Saturday, May 25, 2024

September 2017 Legal Briefs

  • Lessons from the American Express settlement
  • CFPB’s 2017 HMDA Rule amendments
  • Forced-placement of flood insurance, with a twist
  • Visa zero liability update

Lessons from the American Express settlement

By John S. Burnett

On August 23, the CFPB announced it had issued a consent order to two banking subsidiaries of American Express Company for illegal discrimination against consumers in Puerto Rico, the U.S. Virgin Islands and U.S. Pacific Island Territories (I’ll refer to them as “off-shore consumers”) by providing them credit and charge card terms that were less favorable to those consumers than terms provided to consumers in the 50 U.S. states (“stateside consumers”). The Bureau also said that the Amex banks has discriminated against certain consumers with Spanish-language preferences. The “bottom line” of the order was that the Amex banks would be making a total of at least $96 million in redress payments to about 222,000 consumers.

American Express itself reported the problem to the Bureau in 2013 when it reviewed its card programs. The programs for “stateside consumers” and for “off-shore consumers” were managed by two completely separate business units, although they were both parts of the American Express organization. The Bureau later concluded that the pricing differences had existed from at least 2005 to 2015. According to the Bureau’s press release, however, there was no apparent intent by American Express to price the programs differently – the two business units did not coordinate their efforts in any way. They were, in a word, independent of one another.

When the Bureau expressed concern to American Express that the effect of the separate pricing schedules could be a problem given the different ethnic backgrounds of “off-shore consumers” when compared with those of “stateside consumers,” the Bureau and the company undertook to analyze the demographics and the patterns of which consumers participated in which business unit’s programs. There is a lot of minute detail from those studies spelled out in the consent order. Here, suffice it to say that the Bureau and American Express agreed early in the process that the impact of the less favorable program for off-shore consumers fell disproportionately on individuals who are members of ethnic minorities when taking all U.S. citizens as a group.

By the time the order was issued last month, American Express had already made redress payments totally approximately $95 million to affected consumers. In fact, the company self-initiated a redress program early in the process, as affected consumers were identified. The company also cooperated fully with the Bureau as the company and the Bureau analyzed data from the two programs from 2011

Thus far, there are three lessons in the American Express order. The company self-reported the problem, it initiated the redress program on its own, without instruction from the Bureau, and it cooperated with the Bureau during the prolonged investigation. In short, the company was proactive when it determined it had a problem. The result in this case, as the CFPB noted in its press release, was the fact that no punitive penalty was assessed by the Bureau. Aside from the efforts involved in the research of records and the providing of credits or payments to affected consumers, the dollar costs to the company were relatively small.

We can assume that, had the company been combative in its stance or had hidden the problem until it was uncovered by Bureau examiners, significant civil money penalties would have been assessed.

Another lesson may be even more important. That’s the lesson about disparate pricing. It’s not at all uncommon for banks to go after new business in a new market, whether because of the opening of a new branch office or the acquisition of established branches in a merger or purchase of one or more offices. Sometimes the tactic used is discounted pricing of loans or premium rates on deposits, confined to new business at the target branches.

Imagine what could happen if a bank that uses aggressive pricing fails to note the demographics of the target market and to compare them with the demographics of its current market. What if the bank’s existing market is a city, with relatively higher percentages of minority residents, and the new, target market is a much more affluent exurban community with lower minority percentages. If the result of aggressive marketing in the exurban community is lower percentages of loans to low-to-moderate income minority borrowers or low loan rates to more affluent non-minority borrowers and relatively higher rates (or fewer loans) to low-to-moderate income minority borrowers, and the results compare badly with the data from the rest of the bank’s established urban offices, fair lending concerns can develop. Similar problems could result if the bank’s lending volume starts shifting away from the city and toward the exurban branch’s territory to the point where the bank’s loan to deposit ratio is higher in the exurban market and decreases in the older urban market.

Certainly, neither hypothetical result would be a stated goal for the bank. But when unintended results result in disparate treatment or complaints of fair lending violations, good intentions are rarely a sufficient excuse.


