Thursday, February 23, 2017

Secondary market mortgage buyer can ignore public assistance income

By Richard A. Roth, J.D.

A bank that refused to consider Section 8 housing aid when it decided which mortgage loans met its criteria for secondary market purchases did not violate the Equal Credit Opportunity Act, according to the U.S. Court of Appeals for the Fifth Circuit. Rejecting the Consumer Financial Protection Bureau’s argument for a broader definition of “creditor” under the ECOA, the court said the bank did not participate in the lender’s credit decisions (Alexander v. AmeriPro Funding, Inc.).

Consumers who wanted to buy homes in the Houston, Texas, area sued Wells Fargo Bank and AmeriPro Funding for claimed ECOA violations. According to the consumers, Wells Fargo’s secondary market purchase guidelines explicitly said the bank would not buy mortgages if the buyer’s income came in part from Section 8 assistance. Since AmeriPro wanted to be able to sell mortgages it originated to Wells Fargo, it likewise refused to consider Section 8 assistance.

However, the ECOA makes it illegal for a creditor to discriminate against an applicant because some or all of the applicant’s income is from a public assistance program (15 U.S.C. §1691(a)(2)). AmeriPro directly violated this ban, the consumers claimed, and Wells Fargo violated it as well because its guidelines amounted to participating in AmeriPro’s credit decisions.

Loan buyer discrimination. Potentially the most significant discussion addressed four applicants’ claims that Wells Fargo was a creditor under the ECOA and that it had discriminated against them. Despite the CFPB’s arguments supporting the consumers, the theory was rejected.

Looking at the ECOA’s definitions of “applicant” and “creditor,” the court decided that Wells Fargo could be a creditor only if it participated in the decision to extend credit. The bank’s secondary market purchasing guidelines did not constitute participation in the credit decision.

The CFPB argued for a broader view of participation, such as that included in Reg. B. However, even Reg. B would not include “those who have no direct involvement whatsoever in an individual credit decision,” according to the court.

Other lending. This could be seen as bringing into question the CFPB’s guidance on the ECOA, Reg. B—Equal Credit Opportunity (12 CFR Part 1002), and indirect auto lending. The bureau has, since issuing guidance in 2013, held and enforced the position that indirect auto lenders—companies that buy loans originated by automobile dealers—are creditors and can be responsible for the dealers’ discriminatory practices (see CFPB Bulletin 2013-02).

However, the bureau’s position in this case seems to have gone one step farther than its indirect auto lending guidance. The process described in the 2013 bulletin included the dealer forwarding the consumer’s credit information to one or more potential loan borrowers, who then would make an individual decision as to whether to buy the loan. While mortgage loan originators may follow a similar practice in finding investors to fund a loan, the court opinion did not indicate that Wells Fargo, as a secondary market buyer, was consulted on individual loans before credit decisions were made. In fact, the court’s reference to direct involvement in an individual credit decision could imply that there was no such prior consultation.

Wells Fargo applicants. The court swiftly dispensed with the claims of the two consumers who applied directly to Wells Fargo. The consumers were applicants under the ECOA, and Wells Fargo was a creditor, the court agreed. However, the consumers had offered nothing to show that the bank had discriminated against them as a lender. Rather, they relied only on the bank’s secondary market purchase guidelines.

The ECOA applies only to loan originators, the court said, not to secondary market buyers. Moreover, what Wells Fargo did as a loan buyer was distinct from what it did as a loan originator. There was no showing that Wells Fargo refused to consider Section 8 income when it originated loans, the court noted.

Application requirement. The consumers who only made inquiries were not applicants under the ECOA and thus were not protected by the law, the court decided. The ECOA said that a creditor who violated the law was liable to an “aggrieved applicant,” and to be an applicant one must actually request credit.

It was possible that the consumers were discouraged from making an application because they were told their Section 8 income would not be considered, the court conceded. Also, Reg. B banned creditors from discouraging applications on a prohibited basis, the court observed. However, the ECOA does not allow a suit by an “aggrieved prospective applicant.” 

The CFPB can enforce a regulatory ban on discouragement, the court said, but that did not mean there was a private right of action if the law did not provide one.

