Thursday, August 18, 2022

November 2020 OBA Legal Briefs

  • FAQs on RESPA Section 8
  • The year is nearly over – Loose ends

FAQs on RESPA Section 8

By Andy Zavoina

When we hear “Section 8” and “RESPA” in the same sentence, violations and civil money penalties often come straight to mind. It promotes negative connotations much like hearing your dentist say, “root canal” or your accountant, “IRS” and “audit” together.

In this case. though, “Section 8” and “RESPA” are good together. The Consumer Financial Protection Bureau (CFPB) published a new Compliance Aid on October 7, 2020, that is meant to answer questions on the topic of Marketing Service Agreements (MSAs). While some of this information has not changed, some has, and the changes may be substantive for many.

In any case, when we see information expressed in a new way, it is a great reminder of the rules we must follow. I always have a bit of apprehension, as well, that the agency is subtly reminding us of these rules for a reason. And since it has been a few years since we heard of big Section 8 enforcement actions and there are many new compliance officers, lenders, marketing and business development persons filling these roles, we should review these FAQs and consider what we are doing in our banks and how the FAQs can help us form future procedures to avoid creating problems and taking unnecessary risks. This is especially so as many mortgage lenders are trying to get outside of the box in this troubled economy.

The CFPB said it was providing clearer rules for RESPA Marketing Service Agreements, which are covered under Section 8. In particular, the CFPB rescinded its 2015 guidance issued under the CFPB’s first director, Richard Cordray.

The new FAQs address how RESPA’s Section 8 applies to MSAs. The good news is that your bank need not change anything, because the clarity provided doesn’t make the rules more restrictive. Rather, they are either not changed significantly or are eased, and your bank may be able to do more than in the past. If your bank is looking to expand its mortgage portfolio via marketing agreements, you should continue reading.
In 2010, RESPA’s “ownership” was transferred by the Dodd-Frank Act to the CFPB under its first Director, Richard Cordray. Under Cordray’s administration many enforcement actions were brought under Section 8 and the anti-kickback rules for violations of paying and receiving referral fees, directly or indirectly, and some of those actions involved MSAs.

This was a period often referred to as one of “regulation by enforcement,” as that was how many banks learned what was not acceptable. On October 8, 2015 (5 years prior to the rescission date of October 7, 2020), the CFPB issued Compliance Bulletin 2015-05, “RESPA Compliance and Marketing Services Agreements.” While this Bulletin clearly stated, “determining whether an MSA violates RESPA requires a review of the facts and circumstances surrounding the creation of each agreement and its implementation,” it also said, “MSAs are usually framed as payments for advertising or promotional services, but in some cases the payments are actually disguised compensation for referrals.” In fact, many or most MSAs were characterized as facilitating the payment of illegal referral fees. Up to this point of increased enforcement activity, the industry practice accepted under HUDs “ownership” of RESPA was that if a one party such as a mortgage lender paid a reasonable market value for non-referral services that were actually provided, including marketing services, that payment would not be considered an illegal referral payment under Section 8.

Bulletin 2015-05 went on to state, “…while some guidance may be found in the Bureau’s previous public actions, the outcome of one matter is not necessarily dispositive to the outcome of another. Nevertheless, any agreement that entails exchanging a thing of value for referrals of settlement service business involving a federally related mortgage loan likely violates RESPA, whether or not an MSA or some related arrangement is part of the transaction.” The document cited whistleblowers drawing attention to MSAs that were simply a way to disguise kickback and referral fees. The CFPB cited one example of a title insurance company that used MSAs “as a quid pro quo for the referral of business.” The fees that were paid under this MSA were directly based on the number of referrals received and the income generated from the title policies issued and not the general MSA agreement itself. When MSAs were in place, the payments of fees were increased more often than not.

MSAs also led to steering borrowers to certain service providers. One enforcement action (and keep in mind these are pre-TRID rules) concluded that the borrower’s ability to shop for a service was hampered because a settlement service provider buried the disclosure that the borrower could shop for certain services in a description of the services that its affiliate provided. In another enforcement action, a settlement service provider failed to disclose an affiliate relationship with an appraisal management company and did not inform the borrower that they could shop for services before steering them to the affiliate. The CFPB stated “the steering incentives that are inherent in many MSAs are clear enough to create tangible legal and regulatory risks for the monitoring and administration of such agreements.” These agreements could lead to an increased borrowing cost for the consumers and therefore violated the spirit and intent of RESPA and Section 8. Because the agreements were results-oriented, the CFPB saw them as illegal payments.