CFPB’s 2017 HMDA Rule amendments

By John S. Burnett

With less than four months left before the 2015 HMDA Rule amendments become effective, the Bureau has issued a final rule tweaking those amendments to establish a two-year temporary increase in the HMDA HELOC reporting threshold and to make a number of clarifications, technical corrections and minor changes. Aside from the fact that change is almost always a challenge, the changes in these 2017 HMDA Rule amendments are helpful. But you should not assume you can wait until New Year’s Eve to prepare for them.

The HELOC reporting threshold

But for the recent amendment, lenders who had made as few as 100 Home Equity Lines of Credit (HELOCs) during both 2016 and 2017 would have to start reporting their HELOCs opened and applied for beginning with accounts opening or applications declined or withdrawn in 2018 (reporting in 2019). The Bureau’s newest change sets a temporary threshold at 500 for determining whether the lender needs to file on HELOCs in 2018 and 2019. In other words, to determine whether to file on HELOC activity during 2018, the lender will check to see whether it originated 500 or more open-end lines of credit secured by a dwelling (don’t forget to include any extended for other than consumer purposes or to other than a consumer) in both 2016 and 2017. If it missed the threshold of 500 such lines in either year, it won’t have to report on such loan activity in 2018. To determine whether to file on HELOC activity in 2019, the same check is made, but of activity in 2017 and 2018. The threshold is scheduled to revert from 500 to 100 lines of credit in both 2018 and 2019 for filing on HELOC activity in 2020.

The temporary threshold increase is designed to give the Bureau time for further study to determine whether a different threshold level for HELOC reporting is appropriate. The threshold for closed-end loans remains unchanged at 25.

Lenders may optionally file even if they failed to meet the threshold in one of the “qualifying years.” This option may be useful for lenders who are slightly below the threshold level but don’t want to be reporting HELOCs in one year, not in the next, and perhaps reporting again in a third year. Just remember, reporting of a year’s activity is a commitment. If you elect to report excluded transactions, you must report all such applications, originations and purchases for that calendar year.

Clarified terms

One of the terms that the CFPB clarified is “temporary financing.” Lenders will now be able to exclude as “temporary financing” loans or lines for the construction of a dwelling for sale (loans to builders, for example). Lines or loans that are intended to be replaced by a new extension of credit to the same borrower by any lender will also fit the “temporary financing” definition, and will be exempt from filing. Examples in the revised commentary include:

“Lender A extends credit in the form of a bridge or swing loan to finance a borrower’s down payment on a home purchase. The borrower pays off the bridge or swing loan with funds from the sale of his or her existing home and obtains permanent financing for his or her new home from Lender A or from another lender. The bridge or swing loan is excluded as temporary financing…”; and

“A construction-only loan or line of credit is considered temporary financing and excluded under § 1003.3(c)(3) if the loan or line of credit is extended to a person exclusively to construct a dwelling for sale.”

Another key definition that was driving lenders crazy is the one for “multifamily dwelling.” Under the recent amendment, a loan or line that’s secured by five or more one-to-four-family dwellings in more than one location won’t be considered secured by a multifamily dwelling. Another change to that definition makes a loan or line secured by five or more separate dwellings within a multifamily dwelling by not secured by the entire multifamily dwelling (for example, an apartment building) is also not considered secured by a multifamily dwelling. The interpretations (commentary) also include several good examples of what is and what is not considered a multifamily dwelling.

Home improvement loans and mixed-use property

Reporting of home improvement loans secured by mixed-use property was also clarified. Under the 2017 amendments, a loan or line to improve commercial space in a multifamily dwelling is not reportable; however a loan or line to improve commercial space in a dwelling other than a multifamily dwelling is reportable.


Also cleared up is the meaning of “income” for the purpose of reporting the gross annual income relied on in making the credit decision or processing the application. A lender should not include in reported income amounts the lender considered based on factors the lender considers in addition to actual income, such as amounts derived from potential annuitization or depletion of the applicant’s remaining assets. Actual distributions for retirement accounts or other assets, however, that the lender relied on as income in underwriting the loan should be reported.

Reporting demographic information

Several issues on reporting demographic information were also cleared up.