For more information about Equal Credit Opportunity Act issues, subscribe to the Banking and Finance Law Daily.

Wednesday, February 22, 2017

Enhanced cybersecurity standards should be consistent and risk-based, say industry groups

By J. Preston Carter, J.D., LL.M.

Comment letters to the federal financial regulatory agencies from a number of industry groups urge the adoption of a risk-based approach and consistent standards in the agencies’ proposed enhanced cybersecurity standards for big banks. Last October the Federal Reserve Board, Federal Deposit Insurance Corporation, and Office of the Comptroller of the Currency proposed enhanced cybersecurity risk-management and resilience standards for large and interconnected entities under their supervision, as well as to services provided by third parties to these financial institutions.
SIFMA, ABA, and IIB. In one comment letter, the Securities Industry and Financial Markets Association, American Bankers Association, and Institute of International Bankers noted the "extensive work that has been done by regulators and industry to develop core principles and practices that are risk-based and harmonized across the regulatory environment." The groups also noted that financial institutions have already designed cybersecurity programs to align with the NIST Cybersecurity Framework and to comply with federal cybersecurity regulations such as those promulgated under the Gramm-Leach-Bliley Act, which also adopt risk-based approaches to cybersecurity.
If any new rule is promulgated, they urged, it should adopt a risk-based approach consistent with the global approach used in voluntary frameworks such as the NIST Cybersecurity Framework, setting control objectives rather than prescriptive requirements.
Specifically, the letter states, the agencies should consider the risks of certain provisions within the proposed regulation, which include: (1) arbitrary application of the proposal to entities with $50 billion in assets (regardless of risk), unnecessarily placing regional financial institutions in-scope; (2) creation of a mandatory two-hour recovery time objective irrespective of active cyber threats, potentially forcing targeted institutions to choose between resuming services prior to firm readiness, or resuming services after the two-hour window if necessary and facing noncompliance ramifications; and (3) lack of harmonization with existing industry standards, which exacerbates existing industry cyber risks by forcing information security personnel into compliance functions, rather than actively defending their institutions.
FSR. The Financial Services Roundtable technology policy division BITS said, "It is critical that the Agencies adopt a risk-based approach to cybersecurity regulation." According to the FSR, this would permit financial institutions to align their cyber risk strategies with their particular risk profiles. The letter continued, "Rather than imposing a rigid set of requirements that purports to fit the needs of all institutions in this very diverse sector, a risk-based approach would hold institutions accountable to develop a customized, enterprise-wide program of cyber preparedness based on a more accurate assessment of their inherent and residual risks."
The letter also highlighted the "many overlapping cybersecurity regulations facing the financial industry," such as the Interagency Guidelines Establishing Information Security Standards, the FFIEC Cybersecurity Assessment Tool, the New York Department of Financial Services cybersecurity regulations for financial services companies, and the Office of the Comptroller of the Currency’s guidance on third-party relationships and risk management. "Viewed in isolation," FSR said, "these regulations are each well-intentioned and can contribute to the cybersecurity of the financial services sector. When layered upon one another, however, they create differing and potentially conflicting approaches to cybersecurity."
The FSR called for "a temporary pause in regulatory proceedings and adoption of a more unified approach to cyber risk management … coalescing around clear and more consistent standards that simplify execution and translates into improved critical infrastructure protection."
For more information about cybersecurity standards for financial institutions, subscribe to the Banking and Finance Law Daily.

Tuesday, February 21, 2017

En banc rehearing of suit invalidating CFPB structure granted

By Richard Roth

The U.S. Court of Appeals for the District of Columbia Circuit on Feb. 16, 2017, granted the Consumer Financial Protection Bureau’s request for a full-court rehearing of PHH Corp. v. CFPB, in which a majority of a three-judge panel decided that constitutional separation of powers principles prevents the Dodd-Frank Act’s organization of the CFPB. According to the panel decision, it is impermissible for the bureau to be structured as an independent agency whose director can be removed by the president only for cause. The panel said that the bureau is instead to be treated as an executive agency whose director can be removed at the president’s pleasure.

The per curiam order by the full court explicitly vacates the panel’s decision.

