Thursday, December 7, 2023

Legal Briefs

OBA Legal Briefs – January 2005 – October 2023

September 2023 OBA Legal Briefs

OK Legislation 2023

By Pauli D. Loeffler

Oklahoma Uniform Consumer Credit Code Title 14A

Sec. 1-106 of the Oklahoma Uniform Consumer Credit Code  in Title 14A (the “U3C”) is the section that determines when and how much dollar limits under Title 14A are subject to change. These changes are based on increases in the Consumer Price Index for Urban Wage Earners and Clerical Workers compiled by the Bureau of Labor Statistics, U.S. Department of Labor.

Legislation enacted in the last session modified Subsection (4)(a) of § 1-106 removing the 3% increase cap on increased amounts. The amendment became effective April 23, 2023, and is part of the notification by the Oklahoma Department of Consumer Credit of changes in dollar amounts effective July 1, 2023. I covered these changes in the June 2023 OBA Legal Briefs. The OK DOCC notice can be accessed here.   It is also accessible on the OBA’s Legal Links page under Resources. In order to gain access to the Legal Briefs online archive and the Legal Links, you will need to create an account through the My OBA Member Portal if you have not done so already.

  • 3-508A Loans

This section of the “U3C” sets the maximum annual percentage rate for certain loans. It provides three tiers with different rates based on unpaid principal balances that may be “blended.” It also has an alternative maximum rate that may be used rather than blending the rates. Effective for loans consummated on or after November 1, 2023, § 3-508A is amended to read:

(2) The loan finance charge, calculated according to the actuarial method, may not exceed the equivalent of the greater of either of the following:

(a) the total of:

(i) thirty-two percent (32%) plus the federal funds rate per year on that part of the unpaid balances of the principal which is Seven Thousand Dollars ($7,000.00) or less;

(ii) twenty-three percent (23%) plus the federal funds rate per year on that part of the unpaid balances of the principal which is more than Seven Thousand Dollars ($7,000.00) but does not exceed Eleven Thousand Dollars ($11,000.00); and

(iii) twenty percent (20%) plus the federal funds rate per year on that part of the unpaid balances of the principal which is more than Eleven Thousand Dollars ($11,000.00); or

(b) twenty-five percent (25%) plus the federal funds rate per year on the unpaid balances of the principal…

(7) As used in this section, the “federal funds rate” means the rate published by the Board of Governors of the Federal Reserve System in its statistical release H.15 Selected Interest Rates [Click HERE] and in effect as of the first day of each month immediately preceding the month during which the loan is consummated.

Title 60 O.S. § 121 – Alien ownership of Oklahoma real estate

I covered loans to non-U.S. citizens in the January 2016 OBA Legal Briefs. Effective November 1, 2023, § 121 is amended as follows:

  1. No alien or any person who is not a citizen of the United States shall acquire title to or own land in this state either directly or indirectly through a business entity or trust, except as hereinafter provided, but he or she shall have and enjoy in this state such rights as to personal property as are, or shall be accorded a citizen of the United States under the laws of the nation to which such alien belongs, or by the treaties of such nation with the United States, except as the same may be affected by the provisions of Section 121et seq. of this title or the Constitution of this state. Provided, however, the requirements of this subsection shall not apply to a business entity that is engaged in regulated interstate commerce in accordance with federal law.
  2. On or after the effective date of this act, any deed recorded with a county clerk shall include as an exhibit to the deed an affidavit executed by the person or entity coming into title attesting that the person, business entity, or trust is obtaining the land in compliance with the requirements of this section and that no funding source is being used in the sale or transfer in violation of this section or any other state or federal law. A county clerk shall not accept and record any deed without an affidavit as required by this section. The Attorney General shall promulgate a separate affidavit form for individuals and for business entities or trusts to comply with the requirements of this section, with the exception of those deeds which the Attorney General deems necessary when promulgating the affidavit form.

The affidavit is only required for deeds transferring ownership of real estate on or after the November 1, 2023, effective date. It does not apply to deeds filed of record prior to that date nor does it apply to leases or personal property. If the bank is making a purchase money loan for real estate on or after the effective date, it will require that the affidavit be executed by the purchaser and recorded with deed. (Updated November 1, 2023)

I reached out to the Oklahoma Attorney General’s office regarding the affidavit. Drafts of the affidavit are currently being circulated. They anticipate the affidavit form will be finalized shortly and will be available to view next month. Expect an update with the link to the affidavit in a future article.

Title 12 – Garnishment Forms

Effective November 1, 2023, the Oklahoma garnishment forms, i.e., affidavits, pre- and post- judgment garnishment summonses, garnishee’s answer, etc., will be under the purview of the Oklahoma Bar Association rather than the Administrative Office of the Courts. Inasmuch as the garnishment statutes themselves did not have any substantive changes, there should be no changes in the forms themselves.

I worked with the Administrative Office of the Courts in amending the forms in 2011 when the Garnishment of Accounts Containing Federal Benefits rule became effective. I was also involved in changes to the garnishment summonses with regard to the amount and time of payment of the garnishment fee when a federally regulated financial institution is the garnishee as provided under § 1190 of Title 12 in regard to legislation effective November 1, 2016, and November 1, 2022. I have reached out to the Oklahoma Bar Association to find out who specifically is in charge of the forms.

Title 43A O.S. § Section 10-111.1 – Vulnerable Adult Abuse, Neglect and Exploitation Report

Elder financial exploitation has been the topic of three OBA Legal Briefs articles: July 2006, June 2007, and July 2008. These are available to read online on the OBA website.

  • 10-111.1 was added to the Oklahoma statutes in 2018. The statute as amended requires the Office of the Attorney General to maintain the Vulnerable Adult Abuse, Neglect and Exploitation Report accessible to the public on the Internet in an electronic format that is easily and readily searchable to include persons found guilty by a court of law or who have entered a plea of guilty or nolo contendere (Latin for “no contest”) to a charge of abuse, neglect, or exploitation of a vulnerable adult. The Report will provide the full name of the offender, information necessary to identify the individual, information regarding the case regarding convictions and confessions made in a court of law, and the date the offender was convicted or pled guilty or no contest. The Report is required to be updated quarterly.

The Oklahoma Uniform Power of Attorney Act that became effective November 1, 2021, which is covered in the September and October 2021 OBA Legal Briefs, requires banks to accept an acknowledged Power of Attorney (signed by the principal in the presence of a notary). There are six exceptions, one of which stated in § 3020 of the Act:

The person makes, or has actual knowledge that another person has made, a report to the Adult Protective Services office stating a good-faith belief that the principal may be subject to physical or financial abuse, neglect, exploitation or abandonment by the agent or a person acting for or with the agent.”

Title 58 O.S. § 1252 – Transfer-on-death (“TOD”) deeds

Oklahoma has allowed Transfer-on-Death-deeds since November 1, 2008, (see August 2008 OBA Legal Briefs), but the statute has had a few amendments over the years. Additional changes were made this last legislative session. The amendments are effective November 1, 2023.

TOD Deeds convey any estate or interest in, over or under land, including surface, minerals, structures and fixtures. The signature, consent, or notice to a beneficiary or beneficiaries is not required prior to the owner’s death.

Subsection C. is amended and provides:

A designated grantee beneficiary may accept real estate pursuant to a transfer-on-death deed only on behalf of himself, herself, or a legal entity over which he or she has proper authority. A beneficiary shall not accept such real estate on behalf of another designated beneficiary.

Subsection D. is amended to require:

Each designated grantee beneficiary wishing to accept real estate pursuant to a transfer-on-death deed shall execute an affidavit affirming:

  1. Verification of the record owner’s death;
  2. Whether the record owner and the designated beneficiary were married at the time of the record owner’s death; and
  3. A legal description of the real estate.

Former Subsection D. is now E.:

  1. The grantee shall attach a copy of the record owner’s death certificate to the beneficiary affidavit. For a record owner’s death occurring on or after November 1, 2011, the beneficiary shall record the affidavit and related documents with the office of the county clerk where the real estate is located within nine (9) months of the grantor’s death, otherwise the interest in the property reverts to the deceased grantor’s estate; provided, however, for a record owner’s death occurring before November 1, 2011, such recording of the affidavit and related documents by the beneficiary shall not be subject to the nine-month time limitation. Notwithstanding the provisions of Section 26 of Title 16 of the Oklahoma Statutes, an affidavit properly sworn to before a notary shall be received for record and recorded by the county clerk without having been acknowledged and, when recorded, shall be effective as if it had been acknowledged.

Subsection F. is new:

  1. A beneficiary affidavit recorded pursuant to this section before November 1, 2023, in which one or more, but not all, named beneficiaries of a transfer-on-death deed explicitly accept the interests being conveyed by the deed on behalf of all or some of the beneficiaries named shall be effective to accept such interests if executed by at least one of the named beneficiaries accepting such interests.

The real estate interest conveyed by a TOD Deed taken by the beneficiary/beneficiaries is subject to the bank’s existing mortgage.

Title 42 O.S. § 91 – Personal property liens

I last covered changes to this statute in the December 2014 OBA Legal Briefs, much of which remains unchanged.

This section applies to every vehicle, all-terrain vehicle, utility vehicle, manufactured home, motorcycle, boat, outboard motor, or trailer that has a certificate of title issued by the Oklahoma Tax Commission/Service Oklahoma or by a federally recognized Indian tribe in the State of Oklahoma.

The special possessory lien provided under this section will have priority over any perfected liens (e.g., lien entries and other lien claimants), ONLY if the lien claimant strictly complies with ALL applicable provisions of § 91 with regard to submission of claim and documentation, notice and mailing requirements to owner and other lien holders with regard to the lien, as well as notice of sale. If the lien is denied, the claimant may resubmit its claim once within 15 business days of denial. One change to the existing statute is when the possessory lien claimant has been in possession of the property for at least 21 days before the Notice of Sale is to be mailed. The second change is that proceedings for foreclosure in 20 days after the lien accrued, except as provided elsewhere by Oklahoma law.

RESPA – Section 8

By Andy Zavoina

In December 1974 Public Law 93-533 was passed. That may not mean much to you initially, but Section 8 of that law is very meaningful. In short, I’m referring to Section 8 of the Real Estate Settlement Procedures Act (RESPA). I’m not sure why we commonly reference the section of the actual law instead where there is a violation instead of Reg. X where we study it and read about the restrictions, but at times it is good to go to the roots of the law and see what it says. The law and the Reg follow each other closely in this section, which is implemented in § 1024.14 of Reg. X. Briefly, it prohibits a person from giving or accepting anything of value for referrals of settlement service business related to a federally related mortgage loan. It also prohibits a person from giving or accepting any part of a charge for services that are not performed. These are also known as kickbacks, fee-splitting and unearned fees.

Penalty Overview: Violations of Section 8 are subject to criminal and civil penalties. A person who violates Section 8 may be fined up to $10,000 and imprisoned for up to one year. In a private lawsuit a person who violates Section 8 may be liable to the person charged for the settlement service an amount equal to three times the amount of the charge paid for the service.

Background: When you search on “Section 8” or “kickbacks” you will find many resources including those from real estate brokers and Realtors. I am not a Realtor but those I know have all been trained on Section 8. “Thou shall not give, nor receive” and the emphasis is on any gift that could be construed as an incentive for a mortgage referral. The law aims to punish both sides of that violation because it is intended to protect the third party in this, the consumer – the borrower in these transactions.

If Lender A pays Realtor B to send business its way, Lender A gets more business but now has more costs. Lender A has to recover these costs and that would be compensated for by higher fees charged to Borrower C. This makes the loans less affordable. That is why we have this section of law and regulation. The common issues that promote discussions on Section 8 are inadvertent violations. That is, things not truly intended to violate the rules but at face value, may.

Lender A is at lunch and sees his friend, Realtor B. They chat about the Friday night football game the whole town is excited about and about business. If Realtor B mentions, “hey, I have a prospect you may be interested in. They just moved to this area, and I found them a great house. Qualifying for a new mortgage is hard, though, because of his new job.” Lender A is always looking for mortgage production and a new depositor prospect is icing on the cake. Lender A picks up the lunch tab. Is that a kickback, a Section 8 violation?

At other times, the violations appear concrete and completely justified. Let’s examine the August 17, 2023, Consent Order between the Consumer Financial Protection Bureau (CFPB) and Freedom Mortgage Corporation, (Freedom), File No. 2023-CFPB-0008. This is a case of both giving and receiving so we will include an examination of a separate Consent Order (File No. 2023-CFPB-0009) against Realty Connect USA Long Island, Inc. (Realty Connect) issued on the same day.

Section 8 violations do not appear to be common as this was the first for the CFPB since 2017, but it was egregious, as you will see. The CFPB is not the only agency looking at RESPA rules and compliance with them, however. The Federal Deposit Insurance Corporation (FDIC) published its Consumer Compliance Supervisory Highlights, in March 2023. It stated, “In 2022, the FDIC identified RESPA Section 8(a) violations where a bank contracted with third parties that took steps to identify and contact consumers in order to directly steer and affirmatively influence the consumer’s selection of the bank as the settlement service provider. In some cases, this process involved the third party calling identified consumers and directly connecting and introducing them to a specific mortgage representative on the phone. This process is often referred to as a “warm transfer.” In other cases, the process involved operation of a digital platform that purported to rank lender options based on neutral criteria but where the participating lenders merely rotated in the top spot. Although each case is fact specific, indicators of risk in these arrangements include a third party that does one or more of the following activities:

  • Initiates calls directly to consumers to steer them to a particular lender;
  • Offers consumers only one lender o will only transfer the consumer to one lender;
  • Describes the lender in non-neutral terms such as preferred, skilled, or possessing specialized expertise;
  • Receives payment from the lender only if a “warm transfer” occurs; or
  • On a consumer-facing digital platform that purports to rank settlement service providers based on objective factors, includes providers that pay to take turns appearing in the top spot in a round-robin format.

Payment for activities that go beyond the simple provision of a “lead” may be improper payment for referrals when the activity affirmatively influences the consumer towards the selection of a particular lender. The warm transfers were of particular interest in the report.

Consent Orders: Let’s review the specific compliance issues in the two consent orders, but first an attention getter – the Consent Orders provide for civil money penalties of $1.75 million against Freedom and $200,000 against Realty Connect, along with other compliance obligations. While each party has its own obligations to adhere to RESPA and Reg. X, one is not doing the other any favors with enticements that lead to long term and expensive problems such as these enforcement actions.

The period during which these actions took place began in January 2017 and essentially extends to August 2022. The focus was on Freedom’s “Traditional Retail Unit,” which was part of Freedom until about August 2021, and then these activities were conducted through a former subsidiary, RoundPoint Mortgage Servicing, Inc. The traditional retail unit was one in which loan officers went directly to real estate brokers and agents to obtain new loans.

Issue One: Freedom paid for subscription services and gave real estate agents and brokers (collectively “brokers”) free access. These were professional publications which offered useful information to the brokers concerning property reports, comparable sales, and foreclosure data in their markets. For RESPA this was a “thing of value,” as the retail cost would be $300 per month for this service. While the Realty Connect Consent Order states more than 100 of its brokers accepted this service, (Freedom’s cost based on a retail subscription would be $30,000 per month) the Freedom Consent Order indicates over 2,000 brokers accepted subscriptions. (Perhaps that was different brokers over a period of time and perhaps Freedom had a multi-user license at a lower cost. Still, a “thing of value” is based on the retail value.)

Issue Two: Freedom sometimes required brokers to be paired up specifically with an individual in the Traditional Retail Unit and this also influenced that broker’s access to the valuable subscription service. These brokers made more than 1,000 mortgage referrals and it was a quid pro quo arrangement, according to the Freedom Consent Order. Realty Connect’s Consent Order indicated more than 400 referrals were made during the period reviewed which affirms there were issues with other brokers as well.

Issue Three: From at least July 2017 through 2022, Freedom hosted and subsidized events for certain real estate brokers and agents. This included food, beverages, alcohol and entertainment. Freedom also gave away free tickets to sporting events, charity galas and other events that would each have had a cost had the brokers paid their own way. Some of these events cost Freedom thousands of dollars and more. One event paid for by Freedom and held at a restaurant and bar cost them more than $6,300 as it included rented sports simulators. There were fifty brokers there because they referred the most mortgage loans to Freedom and new brokers were also in attendance in a recruitment effort by Freedom to develop more referral brokers.

Freedom denied requests for event sponsorship from brokers who did not refer mortgage business to its loan officers.

These activities were viewed as part of a pattern, practice, or course of conduct of giving things of value to create, maintain, and strengthen mortgage referral relationships. It clearly went beyond mere business development.

Issue Four: in October 2020, the CFPB produced a guidance document to clarify its position on Marketing Service Agreements (MSAs) and Section 8 practices. An MSA involves two or more parties whereby one agrees to market or promote the services of another and receives compensation for the work provided. A lawful MSA is an agreement for the performance of marketing services where the payments under the MSA are reasonably related to the value of services actually performed.

Freedom had marketing agreements with over forty real estate brokerages. Payments varied but ranged from a few hundred to several thousand dollars per month. The total amount Freedom paid under its MSAs during the period reviewed here was approximately $90,000 per month.

One agreement included promotion rights by Freedom to the brokers at Realty Connect. Freedom was allowed to have its loan officers promote themselves at Realty Connect internal meetings and to allow those lenders to email the brokers directly as “referral partners.”  It was also agreed that Freedom would host at least one training event for Realty Connect’s brokers at least quarterly to maintain and increase the referrals from those brokers.

The MSA with brokerages, of which Realty Connect was one, required brokerages to provide marketing services. Realty Connect received $6,000 per month from Freedom under the MSA from January 2017 to December 2022. This equates to $432,000 for marketing services.

Realty Connect failed to execute many of the marketing tasks required by its MSA with Freedom. Realty Connect was to send 15,000 marketing emails each month, allocating 50% of the content to Freedom. Realty Connect sent no marketing emails at all. The MSA required Realty Connect to maintain three “physical locations showing video loop or kiosk advertising” for Freedom. Realty Connect had no video loops or kiosks. And the MSA required Realty Connect to create an average of 75 property websites per month showing Freedom’s content, but it never created any property websites.

As further demonstration that the MSAs were a sham to pay for referrals and not generally advertise for Freedom, the Realty Connect Consent order provides an example between a loan officer and broker in which a lender was to help promote a Realty Connect open house. The lender said, “I want to continue to help you with this, do you think on your listing you can try to get me some referrals to work with?” The agent replied, “I have recommended you many times—Gave them your info on the last two sales.”

Additionally, Freedom had its own professional design team to create the marketing copy it advertised with, including co-branded mailers and open house flyers. Freedom also owned and operated its own print shop that created the hard copies it used as advertisements. Freedom essentially created and produced its own advertisements and was not using the services the MSAs called for. Realty Connect’s actual role in the marketing activities was limited to offering minor design suggestions and it paid the postage for the co-branded mailers. The monthly $6,000 fee was excessive compensation for the services actually performed.

Freedom also encouraged those brokerages with MSAs to use a third-party smartphone app, which Freedom’s loan officers would share with the brokers. The brokers would then share the app with their clients. The app then featured the Freedom loan officer’s headshot and Freedom’s logo at the top, and included buttons where the client could directly contact the loan officer for assistance. It is inferred that this proprietary app is considered akin to a direct referral by the CFPB, although I have seen no specific guidance on this.

Some brokers who worked with Freedom and its MSAs received direct payments. This also emphasized to the CFPB that the MSA was a method to pay compensation for referrals and not for advertising.

Closing: Additional requirements in the Consent Orders require that there be no further Section 8 violations. I used to think it made no sense for an enforcement order to say “for the next 3 years you cannot violate Section 8…” as an example. There was never any inference that anyone could. But if there is a subsequent violation, it is not only a repeat violation but violates the enforcement action they specifically agreed to, allowing even more charges to be added to a new action. Additionally, the Consent order emphasizes that the Board of Freedom has the ultimate responsibility for compliance and the board must review all the plans and reports required in the Consent Order. It is putting them on notice. There are accounting and reporting requirements and additional prohibitions placed on things related to Section 8. One year from the Consent Order a detailed report has to be filed with the CFPB describing its progress. It also states that in the event the company is sold, the purchaser must agree to the terms of this Consent Order, effectively removing the possibility of a reorganization by the same or similar ownership attempting to dodge these restrictions and requirements.

Section 8(c) of RESPA does describe allowable payments as it states, “Nothing in this section shall be construed as prohibiting (1) the payment of a fee (A) to attorneys at law for services actually rendered or (B) by a title company to its duly appointed agent for services actually performed in the issuance of a policy of title insurance or (C) by a lender to its duly appointed agent for services actually performed in the making of a loan, or (2) the payment to any person of a bona fide salary or compensation or other payment for goods or facilities actually furnished or for services actually performed.”

The FDIC in its Consumer Compliance Supervisory Highlights referenced earlier also noted five things that banks can do to mitigate risks associated with Section 8 violations.

