July 2013 Legal Briefs

• Notice of title protection document
• Responsible conduct
• Exam workpapers – Reg Z
• (Amended) Ability to repay rules hot off the press
• If your bank issues reloadable prepaid debit cards …
• Treasury still issues some paper checks
• When federal ACH payment names don’t match up
• What bankers wish customers knew

Notice of Title Protection Document

By Pauli D. Loeffler

While calls and emails about Oklahoma’s Notice of Title Protection Document have never made my top 25 list of frequently asked questions, I do get questions on it at regular intervals. Based on the questions asked, I believe that very few bankers really understand the provisions contained in Title 46 O.S. §§ 19-21.

Is the Notice required?
To know whether the Notice is required, we examine Title 46 O.S. § 19 which provides definitions and scope for the Act.

As used in this act:

1. "Buyer" means a person who purchases property through financing, in whole or in part, by a loan secured by the property;
2. "Mortgagee" means a person who provides financing, in whole or in part, to a buyer for the purchase of property and the financing is secured by the property;
3. "Person" means an individual, partnership, corporation, trust or other legal entity;
4. "Property" means real property which is either improved property or unimproved property which is purchased through financing by a loan for construction; and
5. "Title protection document" means a lawyer’s title opinion letter, a title certificate, a title insurance policy or other written assurance as to the state of the title to property.

The definitions in Tit. 46 O.S. § 19 are broad in scope/coverage; however, they do not require that the Notice be provided for all loans secured by real estate. Here are items to consider.

a) This is NOT a consumer-only statute. If the loan meets the requirements of the Act, the notice will have to be given whether or not it is a consumer loan and whether the borrower is a natural person, an unincorporated association or a separate legal entity. Since I have had to drop the bomb that the Act covers both consumer and non-consumer loans when responding to bankers, some of you may be gasping.

b) The definition of “Mortgagee” not only includes financial institutions, but it would include the seller, or a relative or friend of the purchaser who lends money for the purchase secured by the real estate purchased. That’s something to think about if you ever contemplate personally financing such a loan.

c) The term “title protection document” includes not only a title insurance policy or an attorney’s title opinion obtained by the mortgagee, but also any written assurance regarding title to the property.

d) The loan must be to purchase real property. If the borrower already owns the real estate, a subsequent loan secured by the property will not require the Notice. This means refis, renewals, and construction/home improvement loans secured by real estate the borrower already owns will not be subject to the Act.

e) The security for the purchase must be the real estate purchased. If the loan is to purchase a rental property but is secured by the borrower’s home or RV or CD, the Notice is not required.

f) The loan must be to purchase improved real estate, or must be a construction loan to purchase unimproved land. A loan to purchase a lot only without funding construction is not subject to the Act. Even if the banker knows the borrower plans to build in the future, a loan to acquire the lot will not require the Notice nor would it be required when the construction loan is later made, since no purchase is involved as indicated in d).

Other issues

I know that some banks provide the Notice of Title Protection Document for each and every real estate secured loan. Providing it when not required causes no harm other than killing a few more trees.

Bankers have asked whether the Notice must be given along with the application or may they wait until the application is received. The language of Title 46 O.S. § 20 says: "[T]he mortgagee shall give to the buyer at the time of loan application written notice…" I personally believe this means when the bank receives the application, but other than giving out a piece of paper with an application that may never be returned, I don’t see a problem with providing it with the application.

So what are the possible repercussions if the bank fails to provide the required Notice? The worst case scenario would be a borrower who suffered a large loss because he did not obtain buyer’s title insurance or get an attorney to examine the title and provide a buyer’s opinion. Otherwise, Title 46 O.S. § 21 provides a penalty in the amount of $100.00 payable to the buyer plus the cost of the action to collect the penalty including attorney fees. I have never heard of any lawsuits or claims although the statutes have been in effect since 1979. I would guess this is because the penalty is so small, and failure to provide the Notice isn’t a high profile cause for class action attorneys to get involved.

Responsible Conduct

By Andy Zavoina

The Consumer Financial Protection Bureau (CFPB) released a Bulletin (2013-06 if you want to look it up) on the subject of “Responsible Business Conduct: Self-Policing, Self-Reporting, Remediation, and Cooperation.” Whether the CFPB is your regulatory agency or not, keep reading. These are words of wisdom for all banks because we see these same expectations from the other prudential regulatory agencies even if you don’t have a bulletin from them.