The enforcement actions and Bulletin 2015-05 did not provide clear, actionable items that could be used to construct reasonable procedures that would all but ensure compliance with the Section 8 rules as they were plainly read by lenders, but interpreted by the CFPB. There seemed to be great deal of subjectivity, so the industry’s response was a knee-jerk reaction to all but cease the practice of using MSAs. MSAs had been considered low-risk agreements that were beneficial to mortgage loan production, but not after Bulletin 2015-05. The risks now were greater than the benefits.

The CFPB posted a Blog entry on October 7, 2020, in which it now agrees with the industry that Bulletin 2015-5, “does not provide the regulatory clarity needed on how to comply with RESPA and Regulation X and therefore is rescinding it.” It went on to be clear that this action does not mean all MSAs would be deemed compliant with Section 8 rules. Any evaluation would be based on specific facts and circumstances including how the agreement is structured and implemented. As noted already, this could be a subtle hint, as the CFPB reminds us that it remains committed to vigorous enforcement of RESPA and Section 8.

The CFPB did not change this opinion out of the goodness of its heart. I believe there were events leading up to this including industry groups and litigation. Remember PHH Corporation v. Consumer Financial Protection Bureau – that case was well known at the time as it challenged the CFPB’s structure as being unconstitutional. But at the heart of the case was RESPAs Section 8. In January 2018 the U.S. Court of Appeals for the D.C. Circuit upheld the CFPB’s structure as constitutional but it also reaffirmed that PHH’s captive mortgage reinsurance program did not violate RESPA Section 8 if the mortgage insurers at issue paid reasonable market value, and no more, for captive reinsurance which was consistent with previous HUD guidance on the issue. Then Acting Director of the CFPB, Mick Mulvaney, had the case dismissed.

In September 2018, the CFPB issued its first No-Action Letter Template in connection with a RESPA Section 8 issue. HUD requested the no-action letter on behalf of HUD-approved counseling agencies and lenders with funding agreements. This facilitated mortgage lenders paying housing counseling agencies based on whether a borrower made contact with or closed a loan with the lender. The CFPB said its no-action letter “will not make supervisory findings or bring a supervisory or enforcement action against the mortgage lender under” RESPA and RESPA’s Section 8. This action demonstrated what many lenders would consider more of a pro-business response to the issues of kickbacks and referral fees and that there may be a circumstance under which they are acceptable, with controls and limitations in place.

Even though Bulletin 2015-05 was rescinded, a mortgage lender’s life is still not a bed of roses. We are still left with the FAQs, but these also have not provided a list of actionable items that lead lenders down a path of guaranteed compliance. At its heart, “RESPA Section 8(a) and Reg X (RESPA), 12 CFR § 1024.14(b), prohibit giving or accepting a fee, kickback, or thing of value pursuant to an agreement or understanding (oral or otherwise), for referrals of business incident to or part of a settlement service involving a federally related mortgage loan.” This is from one of the first questions in the FAQs.

These FAQs supply information so that the reader will understand the spirit and intent of the pertinent sections of RESPA, but it is technical. If you have a mortgage lender, marketing or business development personnel involved in promoting mortgages, or anyone discussing MSAs as a way to promote growth in the mortgage loan portfolio, this is a good read for them. It provides information on kickbacks and referral fees, what is prohibited and what is not, and includes three questions on gifts and promotional activities and four questions on MSAs.

The first section of the FAQs (“General”) has six questions and provides general information about the major provisions, about Section 8 and 8(a) through 8(c). One huge takeaway in Q2 is where it prohibits the giving and accepting of kickbacks. People in the mortgage industry need to be aware that BOTH parties are in violation of the law and each may be punished under the law. Q4, which refers to subsection 8(c), provides details on bona fide fees and expenses that may be paid. Qs 5 and 6 define who the Section 8 prohibitions apply to and the fact that a gift may be given, but it may not be in exchange for the referral of business.

Differentiating the purpose of a gift or a bona fide item with no strings attached from one that “maybe could possibly” have connotations that it was for past referrals or the hopes for future ones can be very difficult, and often the gift just looks improper. A risk-averse attitude simply prohibits all gifts or those of more than minimal value. This may cross reference the bank’s Ethics Policy and prohibit gifts greater than (for example) $50 per annum unless the persons are related. So, a parent working in the bank could provide their child who is a Realtor with a large gift which is common for that relationship, if it’s separate from any business dealings. The parent could not provide a gift of $100 for each mortgage loan referral. RESPA refers to no de minimis amount but to allow friendly gift exchanges many banks have a limit under which it is allowed because it is small enough to not be considered as payment.