  1. Train applicable staff on what is permitted to generate leads, and what is prohibited and would be an illegal referral.
  2. The lenders and management need to review any referral program the bank is participating in to clearly understand the functions of the program and any cost structure and cost justification.
  3. Management must develop policies and procedures which strictly comply with the regulatory requirements in Reg. X and RESPA as to programs designed to generate leads.
  4. Require loan officers to report annually the established relationships that are used for mortgage loan generations and new ones which develop, so that they may be reviewed and approved by management.
  5. The bank must impose controls to monitor lead generation activities for compliance with the bank’s policy and procedures as well as RESPA and Reg. X.

August 2023 OBA Legal Briefs

  • HMDA Analysis
  • Personal Responsibility
  • Forms Update

HMDA Analysis

By Andy Zavoina

If your bank is a reporter under the Home Mortgage Disclosure Act (HMDA), you may well have some work to do if you have not already done some or all of this. On June 29, 2023, the Federal Financial Institutions Examination Council (FFIEC) announced the availability of data on 2022 mortgage lending transactions reported under HMDA. This HMDA data is the largest source of publicly available data on mortgage lending in the United States. If your bank is reporting, your data is here. Other banks in your geographic areas who report also have data here. Banks outside your area which may be similar to yours, yes, that data is here too. It is all available and can more easily than ever before be analyzed. This article is a discussion on why — and a little bit of how — to analyze your data and that of your peer banks.

Years ago, the system was far less automated than we have today. When the HMDA data came out it was sent to central repositories. In my case it was held as reference material in the local public library which happened to be a few blocks from the main branch I was working out of. It was set up by Metropolitan Statistical Area (MSA) and was a treasure trove if you knew what you wanted to do with it.

When teaching compliance management, I often say compliance is not a cost center as it is often described, but a resource because it touches so many areas in the bank. In this case you are touching on loan production, and you can compare your bank’s production against that of your peers. Management likes to know how the competition is doing and you can compare apples to apples, at least as far as HMDA reportable loans are concerned.

Your Marketing area can use this data to see what type of applicants for HMDA loans it is attracting and where these applicants may be from as well as where they want to move to. Consider the ways you can use this data. You can easily build a picture of who your applicants are and where they live. That means you also know the areas they are not living in, and this is what can help Marketing redirect advertising campaigns if those are areas you need or want to market to. This information is data gold for Marketing and management as well, and you have it all available right now.

You can plot where the mortgage loans (so long as they are HMDA reportable, so not everything, but a lot) are not just for your bank, but for all those peer lenders in your area as well. And you can reach farther if desired. One of my banks was a military bank. We had borrowers literally all over the world and, while it was less common than say a car loan, we did some mortgage financing all over the country. Other military banks may be doing the same. It is often difficult to get a lot of data about your peer banks when they happen to be across the country from you, but as a military bank, they were our peers, and it was important to understand how my numbers compared to theirs. We recognized that there were different markets and quite different conditions, yet when it came to the Community Reinvestment Act (CRA) this was a comparison you wanted to be aware of. Were our numbers close to our peers or far different – and in either case why? When you compare your loan volumes to your peers, and when you understand the different lending strategies of these other lenders, it helps set benchmarks and goals as well as to understand your own loan patterns.

Again, when you know to whom you are lending, you also know those to whom you are not lending. Are your numbers good or bad when you look, for example, at racial demographics? When you ask in the loan committee meeting why (as a hypothetical) there were so few loans to Blacks and the response is there are few Black applicants applying, it sets off questions such as:

  • Are we marketing to areas of a majority minority?
  • Are we trying to reach this demographic in targeted ads? Why or why not?
  • What percent of our applicants were Black?
  • What percent of our Black applicants were approved, denied, withdrawn, or closed for other reasons?
  • And if there is a level of complacency with those figures, next compare yourself to those peer banks’ lending in the same area, to the same would-be home buyers.

When it comes to fair lending justifications of your bank’s actions, read fair lending enforcement actions, and learn how regulators and the Department of Justice (DOJ) attorneys compare the results of your bank to peer banks. As one example, consider when the Consumer Financial Protection Bureau (CFPB) and the DOJ took action against Trident Mortgage Company LP (Trident) under the Fair Housing Act (FHA), the Equal Credit Opportunity Act (ECOA),  and Regulation B, as well as the Consumer Financial Protection Act of 2010 (CFPA) (also referred to as Unfair, Deceptive, or Abusive Acts or Practices (UDAAP)) to remedy discrimination in Trident’s mortgage lending. There were many problems with Trident, and we covered many of the problems in last April’s edition of the Legal Briefs. Here is a snippet from that edition to emphasize the points of this HMDA analysis.

Trident received 80 percent of its mortgage applications for properties located in that MSA its defined as its market area. But the actual loan distribution pattern showed a disproportionate number in the majority-white areas. As a foundation there was the selection of office locations and limited outreach and marketing which led to these lending patterns which are confirmed by HMDA data. One must ask, “was this a choice?” When comparing HMDA data, Trident significantly underperformed its peer lenders in generating home mortgage applications from majority-minority neighborhoods and the disparity between the rate of applications generated by Trident and by its peer lenders from majority-minority neighborhoods and high-minority neighborhoods was both statistically significant.

Of the nearly 31,000 applications on the HMDA reports from 2015 through 2019, 12 percent came from majority-minority areas. Peer lenders generated 21.5 percent of their 135,000 applications. The disparity was seen year after year. In in high-minority neighborhoods, Trident showed 4.1 percent of its applications as coming from high-minority areas, compared to 10.8 percent of its peer lenders.

Trident significantly underperformed its peer lenders in making home loans in majority-minority neighborhoods as well. The complaint notes that, “…of the 22,960 HMDA-reportable loans Trident made for single family dwellings from 2015 through 2019 in the Philadelphia MSA, 11.7% came from residents of majority-minority areas. By contrast, Trident’s peers made 16.2% of their 50,060 loans from these same majority-minority neighborhoods.” And only 3.7 percent of Trident’s loans were made in high-minority areas, while peer lenders made 6.9 percent of their loans in these same areas.

Enforcement actions are a good “go by” for the type of analysis done when lending is questionable. CRA Public Evaluations are another resource not only for key analytics, but also for comments as to what was good, bad and ugly. Remember that HMDA analysis is a basis for fair lending examinations which are a foundation for your next CRA exam. When you can identify weaknesses in your numbers, you can proactively impose corrective actions, and this demonstrates to examiners reviewing your bank’s lending activity and your compliance program that you are aware of and managing the processes.

The data available will help show whether your lenders and therefore your bank are serving the housing needs of the communities you serve as your market area. It includes information that helps management make recommendations to the board on decisions and policies and draws attention to your lending patterns that could be discriminatory. Your bank, as a HMDA filer, recorded up to 110 different data points for each HMDA applicable mortgage application received on a Loan Application Register (LAR). What you have in your bank is your complete LAR. In March, the FFIEC provided your bank with a modified, or sanitized, LAR. The modified LAR data provides information from the most current HMDA submission that was required to be submitted essentially a month earlier, by March 1, of each year. This modified LAR is available to the public, and to your bank and your peer banks who are also evaluating your bank’s performance. Section 1003.5(c) of Regulation C requires that you post, “a written notice that clearly conveys that the institution’s loan/application register, as modified by the Bureau to protect applicant and borrower privacy, may be obtained on the Bureau’s Web site at” The publicly released data excludes or modifies several data points reported by all the institutions submitting LAR data, such as the universal loan identifier, the date the application was received or the date shown on the application form, the address of the property, the credit score or scores relied on in making the credit decision, and any applicant or borrower ethnicity free-form text field. In theory this makes it difficult to review entries and identify a particular applicant and therefore data about that applicant which is protected by privacy laws. Others have pointed out faults in this system as deeds are public documents and with a little work a knowledgeable person can connect many dots. Connecting those dots is not the point of this article, but rather what you can do with the LAR data to analyze the mortgage lending picture your lenders are painting and how you compare to peer banks.

So, where would you find HMDA data now that the old central repositories are automated? HMDA data is available at You can also find a HMDA Data Browser at which will help you filter any and all of the LARs that were submitted. In June 2022 the CFPB published, “A Beginner’s Guide to Accessing and Using Home Mortgage Disclosure Act Data” which you can find online here, In addition to background HMDA information, this is a step-by-step guide on how to filter the data to extract just what you want to know. In computer coding there is an old adage, garbage in – garbage out,” meaning you can get out what you put in. Your LAR has that “up to 110 data points” mentioned already. Data for your peers is modified information but as said earlier, it is still especially useful to management, Marketing, those working on your bank’s strategic plan, everyone analyzing fair lending and certainly Compliance. A sound recap and analysis of the data available will be a compliance value-added exercise to the bank for the information you need to know anyway.

Review the Beginner’s Guide mentioned just above as it takes a user through the steps to apply the filters and it has additional instructions with graphics to help you use Excel and Pivot Tables to get the most out of your analysis. In total this is a 29-page PDF that will help ignite your analytical curiosity and provide needed information to your bank. Compare your results, especially those government monitoring demographics, to the breakdown for your market areas. That is, if your area is X percent white, Y percent Black and Z percent Asian, how do your applications correlate to those numbers, and your approved loans, and do not forget the denials and withdrawn applications. Based on the HMDA data tables available annually from the CFPB and ideas of key data points gleaned from enforcement actions and CRA Performance Evaluations, choose the data you want to focus on.

While you can do peer comparisons only annually, you can track your bank’s progress using quarterly updates to further refine corrective actions. Then determine how your numbers compare to peers. Does this analysis indicate strengths, weaknesses, and areas upon which you can improve? The lending data you arrive at should influence or confirm what you are doing with marketing activities, lending policies, and exceptions being made, and may shed light on complaints.

Here are some high-level observations about the 2022 HMDA data that are of interest.

  • The 2022 LAR data includes information on 14.3 million home loan applications.
  • 5 million applications (82 percent) were for closed-end credit, while 2.5 million (18 percent) were for open-end products.
  • As to the aggregate demographics of the borrowers’ race and ethnicity, the portion of closed-end home purchase loans made to Black borrowers rose from 7.9 percent in 2021 to 8.1 percent in 2022. The portion made to Hispanic borrowers decreased slightly from 9.2 percent to 9.1 percent, and those made to Asian borrowers increased from 7.1 percent to 7.6 percent.
  • In 2022, Black and Hispanic applicants experienced denial rates for home purchase loans of 16.4 percent and 11.1 percent respectively, while the denial rates for Asian and non-Hispanic White applicants were 9.2 percent and 5.8 percent, respectively.

After management has had an opportunity to study the data, your board of directors should receive a high-level summary of where you are and where the data will be taking you. This is an opportunity to influence the confidence they have in your abilities and the resources available for your compliance management program.

Personal Responsibility

By Andy Zavoina

If you have taught regulatory requirements before, you likely mentioned the potential penalties for noncompliance. As an example, Reg B has penalties for noncompliance in § 1002.16(b) that include Actual damages in individual or class actions – without a limit, and Punitive damages in individual or class actions, where liability for punitive damages is limited to $10,000 in individual actions and the lesser of $500,000 or 1 percent of the lender’s net worth in class actions.

By the time an instructor gets to this part of the presentation the listener’s eyes are glazing over and they hear Charlie Brown’s teacher saying, “never has happened, don’t worry, the bank gets penalized not the employee or officer.” But that is not always the case, and it is often wise to remind everyone of that, from the newest teller to that longest-standing director on the board. Everyone in the bank is responsible for ethical behavior and compliance. And while everyone has a boss they report to, I remind officers of a bank that they work for the bank, and not necessarily for their boss. This is especially important for those in the role of auditor and those responsible for compliant and ethical performance evaluations. Just as in the military, we follow instructions, but we also trust that no “illegal” orders will be given.

It may have seemed harmless initially, but let’s look back at Wells Fargo for a moment. A few years ago, Wells Fargo’s troubles really came to the forefront when the bank was accused of, among other things, opening accounts for consumers without those consumers’ requests or consents. At the center was a push to meet lofty sales goals. In September 2016, the bank agreed to pay a $185 million fine and return $5 million in fees wrongly charged to customers. The problem originated with bank employees allegedly opening more than two million deposit and credit card accounts without customers’ permission. Wells Fargo’s ex-CEO John Stumpf apologized during a congressional hearing in which he accepted the blame saying, “I accept full responsibility for all unethical sales practices.”  In the long term, however, 5,300 Wells Fargo employees lost their jobs because of the practices employed.

A personal observation of mine was that because the employees created the accounts without authorization and moved deposits to and from the accounts to activate them, I could have seen a case for identity theft and fraud against those employees. Thankfully, I never heard of that happening and the root of the problem was not the employees’ actions, but the push to meet goals and the potential that “illegal orders” were given or at least insinuated. Here are three examples of how unethical sales practices sprang from minor unethical compromises.

  1. A new accounts representative is under pressure to meet sales goals and pushes a customer to add a credit card, even though the rep knows it’s not in the customer’s best interest and was not requested.
  2. As the month progresses, the rep is short of the goal and asks friends and family to open new accounts. These accounts served one purpose – to inflate account production numbers. In reality, the bank staff spent time programming these new accounts which were closed shortly thereafter, and the cost was greater than the income that was never produced.
  3. With the account production goal still out of reach, the rep opens accounts without asking customers and transfers a small amount of money. These accounts are also closed shortly after opening and the money is transferred back. Customers may question what happened but when they see the funds transferred back, why frustrate themselves by calling the bank to complain and inquire as to what happened?

But to be clear, Wells Fargo was not alone, they were just the first big bank to gain national coverage for unethical and illegal practices surrounding creating deposit and credit accounts that were not requested by the consumer’s whose names they carried. Fifth Third was accused of this and In March 2020 the CFPB initiated a suit against that bank. The complaint alleged that Fifth Third’s cross-selling practices, which included sales goals and an incentive-compensation program, caused Fifth Third’s employees to open new consumer accounts for existing customers without their knowledge or consent. The CFPB alleged that such conduct in certain respects was unfair and abusive (yes, a UDA(A)P issue) and that issuing unauthorized credit cards and opening deposit accounts without required disclosures violated Reg Z and Reg DD.

Fast forward to July 2023, when the OCC and CFPB ordered Bank of America to pay $100M in consumer redress and $150M in fines for and an out-of-control incentive program that resulted in unauthorized account openings, credit reports, etc., which is a basic rehash of the problems at Wells Fargo and Fifth Third. These were not the only issues, as the Bank of America action also cites junk fees relating to multiple presentments of NSF items and for mismanagement of credit card systems. As it typically happens, many regulatory and ethical violations are part of a snowball that grows as the investigation continues and additional violations are uncovered or found to have evolved, such as the failure to make disclosures on an account that was fraudulently opened anyway.

Let’s look closer at one case of a former executive involved in the Wells Fargo case. Carrie Tolstedt was an executive, or THE executive, accused of overseeing programs that resulted in the millions of fraudulent customer accounts at Wells. In March 2023, she agreed to plead guilty to criminal charges which could impose actual prison time. In her agreement with the court, she will serve a 16-month prison sentence for obstructing regulators’ investigations into abusive sales practices that culminated in the bank paying what has turned into billions of dollars in fines. Tolstedt also agreed to pay a $17 million fine in a separate settlement with the OCC that also bans her from working again in the banking industry. BankersOnline covered this in its Top Story at

Tolstedt was not alone in the list of executives who fell as a result of the new account production goals that were virtually unattainable. These goals were emphasized with a slogan of “eight is great.” That was, each customer should have eight separate accounts at the bank. Why eight? It was said that was selected because it rhymed with “great.”

Take a moment to look at your product offerings and try to determine what sales techniques you could use to accomplish this. Now reconsider it as if your job is on the line as it was for the 5,300 former employees who talked of supervisors screaming at them to meet the goals. They were told if they could not meet their goal, they would be working at McDonald’s. Those missing goals would have what was essentially an after-school detention and were often tasked with “call sessions” on Saturdays. Presumably, these sessions were to make calls and hone sales skills. Employees in many cases either reverted to unethical and illegal techniques or were embarrassed in front of their peers, demoted, or fired. In the three-step process to meet goals, consider that some new accounts reps were able to meet goals. Now the pressure was up because others had to employ the same tactics. And that culture fed on itself and has caused huge fines to be imposed as well as direct personal responsibility. Goals should be realistic, and rules should be well known and to police the rules, controls must be in place.

Forms Update

By Andy Zavoina

We are in the heat of summer as this edition of Legal Briefs goes to the presses, but it is a perfect time to get a pesky change out of the way. Often this might be something to do at year end, but as some banks prepare for 1071 changes, and the normal year-end tasks followed by HMDA submissions will all be coming about at the same time, why wait? These changes impact Reg B’s Adverse Action Notices, some Fair Credit Reporting Act disclosures, and a bit of Reg E. There were several others, but we will cover in detail what impacts our banks.

If you use preprinted forms that will change, you will want to use up any supply and not reorder any bulk that may not be used by the mandatory compliance date. You will want to get the new addresses on your next order. And if you need to have a forms vendor program the changes, well, they will be busy at year-end and beginning of 2024 too, so just get this out of the way so you can enjoy summer.

Change management is what I’m speaking of and notices – disclosure changes. On March 20, 2023, the CFPB published a Final Rule in the Federal Register. Look for Vol. 88, No. 53, Monday, March 20, 2023, and page 16531 if you want all the details. The “Regulations” pages on also reflect these changes. These were considered non-substantive corrections and updates. The “Cliff Notes” version of the changes simply tells you that some regulatory agencies have had address changes for notices you provide to your customers and those disclosures and notices need to be corrected. The effective date for optional compliance has passed. It was April 19, 2023, so you may comply now, but compliance with these changes is not mandatory until March 20, 2024. Again, why wait and risk this falling through the cracks?

Reg B and Adverse Action Notices
The most significant change for banks is under Reg B. Appendix A, which lists contact information for the CFPB, OCC, FDIC, National Credit Union Administration (NCUA), Federal Trade Commission (FTC), and other agencies. (The Federal Reserve is listed but did not change.) This contact information listed must be included in Reg B adverse action notices. This is separate from the FCRA disclosure many banks have combined onto the Reg B, adverse action notices. The two are called the same thing but have different disclosure rules and content. The FCRA notice on Reg B’s forms has not changed, although there is an FCRA change noted below.

The OCC regulated institutions should be showing the following:

Office of the Comptroller of the Currency
Customer Assistance Group
P.O. Box 53570
Houston, TX 77052

The FDIC regulated institutions should be showing the following:

Division of Depositor and Consumer Protection
National Center for Consumer and Depositor Assistance
Federal Deposit Insurance Corporation
1100 Walnut Street, Box #11
Kansas City, MO 64106.

The CFPB regulated institutions should be showing the following:

 Bureau of Consumer Financial Protection
1700 G Street NW
Washington DC 20552

And without change but for the record and accountability in case you want to check, the FRB regulated institutions should be showing the following:

Federal Reserve Consumer Help Center
P.O. Box 1200
Minneapolis, MN 55480

The CFPB also corrected its contact information in Reg B’s Appendix D, for the process for requesting official CFPB interpretations of Reg B. The same address below is applicable for Reg E interpretations. The difference between the old and new addresses was a change in the ZIP code.

A request for an official interpretation should be in writing and addressed to:

Assistant Director, Office of Regulations,
Division of Research, Monitoring, and Regulations,
Bureau of Consumer Financial Protection,
1700 G Street, NW
Washington, DC 20552

Fair Credit Reporting Act
In Reg. V and the Fair Credit Reporting Act (FCRA), the CFPB amended the model form in Appendix K for the “Summary of Consumer Rights” to correct the contact information for various agencies, including the OCC, FDIC, and NCUA. Those addresses are on the form itself. A Word version is in a link on the BankersOnline, Regulations page. Consumer reporting agencies must provide the Summary form when making written disclosure of information from a consumer’s file or providing a credit score to a consumer. Most importantly, this Summary must also be provided by Human Resources at your bank, before obtaining  an investigative consumer report (under 1681d(a)(1)), and with pre-adverse action notices for employment purposes (under 1681b(b)(3)). As Compliance and/or Internal Audit complete a periodic FCRA audit this is one of those potential “gotchas” you want to look at to ensure the procedures are correct for providing these notices if someone is denied employment or a promotion, as examples, based on a credit report.

Real Estate Settlement Protections Act
In Reg. X, the Real Estate Settlement Protections Act (RESPA), the CFPB has corrected its contact information in the definition of “Public Guidance Documents” in section 1024.2(b) and in the introductory section of Supplement I, which provides the procedure for requesting copies of public guidance documents from the CFPB and the procedure for requesting official CFPB interpretations of Regulation X.

Truth in Savings Act
In Reg. DD, and the Truth in Savings Act (TISA), the CFPB has corrected its contact information in Appendix C, which provides the procedure for requesting a determination from the CFPB regarding whether a state law is inconsistent with TISA and Regulation DD.

Truth in Lending Act
In Reg. Z, the Truth in Lending Act (TILA), the Bureau has corrected its contact information in Appendices A, B, and C which provide the procedures for requesting a determination from the CFPB regarding whether a state law is inconsistent with or substantially the same as TILA and Reg Z, the process for a state to apply to the CFPB to exempt a class of transactions from TILA and Reg Z, and the process for requesting official CFPB interpretations of Reg Z.  In Appendix J, the CFPB has corrected its postal address for requests to the CFPB for APR calculation tables and to add a URL on its website at which the tables can be accessed.