The CFPB in the opening paragraph states that there are four factors they consider when imposing enforcement actions.

1. The nature, extent, and severity of the violations identified.
2. The actual or potential harm from those violations.
3. Whether there is a history of past violations.
4. A party’s effectiveness in addressing violations.

During a webinar hosted by the FDIC I asked a question I know other bankers have asked when it comes to flood penalties – “how do you calculate the amount of the penalty?” The answer was not far from the four factors above. It seems that the regulators have regularly not imposed the maximum penalty unless they were all but forced to in order to make their point.

Consider that it was approximately one year ago that Biggert-Waters was passed and flood penalties were going up from $385 per violation, to a maximum of $2,000 per violation. For those appreciating the math, that is a 419 percent increase. But comparing the average penalty imposed in 2012 of $9,158 to the average for the first six months of 2013, $13, 095 and that is only an increase of 43 percent. The increase could have been more substantial just based on the penalty increase alone. This year (2013) we have seen flood penalties range from $135,000 on the high end for one bank violating the flood rules, to a low penalty of $770. The published notices do not give us the breakdown of how these penalty amounts were calculated or how many individual violations there were at each bank. I have to believe there was some subjectivity to them, which takes us back to the four factors. This flood example depicts what we believe can happen on other regulatory violations as well.

Some of the criteria that will be considered when there are violations such as these will be a review of your bank’s compliance management program. This reinforces why your program needs to be well thought out and not just a paper document, but a practice that is done day in and day out.

Go to the loan area, new accounts, and the teller line. Watch and listen as disclosures are made that explain new deposit account features and restrictions, how the high yield money market account has limited transactions, how the consumer may have liability for unauthorized electronic fund transfers, how loan fees are charged, why and when insurance is necessary, and the like. Then review any quality control checks that are being done and how these lead up to compliance audits. Do what is checked and the frequency of those checks make sense considering your risk assessment? When was the risk assessment last updated? Have you introduced new products and services since then? Is management supporting corrective actions and are corrective actions being completed in a timely manner or do you have to fight with department heads about policies, procedures, training and making changes? What you do on the front side to prevent violations will impact the enforcement actions on the backside when your examiners discover them. I used to have a sign in my office so everyone coming in with compliance issues could see it. I borrowed and paraphrased from a John Wayne movie and the sign said “More sweat in audits, less blood in exams.” And that is true.

When your examiners come to your bank to conduct a compliance exam, one of the first things they will review are your audit reports. They will look for violations you found and will want to know what was done to determine the extent of the violations, how many consumers may have been harmed and how badly. How did you plan to make these consumers whole — were there new disclosures sent, reimbursements of interest and fees — and what was done to prevent these same problems from recurring? Were these isolated cases, or a pattern or practice? What contributed to the problem in the first place? You need to be prepared with answers.

What you do not want to find is that income was a motivating factor that trumped consumer protections. That could have Unfair, Deceptive or Abusive Acts or Practices written all over it. Consider a bank that was found last year to have violated Reg E by requiring police reports for claims. The bank was penalized under UDAAP instead of Reg E because the bank’s actions discouraged claims. Consider the bank that promised higher rates on deposit accounts when a debit card was used four or more times a month, but never said the higher rate wasn’t effective until after the required transactions were made.

As you review the problems found in your bank, be sure to note how each one was discovered. Was a problem detected in an internal review, by an external auditor, from a consumer complaint or by some other method? What function was, or should have been, in place to detect it? As you examine these issues you will understand that the goal is sound procedures in the first place, and then quality control checks and early detection. Emphasis is on early detection. This is an area where one department seems to get bruised because the error occurred regardless of safeguards in place, be they software, checklists or second reviews. The compliance department however gets a pat on the back because they detected the error, evaluated it, placed corrective measures in place and corrected it with the consumer. These are signs of an effective compliance program and I recommend always asking examiners who note problems you found, to also state you corrected them.

You also don’t want to find a repeat violation. That could be the sign of a weak program, whether you find a violation you cited after an audit and corrective actions were done, or the examiners find it after it was cited earlier. In the latter case, the corrective actions were not sufficient, there was a separate cause for the same problem, or management is not supporting the compliance program. It also means that the bank’s customers are the ones paying the price for the deficiencies, which doesn’t make for happy examiners.