  • An applicant doesn’t have to select an aggregate category (e.g., “Hispanic or Latino” to select a subcategory (e.g., “Mexican”).
  • An applicant may select apparently contradictory categories, such as “Hispanic” and “Not Hispanic” and all of the subcategories (in this case, four), and the lender should report both of the main categories (“Hispanic and “Not Hispanic” and any three of the subcategories (lender’s choice) for a total of five ethnicity entries on the LAR (the maximum permitted)
  • If the applicant completes one of the “free-form” fields but fails to check the “Other” box, you may, but don’t have to, report “Other” for that entry.

In the fields for geocoded census tract information where the instructions say an entry is required if, for example, the property is in a county with a population of under 30,000, you may make an entry if you find it easier not to figure out which loans should include that entry and which don’t require it.

And while we are mentioning geocoding, the Bureau says it plans to have a geocoding tool available on its website to assist in identifying census tracts, and will offer a “safe harbor” if you use correct address information and obtain an inaccurate census tract from that tool. Keep that nugget of information tucked away to show your examiner if the question comes up.

The Bureau also updated the 2018 (and later) FIG (Filing Instructions Guide). You can find it on the Bureau’s site at:

The Bureau decided that none of these changes would trigger a software update that can’t be completed in time to comply. That’s only minimally comforting – if you have a vendor or other provider working on getting your bank ready for HMDA filing, v. 2018, I suggest you make sure the vendor has the revisions made by the recent amendments and can deliver. You can take a little comfort from the fact that you don’t have to be recording your loan information on “Day One,” but you really don’t want to build up a backlog of applications and closed loans to be recorded when the software is finally updated.

Forced-placement of flood insurance, with a twist

By Andy Zavoina and Pauli Loeffler

Here is the message in a nutshell. If your bank force-places flood insurance on a borrower and adds the premium to the mortgage loan balance, the loan has been increased and other flood responsibilities are triggered. There are some variances to this outcome, depending on how the bank is facilitating repayment of the premium. For more on this, read on.

David Dickinson, a BOL Guru and recognized flood expert posed this question through the American Bankers Association (ABA): “Is a flood premium being added to a loan a flood insurance triggering event because of the increased loan balance?” The question was asked because the FDIC had been handling this differently than in the past and there was inconsistency among the different agencies. The ABA tweaked the question and passed it to the FDIC, the Federal Reserve, and the OCC. That was in April 2016. In May 2017, thirteen months later, the ABA received a response, but not all banks have caught up to this new interpretation yet. Not doing so could lead to flood civil money penalties. The response was written in advance of these three agencies providing written guidance on the topic.

The flood requirements include that when a bank makes, increases, renews or extends (often referred to as MIRE) credit and the building or mobile home securing the loan is in a special flood hazard area, this is a triggering event and the bank must take certain actions. As soon as there is a triggering event the bank needs to ensure the collateral subject to the flood rules has adequate flood insurance. The bank must also deliver a written notice to the borrower and a loan servicer if applicable, that the building (and contents or inventory if these also secure the loan) are in a special flood hazard area. And, since January 1, 2016, these loans will also require an escrow account for the insurance premiums and fees unless the loan meets an exception rule. Common exceptions include a loan for business, commercial or agricultural purposes. (Refer to Regulation H § 208.25(e)(1) for more on the exceptions.) If no exception applies, the special flood hazard notice would include an escrow requirement.

If the borrower fails to obtain adequate flood insurance on the existing loan, the bank or its servicer will send a notice reminding the borrower of this requirement and providing a 45-day deadline by which the policy must be obtained. If the borrower fails to meet this deadline, the bank or servicer will purchase coverage for the borrower and this cost is passed to the borrower. This is the force placement and this is where the guidance takes over.

Premiums and fees for the force-placed policy can be passed to the borrower in one of three ways.