July 2023 OBA Legal Briefs

  • Appraisal bias – Part II
  • Reconsideration of value
  • 1071 – Small Business Lending Rule, Basics


Appraisal bias – Part II

By Andy Zavoina

In March 2021 HUD approved a settlement between JPMorgan Chase and an African American woman over appraisal bias. There was no admission of fault on Chase’s side, but the bank agreed to pay the woman $50,000, and to improve and increase training of its staff, particularly on Reconsideration of Value (“ROV”) processes related to appraisals. The training includes specifics on how to manage complaints of discrimination in the appraisal process and the process for customers to submit an ROV request. The CFPB has said a lender’s reconsideration of value process must ensure that all borrowers have an opportunity to explain why they believe that a valuation is inaccurate and the benefit of a reconsideration to determine whether an adjustment is appropriate.

An ROV is a request to the appraiser to reconsider the analysis and conclusions the appraisal was based on and potentially information not presented in the appraisal report. Only the lender may request an ROV from an appraiser on the borrower’s behalf and most would be due to the appraised value being less than what the seller or borrower desires. ROVs became common vernacular when appraisal bias was in the news and in the courts and many regulators believe it should be routinely discussed with borrowers now.

Back to that Chase settlement, one provision of the agreement is that when a borrower gets a copy of the appraisal as required by Reg B, they’ll also get a cover letter and part of it will say:

Chase is committed to maintaining appraiser independence and preventing attempts to influence appraisers in the preparation of appraisal reports, as well as avoiding any discrimination or bias in the appraisal process. If you believe that any person has attempted to influence the appraiser in the preparation of the appraisal of your property or have any concerns with the reliability or credibility of the appraisal, please contact Chase mortgage support by calling 1-855-242-7346 Option “0”, as soon as possible to report any concerns of discrimination or bias or to discuss your options to contest the reliability of the appraisal.

Appraisals will be changing. On May 5, 2023, the Appraisal Standards Board voted to adopt the Fifth Exposure Draft of proposed changes to the Uniform Standards of Professional Appraisal Practice. Exposure drafts are developed by the Appraisal Standards Board and released for public comment. The new edition will be available this fall and will become effective on January 1, 2024. Press releases did not highlight the changes and I have not seen the draft yet, but bankers doing appraisal reviews should review it, and look for educational opportunities on them when finalized. ROVs and appraisal bias will be of special interest, although I did not find these in a keyword search of the latest draft. The Fifth Exposure Draft is available here, and the Appraisal Foundation says on its website that even if the comment period is over, and this draft closed in April, they still welcome comments on the rules.

Reconsideration of value

By Andy Zavoina

Well, no sooner than we went to press with last month’s Legal Briefs discussing appraisal bias and the regulatory agencies, the Office of the Comptroller of the Currency (OCC), Federal Reserve Board (FRB), Federal Deposit Insurance Corporation (FDIC), Consumer Financial Protection Bureau (CFPB) and even the National Credit Union Administration (NCUA) (collectively referred to as the regulators) issued proposed guidance on Reconsiderations of Value (ROV) of Residential Real Estate Valuations. This is just an interagency proposal, but because your bank has compliance obligations today under anti-discriminatory laws and regulations, if you do not already have a compliance and risk management plan to deal with this issue, this proposal will certainly help you with interim steps to comply. By interim steps, I recommend you take your existing policy and procedures and consider incorporating key compliance techniques here, or if you are starting from nothing, use these recommendations as a starter document to help you comply with the existing requirements today. Starting from scratch is not a bad thing, because the agencies do not currently have any uniform ROV guidance.

This proposal will be a new concept to many lenders and contains and alters no existing law or regulation; it simply helps your bank to direct compliance actions to requirements that you already have, and where you may not have recognized there was a specific need. You may ask, “is there really a need?” The answer is a resounding Yes. Just refer to last month’s Legal Briefs. Mortgage applicants may ask about it, appraisal rules are being altered to comply, and since each of the federal regulators is a part of this guidance proposal, you can expect your examiners to ask what your bank is doing, are you proactive on these compliance needs, and how often you may have heard from an applicant who disagreed with an appraisal, so it is known that your bank actively seeks out compliant appraisals.

I will refer to the applicant as an interested party, but the guidance is focused on consumers. These terms should be used interchangeably and recognize that this could be a buyer or seller and a claim of a discriminatory process carries weight regardless of who it is from. And to be clear, in this context an appraisal includes any valuation your bank is using. I believe the “proactive” issue here may be the most important for many banks. You cannot afford to wait until there is a problem or until your examiners recommend you take action.

The proposal can be found here, As of this writing it has not been published in the Federal Register, but it will be, and banks will have 60 days to comment. The proposal contains all the information to include objectives and where to send your comments to each agency. With this pre-release you may start gathering thoughts now as to if and what you would comment on. We will point out some of the objectives below, but there are nuggets of compliance ideas in this proposal regardless. So, improve your existing procedures with these nuggets today, and finalize them in approved policies and procedures after the guidance is finalized.

Your bank is now aware that there have been obvious appraisal issues affecting the mortgage loan process and discriminatory practices whether they were overt, covert, or just the way the numbers came out, as some appraisers have put it. This is not a solution in search of a problem. Examinations and complaints indicate this is a nationwide problem. Two questions to ask are, have you experienced this discriminatory practice, and would you have recognized it if you had seen it? Appraisal reviews may need enhanced procedures. Applicants may need to be aware of their rights. And absolutely all mortgage lenders and those involved in the appraisal process must be cognizant of their responsibilities both to the applicant and the appraiser.

This proposed guidance describes how financial institutions may create or improve ROV processes that comply with existing laws and regulations yet preserve appraiser independence, which is an equally key element required in the mortgage lending process. You do not want to jump from the frying pan into the fire as you conduct ROV processes.

Comments requested on specific issues in the proposal aside, let’s look at some of those nuggets that you may use to improve compliance procedures surrounding appraisals immediately.

Justification – Issues to Mitigate

In October 2022, the CFPB blogged an opinion piece, “Mortgage Borrowers Can Challenge Inaccurate Appraisals Through the Reconsideration of Value Process, clearly stating that applicants have rights to contest a valuation. (Also refer to June 2023’s Legal Briefs.) In June 2023, the FDIC also published its “FDIC Consumer News,” in which it states when appraisals are required, and the applicant will pay some or all the costs. It goes on to explain, “Once the appraisal has been completed, a lender is required to provide you with a copy of the appraisal as soon as reasonably possible, but no later than three days prior to closing. Therefore, if you receive an appraisal that you suspect has inaccuracies that affect the resulting value, some initial work on your part may help to expedite a secondary review of the valuation and assist in closing on time.

“One thing you can do to prepare is to ask your lender early in the loan process whether they have a process for re-analyzing an appraisal, particularly if a consumer provides information that may affect the valuation. This process of re-analyzing an appraisal is also known as a reconsideration of value. If your lender has such a process, ask what information they will need and what their procedures are to request a reconsideration of value. Also, to set expectations, find out how the lender will keep you informed about the status of the review of the information you provide and of any action the lender may take to address your concerns.”  It later states, “If you believe your property appraisal was not accurate, suspect any possible discrimination in the lending process, or have an appraisal-specific complaint, you should contact your lender to request reconsideration of value, if they have a process to do so, or to file a complaint regarding the appraisal with the lender if they do not.

“If you believe that the lender has not addressed your concerns, you can contact the lender’s primary federal regulator.”

Consumers are being made aware of the ability to dispute an appraised value and essentially encouraged to do so. This challenge may be made when they feel the valuation was completed with a bias or simply errors. Improperly completed appraisals may devalue the collateral. These could be caused by errors, omissions, poor comparable properties, or discrimination, all of which may affect the final valuation as being either incorrectly stated high or low. Undervaluing a property value can have long reaching negative effects and overvaluing it could be a safety and soundness issue for the lender. (Also refer to the Interagency Appraisal and Evaluation Guidelines, 75 FR 77450 (Dec. 10, 2010)). If an appraisal is questioned, corrective actions may include ordering a second appraisal or attempting to resolve the issue with the appraiser directly. Let’s assume the bank has discussed any noted shortcomings with the appraiser that both the bank and applicant brought to light and they have not adjusted it to your satisfaction.

It makes sense that the proposed guidance says that an ROV is a request from the financial institution to the appraiser to reassess the report based on potential deficiencies or other information that may have affected the value. It does not say any other party may make that request and because the financial institution made the request and understands the importance of appraiser independence, we will hope this also makes the final guidance.

The goal is to design an ROV procedure which is consistent with safety and soundness requirements, complies with pertinent laws and regulations, respects the appraiser independence requirements, and responds in a suitable manner to the applicants. The proposed guidance will assist you, as it has four intentions.

  1.  It describes the risks when collateral valuations are incorrect.
  2.  It outlines applicable statutes, regulations, and existing guidance that govern ROVs and collateral valuations.
  3.  It explains how ROV processes and controls can be incorporated into existing risk management functions, such as your appraisal review and complaint management programs.
  4.  It provides examples of ROV policies, procedures, and controls.

As you begin to outline your policy and procedures, consider these elements:

Why. Accurate valuations of all collateral, especially for mortgage loans, are essential to the loan process.

What. Deficiencies identified in appraisals, whether through appraisal review processes or from the applicant-provided information, may be a basis for financial institutions to question the credibility of the appraisal or valuation report.

How. Anyone reviewing the appraisal, whether for the bank or the applicant, may believe the valuation is biased based on some form of:

  • discrimination,
  • errors or omissions,
  • valuation methods,
  • assumptions,
  • data sources, or
  • conclusions that are otherwise unreasonable, unsupported, unrealistic, or inappropriate.

Laws, Regulations and Guidance

Resources for your policy and procedures should include meeting the compliance requirements of the following:

  • Equal Credit Opportunity Act (ECOA) and Reg B. These prohibit discrimination in any aspect of a credit transaction, and the valuation is a part of the transaction.
  • Fair Housing Act, as it prohibits discrimination in all aspects of residential real estate-related transactions.
  • Unfair, Deceptive, or Abusive Acts or Practices UDA(A)P – Section 5 of the Federal Trade Commission Act (UDAP) which prohibits unfair or deceptive acts or practices and the “Abusive” addition from the Consumer Financial Protection Act which prohibits any covered person or service provider of a covered person from engaging in any unfair, deceptive, or abusive act or practice. Undervaluing property deprives the borrower and potentially a seller of funds which translates into many issues such as wealth, funds for education, business, home improvements, etc.
  • Truth in Lending Act (TILA) and Reg Z, which prohibit compensation, coercion, extortion, bribery, or other efforts that may impede the appraiser’s independent valuation in connection with any covered transaction.However, Reg Z explicitly clarifies that it is permissible for covered persons (which includes creditors, mortgage brokers, appraisers, appraisal management companies, real estate agents, and other persons that provide “settlement services” per RESPA and Reg X) to request the preparer of the valuation to consider additional, appropriate property information, including to, among other things, request the preparer of the valuation to consider additional, appropriate property information, including information on comparable properties or to correct errors in the appraisal.
  • The appraisal regulations issued by the regulatory agencies require these valuations to conform to the Uniform Standards of Professional Appraisal Practice (USPAP) (the latter is currently being revised and may be finalized for use in January 2024). USPAP requires compliance with ECOA and the FH Act.

The proposal reminds bankers that they are to conduct an independent review prior to providing the consumer with a copy of the appraisal. Additional review may be warranted if the consumer provides information that could affect the value conclusion or if deficiencies are identified in the original appraisal. This in itself justifies an ROV based on the applicant’s request, but the bank must continue respecting the appraiser’s independence.

If during the review process or based on information from the applicant, you determine that the appraisal does not meet the minimum standards outlined in the appraisal regulations and if the deficiencies remain uncorrected, that appraisal cannot be used as part of the loan decision.

When this issue arises, there are three actions the bank may employ as corrective action.

  • Resolve the deficiencies directly with the appraiser.
  • Use an independent party who is qualified (perhaps a state certified or licensed appraiser) to review the valuation and the suspected deficiencies.
  • Obtain a second appraisal.

Authority vs. Responsibility

As with all vendor/third party relationships, the bank may delegate its authority to act for the bank, but the responsibility for compliance with all laws and regulations remains with the bank. That is the reason any appraisal potentially tainted with a discriminatory bias must be resolved.

ROV Policy & Procedures

Any of three issues may trigger an ROV process. There may be discrepancies found during the bank’s review activities, after a complaint or other information is received from the applicant, or any request to the loan officer or other lender representative.

The ROV must be requested by the bank. When there are potential issues either from the bank’s review or the applicant’s complaint, the bank must understand the issues and react accordingly. The Interagency Appraisal and Evaluation Guidelines from December 2010 state, “An institution should establish policies and procedures for resolving any inaccuracies or weaknesses in an appraisal or evaluation identified through the review process, including procedures for:

  • Communicating the noted deficiencies to and requesting correction of such deficiencies by the appraiser or person who prepared the evaluation.
  • An institution should implement adequate internal controls to ensure that such communications do not result in any coercion or undue influence on the appraiser or person who performed the evaluation.
  • Addressing significant deficiencies in the appraisal that could not be resolved with the original appraiser by obtaining a second appraisal or relying on a review that complies with Standards Rule 3 of USPAP and is performed by an appropriately qualified and competent state certified or licensed appraiser prior to the final credit decision.
  • Replacing evaluations prior to the credit decision that do not provide credible results or lack sufficient information to support the final credit decision.”

The applicant will typically receive their copy of the appraisal after the bank has completed its review. Chronologically then, the bank will have had its opportunity to review the appraisal and have any discrepancies it found corrected. That last version is what goes to the applicant.

The applicant may then place a complaint or inquiry preferably denoting specific, verifiable information which was not in the final appraisal either because it was omitted or was not available at the time the appraisal was being completed. This may include such things as‚ including comparable properties which were not identified in the appraisal, specific characteristics of property being evaluated, or other information about the property that may have been incorrectly reported or was not considered but may affect the valuation.

If your bank has a Complaint and Inquiry Procedure to compliment UDA(A)P, your ROV procedures may refer to that, or that Complaint Procedure may refer to the ROV procedure in these specific instances, but one should refer to the other for reasons of accountability. I do not recommend being redundant as one of the two may be revised at some point and then the procedures would be out of sync and potentially lead to confusion and noncompliance. That is not desired, but what is important is that the bank has an effective policy and procedure for UDA(A)P and discrimination/ROV issues. The Complaint and Inquiry procedures should be already established and should record desired information broadly about all products and services as well as who complained, why, where, how, and the resolution with both start and end dates to ensure the bank’s actions were timely. The reason a separate procedure may be desired for ROVs is because of the sensitivity of the complaint, the necessary skillset to respect the appraiser’s independence and the prescribed steps required while also considering the pending loan request.

The Appraisal Bias Part I from June 2023, and the Appraisal Bias Part II in this month’s issue each support the reasons why this deserves immediate attention and without waiting for final guidance from the regulators. Basing the bank’s corrective actions on the three resolution methods above should be described in your procedures so there is a roadmap for staff to follow.

The proposal also makes suggestions you can use while developing your risk-based ROV policies, procedures, control systems, and complaint processes that identify, address, and mitigate the risk of problematic appraisals that may involve prohibited discrimination. Here are the eight topics with six additional subtopics:

  • Consider ROVs as a possible resolution for consumer complaints related to residential property valuations.
  • Consider whether any information or other process requirements related to a consumer’s request for a financial institution to initiate an ROV create unreasonable barriers or discourage consumers from requesting an ROV.
  • Establish a process that provides for the identification, management, analysis, escalation, and resolution of valuation related complaints across all relevant lines of business, from various channels and sources (such as letters, phone calls, in person, regulators, third-party service providers, emails, and social media).
  • Establish a process to inform consumers how to raise concerns about the valuation sufficiently early enough in the underwriting process for any errors or issues to be resolved before a final credit decision is made. This may include suggesting to consumers the type of information they may provide when communicating with the financial institution about potential valuation deficiencies.
  • Identify stakeholders and clearly outline each business unit’s roles and responsibilities for processing an ROV request (e.g., loan origination, processing, underwriting, collateral valuation, compliance, customer experience or complaints).
  • Establish risk-based ROV systems that route the request to the appropriate business unit (e.g., ROV requests that allege discrimination could be routed to the appropriate compliance, legal, and appraisal review staff that have the requisite skills and authority to research and resolve the request).
  • Establish standardized processes to increase the consistency of consideration of requests for ROVs:
    • Use clear, plain language in notices to consumers of how they may request the ROV;
    • Use clear, plain language in ROV policies that provide a consistent process for the consumer, appraiser, and internal stakeholders;
    • Establish guidelines for the information the financial institution may need to initiate the ROV process;
    • Establish timelines in the complaint or ROV process for when milestones need to be achieved;
    • Establish guidelines for when a second appraisal could be ordered and who assumes the cost; and
    • Establish protocols for communicating the status of the complaint or ROV and results to consumers.
  • Ensure relevant lending- and valuation-related staff, inclusive of third parties (e.g., appraisal management companies, fee-appraisers, mortgage brokers, and mortgage servicers) are trained to identify deficiencies (inclusive of prohibited discriminatory practices) through the valuation review process.

Automated Valuation Models

The problem of appraisal bias in residential real estate appraisals has been a hot topic for regulators and promises to continue as it is fueled by court cases, complaints, and settlements with regulatory agencies like the Federal Housing Administration, and as they are reported by the news media and social media. This proposed ROV guidance follows by a week a proposed rule with a request for comments to implement quality control standards for automated valuation models (AVMs). Third-party relationships and tools used for mortgage loans are under scrutiny. That AVM proposal – request is at This AVM proposal would require mortgage originators and secondary market insurers that use AVMs to adhere to quality control standards designed to:

1) ensure a high level of confidence in the estimates,

2) protect against the manipulation of data,

3) seek to avoid conflicts of interest,

4) require random sample testing and reviews, and

5) comply with applicable nondiscrimination laws.

1071 – Small Business Lending Rule, Basics

By Andy Zavoina

Is 1071 approaching and do you need to worry about it yet? The answer is, “it depends” because there are many variables. There are optional compliance dates and mandatory dates. We will focus on the mandatory for now. The final rule, which is Subpart B of Regulation B, was issued in March of this year. Banks can begin collecting data as early as October 2023, but for the higher tier banks mandatory collection begins in October 2024. The smallest tier is required to begin collection in January 2026. 2026 you say! Yes, if you are in the smallest tier, you have a lot of work to do, but 1071 is not an immediate front-burner task on your to-do list. The immediate task is to know where you fall in the tier breakout so you know when you will be required to begin reporting. To define your tier, you have to know how many qualified loans your bank has made in the immediate past, and therefore you have to know what a covered loan is.

Covered Loans

Sometimes compliance definitions are basic, like Reg Z and its definition of closed end credit, “Closed-end credit means consumer credit other than ‘open-end credit’.“ That’s a very basic definition and fortunately we do get a little more in Regulation B describing a covered loan under Subpart B, but just a little more. The term “covered credit transaction” includes all business credit (including loans, lines of credit, credit cards, and merchant cash advances) unless otherwise excluded under § 1002.104(b). So, all business loans unless excluded. So, what is excluded?

  • Trade credit, (The financing arrangement between businesses for goods or services from without immediate payment in full. This will not likely hit your radar. The CFPB has opined this trade credit as being a business loan and will add the relationship between franchisees and franchisors to its purview with the lending entity considered a financial institution);
  • HMDA-reportable transactions (Yes – if you are not a HMDA bank, you need to learn what these are);
  • Insurance premium financing, (generally financing when a business agrees to repay a bank the proceeds advanced to an insurer for payment of the premium on the business’s insurance contract and the business assigns to the bank certain rights, obligations, and/or considerations in its insurance contract to secure repayment of the advanced proceeds);
  • Public utilities credit (see 1002.3(a)(1));
  • Securities credit (see 1002.3(b)(1)); and
  • Incidental credit (see 1002.3(c)(1), but without regard to whether the credit is consumer credit, is extended by a creditor, or is extended to a consumer).

A covered origination is a covered credit transaction that the financial institution (your bank) originated to a small business. Refinancings can be covered originations. (A refi is a loan created when an existing loan is satisfied and replaced by a new one by the same borrower.)  Note, extensions, renewals, and other amendments of existing transactions are not considered covered originations even if they increase the credit line or credit amount of the existing transaction.

Tier 1
If your bank originated at least 2,500 covered loans in both 2022 and 2023, you must begin collecting data and otherwise complying with the final rule on October 1, 2024.

Tier 2
If your bank originated 500 to 2,499 covered loans in both 2022 and 2023 and at least 100 in 2024, you must begin collecting data and otherwise complying with the final rule on April 1, 2025.

Tier 3
If your bank originated at least 100 covered loans in both 2024 and 2025, you must begin collecting data and otherwise complying with the final rule on January 1, 2026.