RESPA enforcement suit. The origin of the case was a CFPB administrative enforcement action against PHH Corp. that alleged violations of the Real Estate Settlement Procedures Act ban on kickbacks and unearned fees. The bureau reinterpreted RESPA’s application to captive insurance companies, applied its new interpretation to PHH Corp.’s prior business activities, found a RESPA violation, and entered a $109 million disgorgement order.

PHH Corp. appealed the bureau’s administrative enforcement proceeding, asserting both that the CFPB was unconstitutional and that the retroactive application of RESPA had denied the company due process.

Panel RESPA decision. The three-judge panel unanimously rejected the bureau’s RESPA arguments. The CFPB’s interpretation of RESPA was wrong, the judges decided. Moreover, even if the bureau’s interpretation was right, it could not be applied to prior conduct that was legal under the prior interpretation.

The new interpretation could at most apply only to conduct within the three-year statute of limitations, the judges added. They unanimously rejected the bureau’s claim that there was no time limit on administrative enforcement proceedings.

Separation of powers. Two of the three judges, over the objections of a dissenter, also decided that the bureau’s single director structure violated the Constitution’s separation of powers requirements. Noting that the Constitution neither condemned nor approved the bureau’s arrangement, the majority based its conclusions on a lack of precedent.

Historical practices consistently allowed an executive agency to have a single director but required independent agencies to have multi-member boards, the majority said. The use of a multi-member board provides a check against arbitrary actions and abuses of power because power is not concentrated in the hands of one person.

However, the majority declined the sweeping remedy that PHH Corp. desired—the invalidation of the entire CFPB. The Dodd-Frank Act included a severability clause that made clear Congress’s intent. The removal-for-cause requirement was to be severed from the remainder of the act and the bureau was to continue to operate.

The dissenter argued that the case should have been decided based on the interpretation of RESPA. It was unnecessary to consider the larger constitutional issue.

Issues outlined by the court. The order granting rehearing asked the parties to address three specific issues:
  1. Is the single director structure a violation of the separation of powers principles and, if not, is severing the removal for cause requirement the proper remedy?
  2. Would it be proper to decide the case based on the RESPA interpretation issues and avoid deciding the larger constitutional issue?
  3. What effect, if any, would a decision in Lucia v. SEC have on the PHH Corp. case?
Lucia v. SEC has the potential to influence PHH Corp. v. CFPB. The issue in Lucia is whether Securities and Exchange Commission administrative law judges are inferior officers under the Constitution or SEC employees who are outside of the scope of the Appointments Clause.

The court could be signaling that it sees some connection between the two cases, given the explicit question in the PHH Corp. order, that the court granted en banc rehearings of both cases on the same day, and that oral arguments in both cases are scheduled for the same day.

Possible results. There are three likely results of the en banc rehearing:
  1. The effects of the panel decision could be affirmed. In that case, it would be up to the CFPB to decide whether to ask the Supreme Court to hear an appeal. Of course, whether President Trump would attempt to remove CFPB Director Richard Cordray in the interim, and what the result of such an attempt might be, would be open questions.
  2. The panel’s decision could be rejected, with the full court deciding that the single-director structure does not violate the Constitution.
  3. The full court could decide that the CFPB’s administrative order should be overturned based on the RESPA issues. In that case, the court could exercise judicial restraint and decline to consider the constitutional issues.
A complete CFPB victory, however, seems unlikely. The weakness of the bureau’s RESPA arguments, the unanimous and forceful rejection of those arguments by the three-judge panel, and the questions on which the full court asked the parties to focus their arguments imply that the CFPB will find it very difficult to convince the full court to reinstate the administrative order and required disgorgement.

Oral arguments are scheduled for May 24, 2017.

For more information about the Consumer Financial Protection Bureau, subscribe to the Banking and Finance Law Daily.

Thursday, February 16, 2017

‘Laughable’ loan applications might cost Bank of America $900,000 restitution

By Katalina M. Bianco, J.D.

A U.S. district judge should not have ordered defendants convicted of mail fraud to pay Bank of America $893,015 in restitution without considering the bank’s responsibility for its losses, the U.S. Court of Appeals for the Seventh Circuit has decided. The judge was told he should consider whether fining the defendants in the same amount would be a better choice (U.S. v. Litos, Feb. 10, 2017, Posner, R.).