1) Premiums and fees added to the mortgage balance: If the loan contract contains a specific provision for the advancement of costs such as for a flood policy to be added to the existing loan balance, this advance is not considered an increase in the loan and does not trigger flood disclosures described above.  Generally, the mortgage will contain a clause stating: “If Grantor fails to provide any required insurance, then Lender may do so. All such expenses will become a part of the indebtedness and will bear interest at the rate charged…”

If the loan contract does not have a specific provision for this additional advancement of funds, the payment of the cost and addition to the loan balance would be considered an increase in the loan amount. It was not previously allowed for in the loan. This, then, would trigger the additional flood disclosures. The guidance goes on to state: “Regardless of whether or not a triggering event has occurred, if the loan balance has increased, flood insurance required “must be at least equal to the outstanding principal balance of the designated loan or the maximum limit of coverage available for the particular type of property under the [National Flood Insurance Act of 1968, as amended].

2) Premiums and fees added to an unsecured account: If a subsequent debt is created for payment of the premiums and fees and this debt is not secured, it is not considered an increase in the mortgage loan and no flood disclosures are triggered.

3) Premiums and fees are billed directly to the borrower: If the borrower is charged directly, there is no increased mortgage debt and no triggering occurs, therefore there are no flood-related disclosures required. If the billing is not paid by the borrower and the cost is subsequently added to the loan, refer to option 1 for guidance.

If that last line in option 1 “Regardless of whether or not…” caught your eye, the guidance goes on to clarify this as well. Because the loan’s principal balance must be insured, adding the cost of a force-placed policy will increase that balance and the additional amount added must also be included in the calculation of what needs to be insured.

An example is included. Assume a loan, secured by a $350,000 home, has a $200,000 principal balance and the covered property is in a special flood hazard area. The borrower has a flood policy for $200,000 which adequately covers the principal balance. But the policy lapses, the bank sends the required notice, and 45 days pass. The bank obtains a force-placed policy at a cost of $2,000. The new principal balance of $202,000 is the amount that requires coverage. The policy issued needs to include the costs passed on to the borrower of the policy.

In this situation, providing a notice to the borrower 1) that flood insurance has been force-placed, 2) that gives the cost of the force-placed flood insurance, and 3) that states the cost has been added to the principal balance may be utilized.  It should state the relevant facts such as:

“On [date] your flood insurance policy covering [property] lapsed. We notified you [date] of the requirement that you provide flood insurance and [name of creditor] would purchase flood insurance if you failed to provide a new policy by [date]. No flood insurance policy was provided.

We obtained a flood insurance policy.  We billed you directly for the amount on [date]. We have not received payment of the billed amount nor have you provided us with a flood insurance policy purchased by you.

We are required by law to obtain flood insurance coverage to cover your principal balance, and we are increasing the principal balance in the amount of $______ which covers the amount previously billed plus the amount added to the principal balance for failure to pay the amount billed to you directly.”


Visa zero liability update

By Andy Zavoina

This article is as much about change management and compliance management as it is about a Visa rule change. It demonstrates how compliance should be involved in managing risk as well as protecting profits from electronic fund transfer claims for which the consumer shares liability.

I was recently involved in a discussion of zero liability rules and why these need to be included in Regulation E disclosures. Additionally, many banks issuing Visa debit cards may not be aware that the liability rules have changed and the bank’s change management processes should be used to evaluate the change and determine if and when the bank will react to the change.

First, let’s get the disclosure requirement resolved. Liability for your consumer customers must be disclosed under 1005.7(b)(1). This section describes the initial disclosures required under the regulation.  I have added “A summary of the consumer’s liability, under Sec. 1005.6 or under state or other applicable law or agreement, for unauthorized electronic fund transfers”the emphasis in bold. The 1005.6 reference is to 1005.6(b)(6) which states “If state law or an agreement between the consumer and the financial institution imposes less liability than is provided by this section, the consumer’s liability shall not exceed the amount imposed under the state law or agreement.” This is why the model forms cannot be used verbatim when your agreement allows for zero liability under Visa rules.

The Regulation E model disclosure, A-2, provides the following text, “(Tell us AT ONCE if you believe your [card] [code] has been lost or stolen, or if you believe that an electronic fund transfer has been made without your permission using information from your check. Telephoning is the best way of keeping your possible losses down. You could lose all the money in your account (plus your maximum overdraft line of credit). If you tell us within 2 business days after you learn of the loss or theft of your [card] [code], you can lose no more than $50 if someone used your [card][code] without your permission.)” 