Guidance Documents – Tools

Above we note that “trade credit” is likely something your bank will not be involved in. It isn’t impossible, but it is not likely in my experience. The CFPB offered this guidance as its interpretation rather than formally update the Reg B interpretations/commentary. You can find the rule, FAQs, a data points chart, a key dates chart  and more on the CFPB’s resource page  here to help guide you through creating your 1071 Small Business Lending Rule implementation process.


June 2023 OBA Legal Briefs

  • Appraisal Bias, ECOA, FHA and USPAP
  • Changes in UCCC amounts effective 7/1/23

Appraisal Bias, ECOA, FHA and USPAP

By Andy Zavoina

Appraisal bias is a new big thing. Well, not brand new. It has been a problem for a few years and the current thrust is to promote an understanding of the rules and the results when an appraisal is done with fairness and accuracy in mind.

I recently attended a BOL Learning Connect webinar entitled, “Building a Safe & Sound Real Estate Program” by noted speaker and appraiser Eric Collinsworth. He started a segment on appraisal bias by referring to an interagency task force and PAVE, which stands for Property Appraisal and Valuation Equity. One of the task force’s major goals is to address “the persistent mis-valuation and undervaluation of properties experienced by families and communities of color.”

This task force also relates to actions from the Biden Administration, which said early on its goals include equal opportunity. In a 42-page National Strategy on Gender Equity and Equality it was stated that, “Women face barriers in access to consumer loans and other credit products, and women business owners have less access to capital. These inequalities compound over the course of a woman’s lifetime, jeopardizing her financial security later in life and affecting the generations that follow.”

It was also noted in Feb 2022 by that, “To increase equitable access to loans, mortgages, and other lending for home-buying and renting, HUD began the process to restore the discriminatory effects rule to protect against housing policies, such as zoning requirements, lending and property insurance policies, criminal records policies, and others that have a disparate impact by race. Also, HUD issued a letter encouraging lenders to devise special purpose credit programs to remedy racial inequities in homeownership.” This philosophy of reducing barriers to allow consumers and their families and heirs to access equity and to pass it on to future generations to build wealth is also a part of the impetus behind eliminating appraisal bias. also noted, “Racial discrimination and injustice have entrenched stark racial disparities in homeownership rates and home values. Homeownership rates for Black Americans amount to 44 percent, well below the rates for white Americans at 74 percent and behind the national average of 65 percent. Hispanic and Asian, Native Hawaiian, and Pacific Islander (AAPI) people also own homes at rates lower than the national average, at 48 percent and 60 percent, respectively.”

Generally speaking, a home is often the largest single purchase the average American makes. We’ve all heard that home values only go up. While this is not a rule, it is generally true over time. And this increased value and decreasing debt against a home do combine to build wealth and provide wealth to the next generation often inheriting a home. The equity in a home can be used for many things that further build wealth and provide for a higher quality of life. This is one reason so many in the industry see appraisal bias as a major factor.

Carla Duffy’s appraisals

In 2021 National Public Radio ran a segment on appraisal bias. In Indianapolis, Indiana, Carla Duffy has a three-bedroom home in a historic Black neighborhood. The home had been completely renovated and was across from an attractive and well-maintained park. She purchased the home four years prior for $100,000. Duffy felt based on the renovation, appreciation, and low interest rates it was a good time to use her equity from a refinance to help her daughter renovate and improve her home. Duffy had an appraisal done and it indicated her home was worth $125,000. This is a thorough way to ascertain a value, but Duffy was not convinced the appraisal was accurate. She decided to get a market analysis as a way to verify the value and it indicated her home was worth $187,000. The latter is not an appraisal, but a 50 percent higher value was more of what she felt the home was worth. So, believing the first appraisal was low for some reason, and wanting the credibility an appraisal brings, she had a second appraisal done just a few months later. This one came in $15,000 lower than the first.

Duffy was persistent and had a theory. She applied with a different lender for a refinance and this time she omitted her gender and racial information from the government monitoring information section of her application. And before this third appraisal was done, she “cleaned” the home of racial indicators like family photos, and had a white friend of the family, a male, at her home to meet the appraiser when he came to view the property.

The third appraisal shocked Duffy – but this time in a good way. This appraisal came back with a value of $259,000. That is 107 percent higher than the first appraisal and 135 percent higher than the second. When a borrower wants to consolidate debt, purchase a car, or start a business as three common examples of equity funds use, those are significant differences. Just for the purposes of asset valuation, such disparities are very significant and obviously contribute to the wealth gap reported between whites and minorities.

Several housing studies have shown this, and cumulatively the Brookings Institute estimates Black people have lost an estimated $156 billion dollars. The effect of a discriminatory practice impacts more than the current owner; everyone is touched by how the equity is used in the homes. In this case, Duffy said, “the thing devaluing her home, was her” and she knew this was not right. She filed a complaint with HUD against two of the lenders.

The appraiser providing Duffy’s lowest appraised value commented on the story. He said his values are data driven and he couldn’t change the value if he wanted to because he cannot change the data. He explained that he prepares every appraisal with the knowledge that he may have to defend his results to peers and others, and this was no exception.

Gwen and Lorenzo Mitchell

One may read the Duffy story and believe this is surely an isolated incident – an anomaly. But let’s move to Denver, Colorado. The Philadelphia Inquirer ran a story on January 27, 2021, about Gwen and Lorenzo Mitchell. Their three-bedroom house sits in a racially diverse area where homes typically sell for $450,000 to $550,000. The couple estimated their home would appraise for about $500,000. Values had been going up and they saw this as an opportunity to refinance because they were in a strong housing market. Lorenzo was home with their three kids when the appraiser was there. Lorenzo is Black, and the home appraisal came back at $405,000. That seemed low. The comps were all taken from north of Martin Luther King Boulevard — a dividing line, if you will, between a predominantly Black neighborhood where the comps were, even though the Mitchells’ home is south of the boulevard in a more diverse area. That was a red flag to the Mitchells. So, they ordered a second appraisal. This time, only Gwen was home during the appraisal visit, and Gwen is white. This appraisal came back with a value of $550,000. That is a $145,000 increase in value, almost 36 percent. That’s quite a discrepancy, and there were no changes to the home between appraisals; the Mitchells said they didn’t even mow the yard between appraisals, it was in the exact same condition.

And in Connecticut  …

And in a story similar to Duffy’s, let’s finally consider a Black homeowner in Connecticut who had his home appraised at $340,000. He thought that was low and decided a second appraisal was advisable, so he took down family photos and other family racial indicators and had his white neighbor stand in during the on-site appraisal. In his case there was an 18 percent increase in the value of his home to $400,000, a $60,000 increase.  If you are financing or refinancing a home, these differences are significant and may be impacted by external circumstances, but race appears to be a common denominator.

A regulator’s view

Michael Hsu, the Acting Comptroller of the Currency, delivered remarks to raise awareness about the need to reduce bias in real estate appraisals at a CFPB event in June 2021 on bias in appraisals. His comments highlighted the significant impact bias in appraisals has on minority families. A few notable nuggets from Hsu’s remarks were that “We are here at an opportune time in history where the energy to tear down barriers to fair and equal participation in our economy may finally exceed the resistance protecting the status quo.” The Biden administration sees this as a chance to facilitate change and it is my opinion that those in charge of the regulatory agencies are in agreement with the administration and share these goals. Hsu went on to cite a few reasons appraisals with a bias are problematic. “Biased appraisals can keep a family from getting approved for a loan or raise the price of a loan. They can trap “undervalued” neighborhoods by depressing property taxes, resulting in lower income to support education and infrastructure. Biased appraisals mean good loans to creditworthy customers go unmade.” He went on to say, “discrimination and bias in appraisals contribute to inequity in housing values and adversely affect a critical source of wealth accumulation for minority families. The impact is large and cannot be ignored. Studies have found that homes in Black neighborhoods are valued at roughly half the price [of] homes in neighborhoods with few or no Black residents.” The undervaluing of property snowballs, as it can impact tax revenue and then everything which develops from that, schools, emergency services, public facilities, etc.

Hsu did point out that appraisal processes are not seen as a part of the banking industry, but that there are intersections, and the OCC expects banks to ensure their vendors treat customers fairly and do not discriminate. We are seeing banks held accountable for discrimination in appraisals they use. He also noted that holding banks accountable is necessary, but the problem as a whole is bigger than just banks. That is why PAVE is forcing USPAP’s processes to improve the appraisal process.

Reg B requires a disclosure of the consumer’s ability to receive a copy of any appraisal(s) and valuation(s) prepared in connection with first-lien loans secured by a dwelling to be provided to applicants within three business days of receiving the application. This is not new — it’s been in effect since January 18, 2014.  Appraisal bias is why this disclosure is a big deal and its importance in the disclosure and compliance process was accelerated more than a year ago. As an example, regulators are working to provide more oversight over the activities of the Appraisal Foundation, which has power over the appraisal industry. The CFPB has had public meetings to discuss appraisal bias.

Lenders, take note

More recently, the CFPB and the DOJ filed a joint Statement of Interest in the case of Nathan Connolly and Shani Mott, v. Shane Lanham, 20/20 Valuations, LLC, and, LLC, in the United States District Court, District of Maryland case Civil Action No. 1:22-cv-02048-SAG. These two agencies say that mortgage lenders can be liable if they rely on a discriminatory appraisal even from a third-party appraiser. This case was brought by a Black family that had an appraisal done, replaced the photos with those of a white family, had a second appraisal done, and had an immediate increase in value. The defendants maintain they should not be the ones liable for the third-party appraisal. Appraisers must have independence. But this is when the CFPB and DOJ jumped in and said both the FHA and ECOA (Reg B) require lenders NOT to rely on appraisals that are inaccurate or violate the law. It was added that TILA’s (Reg Z) rules on appraisal independence agree that there is no requirement to follow a biased appraisal.

Regulatory agencies are expected to develop and implement changes to examinations procedures for mortgage lenders. Future examinations may look for evidence that a lender’s compliance management programs are considering appraisal bias as a risk, and the examiner may collect additional information on appraisal attributes and tailor exam aides to evaluate irregularities in appraisals which are evident in the loan file.

If you are making notes of to-do items, the importance of your appraisal reviews has just gone to a higher level, based on the opinion of these two agencies and expectations of future exams. There are new classes being offered specifically to combat appraisal bias. These are being offered to appraisers according to Collinsworth, but I suspect appraiser reviewers in bank could enroll or find similar training. He also stated, “Regulatory agencies will, as needed, devise and implement changes to how examinations of mortgage lenders under their purview are conducted. For example, examinations can look for evidence that a lender’s compliance management programs are considering appraisal bias as a risk, collect additional information on appraisal attributes and tailor exam aides to evaluate irregularities in appraisals documented in the loan file.”

Reg Z prohibits banks, lenders, and any other covered party from coercing, instructing, or inducing an appraiser to cause the appraised value to be based on any factor other than the appraiser’s independent judgment. Lenders and others also cannot alter an appraised value. Banks have gone to great lengths to separate the lender on a loan from having any control over the selection or instructions to an appraiser. Although the bank can ask the appraiser to consider additional information, provide further details or an explanation for this, or correct errors in the appraisal, there is a line the bank may not cross here as to influencing that appraisal’s outcome. The Statement filed with the court by the CFPB and DOJ does indicate the bank would be protected if it asks an appraiser to reconsider a value under certain circumstances. No specific examples were provided as to what would be acceptable to do this and remain protected. For appraisers, the Conduct section of the Ethics Rule states an appraiser “must not use or rely on unsupported conclusions relating to characteristics such as race, color, religion, national origin, gender, marital status, familial status, age, receipt of public assistance income, handicap, or an unsupported conclusion that homogeneity of such characteristics is necessary to maximize value.” A violation of these may be a circumstance allowing reconsideration especially if a bank believes discrimination may be involved. That then raises another concern—would the bank have to consider reporting an appraiser for such conduct?

When an appraisal is completed, there may be situations when the bank and the borrower believe the value is lower than expected or the reasoning for the values are flawed. This would be especially so if an inappropriate bias was believed to exist. Such a belief should be supported by facts. A reviewer would require adequate training and experience to support such a conclusion, and this would be based in part on their competence to perform the review and the complexity of the transaction and type of property in question. The bank should also have a policy and procedures to both protect the parties involved and maintain appraisal independence. From the Collinsworth webinar, here are four examples regarding periods when the institution may exchange information or contact with the appraiser include:

  1. A request to provide additional supporting information about the basis for the valuation
  2. Requesting consideration of additional sales or information provided by the lender or borrower
  3. Correct factual errors in an appraisal
  4. Requesting consideration of additional information about the subject property or comparable properties.

A duty to report?

What if the bank does reject an appraisal? Collinsworth said, “If an appraisal is “rejected” for failing to comply with USPAP or applicable state laws, or if the institution suspects the appraiser performed in other unethical or unprofessional conduct, a complaint should be filed with the appropriate state appraiser regulatory officials.  Furthermore, as of April 1, 2011, an institution MUST file a complaint with the appropriate state licensing agency if it believes the appraiser has materially failed to comply with USPAP or applicable state or federal laws according to Supplement I of Part [1026] of Regulation Z – Truth in Lending.  For purposes of this deficiency, material failure to comply is one that is likely to affect the value assigned to the consumer’s principal dwelling.  An institution MUST also file a suspicious activity report (SAR) with the Financial Crimes Enforcement Network of the Department of the Treasury (FinCEN) when suspecting fraud or identifying other transactions that meet the SAR filing criteria.

It should also be noted that if an examiner finds evidence of unethical or unprofessional conduct by an appraiser, they should instruct the institution to file a complaint with the necessary state appraiser regulatory officials and to file a SAR with FinCEN when required.  If the examiner determines there is a concern with the institution’s ability or willingness to file a complaint or make a referral, the examiner should forward his or her findings and recommendations to their supervisory office for disposition and referral to the state regulatory officials and FinCEN as necessary.  In addition, penalties could be assessed to the institution and the reviewer if deficiencies are found by the examiner and not reported as mentioned above.”

What if the bank or borrower wants a second appraisal? The regulators do expect the bank to follow a policy of selecting the most credible appraisal and not specifically the one with the highest value. Documentation should be maintained in the loan file to support the decision for using the valuation selected as most appropriate.

Editor’s note: Part II of Andy’s article on Appraisal Bias will appear in our July 2023 Legal Briefs.

Changes in UCCC amounts effective 7/1/23

By Pauli D. Loeffler

Sec. 1-106 of the Oklahoma Uniform Consumer Credit Code  in Title 14A (the “U3C”) makes certain dollar limits subject to change when there are changes in the Consumer Price Index for Urban Wage Earners and Clerical Workers, compiled by the Bureau of Labor Statistics, U.S. Department of Labor.  You can download and print the notification from the Oklahoma Department of Consumer Credit by clicking here.   It is also accessible on the OBA’s Legal Links page under Resources once you create an account through the My OBA Member Portal. You can access the Oklahoma Consumer Credit Code with regard to changes in dollar amounts for prior years on that page as well.

Increased Late Fee

The maximum late fee that may be assessed on a consumer loan is the greater of (a) five percent of the unpaid amount of the installment or (b) the dollar amount provided by rule of the Administrator for this section pursuant to § 1-106. As of July 1, 2023, the amount provided under (b) will increase by $2.00 to $31.00.

Late fees for consumer loans must be disclosed under both the UC3 and Reg Z, and the consumer must agree to the fee in writing. Any time a loan is originated, deferred, or renewed, the bank has the opportunity to obtain the borrower’s written consent to the increased late fee as set by the Administrator of the Oklahoma Department of Consumer Credit.  However, if a loan is already outstanding and is not being modified or renewed, a bank has no way to unilaterally increase the late fee amount if it states a specific amount in the loan agreement.

On the other hand, the bank may take advantage of an increase in the dollar amount for late fees if the late-fee disclosure is properly worded, such as:

“If any installment is not paid in full within ten (10) days after its scheduled due date, a late fee in an amount which is the greater of five percent (5%) of the unpaid amount of the payment or the maximum dollar amount established by rule of the Consumer Credit Administrator from time to time may be imposed.”

§ 3-508A. This section of the “U3C” sets the maximum annual percentage rate for certain loans. It provides three tiers with different rates based on unpaid principal balances that may be “blended.” It also has an alternative maximum rate that may be used rather than blending the rates. The amounts under each tier are NOT subject to annual adjustment by the Administrator of the Oklahoma Department of Consumer Credit under §1-106. However, a new subsection (4) was added allowing the lender to charge a closing fee which IS subject to adjustment under § 1-106. The closing fee, which was $167.33, has increased as follows:

(4)  In addition to the loan finance charge permitted in this section and other charges permitted in this act, a supervised lender may assess a lender closing fee not to exceed One Hundred Seventy-Eight Dollars and Eighty-Seven Cents ($178.87) upon consummation of the loan.

Note that the closing fee is NOT a finance charge under the OK U3C, and therefore not considered for purposes of usury. However, the fee IS a finance charge under Reg Z. Most banks use Reg Z disclosures. This means that it is possible that the fee under Reg Z disclosures will cause the APR to exceed the usury rate under § 3-508A. If that happens, document the file to show that the fee is excluded under the U3C in order to show the loan does not in fact violate Oklahoma’s usury provisions. Please note that the bank is NOT required to charge a closing fee at all, and banks may choose to not charge the fee at all, or charge less than the amount permitted under the statute.

You can access the § 3-508A Table

§ 3-508B Loans

Some banks make small consumer loans based on a special finance-charge method that combines an initial “acquisition charge” with monthly “installment account handling charges,” rather than using the provisions of § 3-508A with regard to maximum annual percentage rate.

The permitted principal amounts for § 3-508B are adjusting from $1,740.00 to $3,450.00 for loans consummated on and after July 1, 2023.

Sec. 3-508B provides an alternative method of imposing a finance charge to that provided for Sec. 3-508A loans. Late or deferral fees and convenience fees as well as convenience fees for electronic payments under § 3-508C are permitted, but other fees cannot be imposed. No insurance charges, application fees, documentation fees, processing fees, returned check fees, credit bureau fees, nor any other kind of fee is allowed. No credit insurance, even if it is voluntary, can be sold in connection with § 3-508B loans. If a lender wants or needs to sell credit insurance or to impose other normal loan charges in connection with a loan, it will have to use § 3-508A instead.  Existing loans made under § 3-508B cannot be refinanced as or consolidated with or into § 3-508A loans, nor vice versa.

As indicated above, § 3-508B can be utilized only for loans not exceeding $3,450.00. Further, substantially equal monthly payments are required. The first scheduled payment cannot be due less than one (1) calendar month after the loan is made, and subsequent installments due at not less than 30-day intervals thereafter. The minimum term for loans is 60 days. The maximum term of any loan made under this section shall be one (1) month for each Ten Dollars ($10.00) of principal up to a maximum term of eighteen (18) months.  This would be loans not exceeding $621.00.  Loans under subparagraphs e through i of paragraph 1 of this section ($621.01 up to $2,300.00) the maximum terms shall be one (1) month for each Twenty Dollars ($20.00) of principal up to a maximum term of eighteen (18) months, and under subparagraphs j and k of paragraph 1 of this section ($2,300.01 – $3,450), the maximum terms shall be one (1) month for each Twenty Dollars ($20.00) of principal to a maximum term of twenty-four (24) months.

Lenders making § 3-508B loans should be careful and promptly change to the new dollar amount brackets, as well as the new permissible fees within each bracket for loans originated on and after July 1st. Because of peculiarities in how the bracket amounts are adjusted, using a chart with the old rates after June 30 may result in excess charges for certain small loans and violations of the U3C provisions.

Since §3-508B is “math intensive,” and the statute whether online or in a print version does NOT show updated acquisition fees and handling fees. I have inserted the current amounts effective on July 1, 2023 into the statute which you will find toward the bottom of the OBA Legal Links page under Sec. 3-508B – Effective July 1, 2023. Again, you will need to register an account with the OBA in order to access it.

The acquisition charge authorized under this statute is deemed to be earned at the time a loan is made and shall not be subject to refund. However, if the loan is prepaid in full, refinanced or consolidated within the first sixty (60) days, the acquisition charge will NOT be deemed fully earned and must be refunded pro rata at the rate of one-sixtieth (1/60) of the acquisition charge for each day from the date of the prepayment, refinancing or consolidation to the sixtieth day of the loan. The Department of Consumer Credit has published a Daily Acquisition Fee Refund Chart for prior years with links here:  The Oklahoma Department had not published the Chart for 2023 at the time this article was written. Note if a loan is prepaid, the installment account handling charge shall also be subject to refund. A Monthly Refund Chart for handling charges for prior years can be accessed on the page indicated above, as well as § 3-508B Loan Rate (APR) Table.  I expect the charts and table for 2023 to be added shortly.

§3-511 Loans

I frequently get calls when lenders receive a warning from their loan origination systems that a loan may exceed the maximum interest rate. Nearly always, the banker says the interest rate does not exceed the alternative non-blended 25% rate allowed under § 3-508A according to their calculations. Usually, the cause for the red flag on the system is § 3-511. This is another section for which loan amounts may adjust annually. Here is the section with the amounts as effective for loans made on and after July 1, 2023, in bold type.