Summing up, the CFPB recommends self-policing, and when significant problems are found, notifications to the agency. This courtesy notification (my phrase) holds true for the other regulatory agencies as well. Just as your management and board do not like surprises, neither does your examiner. The bank must remain cognizant of what the problem is, what caused it, how many accounts are affected and what the corrective actions are. Have a plan in place so there are answers for the examiners (not just an explanation of why the problem occurred). Know that some violations will immediately trigger a financial response from the bank, such as overcharges that need to be reimbursed (that could jeopardize the bank’s capital) , and that fair lending violations must be referred to the Department of Justice. But it is better to find these yourself early and to correct small problems, than to wait for the examiners and have years of problems to fix. In the end, these are the marks of a strong compliance management program. Work to correct the problems, cooperate with the examiners, and do not create adversarial relationships between the bank and its customers or regulators.

That, in a nutshell, is responsible conduct.

Exam Workpapers – Reg Z

By Andy Zavoina

On June 6, 2013, the Federal Reserve Board issued Consumer Affairs letter CA 13-9, which announced updated exam procedures for Reg Z. Even if the FRB isn’t your regulator, those procedures are likely to be close to what your examiners will use, so it makes sense to review what the Fed has provided. As we are all aware, Reg Z is undergoing massive changes brought on by the Dodd-Frank Act and being published by the Consumer Financial Protection Bureau. The FRB procedures form a 156-page document that provides background information, “cheat sheets” that can help you comply with Reg Z, and the exam procedures which include the questions which must be answered to demonstrate an understanding of and compliance with these rules. Those cover Reg Z in general, but the updated material now includes the restriction of mandatory arbitration agreements in mortgage loans; revisions to existing escrow requirements on first-lien higher-priced mortgage loans; annual adjustments to the threshold for exempt consumer credit transactions and to the points and fees coverage trigger under HOEPA; limits to certain credit card fees; and removal of an "independent" ability to repay requirement for credit card applicants who are 21 or older. As I discussed in the “Responsible Conduct” article, testing your compliance procedures is important. This is the perfect document to will help you get the testing done. The CFPB’s version (released June 4, 2013) has the same information with slight formatting variations, with a 170-page count.

These Reg Z exam procedures which relate to mortgages were developed on an interagency basis and were recently approved by the Task Force on Consumer Compliance of the Federal Financial Institutions Examination Council. Since they are FFIEC approved, it doesn’t matter that this publication was from the Federal Reserve; they will apply regardless of who your prudential regulator is: we are all following the same Reg Z.

While you are at it, the CFPB released a similar document for new Reg B requirements. If you haven’t already downloaded and reviewed these exam procedures, now is the time. They may also help you plan implementation for the rules changes going into effect in January.

• FRB Announcement – http://www.federalreserve.gov/bankinforeg/caletters/D828DD5DE5F643C69675B429E1F61A3B.htm#access
• CFPB press release on Regs B & Z procedures – http://www.consumerfinance.gov/pressreleases/the-cfpb-releases-exam-procedures-for-new-mortgage-rules
• CFPB Procedures for Reg Z- http://files.consumerfinance.gov/f/201306_cfpb_laws-and-regulations_tila-combined-june-2013.pdf (.pdf)
• CFPB Procedures for Reg B – http://files.consumerfinance.gov/f/201306_cfpb_laws-and-regulations_ecoa-combined-june-2013.pdf (.pdf) 

(Amended) Ability to Repay Rules Hot off the Press

By Andy Zavoina

On May 30, 2013, The CFPB announced the most recent final amendments to what we refer to as the “Ability-to-Repay” rules. They will dictate in a large part the qualification rules for various mortgage loan products for small creditors, community development lenders, and housing stabilization programs. The amendments also revised rules on how to calculate loan origination compensation for certain purposes. On June 12 the rules were published in the Federal Register.

(https://federalregister.gov/a/2013-13173)

If Your Bank Issues Reloadable Prepaid Debit Cards …

By John S. Burnett

Issuers of reloadable prepaid debit cards should take a close look at whether any of their cards are being credited with direct credits from the U.S. Treasury Department. Now that Treasury has discontinued the mailing of checks to virtually all federal benefits recipients, the remaining options for receipt of those payments are direct deposit to a bank or credit union account or to a Direct Express® Debit MasterCard® card account, or (under 12 CFR Part 210) to a prepaid card account held at an insured financial institution. There are a couple of key issues relating to the use of prepaid cards that you need to be aware of.