The three defendants were convicted of scheming to induce B of A to make mortgage loans to straw buyers that they knew the buyers could never repay. The properties were bought from the defendants, who furnished the buyers with necessary down payments and helped them complete loan applications. When the purchases were complete, the defendants ended up with the loan proceeds, and the loans went into default.

Bank’s complicity.  In ordering restitution, the judge should not have relied on a claim by a bank employee that B of A would not have made the loans if it had known the source of the down payments, the appellate court said. The bank "ignored clear signs" of problems with the loans, the court said, and the bank’s lack of clean hands made the restitution order questionable.

The appellate court made its scorn for B of A’s practices clear, beginning by charging the bank with "a long history of blunders and shady practices." Statements by the district judge that the loan applications were "a joke on their face" and "laughable" were supported by the loans, the appellate court said. B of A made multiple mortgage loans to individuals in short spans of time, based on financial claims in loan applications that were clearly untrue—the most notable transactions being the extension of six loans over only 10 days to a borrower who falsely claimed to own two other properties, to have $3,400 in monthly gross income, and to have $320,000 in a bank account.

The fraud was "transparent," the court charged—if the bank had done any investigation, it would have discovered that the borrowers’ applications were fraudulent and that the loans would not be repaid. B of A was not negligent, it was reckless, ignoring the risk of the loans because it intended to sell the loans and transfer the risk to Fannie Mae. The district judge needed to consider whether a reckless bank is entitled to restitution, the appellate court said.

For more information about banking law cases, subscribe to the Banking and Finance Law Daily.

Tuesday, February 14, 2017

Trade groups urge FHFA to increase consultation on 2017 Scorecard

By Thomas G. Wolfe, J.D.

In connection with the Federal Housing Finance Agency’s “2017 Scorecard for Fannie Mae, Freddie Mac, and Common Securitization Solutions,” nine national banking, mortgage, and finance groups have jointly submitted a letter to FHFA Director Melvin Watt, urging the agency to “engage more openly and broadly” with the industry “through a public forum.” Further, in their Feb. 8, 2017, letter, the trade groups ask the FHFA to better inform the industry about relevant data from the government-sponsored enterprises that may impact the credit score models and to share its assessment of fair lending risks “posed by contemplated changes.”

The letter from the American Bankers Association, Community Home Lenders Association, Community Mortgage Lenders of America, Credit Union National Association, Housing Policy Council of the Financial Services Roundtable, Independent Community Bankers of America, Mortgage Bankers Association, National Association of Federally-Insured Credit Unions, and U.S. Mortgage Insurers also requests that the FHFA provide an implementation period “of at least 24 months once there is a final decision regarding any new/alternative credit score model.”

As observed in the trade groups’ letter, the 2017 Scorecard for Fannie Mae, Freddie Mac, and Common Securitization Solutions directs the Enterprises to “conclude assessment of updated credit score models for underwriting, pricing, and investor disclosures, and, as appropriate, plan for implementation.” While the groups express their appreciation for the FHFA’s work in this area, they urge the FHFA to actively seek “additional consultation with industry on potential options.” Moreover, the trade groups propose a meeting with the FHFA to discuss these options and to provide feedback “directly to FHFA staff.”

For more information about the government-sponsored enterprises and the concerns of the financial services industry, subscribe to the Banking and Finance Law Daily.

Thursday, February 9, 2017

RushCard technology breakdown costs companies $13 million

By Andrew A. Turner, J.D.

After technological breakdowns in October 2015 left RushCard users unable to access their money and without customer support, the Consumer Financial Protection Bureau says that it received more than 800 complaints. The failures culminated in an enforcement action brought by the CFPB against UniRush, which administers the RushCard, and Mastercard, its payment processor.

RushCard is a prepaid card advertised as a way to get direct deposits, including government benefits or payroll funds “up to two days sooner” by allowing deposits of that money onto the card. The CFPB found that Mastercard or UniRush denied consumers access to their own money, botched the processing of deposits and payments, gave consumers inaccurate account information, and failed to provide customer service to consumers impacted by the breakdowns.