Supervised loans, not made pursuant to a revolving loan account, in which the principal loan amount is $6,200.00 or less and the rate of the loan finance charge calculated according to the actuarial method exceeds eighteen percent (18%) on the unpaid balances of the principal, shall be scheduled to be payable in substantially equal installments at equal periodic intervals except to the extent that the schedule of payments is adjusted to the seasonal or irregular income of the debtor; and

(a) over a period of not more than forty-nine (49) months if the principal is more than $1,860.00, or

(b) over a period of not more than thirty-seven (37) months if the principal is $1,860.00 or less.

The reason the warning has popped up is due to the italicized language: The small dollar loan’s APR exceeds 18%, and it is either single pay or interest-only with a balloon.

Dealer Paper “No Deficiency” Amount

If dealer paper is consumer-purpose and is secured by goods having an original cash price less than a certain dollar amount, and those goods are later repossessed or surrendered, the creditor cannot obtain a deficiency judgment if the collateral sells for less than the balance outstanding. This is covered in Section 5-103(2) of the U3C. This dollar amount was previously $5,800.00 and increases to $6,200.00 on July 1.

March 2023 OBA Legal Briefs

  • Reputation risk and theft
  • Deposit mismatches and liability

Reputation risk and theft

By Andy Zavoina

I think I’ve always been fascinated by “the con” and the way some people will steal, and others will be gullible. That fed a degree of interest and intrigue in me for many years and led me to a hobby of magic (where lying and stealing is for entertainment) and my first job in law enforcement. I was then involved in security at my bank, but my full-time duty was compliance. In the bigger picture, however, as an officer of the bank, my first responsibility was to the bank. That means I was always interested in the safety and soundness and reputation of the bank. I believe all our readers share those same interests and all of this was the inspiration for this month’s Legal Briefs. First, we’ll take a deep dive into much of the information available to you in several court cases and enforcement orders and then we’ll use the pertinent facts to provide the information needed to assist in improving policies and procedures in your bank to avoid similar instances, when warranted.

Maguire: On the 24th of February 2023, the United States Attorney’s Office for the Northern District of Florida posted a notice about Nicole Maguire. She was just sentenced to three years in federal prison after she pleaded guilty to conspiracy to commit bank fraud, bank fraud, and aggravated identity theft charges. That issue would involve the safety and soundness of the bank. The fact that I also had it show up in my alerts because there was also a story about her in The News & Observer, and I’m certain many other online and paper-based publications also ran the story, made it a bank reputation-related issue.

Nicole Maguire sold the names of bank customers, their identification card numbers, and bank account numbers to others who then stole more than $125,000 from those customers, and ultimately from the bank, in 2019. Yes, the wheels of justice turn slowly. But I’m sure the case is still of interest to customers of Regions Bank in Florida, Alabama, Iowa, and Missouri where the victims were.

Maguire was obviously not alone in this. Her co-defendants were Desmond Brannon, who was sentenced to four years in prison after pleading guilty to conspiracy to commit bank fraud and bank fraud charges; Steven Mussington, who was sentenced to 1 year and 1 day in prison for conspiracy to commit bank fraud and bank fraud charges; and Chelsie Worthen, who pleaded guilty to conspiracy to commit bank fraud, bank fraud, and aggravated identity theft charges. Then there were co-conspirators Darrell Wells and Georgia Ward who both reside in New York and were or are being prosecuted in the Southern District of New York under a separate but related indictment. Ward pleaded guilty to conspiracy to commit bank fraud and was sentenced to time served and an additional nine months of home confinement. Wells is awaiting trial on charges of conspiracy to commit bank fraud and aggravated identity theft.

The FBI and police departments in Florida, Iowa, and Missouri, along with the bank’s security investigators, were all involved in the case as well. It was far-reaching and I’m certain complex to unravel. At the end of the day, the short story is Maguire was the insider who sold the IDs and information and another woman had fake IDs made with others’ photos and the customers’ information to make withdrawals. They also passed some fake money orders and checks.

When a Regions customer, especially those in the four states specifically mentioned in this case, reads this story they will do one of three things— check their own accounts and worry about the security of their money, know this person was caught and that no customer lost any money, or worry that next time the perpetrator won’t be caught and the customer will be unaware of a loss from their own account. In any scenario, we do not want customers to worry. And while I said “no customer lost money” that is a supposition. There was no statement from the bank for whatever reason.

If your bank were to suffer such a loss, the bank should have a reaction plan in place. You should be able to fill in the blanks and put together an official statement in short order to demonstrate control of the situation and to instill confidence in the public and your customers. The bank should always look to emphasize that the bad actors were caught, and that no customer has lost money, not one dime. There are customers and customers-to-be who may need to be reassured.

This is the most recent case I have read about. But there are many others, and we want to explore some of those this month. When we pay particular attention to what happened, how and sometimes why, we learn valuable lessons about things that can be done in our own banks to avoid such problems. One common fact we see in internal cases is that they can take years to discover. This is especially so when the thief is going to “take a little, leave a little” and has the knowledge and authority, to cover their tracks. This is a key reason areas like security and audit need unfettered access when it comes to internal audits and investigations and staff need to speak up when they see transactions outside the ordinary. It is also a reason your bank should have a vacation or “period of absence” policy that will take a person away from their desk and out of control of internal accounts for a period long enough for discrepancies to show up. Those discrepancies should not be explained away but understood, accepted, or corrected. Questioning transactions and documents should be viewed as a constructive and protective act. If nothing wrong is found, it is a reassurance, and if something is amiss, the review is money saved overall and an opportunity to improve procedures.

Torgerson: In another recent case, Brady Daniel Torgerson from Beulah, North Dakota, was sentenced in February 2023 to two years in federal prison, three years of supervised release and a $200 special assessment. Torgerson pleaded guilty to two separate counts of bank fraud against financial institutions located in Beulah. This case also went back to 2019 and extended to 2021. Torgerson was employed as the president of First Security Bank-West and separately as a loan officer at the Union Bank. He used these positions of authority to conduct transactions that caused harm to both the banks he was working at and their customers.

While employed at First Security Bank-West, Torgerson funded loans which should have raised red flags with the most basic of controls. These questionable loans lacked necessary financial information, security interest documentation and even promissory notes. He created deceptive transactions by falsifying records in the bank’s computer system, increasing loans which then exceeded the original approved loan amounts, and extended maturity dates of loans to keep them off the past due listings and therefore anyone’s radar.

When he was working at the Union Bank, Torgerson created fraudulent loans in the amounts of $225,487.44 and $225,487.45 in the names of three separate individuals who neither knew about these loans nor received the funds. Torgerson had three co-defendants who were sentenced to both short jail terms which included one day of time served and a year of supervised release plus a monetary fine for each and $98,ooo restitution from one. I believe one of these was his father and the other two likely friends. You can almost hear the offer of something for nothing and them making a quick buck to help him out.

Anything that is transacted on the bank’s systems should be traceable to an employee based on logon credentials. An employee doing account maintenance at the direction of a superior should remember what was done and why, and their credentials should never be shared. When someone leaves a terminal, they should sign off. This helps protect everyone and promotes the integrity of the systems in place. Similarly, when loans are funded and booked without the standard security agreements and collateral documentations, and especially without executed note forms, questions must be asked, and the notification chain accelerated upward as that is a serious issue that would be difficult to explain.

On that same note, I remember “back in the day” when I was on the loan desk. This was at a military bank and predated internet banking. A young lieutenant who banked with us called from a large city about three hours away. He had found a car he just had to have. I got the necessary information from him and already knew his father was a retired colonel and his grandfather was a retired general, both West Point graduates. Of key interest was that fact that he would be back in town in two or three days, and he promised to come in and sign his contract. I provided the dealership with draft instructions so I as good as made the loan. I proudly informed my boss because I knew this was excellent customer service and would help build loyalty of this up-and-coming military officer. Unfortunately, after day three I had not heard from him. I waited nervously on day four and called him on day five. Even after all these years, I still remember his answering machine as he introduced himself and he said he was “either out rescuing a damsel in distress or a cat from a tree.” I just knew at that moment I had a nutcase for an almost borrower. But he came in shortly thereafter, the paperwork was done, and the loan paid as agreed. I never did that again. But it would explain what happened and there was no loan being booked without a note and collateral.

Seck: A case as recent as we can get was published February 27, 2023, by the U.S. Attorney’s Office, District of Maryland. In this case Diape Seck, of Rockville, Maryland, was at the time of the bad acts a customer service representative at a bank. He and his eight co-conspirators stole or attempted to steal almost $2 million by fraud, including by stealing checks from the mail of churches and religious institutions. Seck was the ringleader.

Seck fraudulently opened bank accounts using fake identities. He took cash bribes for his efforts. Among other illegal acts, his accomplices then deposited stolen checks from churches and other religious institutions into the fraudulent new bank accounts. The co-conspirators withdrew and spent those funds as compensation for their efforts.

There were more than 400 accounts opened in just over a year beginning in January 2019. Identification relied on was often Romanian passports and driver’s license information. Generally, the deposits were made to ATMs the bank owned. From those deposits cash withdrawals would be made and debit cards associated to the fraudulent accounts would be used for purchases.

Seck’s sentencing is scheduled for June. He faces up to 30 years in prison. The accomplices generally are facing three to five years each. One in Dania Beach, Florida, and another in Baltimore are the only two facing restitution with each exceeding $1 million. Raise your hand if you think the restitution will actually be paid. I’m not raising mine.

What might have helped stop this sooner than a year into the scheme? Sending new account verification letters could have helped alert an auditor that an address was bad if that was the case here. So would address scrubs where the bank compares accounts with the same address and different owners. That could show as an example multiple owners using the same post office box address.

Schroeder: Let’s turn our attention to Ronald Wayne Schroeder and the Bank of San Antonio where he was the bank president. His crime dated back to before 2020, but it was August 2022 when he was sentenced to 97 months in federal prison as his fraudulent activities cost the bank $13 million.

Schroeder himself took nearly $3.2 million. He and his co-defendants conspired to defraud various banks of money through the factoring of false and fraudulent invoices.  They began with Southwest Bank, then included Schroeder’s bank, Bank of San Antonio, and finally included the TransPecos Bank.

Schroeder sent false and fraudulent invoices of companies owned or controlled by the other defendants in the case, to be factored by these financial institutions.  This is a process where a company sells its receivables to a third party, in this case the victim banks. Factoring is intended to provide a quick capital injection into the business selling the receivables as they are sold at a discount which provides an immediate short-term gain and allows for a profit margin to the buyer as the receivables pay back over time. Schroeder and other co-defendants would then use that money for their own personal enrichment or to pay off old invoices owed to the banks much like a Ponzi scheme where money from new investors is used to pay old investors. Schroeder used his $3.2M to buy a beach house, airplane, boat, and vehicles.

Schroeder and the others obviously knew what they were doing. It was a definite abuse of authority by Schroeder and that certainly would have influenced the first bank they factored with. Once they got the first bank in place, they were able to leverage credibility and get a second and then a third victim bank. Like all Ponzi schemes it would reach a point where there was not enough money coming in to support the debt already established. When the receivables stop paying and they are discovered to be fraudulent, the house of cards falls and, in this case, there were $13 million of them.

As you can imagine, based on this case and others, an abuse of position was a contributing factor. Staff must be able and willing to question transactions, loans, and arrangements where the bank is paying some high-ranking officer or board member or someone or a company associated with that person. When it is an unusual arrangement, it deserves to be questioned and that person, if legitimate, really should not mind so everything is transparent and above reproach.

Romero: Orlando Romero worked at Deutsche Bank as a client service specialist. Always wanting to improve his position he was seeking employment opportunities in the banking field. He received a written employment offer from another bank. While that offer was good, he knew he could do better. He decided to look within his current bank, and he doctored that offer by adding to the salary the competitor bank was offering him. He presented this “modified” offer to his supervisor at Deutsche Bank who agreed to meet that offer and Romero received a $28,000 increase to his annual salary. One might believe the bank must have been under-compensating him to provide such a hefty increase all at once. But Romero left Deutsche Bank some thirty months later when his prior deception became known. Romero was deemed By the Federal Reserve to have violated the bank’s internal policies and committed violations of law or regulation, unsafe or unsound practices, or breaches of fiduciary duty. He was ordered to cease and desist and has been banned from banking.

Many are of the opinion that the bank made the decision to pay him presumably what he was worth as an employee. But the way he went about it was deemed unacceptable. Staff needs to be aware that ethics policies do have teeth.

Ratcliff: James Ratcliff worked at the First National Bank and Trust Company of Vinita for 20 years. He was an executive vice president and vice-chairman and chairman of the board at his bank at different times. Abusing his position, he had the bank engage and pay entities owned by him as third-party vendors. This in itself is not the violation, but the manner in which the relationship was handled was. He set up financial arrangements between the bank and the entities he owned. There should have been someone else managing that relationship just as tellers should not complete transactions for relatives. Work was not tracked or verified but was paid for. There was little evidence that what was billed for was actually done, which causes doubts as to the validity of the billing. Because of his insider status and long standing at the bank, he was not sufficiently challenged by others in management. He failed to ensure employee compensation was commensurate with the employees’ responsibilities and actual work performed for the bank.

Ratcliff also directed employees and contractors to perform work for the entities he owned, at the bank’s expense. He made unsafe and unsound loans. The OCC noted in its consent order that delinquent borrowers were instructed to form new entities and Ratcliff had the debt transferred to that new entity without correcting the problems leading to the delinquency, which only hid those past due accounts from accurate recordkeeping., These loans were also made without sufficient documentation such as financial statements.

Ratcliff was handed a $100,000 civil money penalty and was banned from banking. Here again, we see officers in high positions run a bank as though it was their personal piggybank and they had unfettered control. That is not how it should ever appear and internally the bank requires a culture of separation and transparency.

Fritz: Ratcliff was not doing everything alone at First National Bank and Trust Company of Vinita. Tony Fritz was the former chief lending officer and a director at the bank.

Fritz was cited for failing to ensure that credit administration and risk management practices and controls were effective and commensurate with the risk and complexity of the loan portfolio. He failed to develop a system to ensure ongoing monitoring of complex commercial credits and to ensure the bank kept adequate loan documentation. He failed to formalize loan review and approval processes and failed to properly document lending decisions. He failed to provide credible challenge to members of senior management who maintained loan portfolios and failed to maintain adequate oversight over their portfolios. Fritz approved and/or originated multiple unsafe or unsound loans that were liberally underwritten and included inaccurate credit memorandums containing insufficient financial statement and cash flow analysis. He originated loans to cover customers’ overdrafts and overdraft fees. He extended additional loans to borrowers who were not creditworthy, sometimes through creating new entities, in order to make payments on such borrowers’ non-performing loans. In short, Fritz was a key officer whose authority and duties were in part to balance the scale for what others might do and to ensure controls were in place and functioning as they were designed to. That did not happen in this case. Sometimes staff can only do so much, and when bad acts are committed willingly by the most senior of officers, the regulators take action. Fritz was cited with a $20,000 civil money penalty.

While these last two enforcement orders from late 2022, the bad acts were from years before. BancFirst purchased this bank early 2021.

Deposit mismatches and liability

By Andy Zavoina

Continuing with the theme of fraudulent transactions but changing to liability, let’s review a new case that screams “what you do know, can hurt you,” especially if a bank turns a blind eye to the obvious.

This is a legal case, Studco Building System U.S., LLC, plaintiff, V. 1st Advantage Federal Credit Union,  (Studco) Civil Action No: 2:20-cv-417 in Virginia. This case began about August 2018 when 1st Advantage opened an account for an individual. In the court documents he is referenced as “John Doe.” The court does not know who the actual account holder is. With Bank Secrecy Act regulations, 1st Advantage would have had to follow basic requirement to know the customer. But it did not verify John Doe’s identity, physical or mailing address, prior banking history, whether John Doe was eligible to be a member, nor did it verify the source of funds intended for the account.

This is not a case of an account takeover but a BEC or Business Email Compromise. The end result is similar, as the scammer gets the victim’s money. But in a BEC there is hacking or social engineering to get into a corporate email account. Once inside, the scammer looks for some discussion about a project and bill for that project that is due or will be soon. Studco Building Systems sounds like a company that would buy large amounts of materials and then pay the large bills they receive for them. Once he finds one of those the scammer is halfway there.

In this case, about two months after opening his account, Doe impersonated Olympic Steel out of Ohio. He sent Studco instructions to make an ACH payment to the 1st Advantage account he opened. 1st Advantage received those funds and was aware that Olympic Steel was not a depositor of theirs.  Beginning in October 2018, Studco sent one ACH to 1st Advantage to the account number of Doe in the amount of $156,834.55. That transfer identified Studco as the originator and Olympic Steel as the intended receiver. This did not match any account holder with 1st Advantage. The ACH credit identified a personal account number, but the transfer was coded commercially as a “CCD” meaning it was a “Corporate Credit or Debit.”  In this case NACHA rules require CCD payments to be restricted to transactions that involve only businesses. Any CCD payments directed to personal accounts are required to be rejected by the receiving bank. In this case 1st Advantage did not do that. A short time later 1st Advantage accepted three more large commercial ACH credits for Doe’s personal account totaling nearly $559,000.

Doe wasted no time as he began transferring the funds out. Typically, when these funds reach John Doe’s account, the valid originating bank’s customer and the originating bank have to take fast action as Doe will be getting that cash out of the account. Doe’s goal is to beat any reclamation claim by the originating bank or the company paying its bill. Sophisticated scammers may send these funds through several banks and then convert it to crypto or have it sent to a foreign bank. In this case, Doe was taking the funds incrementally — all $559,000 — and he did it in person and with the assistance of 1st Advantage staff. It took him more than a month as 1st Advantage employees issued thirteen cashier’s checks and wire transfers to move the funds out. Nine of the thirteen withdrawals were reportedly to an individual or entity known to the 1st Advantage staff who assisted him. This added validity to his transfers.

When there is a BEC you may find yourself with many of the same questions you would have for a takeover:

  • Who may be responsible for the loss?
  • Did the bank that sent the funds following the company’s orders (Studco) follow the instructions precisely?
  • Was this an unusual transaction for Studco?
  • Is Studco liable for the loss, what were their actions, and how did they protect themselves?
  • Was the hacker using an actual vendor’s system, and if so, does that vendor have liability?

The FBI in Rochester, New York, initiated the investigation. During the investigation, Studco alleged that 1st Advantage intentionally concealed, and continued to conceal, material information from Studco related to John Doe and the account. That both hindered the investigation and aided John Doe in his theft. Studco initiated actions against 1st Advantage in November 2019.

You may be surprised how the Virginia court ruled in this case. 1st Advantage, the credit union that received the funds, would have liability under Article 4A of the UCC. The credit union had AML software and that software provided alerts on mismatch between the account name and the name in the ACH transfers, but no one acted on those alerts. 1st Advantage certainly did not follow BSA requirements to know its customer. There was no indication that 1st Advantage had actual knowledge of John Doe’s illegal activities. But the court found that there was certainly an inference the bank should have made, as its AML software generated several alerts pertaining to account discrepancies, fraudulently diverted payments, and withdrawals by the John Doe himself. There were many indications that the account was being used for fraudulent purposes.

The court’s order effectively said there exists a “should-have-known” standard under the relevant provision of UCC Article 4A, but this is in contrast to many other court decisions that required proof of actual knowledge by the receiving bank of the discrepancy between named payee and actual account holder at the time the payment was credited to the account. Other courts have yielded to part of Article 4A stating, “If the beneficiary’s bank has both the account number and name of the beneficiary supplied by the originator of the funds transfer, it is possible for the beneficiary’s bank to determine whether the name and number refer to the same person, but if a duty to make that determination is imposed on the beneficiary’s bank the benefits of automated payment are lost.”

The court hearing the Studco case reviewed both the UCC and NACHA rules requiring a commercially reasonable manner or exercise of ordinary care when processing ACH payments. The court held 1st Advantage fell short of this standard in the way it opened the account and ignored red flags generated from its own software. The court stated that 1st Advantage “did not maintain reasonable routines for communicating significant information to the person conducting the transaction. If 1st Advantage had exercised due diligence, the misdescription would have been discovered during the first ACH transfer.”

Finally, while it is an unusual finding, it is one that bank customers would likely agree with. The red flag warnings would have been triggered based on criteria 1st Advantage defined, yet it failed to do anything when the alerts were generated.

Let’s look at a basic argument that many banks rely on — if we have a valid account number, deposit the funds. We in the Compliance team hear this question regularly and thoroughly expect to again this year as tax refunds begin to be deposited. What do you do when there is a known mismatch in a tax refund between the name in the direct deposit ACH record and the name of the account holder? This is sometimes complicated because the person named on the deposit may be a convenience signer on the account, but not an owner. They may be a known associate of the owner, but not an owner. Could this person be hiding assets from a creditor and shielding those funds in an account that could not be touched legally because that person is not the account owner? What if the account owner takes the funds? Technically the funds are their property, but does the bank want to be involved in that? What if the account owner is served a garnishment and the other person’s funds are taken as a result? Again, it is their property by virtue of account ownership, but does the bank want to be involved? Would it not be more responsible to require that even with personal accounts, the account number and name in the deposit record must match? Based on this Studco opinion, could your bank find itself with liability? And lastly, how much is the bank willing to spend to find out?

