs and other financial institutions and companies, the FDIC encourages comments from individual depositors and consumers, consumer groups, and other members of the financial services industry.

The RFI contains specific questions on which the FDIC seeks input that address three topics: efficiency, ease of access, and content.  Comments must be received by the FDIC by December 4, 2018.

 

On September 28, 2018, the Maryland Commissioner of Financial Regulation issued a notice advising companies servicing student loans of Maryland borrowers to provide their contact information to the state’s new Student Loan Ombudsman by November 15, 2015.

Maryland’s “Financial Consumer Protection Act of 2018” went into effect on October 1, 2015. The Act imposes a number of new regulations, and also creates the post of Student Loan Ombudsman. Under the Act, all loan servicers engaged in servicing student loans made to Maryland residents must provide the Ombudsman with the name, phone number and e-mail address of the individual designated to represent the servicer in communications with the Ombudsman. The deadline to comply with this requirement is November 15, 2018.

The Ombudsman is charged with receiving and working to resolve complaints submitted by student borrowers. The Ombudsman will also analyze and compile data related to such complaints, and the analysis of that data will be disclosed to the public along with the names of student loan servicers engaging in any abusive, unfair, deceptive or fraudulent practices.

In addition to its responsibilities related to student borrower complaints, the Ombudsman will also engage in educational efforts with both students and the state legislature. With respect to students, the Ombudsman will help student loan borrowers to understand their rights and responsibilities under the terms of their student loans. The Ombudsman is also directed to establish a student loan borrower education course by October 1, 2019.

The Ombudsman will also provide annual reports to the governor and Maryland General Assembly, along with making recommendations for statutory and regulatory procedures to resolve student loan borrower issues. These recommendations are to include an assessment of whether Maryland should require licensing or registration of student loan servicers.

On September 21, 2018, the Attorney General for the State of Washington filed a lawsuit (see complaint) against several companies engaged in purchasing charged-off consumer debts, for operating as “collection agencies” without a license, in violation of the Washington Collection Agency Act (WCAA).  The lawsuit names EGP Investments, LLC, JPRD Investments, LLC, and The Collection Group LLC (the Debt Buyers) as defendants, along with Fair Resolutions, Inc. (FRI) – a licensed collection agency hired to collect debts on their behalf – and Brian Fair (Fair) of Wenatchee, Washington, who formed and owns/controls each company.  While all of the named entities are currently licensed “collection agencies” under Washington law, the lawsuit relates to conduct between May 2004 and September 2009, when the Debt Buyers allegedly filed thousands of collection complaints against Washington consumers without a license.  The lawsuit charges FRI and Fair with aiding and abetting the Debt Buyers’ alleged violation of the WCAA.

Notably, the Debt Buyers (like many of their peers operating in Washington State) obtained licenses prior to October 1, 2013, when the WCAA was amended to clarify that it applied to debt buyers, “whether [they] collect[]  the claims [themselves] or hire[] a third party for collection or an attorney for litigation in order to collect such claims.”  Prior to the amendment, and as relevant here, the WCAA defined a “collection agency” to include entities “directly or indirectly engaged in soliciting claims for collection, or collecting or attempting to collect claims owed or due or asserted to be owed or due another.”  (emphasis added).  Thus, prior to the amendment, many “passive debt buyers” operated under the presumption that the WCAA did not require them to be licensed – an interpretation adopted by the Washington Collection Agency Board, which regulates collection agencies within the state.

However, Washington’s Supreme Court rejected this interpretation in 2014, after the Eastern District of Washington certified the issue during a lawsuit brought by a consumer against a large national debt buyer (see opinion).  Like the Debt Buyers, the defendant in that case became licensed immediately before the 2013 amendment took effect, prior to which it allegedly violated the WCAA by operating without a license – notwithstanding the fact that it hired licensed collection agencies and/or attorneys to actively pursue collection.  While the Washington Supreme Court acknowledged that the pre-amendment definition was “ambiguous,” it found “the most reasonable interpretation [to be] that debt buyers fall within it when they solicit claims for collection[,]” regardless of whether they “outsource[d] the collection [or the filing of collection lawsuits].”  The court noted that the amendment supported this interpretation, as it served to clarify (rather than change) the statute.  Following the Supreme Court’s holding, the defendant raised a good faith defense, and argued that it should not be held liable for violating the WCAA where the statute was ambiguous, and it acted in good faith reliance on the state regulator’s interpretation of the statute. The District Court rejected this argument, however, finding that the legislature’s decision to define the violation as a “per se” unfair practice meant the defendant was liable, even if it acted in good faith.

The Washington AG’s lawsuit highlights the risk created by ambiguous laws and regulations, along with the need for a company to stay current on and consult with legal counsel about potentially applicable laws and regulations – at the federal, state, and local level – in any market in which the company does business.  This is particularly true for laws and regulations pertaining to consumer protection, which (like the WCAA) often allow for enforcement through either private litigation or government enforcement actions.

On September 25, the Consumer Financial Protection Bureau issued a report on its sources and uses of data. This report was followed by a Request for Information regarding its data collection practices, published in the Federal Register on September 28. In some respects, both documents are a follow-up to Acting Director Mick Mulvaney’s December 2017 order to CFPB staff to cease collecting personally identifying information, pending a review of and improvements to the Bureau’s overall data security systems.

The Dodd-Frank Act states that the CFPB “shall seek to implement and … enforce Federal consumer financial law consistently for the purpose of ensuring that all consumers have access to markets for consumer financial products and services and that [those markets] are fair, transparent, and competitive.” The CFPB regularly obtains data about consumers to fulfill these statutory functions and obligations and its data collection practices under the leadership of former Director Cordray had been the subject of strong criticism from Republican lawmakers.

The 199-page report describes the sources and uses of data collected, as well as the processes governing the intake, use, access, and disclosure of any data by the Bureau. Appendix B to the report includes a list of the Bureau’s 188 data collections to date from public sources, government agencies, commercial vendors, financial institutions, and consumers. The list generally does not include data collections from consumers on a voluntary basis, such as through focus groups, one-on-one interviews, or user testing. Contained in the report’s Appendix C is a list of the Memoranda of Understanding between the Bureau and other agencies that address the sharing of data. 81 different governmental and quasi-governmental agencies are named in the list.

During its review of its data security systems, the CFPB signed an interagency agreement under which the Department of Defense provided risk assessment services to identify potential gaps in the Bureau’s cybersecurity controls. The Bureau concludes in the report that its security protocol is currently “well-organized and maintained” with no critical issues found.

The CFPB is now seeking public input regarding the overall effectiveness and efficiency of the Bureau’s data collection practices. It is asking the public to provide comments on aspects of its data collection program, such as:

  • The sources, uses, and scope of information the Bureau collects;
  • Ways the Bureau should or should not reuse data collected for one purpose to inform the other functions of the Bureau;
  • Ways to reduce the burden on future furnishers of information;
  • Activities the Bureau could engage in to make data collections from financial institutions more effective and efficient; and
  • Other changes that may assist the Bureau to more effectively meet its statutory purpose and objectives.

Public comments are due to the CFPB by December 27, 2018.