The First California Bank/Achieve Financial CMPs

Last month, the FDIC announced settlements with First California Bank (Westlake Village, CA) and Achieve Financial Services, LLP (Austin, TX) for unfair and deceptive practices violating Section 5 of the FTC Act (UDAP rule), and violations of the Treasury Department’s Federal Government Participation in the Automated Clearing House regulations at 31 CFR Part 210. Together, First California and Achieve marketed and serviced the AchieveCard, a prepaid reloadable MasterCard product. A number of the representations and omissions on Achieve’s website were found to be deceptive, such as advertising free online bill payment, promotion of certain features and services of the card that were not available to cardholders, and charging fees that weren’t clearly disclosed. Additionally, Achieve’s procedures for error resolution imposed additional undisclosed requirements on cardholders (requirements that aren’t permitted under Regulation E). The bank was hit with a CMP of $600,000 and Achieve will pay $110,000. Together, they will have to make restitution of about $1.1 million to cardholders.

A look at Regulation E will reveal that reloadable prepaid debit cards that are not payroll card accounts aren’t yet covered by the regulation, so you might wonder what the error-resolution problems are all about. Regulation E applicability is arrived at through a sort of “back-door” through Treasury’s ACH Participation rule at 31 CFR Part 210. Specifically, section 210.5(b)(5) requires that the issuer of any prepaid card to which federal payments can be credited must comply with the payroll card account requirements in Regulation E, even if the benefit payments don’t meet Regulation E’s definitions for payroll transactions.

One lesson to be learned from the California/Achieve case is that your prepaid reloadable card will be covered by Regulation E if federal payments are credited to it. Another is the importance of a bank’s selection and vetting of any third party partner to be involved in the distribution, marketing or servicing of these cards, along with coordination of financial institution/vendor communications and documentation of product pricing and features.

Prepaid Card Direct Deposit Fraud

While I was researching the First California/Achieve settlements, I came upon a September 2012 NACHA Operations Bulletin reminding participating depository financial institutions of their liability for fraudulently rerouted federal benefit payments to prepaid cards. NACHA’s concern involves the use of ACH Automated Enrollment Entries (ENRs) to reroute government benefits from existing bank accounts to prepaid debit cards. If your bank is a prepaid card issuer that allows consumers to enroll online to receive government benefits on their cards, you need to be aware that cards have been purchased or obtained from some sources fraudulently, and the card issuer’s website has been subsequently used to reroute government benefit payments from the legitimate receiver’s bank account to the fraudster’s prepaid card. In transmitting the ENR entries to a government agency through the ACH network, the financial institution becomes liable for forwarding the incorrect enrollment information. That’s because one key requirement for handling an ENR entry is that the RDFI that accepts the authorization must verify the identity of the recipient. If the ENR results in misrouting benefit payments to other than the intended recipient (in other words, to the fraudster), the institution accepting the authorization and forwarding the ENR will be liable for the fraudulent transfers.

If your institution issues reloadable debit cards and allows online enrollment of federal payments for direct deposit to the card account, you should review your controls to ensure that you are assured of the identity of the parties involved – both the cardholder and the recipient of the federal payment.

Treasury Still Issues Some Paper Checks

By John S. Burnett

We’re all aware that the Treasury Department is cutting way back on the numbers of paper checks it issues. As of March 1 of this year, almost all federal payments other the IRS tax refunds have been converted over to some form of electronic payment. As bankers, you’ll see a lot fewer Treasury checks cross your teller lines. But in addition to the annual bump-up in paper items for tax refunds, you may still see some federal benefits payments from time to time. Treasury included an exception to its “electronification” efforts for people who were born on or before May 1, 1921, and some of those nonagenarians may be customers of your bank. Check recipients living in remote areas without sufficient banking service may also have waivers, as well as recipients for whom electronic payments would create a hardship due to a mental impairment. So, between tax refunds and the exempt benefit recipients, you may continue to see Treasury checks for some time yet.

When Federal ACH Payment Names Don’t Match Up

By John S. Burnett

Speaking of federal tax refund payments, we often hear bankers ask what they should be doing when they discover that a federal payment that is received by ACH appears to belong to someone other than the owner of the account to be credited.