February 2023 OBA Legal Briefs

  • Signage management
  • SCRA and a new best practice recommended?
  • The child support levy moratorium is over

Signage management

By Andy Zavoina

As we enter the new year, let’s continue from last month on getting the little things squared away so we can focus on a new year of compliance work. Let’s talk about signage requirements. In our main branch we had a “Fed wall” which was one area which had the federally required (and state, as applicable) notice requirements. It should be in an area that is highly visible to meet the intent of the posted notice requirements. It does no good to put these on the wall behind a door that stays open and prevents viewing them. You will not get credit during an exam for posting them where they cannot be seen. Similarly, when the branch manager thinks your Fed wall is an eyesore and puts the plastic Ficus trees in front of your detailed work – no points. If there was a remodel done and the signage was taken down for maintenance, ensure it goes back up.

As to being unsightly, beauty is in the eye of the beholder. If you put courier font printed pages in a $2 frame and nailed it to the wall, that is what it will look like. What we did was to lay out all the applicable disclosures and we bought one large frame, had a mat cut for all these in one space and then everything was accounted for in one space. As a new branch was opened, we ordered another of the same design. This ensured that everything was easily accounted for and posted easily on the wall rather than trying to lay out several frames, especially if those frames were each different giving a hodgepodge appearance. It was also a simple task to pull the frame down, remove the backing and switch out the disclosures when necessary. As a tip, there is a transparent and removable tape that uses the same type of glue as sticky notes have. It will hold your documents to the mat securely yet provide the flexibility to switch them out without destroying the mat or other documents.

Here are suggestions and justifications for your Fed wall and other required signage.

  1. Community Reinvestment Act Notice: This is to be posted in each lobby with one version in your main office and another in each branch, other than off premise electronic deposit facilities, the Public Notice described in 12 CFR 345.44 (FDIC), 228.44 (FRB), 25.44 (OCC).
  2. Equal Housing Lending Poster: Post in lobby of main office, all branches, and in any other areas where loans are made. Note, this is an 11”x14” poster and unlike most other requirements for signage, the size requirements are specifically stated. 12 CFR 338.4 (FDIC), 24 CFR 110.15 and 110.25 (HUD and OCC) the FRB requirements fall under the Fair Housing Act. .
  3. In August 2022 the FDIC made changes to the sign. Refer to Federal Register Vol. 87, No. 151, Page 48079 as the Fair Housing and Consumer Protection Sale of Insurance Rule are both impacted. To improve their efficiency and effectiveness the FDIC consolidated the Consumer Response Center and the Deposit Insurance Section under one organization, entitled the National Center for Consumer and Depositor Assistance. Fair Housing signage and the Sales of Insurance disclosure should refer to, “…National Center for Consumer and Deposit Assistance.” The effective date of the change was August 8, 2022. The OCC has also had changes to its poster. Refer to Bulletin 2021-35, August 5, 2021.
  4. Home Mortgage Disclosure Act (HMDA). General notice of availability must be posted in each home office and physical branch offices located in an MSA. 12 CFR 1003.5(e). Non-HMDA banks do not post this notice. First-time filers post it after receiving notice their disclosure is ready after they have submitted their file for the prior year.
  5. Fair Credit Reporting Act (FCRA) requires that a consumer be allowed to notify the bank of an error in their consumer report. If a notice is posted informing consumers where to direct their notice, they may not be delivered to just any employee and must be properly directed.  623(a)(1)(C) (Note, this is a recommendation, not a requirement. Not having such a notice does set the bank up for failure as virtually all staff would need awareness training of how to handle such a notice from a customer.)

Additional signage requirements while you are auditing these:

  1. Customer Information Program procedures require providing adequate notice the bank is requesting information to verify customer identities prior to opening account. May be given or posted. 31 CFR 1020.220(a)(5)
  2. FDIC Deposit Insurance Notices are to be displayed at each station or window (including drop boxes, teller windows, New Accounts, drive-ups) where insured deposits are normally received, excluding automated service facilities such as ATMs, night depositories and POS. These signs must be 3″X7″ in size. 12 CFR 328.2 & FDIC 93-42, 94-17. [Editor’s note: The FDIC has a proposed rule out for comment through April 7, 2023, that could affect this requirement]
  3. Funds Availability Policy is for banks routinely delaying availability of any deposited item. Disclosure is required of several items in a conspicuous place in each location where deposits are accepted. This includes abbreviated text on ATMs but excludes drive-ups.  These disclosures are contained in our Facts About Funds Availability brochure that can double as the posted notice.  12 CFR 229.18
  4. ATM Surcharge Notice requirements apply if your bank, as an ATM owner/operator, imposes a fee to complete a transaction or inquiry. The bank must disclose on the ATM or ATM screen that a fee may be imposed. 12 CFR 1005.16(c).
  5. Rate Board requirements under TISA/Reg DD are that indoor signs are exempt from many advertising requirements. But if a rate is stated it will use the term “annual percentage yield” or “APY” and contain a statement advising consumers to contact an employee for further information on terms and fees. 12 CFR 1030.8(e)(2)

And for employees there are several other requirements.

  1. 5-in-1 Employment Poster is required to be visible to job applicants and employees, 42 USC 2000e-10(a).

    This poster should include five parts, and if not in a combined poster, individual signs must be posted in the manager’s office or lobby. The five laws are: Equal Employment Opportunity Act, Fair Labor Standards Act, Employee Polygraph Protection Act, Family Medical Leave Act, and OSHA’s Plain Language “It’s The Law”. Refer to 29 USC 201, 29 USC 2003, 29 CFR 825.300, and 29 CFR 1903.2(a)(3)

  2. Notice of Employee Rights has two requirements; 1) Executive Order 13496 is a Notice of Employee Rights under the National Labor Relations Act, the primary law governing relations between unions and employers in the private sector. See 29 CFR Part 471. Banks need to follow this for various reasons including due to FDIC insurance, savings bond transactions, TTL accounts and government contracts. Post the notice conspicuously in offices where employees covered by the NLRA perform contract-related activity, including all places where notices to employees are customarily posted both physically and electronically. 2) Employee Rights under the NLRA See section 7 of the NLRA, 29 U.S.C. 157

SCRA and a new best practice recommended?

By Andy Zavoina

The Servicemembers Civil Relief Act (SCRA) has been around a very long time. It has existed under several names and can trace its origins to the Civil War. Prior versions were enacted and would terminate, but the Soldiers’ and Sailors’ Civil Relief Act has been in force since 1940. It was modified and became the current SCRA in December 2003.

The premise of the law has not changed. The intent of Congress was to give peace of mind to the servicemember by granting special protections to their rights and property interests while they are in the service of our country. The provisions of the SCRA allow servicemembers to have their legal rights secured until they can return from the military to defend themselves, when necessary, and to better afford existing debt which may be more difficult to service with a reduced income from military service.

Many banks misunderstand the SCRA and believe it is a wartime protection, but the SCRA is in effect at all times – not just when the country is at war. Many SCRA protections affecting the banking relationship your customer has with you apply to debts incurred prior to military service. That is the 6 percent maximum rate many bankers are aware of.

You will find the actual law at 50 U.S.C. 3901 and it is conveniently located in the “Other / Misc Regulations” section of the BankersOnline Regulations pages. There is no implementing regulation. Often when looking for guidance a banker should review the SCRA workpapers of its overseeing agencies, court cases, and enforcement actions published by any of the banking agencies. There are also guidance documents that may be issued. The agency with “key” enforcement powers is the Consumer Financial Protection Bureau (CFPB). Although it is responsible for the larger banks (with assets over $10 billion) it is very connected to the SCRA and even has a department dedicated to servicemembers. This department provides many updates each year about the treatment of servicemembers, although each of the prudential agencies has oversight as well. In fact, most have established rigorous exam schedules to ensure the SCRA is being adhered to, and it is not uncommon to read of enforcement actions by any of them. These may be for repossessions that were not following SCRA requirements, and also for violating that six percent rule. That rule is what this article is really about as the CFPB has issued its opinion that may be read as guidance, and practically requires banks to be proactive on providing the interest rate reduction even when a servicemember does not request it. In a nutshell, it is recommended that banks seek out possible opportunities to reduce interest rates and do so at any indication that there may be SCRA protections available.

Servicemembers do receive training on the availability of these protections and in many cases I have read that there are articles and training available periodically to remind them of this law. In fact, recruiters “sell” the rate reductions as a benefit of military service. But as I have studied the law and its evolution, I understand that it was intended to offer the thanks of a grateful nation for their service. This six percent interest rate reduction was offered (read – required) by law but at the expense of lenders, not taxpayers. That is what politicians call a win – win.

Here is an example. Assume your customer has a civilian occupation earning $63,000 annually. This person has an annual debt service requirement of $42,000 which yields a debt ratio of 67 percent. Now let’s have your customer called up for active duty. He is an E-6 with over six years of service. His annual income is now $44,544 for 2023 and his debt service jumps to 94 percent. It seems like he might benefit from an interest rate reduction.

This reduction in income is not always the case. When the law originated there was a draft and military pay was not competitive with the same jobs’ civilian counterparts. There was an article in 2006 that cited a RAND National Defense Research Institute study which revealed 72 percent of servicemembers surveyed were making more money in the service than as civilians. The original law’s intent was to assist a servicemember when needed and it was not an automatic protection. It was to be requested based on a lower income due to military service. A classic example is Gene Autry, the Singing Cowboy in the 1940s. He enlisted to serve in WW II. His income went from $400,000 a year to $1,008.

Where did the six percent rate originate? I honestly do not know how Congress arrived at that number in 1940, but that was it. The rate allowed does not fluctuate and is not adjusted with the cost of living. The prime rate in 1940 was 1.5 percent so there was a margin of 4.5 percent. In January 2023 the prime rate is 7.50 percent which with that same margin would yield an SCRA adjusted rate of 12.00 percent – double what is currently allowed.

A general rule of thumb is that a person being paid by Uncle Sam is “in the military.” The recent high school graduate who enlists in the military is being paid by the military the day they report for basic training. This is an easy and clear-cut test but there are always other possibilities. Based on definitions in the SCRA, a servicemember (reservist) being called up is afforded protections upon receipt of their orders.  Further, the definitions tell us that a servicemember is “in the military” when they are employed full-time in this capacity and further, that debts incurred prior to that are subject to SCRA Section 3937, which provides the 6 percent rate cap. These are two different events, the date of being protected, and being “in the military” and paid by the U.S. government (Uncle Sam). When the debt was incurred and when the person was protected can be exclusive of one another. It is possible that a reservist will receive their orders, borrow, and later claim protected status and want a rate reduction. I discussed this with an Army Judge Advocate General officer (JAG attorney) and he said while that was not the intent, it does seem to be the result.

What is happening in theory is a person has that civilian debt ratio and all is fine. There is a national emergency, and this person wants to go into the military and serve their country. Loan rates are reduced, and this makes that government paycheck stretch a bit farther. A servicemember borrowing after they are in the service is not required to be given a rate of no more than 6 percent because they know what their income is now and should borrow responsibly, only when they know they can afford to repay it. This supports my understanding of why this exists and it is not to be a benefit and reason to serve but rather one less inhibitor for those wanting to serve.

The protections under Sec. 3937 apply to debts incurred by the servicemember, or the servicemember and their spouse, jointly. This is a clarification from the old law, the SSCRA. Industry practices then were to apply the protections against any loan on which the servicemember was obligated.  The new law specifies who is covered. As reassuring as this may be, it can also be troubling as there would be reputational risks if you refused to lower the rate on a loan to the servicemember and their parents or children, as an example. The same debt service standards may apply, but the law isn’t written to protect other borrowing relationships.

Pre-service debt is a key factor. The interest rate on a pre-service credit card balance today of a servicemember must be reduced if it exceeds 6 percent. Charges made tomorrow (or at any time during military service) are not pre-service and thus not subject to the cap.

The SCRA made it very clear that a bank’s knowledge alone that a customer was now a servicemember was not sufficient to justify any adjustment to the loan rate. The SCRA required the servicemember to provide a written request for relief and provide a copy of their military orders as well as any extensions of those orders. Keep in mind, however, that the servicemember may invoke their rights under this section at any time up to 180 days after their release from military service. The application of the six percent rate becomes retroactive.  Even if the debt was paid in full before the servicemember invoked their rights, a re-amortization and refund could be owed based on the date they were under protection of the SCRA until their release.

Notification requirements were changed a little by Public Law No. 115-232 on August 13, 2018. The SCRA now says the servicemember shall provide to the creditor written notice and a copy of—

  1. military orders calling the servicemember to military service and any orders further extending military service; or
  2. any other appropriate indicator of military service, including a certified letter from a commanding officer.
  3. a creditor may use, in lieu of notice and documentation under 1 or 2 above, information retrieved from the Defense Manpower Data Center (DMDC) database through the creditor’s normal business reviews for purposes of obtaining information indicating that the servicemember is on active duty.

So, item 2 provides a more flexible notice and a third option was added for, “normal business reviews.” So, a safe harbor was introduced for a creditor that uses the information retrieved from the DMDC with respect to a servicemember if—

a. such information indicates that, on the date the creditor retrieves such information, the servicemember is not on active duty; and

b. the creditor has not, by the end of the 180-day period, received the written notice and documentation required requesting protection. (There is no six percent rate requirement.)

4. A substitute for copies of the servicemembers orders is a certified letter from the servicemembers’ commanding officer. This term, “certified letter” is not defined but in its purest United States Postal Service form would be “a special USPS service that provides proof of mailing via a receipt to the sender. With electronic USPS Tracking, the sender is notified when the mailing was delivered or that a delivery attempt was made.” This is not Registered Mail which has different handling and security features from Certified Mail.

The existing SCRA, 3937(b)(1) already included the 180-day period, but the certified letter from a commanding officer is a new alternative for invoking the rate reduction.

Many banks can verify individual servicemembers as well as batch process requests with the DMDC SCRA database. Many banks adopted the batch processing method and check the bank’s CIF records against it on a monthly or other regular basis. New hits could show active duty status and immediately bank records would be adjusted or a relationship manager would contact the customer and verifications would be initiated or protections would go in effect. They could be reversed later if in error.

In December 2022, the CFPB published an analysis of servicemembers not getting the benefits of interest rate reductions for various reasons. “Protecting Those Who Protect Us” discusses those Guard and Reserve servicemembers who are activated but are not receiving these benefits.

Here are some points brought out in the publication:

  • Reserve and National Guard members called to active duty are paying an extra $9 million in interest every year because they are not always receiving the benefit of their right to rate reduction.
  • In an odd selection of a time period, the CFPB estimates that between 2007 and 2018, data show fewer than 10 percent of auto loans and 6 percent of personal loans received a reduced interest rate and it is believed this reflects lower numbers than should exist.
  • It is estimated the underutilization amounted to $100 million of interest that was paid unnecessarily to lenders for auto and personal loans.

Who is entitled to these protections? The regulators expect banks to use the DMDC database which has proven accurate enough to warrant a safe harbor when used for verifications under the SCRA and the Military Lending Act. (Note, the SCRA has one database, and the MLA has another. You would expect that the servicemembers themselves would be on both and dependents would be on the MLA. So, if you are checking on the servicemember, either should suffice, right? When I spoke to someone at the DMDC they could not explain a servicemember difference but were emphatic to check the respective database based on the purpose of the inquiry. I believe one difference may be that some SCRA benefits extend beyond the period of military service but not for MLA use. The results of the query may include that. The DMDC has a manual that among other things denotes “Title 32 outlines the role of the United States National Guard; normally Title 32 members are not covered under SCRA. Those Title 32 members and others who meet the criteria referenced in Title 50 USC App. §§ 3901 below are accurately represented on the SCRA website.

In order to be considered for SCRA coverage a Title 32 member must be called “…to active service authorized by the President or the Secretary of Defense for a period of more than 30 consecutive days under section 502(f) of title 32, United States Code, for purposes of responding to a national emergency declared by the President and supported by Federal funds.””

The CFPB says in its 39-page publication, “Existing literature suggests that the interest rate reduction benefit is underutilized, and continued enforcement efforts suggest that some creditors continue to violate protections against repossession, despite efforts to increase awareness of SCRA protections and improve information about servicemember eligibility for those protections. There is also limited information on utilization rates, making the development and evaluation of public policy efforts to increase benefit utilization difficult.” The paper indicates servicemembers are not receiving the protections they are entitled to for various reasons, that banks (that is my term as the CFPB refers to financial institutions, creditors, finance companies, etc. but I am writing for banks) are violating the SCRA and that servicemembers must jump through too many hoops to get these protections. Further the CFPB complains that banks are not thorough in retroactively applying the interest rate reductions.

The law is clear that the servicemember can request protections, but the CFPB wants to emphasize option 3 above where banks will voluntarily use the DMDC database. It actually goes further and attacks creditors who insist on following the law’s stated requirements, saying in the publication: “However, creditors could just as easily access a Department of Defense system [the Defense Manpower Data Center SCRA website] that checks any borrower for active-duty status.” This raises two issues bankers need to consider. First, how much would be involved in the bank regularly batch processing its CIF files against the database, and second, would this be a cost-effective use of resources? Positive hits would require additional procedures to verify the status with the customer. That is, a positive hit could be verified before progressing, or the bank could take that positive hit and respond with a  confirmation letter. The bank could explain how it made its discovery, that the customer’s loan has been reduced in rate, the effective date, the reamortization of those applicable payments and the deposit or attached check for the refund of interest that had been paid and is being refunded. The letter will explain the new payment amount as it will be reduced and what to expect if the servicemember’s protections end before the loan is repaid in full. This is also an opportunity to thank them for their service, point out the benefits of internet banking and request a copy of the person’s orders if the bank wants them for their files. The CFPB recommends the best practice is to provide the rate discount without burdening the servicemember with any requests. Your bank needs to determine if it agrees with that. At the very least it is an opportunity to verify the bank has the correct mailing address as we all know it is typically a requirement in account agreements, but typically a completely ignored requirement as well.

I may have downplayed the CFPB’s intention as it actually encourages bank employees to be whistleblowers, “Employees who believe their companies have violated federal consumer financial protection laws are encouraged to send information about what they know to To learn more about reporting potential industry misconduct, visit the CFPB’s website.“ This is not in the published document but the online news release.

Here is a takeaway list for banks to consider:

  1. Should it be batch checking CIF files?
  2. What follow-up if any with the servicemember is desired?
  3. Will protections be applied automatically?
  4. Procedures should already be to retroactively apply the rate reduction to the date of protected status.
  5. When the borrower has one or more loans, the benefits should apply to all.

The SCRA does allow in Section 3937(c) for a challenge to the rate reduction. A court may grant a creditor relief from the limitations of this section (3937) if, in the opinion of the court, the ability of the servicemember to pay interest upon the obligation or liability at a rate in excess of 6 percent per year is not materially affected by reason of the servicemember’s military service. As an example, let’s assume the bank makes a car loan to a college student who is working their way through college on scholarships and delivering pizza. The student is not making a lot of money but enough to survive and make a small car payment. Come graduation day the student graduates and becomes a military officer and doctor, receiving a huge increase in their income. They request a rate reduction because “it is their right.” That was not the intent of the law initially, but it has become so political. The bank has the right to contest the request, but the reputation risk is severe, and the bank could appear unpatriotic.

I believe a challenge to protections would require an extraordinary case and we have yet to see a deserving one. But the CFPB is promoting a new best practice which is not called for in the law. Bankers should understand, what is requested by the CFPB is purely optional and would come at a cost. Banks individually must determine if it is a reasonable cost or not.

The child support levy moratorium is over

By Pauli D. Loeffler

During COVID-19, the Oklahoma Child Support Service (“OCSS”) took a break from issuing levies. The moratorium has ended, and banks are receiving levies again. I covered child support levies in the February 2018 OBA Legal Briefs, which you can access online once you register an account through the My OBA Member Portal. Here are few bullet points to keep in mind.

  • The levy is exempt from the Garnishment of Federal Benefits rule.
  • The levy attaches to all deposit accounts OWNED by the Obligor/customer whether or not the account number is included on the levy. That includes accounts held in sole ownership, joint ownership, sole proprietorships, grantor trusts, CDs, MMDAs, IRAs, retirement, annuities, 401Ks, and HSAs. It will NOT reach accounts owned by an LLC (even if it uses a sole member’s SSN), a corporation, partnership, a limited partnership, IOLTA, insurance premium trust account, etc.
  • The levy is effective for 60 days after receipt and subsequent deposits will be captured. The bank may cash “on-us” checks payable to the account owner but should not cash checks drawn on other financial institutions.
  • A copy of the levy will be mailed to the account owner by OCSS, so the bank does not mail a copy. The bank is free to let the owner know of the levy as soon as it locks the account down.
  • OCSS may release or partially release the levy prior to 60 days. The release must be signed by an attorney.