Section two (“Section 8(a)”) has only one topic, which details prohibited activities. Discussed first is the definition of a fee, kickback, or thing of value. It is very inclusive —“monies, things, discounts, salaries, commissions, fees, duplicate payments of a charge, stock, dividends, distributions of partnership profits, franchise royalties, credits representing monies that may be paid at a future date, the opportunity to participate in a money-making program, retained or increased earnings, increased equity in a parent or subsidiary entity, special bank deposits or accounts, special or unusual banking terms, services of all types at special or free rates, sales or rentals at special prices or rates, lease or rental payments based in whole or in part on the amount of business referred, trips and payment of another person’s expenses, or reduction in credit against an existing obligation. ‘Payment’ is used synonymously with the giving or receiving of a ‘thing of value’.” Any reader should be able to interpret this as all-encompassing if there is an expectation for future referrals or if it in any way is related to an amount of business transacted.

A distinction that lenders need to keep in mind is that these rules pertain to RESPA applicable loans, typically mortgages. They do not apply to car loans. And the RESPA rules relate to transactions with third parties. A bank can provide a discount or payment to a borrower for their own loan, but the bank could not pay that person for referring other business when there are no services provided other than the referral.

Section three (“Gifts and Promotional Activity”) has three questions. The first asks if gifts and promotions are allowed and quite (in)conclusively starts with, “It depends.” This section does provide several relevant, real-world examples of what are permissible “normal promotional and educational activities,” such as a settlement agent broadly advertising and hosting a prize drawing for previous customers and all local loan originators. The FAQs and RESPA are always clear that any exchange for referrals as part of an agreement or understanding would violate RESPA Section 8(a). Q2 expands on this with a discussion to help us understand what would not be conditioned on business referrals and what activities do not involve defraying expenses. And Q3 expands on what are considered “normal promotional and educational activities.”

The fourth and final section’s four questions directly address MSAs. In contrast to the relevant gift and promotional sections examples, this one has no examples of permissible MSA structures. MSA Q4 does provide examples of MSAs that are prohibited, and it is like the 2015-05 Bulletin. Q2 tries to explain the difference between referrals, which are prohibited, and marketing services, which can be permissible based on the facts and circumstances. It tries to use real world examples but would have been more useful if it included examples of social media rather than including just “newspaper, a trade publication, or a website.” An expanded discussion would have more clearly drawn a line between referrals and marketing services when consideration is placed on the use of artificial intelligence, targeted marketing, linking and the information provided and under what circumstances or fact patterns.
To be clear, this is a good step by the CFPB, but it could have been much more. In any case, the door is partially open and the use of MSAs can resume, bearing in mind the spirit and intent of such agreements. As noted above, the CFPB will continue enforcing RESPA and other regulations. It is reported that the FDIC has ramped up enforcement actions on MSAs but is recognizing that some MSAs can be permissible with reasonable fees paid in relation to a fair market value for the cost of marketing services performed.

Resources: RESPA FAQs: https://www.consumerfinance.gov/policy-compliance/guidance/mortgage-resources/real-estate-settlement-procedures-act/real-estate-settlement-procedures-act-faqs/

CFPB Blog on rescinded Bulletin 2015-05: https://www.consumerfinance.gov/about-us/blog/cfpb-provides-clearer-rules-road-respa-marketing-service-agreements/

The year is nearly over – Loose ends

By Andy Zavoina

2020 has really been a different year and many are ready to see it go. As we get through the ice storms, power outages and video calls working on budgets, I will remind you there are loose ends that need to be tied up as time stops for no compliance program.

Reg E § 1005.8 – If your consumer customer has an account to or from which an electronic fund transfer can be made, an error resolution disclosure is required. There is a short version that you may have included with each periodic statement. If you’ve used this, you are done with this one. But if you send the longer version that is sent annually, it is time to review it for accuracy and send it out. Electronic disclosures under E-SIGN are allowed here. This may also be a good time to review §1005.7(c) and determine if any electronic fund transfer services were added, and if they were disclosed as required. Think Person-to-Person transfers like Zelle, Venmo or Square.

Reg P § 1016.5 – There are exceptions allowing banks which meet certain conditions to forgo sending annual privacy notices to customers. The exception is generally based on two questions, does your bank share nonpublic personal information in any way that requires an opt-in under Reg P, and have you changed your policies and practices for sharing nonpublic personal information from the policies and procedures you routinely provide to new customers? Not every institution will qualify for the exception, however. John Burnett wrote about the privacy notice conundrum in the July 2017 Legal Briefs. That article has more details on this.