Banks are not required to check each and every ACH credit from Treasury to ensure that the name of the intended recipient agrees with the name of an owner of the account designated in the ACH payment record. The rules allow the bank to apply the credit to the account identified by number in the payment record even if the names don’t agree.

But a bank can truly only use that provision as “cover” when it is not aware of a name mismatch. When the bank does become aware of the discrepancy in names, Treasury expects that the bank will inform the agency for which the payment was issued. There are two ways your bank can do that and comply with Treasury’s rule at 31 CFR 210.8(d):

“(d) Notice of misdirected payment. If an RDFI becomes aware that an agency has originated an ACH credit entry to an account that is not owned by the payee whose name appears in the ACH payment information, the RDFI shall promptly notify the agency. An RDFI that originates a Notification of Change (NOC) entry with the correct account and/or Routing and Transit Number information, or returns the original ACH credit entry to the agency with an appropriate return reason code, shall be deemed to have satisfied this requirement.”

You can either submit an NOC entry or return the original credit entry with the appropriate return reason code (an R03 would be appropriate for an otherwise valid entry with a name mismatch).

What Bankers Wish Customers Knew

By Mary Beth Guard and the OBA/BankersOnline Compliance Team

Some of the most frustrating moments in the daily life of a banker arise out of misunderstandings caused by the gap between what bankers know and what customers know. Part of the mismatched knowledge comes from a general lack of financial literacy. Basic instruction in how to write a check, how to apply indorsements (and, yes, that is the correct spelling – check the Uniform Commercial Code), what it takes to build a credit history, how to avoid overdrafts, types of items to keep in a safe deposit box – is sorely lacking.

In some instances, however, the customer has been led astray by a widely held misconception about how things work. For example, if you ask the average customer whether it is possible for a check more than six months old to be paid, odds are he would answer “No, it’s stale-dated.” Well, it is true that a check of that age is stale-dated. What’s not true, however, is the belief that the check can no longer be properly payable. Paying a stale-dated check (which typically occurs because it goes through automated processing and the date is not noticed) can result in a very angry customer. The fact that the bank was well within its rights to pay the item doesn’t avoid a tense conversation.

We have compiled a list, in no particular order, of the things we would like to teach customers. Part 1 appears below. (Psst . . . Spread the word any time you get a chance. You’ll save a customer from a potential “Oops!” and you’ll save a banker from a difficult situation.)

If your transactions don’t exceed your balance, you won’t have to worry about overdraft charges.

Sorry, but you can’t win a lottery if you didn’t play that lottery.

It is really, really important for you to review your bank statements when you receive them and for you to keep a running tab on your account with your electronic transactions and everything else.

The balance online, at the ATM, over the phone, is not the “real” balance. That balance does not include transactions you have completed that the bank does not know about. The bank cannot read your mind.

You must practice safe computing. That includes using strong passwords that are only used for your online bank access, not the same password you use for every online site you visit.

We (the bank) decide what types of accounts we offer, not you. We also get to decide how we style accounts. You know, you can’t go into McDonalds and get a Whopper; if you want a Whopper, you have to go to Burger King. When it comes to banking products and services, you can only get what the bank offers.

Congratulations! You own a business. The funds that belong to the business belong to the business. Business-entity owners don’t get to play with the funds of those entities like they are in the owner’s private piggy bank. If you want a distribution, write yourself a check.

If you tell a lender that your tax returns don’t accurately reflect all the income you made last year, you’re asking for trouble – not a loan.

The disclosures we gave you define the fees we are charging. We realize they probably didn’t seem important to you then, but now that you wrote a hot check they are. The fees are what we disclosed and you were charged correctly. It doesn’t really matter that you disagree with them now.

We didn’t give your account number to the satellite/cable service and we didn’t just send your money to them. They say they had your approval. Did you read your agreement?

We are so sorry your car was totaled and it isn’t worth what is still owed on your car loan. Yes, you do have to repay it.

No, we won’t release your CD that is pledged as collateral on your loan.

Yes, it’s called offset and I can take that past due payment for your loan out of your deposit account.

No, the POA you gave Cousin Slim doesn’t give Slim any access to your trust or LLC or the corporation whose account you sign on.

We can only allow an Attorney in Fact to do what the Power of Attorney says he can do: We can’t just make it up as we go along.

No, we will not cash this check made payable to your deceased wife.