January 2023 OBA Legal Briefs

  • Has your bank suddenly become a HMDA reporter?
  • Minutiae matter
  • Joint owners’ signatures on new joint accounts

Has your bank suddenly become a HMDA reporter?

By John S. Burnett

A recent federal court decision has lowered the loan reporting threshold for closed-end mortgage loans under the Home Mortgage Disclosure Act-implementing Regulation C from 100 to 25 closed-end mortgage loans in each of the two preceding calendar years. If your bank has been routinely making 50 or 60 closed-end mortgage loans and very few open-end mortgage loans each year for the last several years, you might have been planning to enjoy another year in 2023 of not being a HMDA reporter.

All that has changed. And if you haven’t realized that yet, you’ve got some scrambling to do.


In a final rule that became effective in 2015 (the “2015 final rule”), the CFPB set the HMDA reporting threshold for closed-end mortgage loans at 25 in either of the two preceding calendar years.

On May 2, 2019, the Bureau issued a proposal to, among other things, increase the 25 closed-end mortgage loan reporting threshold to either 50 or 100 such loans in either of the two preceding calendar years.

On May 12, 2020, the CFPB issued a final rule (the “2020 final rule”) that, among other things, increased the closed-end mortgage loan reporting threshold to 100 such loans in either of the two preceding calendar year. The change was effective July 1, 2020.

After the adoption of the 2020 rule, the National Community Reinvestment Coalition, Montana Fair Housing, Texas Low Income Housing Information Service, Empire Justice Center, the Association for Neighborhood & Housing Development, and the City of Toledo, Ohio, filed a lawsuit challenging the changes to the closed-end reporting thresholds (and other provisions) in the 2020 final rule, asserting that the 2020 final rule was arbitrary and capricious, contrary to law, and in excess of the Bureau’s statutory authority under the Administrative Procedure Act.

On September 23, 2022, the U.S. District Court for the District of Columbia issued an order vacating (nullifying) only the portions of the 2020 final rule that increased the closed-end mortgage loan reporting threshold. The court found that the “CFPB failed adequately to explain or support its rationales for adoption of the closed-end reporting thresholds under the 2020 Rule, rendering this aspect of the rule arbitrary and capricious.”

The court cited the preamble to the 2015 final rule in noting that the CFPB explained that “the loss of data in communities at closed-end mortgage loan-volume thresholds higher than 25 would substantially impede the ability of the public and public officials in these locales and others to understand access to credit in their communities.”

The CFPB offered no comment on the court’s ruling until December 6, 2022, when an article, “Changes to HMDA’s closed-end loan reporting threshold,”[] was posted to the Bureau’s blog. The article simply said, “The [court’s] decision means that the threshold for reporting data on closed-end mortgage loans is now 25 loans in each of the two preceding calendar years, which is the threshold established by the 2015 HMDA Final Rule, rather than the 100-loan threshold set by the 2020 HMDA Final Rule.”

The Blog article went on to say that the “CFPB recognizes that financial institutions affected by this change may need time to implement or adjust policies, procedures, systems, and operations to come into compliance with their reporting obligations. In these limited circumstances, in allocating the CFPB’s enforcement and supervisory resources, the CFPB does not view action regarding these institutions’ HMDA data as a priority. Thus, the CFPB does not intend to initiate enforcement actions or cite HMDA violations for failures to report closed-end mortgage loan data collected in 2022, 2021, or 2020 for institutions subject to the CFPB’s enforcement or supervisory jurisdiction that meet Regulation C’s other coverage requirements and originated at least 25 closed-end mortgage loans in each of the two preceding calendar years but fewer than 100 closed-end mortgage loans in either or both of the two preceding calendar years.”

On December 21, 2022, the CFPB published a final rule at 87 FR 77980 [] with technical amendments to Regulation C that changed each mention of the 100 closed-end mortgage loans reporting threshold in subsections 1003.2(g) [definition of financial institution] and 1003.3(c) [excluded transactions] and the Official Interpretations of those subsections to 25 closed-end mortgage loans. The amendments became effective on publication.

What this all means

When the District Court vacated the portion of the 2020 final rule that increased the reporting threshold for closed-end mortgage loans from 25 to 100 such loans in either of the preceding two calendar years, it put those portions of the regulation and official interpretations back to their 2015 final rule wording, as if they were not changed by the 2020 final rule.

In the Bureau’s Blog article described just above, the Bureau acknowledged that the court’s ruling could HMDA filing requirements for applications and loans dated in 2020 (from July 1), 2021, and 2022, for financial institutions that made at least 25 but fewer than 100 closed-end mortgage loans in the two previous calendar years. It went on to say that it doesn’t intend to initiate enforcement actions or cite HMDA violations for failures to report closed-end mortgage loan data collected in 2020 through 2022 for institutions subject to Bureau enforcement or supervisory jurisdiction.

There have been no similar statements of intent not to initiate enforcement actions or cite HMDA violations from the Federal Reserve Board, FDIC, OCC, or NCUA. It would seem that those regulators will have to issue a similar statement because it is next to impossible for many bankers to go back over their applications and loans to find the data to back-file because they weren’t collecting HMDA data during that period.

Let’s assume that the other regulators issue such a statement. What does your bank need to do if it originated 25 or more closed-end mortgage loans in both 2021 and 2022 but hasn’t had to file since 2015?

1. If your bank never obtained a Legal Entity Identifier (LEI) or let its LEI lapse, jump on the task of getting one (or renewing or replacing the old one). You need it to create the unique loan numbers that have to be assigned to each entry on the HMDA LAR.

2. Make sure the bank has the right application forms to collect HMDA data

3. Quickly get lenders and loan assistants spun up on any changes in loan interview scripts and the necessity for checking that HMDA data are being collected with applications

4. Remember that each HMDA-related loan application received after December 31, 2022, will need to include HMDA data added as it gets processed and originated, denied, or withdrawn.

5. For loans already in the pipeline on January 1, 2023, check to see what HMDA data are missing, and take steps to obtain it.

Some industry trade groups have asked the CFPB and prudential regulators to formally declare a one-year amnesty on enforcement for small-volume lenders impacted by the court’s ruling. As of this writing, many such lenders are uncertain they can adapt their procedures by January 1, 2023, and we haven’t heard more from the Bureau or the prudential regulators.

Minutiae matter

By Andy Zavoina

Welcome to 2023. As I pen this month’s article one of my inbox emails is from Apple News and it is about 2023 horoscopes and what is in the stars for me. It is time to look forward, which may require looking back. I remember sitting at my compliance desk at 6:30 p.m., after having been there since 6:30 a.m., that a new year should come with a fresh start, a clean slate, a new beginning. All those audits I had not gotten to should be erased and I should be able to start with a fresh calendar. After all, I made it another year. But that is not how life works. It is not like a sporting event and the last game is over, start your game plan for the next one. Well – you do have to prepare for the future and that is what this article is about. But there was no “last game” and what was not finished still needs to get done. It is like the saying says, this is not a sprint, it is a marathon. That is when I consider coming in at 6 a.m. tomorrow to get an earlier start.

One thing to always consider as you begin planning your year is what are the major events you are aware of?

• Are we a HMDA reporter or now will be and what ramifications does that bring? If applicable, are we ready for the March 1 filing deadline this year? Do we have only the final quarter’s LAR entries to scrub or more, and how long will that take?

• The Regulation B small business data gathering rule will be coming out this first quarter. The CFPB has said it will, and in fact has promised it will be to both Congress and a court. But the final rule is not here yet and I will worry directly about that when we have the new rule. It will be a lot of preparation work. I am aware of that, and it is in the back of my mind as I start planning major events for 2023. But my focus now is what do I need to get done and on my “completed list” before that new requirement begins taking my time and attention.

• When is my next compliance exam? That is a compliance officers’ direct responsibility. What has been done to prepare for it and depending on when that is expected, more importantly, what has not been done? Start making that list if your exam is eminent. What other exams do you contribute to – Bank Secrecy, Safety and Soundness which may include Reg O, any fair lending or mortgage origination and servicing requirements? When we had a separate mortgage loan origination department, HUD and the VA. separately examined it You may have similar issues. And while we follow regulatory requirements typically to ensure consumer protections are in place, the fact is that exams are where our success or failure is often judged and scored. In preparation for those, we may have internally and externally completed audits done. When are these on the calendar and what preparation is needed for them?

Let’s look at the future, and to do that we have to reflect on the past. Let’s eliminate some of the small things, the minutiae. These are minimal tasks that need to be sorted and ensure there are no issues with compliance. It’s the little things sometimes that surprise you and bite you on the backside. So, let’s strive to eliminate as many of those as we can.

Now that signage requirements are addressed, let’s ensure “annual” tasks have been completed.

Reg BB (CRA), Content and availability of Public File Reg H § 228.43 – Your Public Files must be updated and current as of April 1 of each year. Many banks update this continuously, but it’s good to check. You want to ensure you have all written comments from the public from the current year plus each of the two prior calendar years. These are comments relating to the bank’s efforts in meeting community credit needs (your SBA loans may play a key role here) as well as any responses to comments. You also want a copy of the last public section of the CRA Performance Evaluation. That actually is to be placed here within 30 days of receipt. Ensure you are keeping up with branch locations and especially ATMs as those may fluctuate. The regulation has more on the content of this file. It may be best to review it with an audit workpaper to use as a checklist to avoid missing any required items.

CRA Notice and Recordkeeping § 228.42, 228.44, 1003.5 – CRA data, which can include small business and small farm as well as home mortgages are gathered based on specific reporting requirements for the Loan Application Registers (LAR). CRA and HMDA information, if applicable, must be submitted by March 1, for the prior calendar year. If you are a reporter of either LAR, you should start verifying the data integrity now to avoid stressing the process at the end of February. HMDA mortgage data should be compiled quarterly so this should not be a huge issue, but a thorough scrubbing as the new year starts and submission preparation readies is always warranted.

Pertaining to this, national banks should ensure they have reviewed and updated as needed the CRA, FHA and ECOA notices in accordance with the Aug. 5, 2021, OCC Bulletin 2021-35. This bulletin provided updated content for the appropriate names and addresses for notices required by the Community Reinvestment Act and Equal Credit Opportunity Act, and for posters under the Fair Housing Act. National banks were required to make the appropriate changes to their notices and posters within 90 days of the issuance which then had a mandatory compliance date of Nov. 3, 2021.

Reg C – HMDA Notice and Recordkeeping § 1003.4, 1003.5 – HMDA data are gathered as home mortgage loans are applied for and are compiled quarterly if your bank is a HMDA reporter. There are specific and detailed reporting requirements for the Loan Application Register (LAR) itself. The LAR must be submitted by March 1, for the prior calendar year. If you are a reporter, you should start verifying the data integrity now and this is of vital importance if you have a large volume of records to report.

Reg E § 1005.8– If your consumer customer has an account to or from which an electronic fund transfer can be made, an error resolution disclosure is required. There is a short version that you may have included with each periodic statement. If you’ve used this, you are done with this one. But if you send the longer version that is sent annually, it is time to review it for accuracy and ensure it has been sent or is scheduled to be. Electronic disclosures under E-SIGN are allowed here.

This is also a good time to review §1005.7(c) (additional electronic fund transfer services) and determine if any new services have been added and if they were disclosed as required. Think Person-to-Person transfers like Zelle, Venmo or Square.

Reg G – Annual MLO Registration § 1007.102 – Mortgage Loan Originators must go to the online Registry and renew their registration. This is done between November 1 and December 31. If this hasn’t been completed, don’t push it to the back burner and lose track during the holidays and then have to join a year-end rush to complete this task. This is also a good time to plan with management and Human Resources any MLO bonus plans. Reg Z Section 1026.36(d)(1)(iv)(B)(1) allows a 10 percent aggregate compensation limitation on total compensation which includes year-end bonuses.

Regulation O, Annual Resolution §§ 215.4, 215.8 – In order to comply with the lending restrictions and requirements of 215.4, you must be able to identify the “insiders.” Insider means an executive officer, director, or principal shareholder, and includes any related interest of such a person. Your insiders are defined in Reg O by title unless the Board has passed a resolution excluding certain persons. You are encouraged to check your list of who is an insider, verify that against your existing loans, and ensure there is a notification method to keep this list updated throughout the year.

Reg P § 1016.5 –There are exceptions allowing banks which meet certain conditions to forgo sending annual privacy notices to customers. The exception is generally based on two questions; does your bank share nonpublic personal information in any way that requires an opt-in under Reg P, and have you changed your policies and practices for sharing nonpublic personal information from the policies and procedures you routinely provide to new customers? Not every bank will qualify for the exception, however. John Burnett wrote about the privacy notice conundrum in the July 2017 Legal Briefs. That article has more details on this.

When your customer’s account was initially opened, you had to accurately describe your privacy policies and practices in a clear and conspicuous manner. If you don’t qualify for the exception described above, you must repeat that disclosure annually as well. Ensure that your practices have not changed and that the form you are sending accurately describes your practices.

For Reg P and the Privacy rules, annually means at least once in any period of 12 consecutive months during which that relationship exists. You may define the 12-consecutive-month period, but you must apply it to the customer on a consistent basis, so this is not necessarily a December or January issue, but it could be. And each customer does not have their own “annual date.” If a consumer opens a new account with you in February, you provide the initial privacy notice then. That is year one. You can provide the annual privacy notice for year two at any time, up until December 31 of the second year.

It is important to note that unlike most other regulatory requirements, Reg P doesn’t require E-SIGN compliance for your web-based disclosures. You can use e-disclosures on your bank web site when the customer uses the web site to access financial products and services electronically and agrees to receive notices at the web site, and you post your current privacy notice continuously in a clear and conspicuous manner on the web site. So, the demonstrable consent requirements and others in E-SIGN’s 15 USC Sect. 7001(c) do not apply, but there must still be acceptance to receive them on the web. Alternatively, if the customer has requested that you refrain from sending any information regarding the customer relationship and your current privacy notice remains available to the customer upon request this method is acceptable.

Fair Credit Reporting Act – FACTA Red Flags Report – Section VI (b) (12 CFR 334.90) of the Guidelines (contained in Appendix J) require a report at least annually on your Red Flags Program. This can be reported to either the Board, an appropriate committee of the Board, or a designated employee at the senior management level.
This report should contain information related to your bank’s program, including the effectiveness of the policies and procedures you have addressing the risk of identity theft in connection with the opening of covered accounts and with respect to existing covered accounts, as well as service provider arrangements, specifics surrounding and significant incidents involving identity theft plus management’s response to these and any recommendations for material changes to the bank’s program. Times change, customers’ habits change, and importantly criminals change, and each may require tweaks to the bank’s program.

Reg V, Fair Credit Reporting Act – Affiliate Marketing Opt-Out § 1022.27(c) – Affiliate marketing rules in Reg V place disclosure restrictions and opt out requirements on you. Each opt-out renewal must be effective for a period of at least five years. If this procedure is one your bank is using, you must know if there are there any expiration dates for the opt-outs and have these consumers been given an opportunity to renew their opt-out?

RESPA Reg X, Annual Escrow Statements § 1024.17 – For each escrow account you have, you must provide the borrower(s) an annual escrow account statement. This statement must be done within 30 days of the completion of the escrow account computation year. This need not be based on a calendar year. You must also provide them with the previous year’s projection or the initial escrow account statement, so they can review any differences. If your analysis indicates there is a surplus, then within 30 days from the date of the analysis you must refund it to the borrower if the amount is greater than or equal to $50. If the surplus is less than that amount, the refund can be paid to the borrower, or credited against next year’s escrow payments.

Reg Z Thresholds and Updates § 1026.3(b) – These changes are effective January 1, 2023. You should ensure they are available to staff or correctly hard coded in your systems. The exemption for Reg Z disclosures will increase from $61,000 to $66,400, meaning consumer loans over that amount (less real or personal property expected to be used as the consumer’s principal dwelling or a private education loan) will be exempt.

BSA Annual Certifications – Your bank is permitted to rely on another financial institution to perform some or all the elements of your CIP under certain conditions. The other financial institution must certify annually to your bank that it has implemented its AML program. Also, banks must report all blockings to OFAC within ten days of the event and annually by September 30, concerning those assets blocked.

Information Security Program part of GLBA – Your bank must report to the board or an appropriate committee at least annually. The report should describe the overall status of the information security program and the bank’s compliance with regulatory guidelines. The reports should discuss material matters related to the program, addressing issues such as: risk assessment; risk management and control decisions; service provider arrangements; results of testing; security breaches or violations and management’s responses; and recommendations for changes in the information security program.

Security, Annual Report to the Board of Directors § 208.61 – The Bank Protection Act requires that your bank’s Security Officer report at least annually to the board of directors on the effectiveness of the security program. The substance of the report must be reflected in the minutes of the meeting. The regulations don’t specify if the report must be in writing, who must deliver it, or what information should be in the report. It is recommended that your report span three years and include last year’s historical data, this year’s current data and projections for the next year.

Similar to the Compliance Officer reporting to the board, this may include a personal presentation, or it may not. I recommend that it is because this is an opportunity to express what is being done to control security events from the recent past as well as foreseeable events and why these are important issues. These facts can assist Security in getting the budget and assets necessary for the coming year. There is no prescribed period during which the report must be made other than “annually,” and this may be based off the timing of the prior report, give or take a month. Annual presentations such as this are better done when the directors can focus more on the message so try to avoid quarter ends, and especially the fourth quarter. This is not a “how-to” on the annual security report, but you can find more on the topic, free, on the BankersOnline Tools by searching on “annual security program.”

Training – An actual requirement for training to be conducted annually is rare, but annual training has become the industry standard and may even be stated in your policies. There are six areas that require training (this doesn’t mean you don’t need other training, just that these regulations have stated requirements).

• BSA (31 CFR §1020.210(b)(4), and 12 CFR §208.63(c)(4) Provide training for appropriate personnel.
• Bank Protection Act (12 CFR §21.3(a)(3) and §208.61(c)(1)(iii)) Provide initial & periodic training
• Reg CC (12 CFR §229.19(f) Provide each employee who performs duties subject to the requirements of this subpart with a statement of the procedures applicable to that employee)
• Customer Information Security found at III(C)(2) (Pursuant to the Interagency Guidelines for Safeguarding Customer Information), training is required. Many banks allow for turnover and train as needed, imposing their own requirements on frequency.)
• FCRA Red Flag (12 CFR 222.90(e)(3)) Train staff, as necessary, to effectively implement the Program;)
• Overdraft protection programs your bank offers. Employees must be able to explain the programs’ features, costs, and terms, and to explain other available overdraft products offered by your institution and how to qualify for them. This is one of the “best practices” listed in the Joint Guidance on Overdraft Protection Programs issued by the OCC, Fed, FDIC and NCUA in February 2005 (70 FR 9127, 2/24/2005), and reinforced by the FDIC in its FIL 81-2010 in November 2010.

MISCELLANEOUS – Some miscellaneous items you may address internally in policies and procedures include preparation for IRS year-end reporting, vendor due diligence requirements including insurance issues and renewals, documenting ORE appraisals and sales attempts, risk management reviews, following records retention requirements and destruction of expired records, and a designation by the bank’s board of the next year’s holidays. And finally, has there been a review of those staffers who have not yet taken vacation or “away time” to the five consecutive business days per the Oklahoma Administrative Code 85:10-5-3 “Minimum control elements for bank internal control program”?

Joint owners’ signatures on new joint accounts

By John S. Burnett

We on the OBA Compliance Team were reminded in recent weeks of the problems that can arise when a bank has opened a joint account without obtaining all of the joint owners’ signatures on the account signature card or other deposit contract. It’s our sense that banks aren’t allowing this to happen as often now as it did years ago. But a quick review of the subject may help keep it at “top of mind” when opening joint accounts.

First, a bank account agreement, whether it’s on the signature card itself or in a separate document, is a legal contract between the bank and the owner(s) of the bank account. When there are two or more owners, the agreement is also a contract between or among the joint owners. In most cases, each joint owner agrees that each owner has a right to all of the funds in the account, and, for most banks, each owner agrees to be responsible for any overdraft balance, regardless of which owner causes it.

But in order to have the right to the funds in the account or to be responsible for an overdraft in the account or have the right to request information on or statements of the account, each person has to formalize their participation in the agreement by signing the signature card. Furthermore, to be FDIC insured as a joint account, each owner must have signed, or there must be other evidence of the intent that the account be jointly owned.

Banks should have a tight policy and procedure for managing the opening of a joint account when an owner isn’t present. Assuming they have the ability, they could obtain electronic signatures for account agreements from owners absent from the account opening. If that is not possible, they should consider including in the deposit contract, atter consulting legal counsel, a provision that, if a person identified as a joint owner has not signed the signature card within ___ days after the opening of the account, the account’s ownership will change to eliminate that person’s interest in the account. They should also do a proactive (effective) job of following up with the customer who failed to sign in the days after the account was opened.

December 2022 OBA Legal Briefs

  • Insider Abuses

Insider Abuses

By Andy Zavoina

Bert Lance.