When your customer’s account was initially opened, you had to accurately describe your privacy policies and practices in a clear and conspicuous manner. If you don’t qualify for the exception described above, you must repeat that disclosure annually as well. Ensure that your practices have not changed and that the form you are sending accurately describes your practices.

For Reg P and the Privacy rules, annually means at least once in any period of 12 consecutive months during which that relationship exists. You may define the 12-consecutive-month period, but you must apply it to the customer on a consistent basis, so this is not necessarily a December or January issue, but it could be. And each customer does not have their own “annual date.” If a consumer opens a new account with you in February, you provide the initial privacy notice then. That is year one. You can provide the annual privacy notice for year two at any time, up until December 31 of the second year.

It is important to note that unlike most other regulatory requirements, Reg P doesn’t require E-SIGN compliance for your web-based disclosures. You can use e-disclosures on your bank web site when the customer uses the web site to access financial products and services electronically and agrees to receive notices at the web site, and you post your current privacy notice continuously in a clear and conspicuous manner on the web site. So, the demonstrable consent requirements and others in E-SIGN’s 15 USC Sect. 7001(c) do not apply, but there must still be acceptance to receive them on the web. Alternatively, if the customer has requested that you refrain from sending any information regarding the customer relationship and your current privacy notice remains available to the customer upon request this method is acceptable.

BSA Annual Certifications – Your bank is permitted to rely on another financial institution to perform some or all the elements of your CIP under certain conditions. The other financial institution must certify annually to your bank that it has implemented its AML program. Also, banks must report all blockings to OFAC within ten days of the event and annually by September 30, concerning those assets blocked.

IRAs, IRS Notice 2002-27 – If a minimum distribution is required from an IRA for a calendar year and the IRA owner is alive at the beginning of the year, the trustee that held the IRA on the prior year-end must provide a statement to the IRA owner by January 31 of the calendar year regarding the required minimum distribution.

  • Notice 2020-6 – provides guidance to banks on reporting required minimum distributions for 2020 based on the amendment of § 401(a)(9) of the Internal
    Revenue Code. The CARES Act altered many reporting requirements throughout 2020 and your bank should be familiar with those many changed for this year and beyond.

Reg Z Thresholds and Updates – These changes are effective January 1, 2021. You should ensure they are available to staff or correctly hard coded in your systems:

  •  The CARD Act penalty fees safe harbor amount in section 1026.52(b)(1)(ii)(A) will remain at $29.
  • The CARD Act penalty fees safe harbor amount in section 1026.52(b)(1)(ii)(B) will remain at $40.
  • The HOEPA total loan amount threshold that determines whether a transaction is a high cost mortgage is changed to $22,052.
  • The HOEPA total points and fees dollar trigger amount is changed to $1,103.
  • Effective January 1, 2021, a covered transaction is not a qualified mortgage if, pursuant to § 1026.43(e)(3), the transaction’s total points and fees exceed 3 percent of the total loan amount for a loan amount greater than or equal to $110,260; $3,308 for a loan amount greater than or equal to $66,156 but less than $110,260; 5 percent of the total loan amount for loans greater than or equal to $22,052 but less than $66,156; $1,103 for a loan amount greater than or equal to $13,783 but less than $22,052; or 8 percent of the total loan amount for loans less than $13,783.

Annual Escrow Statements § 1024.17 – For each escrow account you have, you must provide the borrower(s) an annual escrow account statement. This statement must be done within 30 days of the completion of the escrow account computation year. This need not be based on a calendar year. You must also provide them with the previous year’s projection or the initial escrow account statement, so they can review any differences. If your analysis indicates there is a surplus, then within 30 days from the date of the analysis you must refund it to the borrower if the amount is greater than or equal to $50. If the surplus is less than that amount, the refund can be paid to the borrower, or credited against the next year’s escrow payments.

Fair Credit Reporting Act – Affiliate Marketing Opt-Out § 1022.27(c) – Affiliate marketing rules in Reg V place disclosure restrictions and opt out requirements on you. Each opt-out renewal must be effective for a period of at least five years. If this procedure is one your bank is using, are there any expiration dates for the opt-outs and have these consumers been given an opportunity to renew their opt-out?