In addition to the above, a similar paragraph will be used to express the zero liability rule: “Tell us AT ONCE if you believe your VISA debit card has been lost or stolen or if you believe any unauthorized transactions have been made using your VISA debit card. Your liability for unauthorized VISA debit card transactions that are processed through a VISA or Plus network, as applicable, will be zero dollars ($0.00). However, to the extent allowed under applicable law (see for example the Liability for Unauthorized Transfers paragraph below) we may hold you liable for the entire amount of an unauthorized transaction if we find, based on substantial evidence, that you have been negligent or fraudulent in the handling of your deposit account or VISA debit card.”

This is an example only and is one part of the required disclosure. It is not intended to be a complete replacement for your Regulation E liability disclosure. Note that the second paragraph extends the liability for zero liability compliance requirements. This provides that if a Visa debit card is used and is processed through the requisite network there is the possibility of having zero liability but also denotes that if the consumer has been negligent, this provision may not apply.

If you are disclosing zero liability now for your Visa debit card, review your current disclosure for a similar paragraph and see if it uses the term “grossly negligent.”

Last April, the Visa Core Rules removed the word “gross” from Section as it changed the zero liability exclusion from a consumer being “grossly negligent” to “negligent.” Refer to page CR-43. A link is below to the Visa rules.

One must ask what is the definitional difference between “grossly negligent” and “negligent.” The Visa rules do not define either of these terms.  It would seem logical that gross negligence is more severe than just negligence. It may be that a possible difference is that “negligence” would use the “reasonable person test,” as in would a reasonable person do this, and grossly negligent would be a more extreme condition beyond what is reasonable. Certainly the definition may be subjective and case-dependent.

Regardless of how it is defined, gross negligence must be one standard, and negligence is a lower standard. This means that the consumer in a Regulation E claim will have more liability for “negligence,” than for “gross negligence.” This means then, liability is increasing under the Visa rules and Regulation E requires a change in terms notice if liability to the consumer increases. If the bank has a definition for gross negligence, it may want to now define the lesser degree of negligence so that the rules can be applied and prompt fewer questions. The analysis of accounts below can assist in this, providing real world examples to assist you.

Some readers may correctly pause and claim that Regulation E states, “Negligence by the consumer cannot be used as the basis for imposing greater liability than is permissible under Regulation E.” That is correct and your reference is 1005.6, 6(b). But that standard applies to Regulation E and we are not adjusting the three tiers of liability under this regulation, $50, $500, and unlimited. We are adjusting the zero liability rule which is an additional layer of greater protection afforded under certain conditions.

If your bank opts to increase the standard to impose liability for zero liability on the consumer, a notice of the change is required to be sent to the consumer. Under 1005.8(a)(1) a notice must be delivered at least 21 calendar days in advance of the change taking place. So how do you decide if this is a prudent change?

As to the change management process, I recommend a review of Visa zero liability claims. Ask yourself this question on each file that has been paid over the last six or 12 months, “would this claim have failed the zero liability test if the lower “negligent” standard was used?” How many claims would this standard have changed, and what is the dollar amount of claims that would have reverted to Regulation E liability instead of zero liability? Lastly, what is the dollar amount of claims paid, that would not have been paid? Annualize the numbers based on your sampling if it was less than 12 months.

Based on your analysis it is possible that a stand-alone change notice to all Visa debit card holders could cost more than the projected savings. If your bank opts not to adjust the standard at this time, there is no change, and no notification is required.

On the longer term, many banks periodically review deposit agreements, including terms and fees on a regular basis, semi-annually or annually. Often these changes coincide with a calendar year and a new annual budget. That period may be approaching as budget planning will be getting under way soon. If the bank will plan on a change in terms notice for accounts effective January 1, 2018, this change may be made to coincide with these other changes at virtually no additional cost. The Regulation DD change requirements would apply for any applicable terms, conditions and fees subject to those rules. The Regulation E, 21-day requirement can be changed to coincide with Regulation DD’s 30-day notice so that training and disclosures all happen at the same time. It’s just simpler. Consult with management and make your recommendations so they may be incorporated with the budget planning and change management processes.