Mastercard and UniRush have agreed to pay a total of $13 million to settle the charges based on an October 2015. According to the CFPB, more than 45,000 consumers were in some way affected by problems that arose when UniRush changed its payment processor to Mastercard. The two companies are jointly liable for approximately $10 million in consumer redress and an additional $3 million civil penalty. The settlement does not include any admission of wrongdoing by either company.

Service breakdown. Bureau Director Richard Cordray said that tens of thousands of users were locked out of their RushCard accounts, with service disruptions in some cases lasting for weeks. Many RushCard users rely on the card to pay basic living expenses because they have no bank accounts, Cordray said, and their inability to make payments resulted in late fees and penalties.

UniRush also failed to process direct deposits for approximately 45,000 consumers and improperly returned deposits for others, Cordray said. This left consumers unable to gain access to their funds.

On the other hand, some deposits were erroneously posted twice, and some debits were not posted in a timely manner, Cordray charged. This led users to believe they had larger balances than was true, which in turn induced them to overdraw their accounts. UniRush compounded the problem by using subsequent deposits to repay the overdrafts without notifying the customers.

UniRush’s customer service personnel were inadequate to handle the problems, the bureau added.

Mastercard alleged failures. The consent order against Mastercard is based on what the bureau described as the company’s inadequate preparation for the change-over. The company’s testing did not accurately simulate the conditions of the change-over, which generated an overly optimistic estimate of how quickly the process would be completed. The company rejected UniRush’s request for additional testing of one necessary data file that Mastercard knew was central to a successful change-over, the bureau said.

Mastercard also did not communicate adequately with UniRush, the CFPB added.

Consent order. Under the consent order, entered under the bureau’s authority to act against unfair, deceptive, or abusive acts or practices, the two companies are permitted to decide between themselves how to allocate liability for the $13 million in payments. However, the CFPB is not bound by their agreement, leaving the bureau able to collect the full amount should either company default.

Mastercard is required to create procedures to avoid similar problems in future change-overs, while UniRush must create an incident tracking system and a disaster recovery plan. Both companies are to implement improved compliance programs.

For more information about CFPB enforcement actions, subscribe to the Banking and Finance Law Daily.

Wednesday, February 8, 2017

Bill introduced to ‘slow revolving door between Wall Street and Washington’

By J. Preston Carter, J.D., LL.M.

The "Financial Services Conflict of Interest Act" has been reintroduced in Congress by Sen. Tammy Baldwin (D-Wis) and House Committee on Oversight and Government Reform Ranking Member Elijah Cummings (D-Md). First introduced in 2015, the measure is intended to "slow the revolving door between Wall Street and Washington."
The press release announcing their bill stated, "Recently, many of President Trump’s nominees have been found to have troubling conflicts of interest and golden parachute payouts."
Baldwin said, "When Wall Street insiders and corporate executives move through the revolving door from the private sector to public service, they should not be rewarded with golden parachutes simply for joining the Trump Administration."
"Our bill is critical to ensuring that federal employees are working for the American people—not for Wall Street investors," said Cummings. "President Trump’s administration is filled with Wall Street executives who are lining their pockets with hefty payouts from their previous employers."
The measure would:
  • outlaw bonuses from former private sector employers for entering government service;
  • expand the cooling-off period from one to two years between working for, and lobbying, the federal government;
  • increase from one year to two years the current prohibition on federal examiners from accepting employment with any financial institutions they oversaw; and
  • reduce conflicts of interest by requiring senior financial service regulators to recuse themselves from any official actions that directly or substantially benefit the former employers or clients for whom they worked in the previous two years before joining federal service.
summary of the proposed legislation notes that it is supported by the American Federation of Labor, Congress of Industrial Organizations (AFL-CIO), American Federation of State, County, and Municipal Employees (AFSCME), Americans for Financial Reform, Center for Effective Government, Common Cause, Consumer Action, Government Accountability Project, Greenpeace, Institute for Agriculture and Trade Policy, James A. Thurber, Public Citizen, RootStrikers, and U.S. Public Interest Research Group (USPIRG).
For more information about the Trump Administration's financial regulatory plans, subscribe to the Banking and Finance Law Daily.