Fair Credit Reporting Act – FACTA Red Flags Report – Section VI (b) (§ 334.90) of the Guidelines (contained in Appendix J) require a report at least annually on your Red Flags Program. This can be reported to either the Board, an appropriate committee of the Board, or a designated employee at the senior management level.

Regulation O, Annual Resolution §§ 215.4, 215.8 – In order to comply with the lending restrictions and requirements of 215.4, you must be able to identify the “insiders.” Insider means an executive officer, director, or principal shareholder, and includes any related interest of such a person. Your insiders are defined in Reg O by title unless the Board has passed a resolution excluding certain persons. You are encouraged to check your list of who is an insider, verify that against your existing loans, and ensure there is a notification method to keep this list updated throughout the year.

Reg BB (CRA), Content and availability of Public File § 228.43 – Your Public Files must be updated and current as of April 1 of each year. Many banks update continuously, but it’s good to check.

HMDA and CRA Notices and Recordkeeping – HMDA and CRA data are gathered separately by applicable banks but both Regs C and BB respectively have reporting requirements for the Loan Application Registers (LAR). Each must be submitted by March 1, for the prior calendar year. National banks are currently required to update LAR data quarterly. The new HMDA rules will require all HMDA reporters to do so and the CRA Public File will be changing with HMDA as will signage. Regardless, if you are a reporter of either LAR you should start verifying the data integrity now to avoid stressing the process at the end of February. And start getting that new HMDA sign ready to post as well. Section 1003.5(e) has language in the Commentary that should go up January 1.

Training – An actual requirement for training to be conducted annually is rare, but annual training has become the industry standard and may even be stated in your policies. There are six areas that require training (this doesn’t mean you don’t need other training, just that these regulations have stated requirements).

  • BSA (12 CFR §21.21(c)(4) and §208.63(c)(4) Provide training for appropriate personnel.
  • Bank Protection Act (12 CFR §21.3(a)(3) and §208.61(c)(1)(iii)) Provide initial & periodic training
  • Reg CC (12 CFR §229.19(f) Provide each employee who performs duties subject to the requirements of this subpart with a statement of the procedures applicable to that employee)
  • Customer Information Security found at III(C)(2) (Pursuant to the Interagency Guidelines for Safeguarding Customer Information), training is required. Many banks allow for turnover and train as needed, imposing their own requirements on frequency.)
  • FCRA Red Flag (12 CFR 222.90(e)(3)) Train staff, as necessary, to effectively implement the Program;)
  • Overdraft protection programs your bank offers. Employees must be able to explain the programs’ features, costs, and terms, and to explain other available overdraft products offered by your institution and how to qualify for them. This is one of the “best practices” listed in the Joint Guidance on Overdraft Protection Programs issued by the OCC, Fed, FDIC and NCUA in February 2005 (70 FR 9127, 2/24/2005), and reinforced by the FDIC in its FIL 81-2010 in November 2010.

Security, Annual Report to the Board of Directors § 208.61 – The Bank Protection Act requires that your bank’s Security Officer report at least annually to the board of directors on the effectiveness of the security program. The substance of the report must be reflected in the minutes of the meeting. The regulations don’t specify if the report must be in writing, who must deliver it, or what information should be in the report. It is recommended that your report span three years and include last year’s historical data, this year’s current data and projections for the next year.

Information Security Program part of GLBA – Your bank must report to the board or an appropriate committee at least annually. The report should describe the overall status of the information security program and the bank’s compliance with regulatory guidelines. The reports should discuss material matters related to the program, addressing issues such as: risk assessment; risk management and control decisions; service provider arrangements; results of testing; security breaches or violations and management’s responses; and recommendations for changes in the information security program.

Annual MLO Registration § 1007.102 – Mortgage Loan Originators must go to the online Registry and renew their registration. This is done between November 1 and December 31. If this hasn’t been completed, don’t push it to the back burner and lose track during the holidays and year-end rush to complete tasks. This is also a good time to plan with management and Human Resources those MLO bonus plans. Reg Z Section 1026.36(d)(1)(iv)(B)(1) allows a 10 percent aggregate compensation limitation on total compensation which includes year-end bonuses.

MISC – Some miscellaneous items you may address internally in policies and procedures include preparation for IRS year-end reporting, vendor due diligence requirements including insurance issues and renewals, documenting ORE appraisals and sales attempts, risk management reviews, records retention requirements and destruction of expired records, and a designation by the Board of the next year’s holidays. Has there been a review of those not yet extending vacation or “away time” to the five consecutive business days per the Oklahoma Administrative Code 85:10-5-3 “Minimum control elements for bank internal control program”?