Many, or most of you will not know that name, but all of you know Regulation O. Briefly, this reg was implemented to prevent bank directors, executive officers, and principal shareholders from benefiting from favorable credit terms and treatment in a bank. This group we refer to as “insiders” is not to be treated to better terms than similarly qualified “civilians” we can refer to as the public. Lance and Reg O are a cause and an effect of an insider abusing their authority and position.

Before we discuss the details of Reg O, we need to set the stage on events attributed to the development of Reg O. Bert Lance was the central figure on that stage. He considered himself a country banker from Georgia. His claim to fame was that he went to Washington as President Jimmy Carter’s budget director at the Office of Management and Budget (OMB). Carter took office in 1977. As one of Carter’s closest advisers for almost two decades, he was approved for his political appointment with ease, but not without some criticism. William Proxmire, chairman of the Senate Banking Committee, opposed Lance’s nomination, saying, “He has had none — zero, zip, zilch, not one year, not one week, not one day” of experience at managing a federal budget then estimated at $400 billion.

Perhaps this was demonstrated in Lance’s financial condition at the time. Lance was a banker and his bank had $5 million in loans to Carter’s family business. Carter was known as a peanut farmer when he became president. As to financial condition, Lance had a net worth of almost $3 million but with that he carried more than $5 million in debt. Lance lived well as he owned three large homes in Georgia and rented a house in Georgetown as he worked in Washington, DC. His annual interest payments on the various loans amounted to $370,000. To cover this debt service, he had his public service salary as budget director of $57,500. It did not take long for the speculation and criticisms to start of Lance’s performance, but was this legitimate criticism, or politics? Federal investigators questioned his appointment process and eventually the Senate Governmental Affairs Committee questioned Lance over allegations that he had misused bank funds, obtained loans at favorable rates, and used a company plane to fly to University of Georgia football games, all abusing his position in the bank and living a lifestyle beyond his means.

Several senators called for his resignation, and under increasing pressure Lance did resign less than nine months after taking his position at the OMB. This was the first major internal scandal of the Carter presidency. One could still question if this was deserved or political, but it got worse.

Lance was arraigned on twelve federal charges that could have sent him to prison for 95 years for conspiracy, fraud, and assorted violations of banking laws. This was pre-Reg O and insider abuses were considered as contributing factors to the violations. Lance and three other conspirators were charged with illegally obtaining 383 loans for themselves, their families, and associates from 41 banks stretching from Atlanta to New York and Chicago and from there to Luxembourg and Hong Kong.

The 1979 indictment alleged Lance and three others showed a “reckless disregard for the safety of the banks” that extended credit to them when there was “no reasonable expectation of repayment.” The indictment alleged that Lance repeatedly used a “false and misleading” personal financial statement to obtain loans, including one for $3.4 million from the First National Bank of Chicago. That same financial statement, dated Jan 7, 1977, was the one submitted to the Senate Governmental Affairs Committee for  his confirmation to head the OMB.

To illustrate the issues prompting increased regulation, Lance’s financial statement failed to reflect a $14,000 loan that the National City Bank of Rome, Ga., had made to Lance’s wife. After he became budget director, the grand jury said, Lance got the Rome bank to transfer the loan from his wife’s name to Lancelot, which was a partnership actually consisting of Lance and his wife.

In one of his many legal cases, Lance was acquitted on nine of twelve charges and the remaining three were eventually dropped. Lance had also been charged with twenty-one other felonies, including misapplication of bank funds as president of the National Bank of Georgia (NBG) and the First National Bank of Calhoun, falsification of personal financial statements and making false entries on NBG records. The indictment indicated that Lance and two others used their positions in a few small Georgia banks to acquire the stock of still other banks by lending each other money without adequate collateral and, in some cases, no collateral at all.

It came out that in 1974 and 1975, Lance “caused Calhoun First National Bank” to make a total of $79,530 in unsecured loans to his son, David Lance, who was then a twenty-year-old student. On May 27, 1976, Lance got a $150,000 loan from the Chemical Bank of New York, putting up 14,811 shares of stock as collateral. However, that stock was already pledged as part of the collateral of another loan Lance had, this one for $2.6 million from the Manufacturers Hanover Trust Co. of New York.

As a side note, several years later, Lance was still in trouble and under investigation by a federal grand jury and the Securities and Exchange Commission after being charged with “unsafe and unsound” banking practices and misappropriation of funds. In this case he was fined $50,000 and barred from banking by the Office of the Comptroller of the Currency.

With the abundance of accusations and cases, such poor banking practices achieved a national spotlight. Sounds like the reason for the birth of a regulation, right?

Reg O is somewhat of a standard to follow. The case examples below are from consent orders from the Office of the Comptroller of the Currency (OCC) which has an “Insiders Activities” section in its Comptroller’s Handbook. This section includes various discussions of risk but also refers to the Federal Reserve’s Reg O as requirements which must be followed. The Handbook states, “Various state and federal laws and regulations govern insider activities. Unlike the broad standards of fiduciary duties, these laws and regulations are specific about how insiders are to conduct themselves. Since the statutory and regulatory restrictions on insider transactions do not apply uniformly to all insiders, the board and management must become familiar with each restriction and must pay careful attention to the scope and requirements of each.” This may well be stated by other regulatory agencies as it would be good advice for all banks other than national banks.

Reg O established reporting requirements for bank insiders which were included in previous financial laws. The Financial Institutions Regulatory and Interest Rate Control Act of 1978 contributed significantly to the first iteration of Reg O which was originally established in 1980. It later incorporated the Depository Institutions Act of 1982 and has been revised many times since.

Reg O set forth a new set of rules to stop the preferred treatment that Bert Lance and others took advantage of. Abuses such as was described above can threaten the safety and soundness of a bank in large or small ways, but a threat is a threat. This article will recap pertinent sections of Reg O requirements but is not an in-depth review. I will not address recordkeeping, executive officer requirements or risk management issues.

Reg O applies to insiders, which includes executive officers, directors, and principal shareholders and the related interests of these individuals of the bank and its affiliates. Reg O further defines executive officer as any person who participates or has the authority to participate in major policy making functions, regardless of title or compensation, though it specifically lists the chairman of the board, the president, every vice president, the cashier, the secretary, and the treasurer as executive officers, unless excluded through bylaws or by a resolution of the board of directors and in practice the individual does not participate in major policy making functions. Most banks’ boards of directors define the insiders in their Reg O policy. Those listed should meet the test of a “person who participates or has the authority to participate” in the major policymaking activities and the bank needs to ensure someone who meets this test is in fact listed.

Related interests of the insider include any company controlled by the insider. For Reg O, this results from directly or indirectly owning, controlling, or having the power to vote 25 percent or more of any class of voting securities of a company. It also includes controlling the election of a majority of the directors of a company or having the power to exercise a controlling influence over the management or policies of a company. There is a presumption of control for any director or officer of a company who directly or indirectly owns, controls, or has the power to vote more than 10 percent of any class of voting securities of that company, or for any person who directly or indirectly owns, controls, or has the power to vote more than 10 percent of any class of voting securities if no other person owns a greater percentage.

The bank needs to be able to track loans to insiders and the related interest of those insiders. Recordkeeping requires this but the accuracy is the burden of the bank, knowing the insiders and having them understand and identify their related interests.

This information is also useful when the bank is employing any of these related interests. While not directly related to Reg O, as you will read below if there are issues with paying an insider’s “side business” for work not completed, that is a safety and soundness issue as well as a violation of ethics requirements the bank should have. The related interest list can be used in the vendors due diligence process to identify the players. In a small town and transparent bank environment the bank will know who they are dealing with. It is not a violation to employ them, but the purpose here is not only to avoid a problem, but to avoid any appearance of a problem or preferential treatment.

There are limits placed on the loans to insiders both on an individual and an aggregate basis. The lending limit to an individual, including their related interests, is 15 percent of the bank’s unimpaired capital and surplus for loans that are not fully secured, and an additional 10 percent for loans that are fully secured by readily marketable collateral. Loans fully secured by obligations of the U.S. government or agencies, or loans secured by deposits held at the bank are not counted toward the limit. On an aggregate basis, loans to insiders are limited to the equivalent of the bank’s unimpaired capital and surplus, or up to two times unimpaired capital and surplus for banks with less than $100 million in deposits, as long as a signed resolution by the bank’s board justifies the higher limit. The higher limit for smaller banks is also conditioned on the bank meeting applicable capital requirements and having a satisfactory CAMELS rating from the bank’s most recent examination.

Reg O includes general prohibitions based on terms and creditworthiness. Loans made to insiders must be on substantially the same terms, such as interest rates and collateral, as loans made to non-insiders, with the same underwriting standards applied at origination. This is not to say if the bank made one other loan under similar terms, it could use that as justification to provide a credit product with otherwise more favorable terms to its directors. The comparisons must be real and authentic. In addition, the loan must not involve more than the normal risk of repayment or present other unfavorable features. Any loan to an insider of an amount more than $25,000 or 5 percent of unimpaired capital and surplus, whichever is higher, must be preapproved by a majority vote of the board of directors, and the insider must abstain from the approval process. Prior approval is required when an extension of credit, regardless of the amount, results in aggregate debt to the individual and their related interests exceeding $500,000.

An extension of credit includes making or renewal of a loan, a line of credit, or extending credit in any manner. Overdrafts are included in Reg O. Overdrafts of $5,000 or less are not considered extensions of credit when made pursuant to a written, preauthorized, interest-bearing extension of credit plan, or a written, preauthorized transfer of funds from another account.

Banks are prohibited from paying overdrafts to executive officers and directors. The prohibition on overdrafts does not apply to the payment of inadvertent overdrafts if the aggregate amount of overdrafts on an account does not exceed $1,000, the account is not overdrawn for more than five business days, and the executive officer or director is charged the same fee as any other customer. The prohibition on the payment of overdrafts does not apply to principal shareholders who are not also an executive officer or director, or to the related interests of insiders.

Reg O is designed to add controls to loan related issues even though it includes a lot of recordkeeping, and the focus is on preferential treatment of those in control of the bank. Deposit rates to employees and insiders is not a Reg O issue but could be preferential treatment issue. I will draw your attention to 12 U.S.C. Sec. 376 which says, no member bank shall pay to any director, officer, attorney, or employee a greater rate of interest on the deposits of such director, officer, attorney, or employee than that paid to other depositors on similar deposits with such member bank.” Note this rule applies to member banks. Nonmember banks may consider it a good practice, but not a regulatory requirement.

The following cases are real and are public information by virtue of regulatory enforcement orders. In some cases, the reader may make assumptions to fill in gaps not otherwise in the enforcement orders. Nonetheless as is commonly stated in a consent order, these were done by the subject who, “without admitting or denying any wrongdoing, desires to consent to the issuance of this Consent Order…”

James Ratcliff

Considering the abuses that lead to Reg O and its intended protections for bank deposits, the first case to exemplify why these protections need to be adhered to, monitored, and enforced is one in which the OCC took against James Ratcliff.

Ratcliff was an Executive Vice President and Vice Chairman at an Oklahoma bank which had $285 million in assets as of December 2020. The bank has since been acquired.  Ratcliff was an Executive Vice President from 2000 to 2020. He held the position of Vice-Chairman of the Board of Directors from 2016 until mid-2020, when he became Chairman of the Board. He then served as Chairman until November 2020. He was most certainly an insider and empowered by virtue of his position to direct the bank and its activities on a daily basis.

The enforcement order (AA-ENF-2022-32) says Ratcliff, “caused the Bank to engage and pay numerous entities owned by Respondent as third-party vendors. Respondent participated in setting the financial arrangements between the Bank and the entities he owned.” These are issues that involve self dealing and while these may not violate any lending issues, the practices should certainly be scrutinized by the bank under its ethics policy. This does not mean that may not be done, but if they are transparency should prevail. Again, there should be no impropriety and no appearance of any impropriety.

In this case, Ratcliff (and presumably the bank itself) failed to ensure that the services that were to be provided were in fact done. In fact, in these instances there are often no contracts to compare the work or services to be completed to, yet there were payments made and therefore this long seasoned employee, officer, insider was receiving payment directly or indirectly with no evidence of work performed.

Also cited in the enforcement order was the fact that Ratcliff failed to ensure employee compensation was commensurate with that person’s responsibilities and actual work performed for the bank. But mostly that he also directed bank employees and contractors to perform work for his non-bank entities at the expense of the bank. Here again, it can be difficult to challenge a senior officer in the bank, yet there are times for the good of the bank that a challenge is required.

On to the issue of lending, Ratcliff approved and/or made multiple unsafe or unsound loans that were “liberally underwritten” and included inaccurate credit memorandums which then contained insufficient financial statement and cash flow analysis. Ratcliff himself participated in the practice of helping borrowers create new corporate entities and transferred existing debt to these new entities without any positive change in that borrower’s ability to repay. Similar to the prohibited practice of flipping loans, here the intent was to disguise who the debt was owed to, and it may have been a tactic to avoid debt service requirements.

The bank extended loans to entities owned in whole or in part by Ratcliff. In this process he failed to disclose his ownership interest in any of these entities to the bank or the board. During loan approval processes he also did not recuse himself from approvals of these loans. Was the bank at fault? If Ratcliff failed to disclose his ownership interest the bank had no idea that his recusal was required. From a compliance perspective I would at this point want to know when the insiders were last trained or reminded of their responsibilities. While ignorance of the law is no excuse for a violation, it may serve as a defense. Compliance should note to itself that periodically formal or informal training is conducted even if it serves only as a reminder to insiders as to their responsibilities. Similarly, staff in the bank need to be reminded that they have an obligation to the bank, and not the insiders, to notify others in management if they happen to be aware of any violation such as these.

In this case Ratcliff was deemed to have, “engaged in violations of law, regulation, or order, recklessly engaged in unsafe or unsound practices, and breached his fiduciary duty to the Bank; which violations, practices, or breaches were part of a pattern of misconduct, caused or were likely to cause more than a minimal loss to the Bank; and demonstrated willful or continuing disregard for the safety and soundness of the Bank. loans.”

As a result of this consent order, Ratcliff was essentially banned from banking. Among other prohibitions, he may not participate in any manner in the conduct of an insured bank’s affairs, solicit, procure, transfer, attempt to transfer, vote, or attempt to vote any proxy, consent, or authorization with respect to any voting rights or vote for a director, or serve or act as an “institution-affiliated party.” That is part of the standard order used in such cases.

What is more, and imposes individual liabilities for his actions, is the civil money penalty Ratcliff has to pay off $100,000. The amount of money the bank may have lost paying third party vendors for services not provided is not known. Any losses due to questionable loans when Ratcliff had borrowers create a new entity to takeover the debt of a different borrower but essentially with the same beneficial owner is not known. Any problems with loans to Ratcliff’s own companies in which he failed to disclose his ownership is not known. And the costs the bank incurred auditing all of its records for many, many years trying to unravel all of these violations, is not known. Even though the bank in question was acquired between the events above and this consent order in August 2022, the order stipulates Ratcliff, “shall not cause, participate in, or authorize the Bank (or any subsidiary or affiliate of the Bank) to incur, directly or indirectly, any expense relative to the negotiation and issuance of this Order except as permitted by 12 C.F.R. § 7.2014 and Part 359.” Those sections define the limited circumstances under which a bank may indemnify an employee or offer a golden parachute. With the acquisition of the bank in the interim between the acts and the order, any possibility of that happening would seem unlikely.

Contrast some of Ratcliff’s activities to those of Bert Lance and others and we see similar breakdowns. The abuse of authority both against the bank and the bank’s employees hurts the bank and the banking industry. We may believe what is often referred to as “the good old boys’ network” is a thing of the past. But 1977 is really not that long ago when compared to abuses that were allowed to happen.

Tony Fritz

Was Ratcliff alone in this enforcement action? No. It would seem that there was another in his bank that in many ways facilitated the wrongdoing whether knowingly, inadvertently, or through acts of negligence. Tony Fritz is the former Chief Lending Officer and Director at Ratcliff’s bank.

In his Consent Order (AA-ENF-2022-34) it is noted that Fritz worked for the bank as a credit analyst from 2014 to 2015 and was promoted, and from 2015 through December 2019 he was both a Chief Lending Officer and a director. In his position, Fritz was expected to uphold certain standards, which was not done. He failed to ensure that credit administration and risk management practices and controls were effective and commensurate with the risk and complexity of the loan portfolio. Fritz also failed to develop a system to ensure ongoing monitoring of complex commercial credits and to ensure the bank kept adequate loan documentation. And he failed to formalize loan review and approval processes and failed to properly document lending decisions. From these comments in the consent order, it appears many loans, including those in Ratcliff’s portfolio or under his direct supervision were “rubber stamped” for approval and were not questioned if deficiencies were noted, or should have been noted.

In fact, the consent order goes on to say, Fritz, “failed to provide credible challenge to members of senior management who maintained loan portfolios and failed to maintain adequate oversight over their portfolios. And it goes on to say, Fritz, “approved and/or originated multiple unsafe or unsound loans that were liberally underwritten and included inaccurate credit memorandums containing insufficient financial statement and cash flow analysis. (Fritz) originated loans to cover customers’ overdrafts and overdraft fees. (Fritz) extended additional loans to borrowers who were not credit-worthy, sometimes through creating new entities, in order to make payments on such borrowers’ non-performing loans.” Here again, a process of rubber stamping does not offer the checks and balances that are required, nor the controls to all but ensure compliance with banking regulations and requirements.

What Fritz did, or more correctly did not do was a dereliction of duty. It was considered an unsafe or unsound banking practice and breached his fiduciary duty to the bank. It stated that this misconduct caused more than a minimal loss to the bank. Fritz was personally assessed a civil money penalty but his was less than Ratcliff’s, at $10,000. He also has additional prohibitions placed upon him essentially banning him from banking. Before he could accept a position of responsibility in a bank, he would be required to provide that bank’s president or chief executive officer with a copy of the consent order describing the above.

Orlando Romero

On this topic of insider activities and Reg O, I want to mention a third case which is from the Federal Reserve (Docket No. 22-002-B-1) against Orlando Romero. This is an order involving ethics more than traditional insiders’ activities. In this case the banker was not fined but was banned from banking because of his misconduct which violated internal bank policies and constituted violations of law or regulation and were considered unsafe or unsound practices and breaches of fiduciary duty.

This case is special in several ways. Firstly, when I have discussed this with many bankers, most have not heard of such an enforcement before, and many do not see it as a fundamental problem. It is something that many have heard of or done to some extent.

Romero was a client service specialist in a Global Technology area of his large bank. He had received a job offer letter from a competing institution. That letter provided him with some specific terms of employment one of which was his salary. I would assume it offered him an increase, but that would not seem to be enough for Romero. He altered the letter and increased the starting salary above that which was actually offered.

Romero added $28,000 to his current salary and presented that to his current bank in hopes for a raise and he would then remain at his current bank. That amount is significant to me. In this case his bank met that amount and Romero’s annual salary was increased. This is where many bankers would proclaim a “win” for the employee. Questions bankers may ask include, “if the bank thought he was worth that amount when a competitor offered it to him, why wasn’t he worth that before?” In fact, he was not offered that amount by a competitor. There would seem to be a fine line between ethically asking for a raise and fraudulently stating that a competitor has valued your work at more than your current employer. Regardless, some bankers take the position that Romero’s bank had a decision to make regardless of where an offer came from: “Was he worth that much considering his job duties, his performance, and the costs associated with bringing in a new employee to fill that position?” If the bank paid him the increase, then its answer was that he was worth it.

But in the end, somehow the bank discovered the scheme. Romero resigned from his bank two and a half years after receiving his increased salary. That would amount to $70,000 in “additional” income. The order did not state if the resignation was triggered by this knowledge, or it was learned afterward. As noted above what he did was deemed to be in violation of several policies, laws and or regulations. Before he could work at another bank there were certain requirements he would have to meet. This includes providing the Managing Director/Senior Vice President or equivalent level in the reporting line of the institution with notice and a copy of the Fed’s cease and desist order against him and fully familiarize himself with the policies and procedures of the institution that pertain to his duties and responsibilities, including, but not limited to, the employee Code of Conduct, and provide written notice to the Board of Governors, along with a written certification of his compliance with each provision required in his order. It may not be a permanent, but it would take a lot to meet this, in my opinion.

At the end of the day, I hope you will ensure that management, the board, and all bank staff are both informed or reminded of their responsibilities and duties under applicable laws, regulations, and policies. As we close 2022 and enjoy the holiday season, ethics is a good topic to revisit as gifts may be offered to staff and prohibitions should apply.

November 2022 OBA Legal Briefs

  • HMDA Changes Un-Changing?
  • Defunding the CFPB
  • New “Junk Fees”

HMDA Changes Un-changing?

By Andy Zavoina

As a part of your Compliance Management Program, you should meet periodically with senior management and/or the board of directors and keep them informed of changes that are or may be coming down at you. This is especially the case as we approach budget talks. You absolutely do not want to submit your compliance budget only to advise senior management a month after it is approved that you already need an increase for 2023 because of a new requirement you had not factored in. And that is just one of the topics you should be briefing them about.

You may be thinking, “Well, Andy, we don’t think the Reg B small business data gathering will be completely in place and certainly not for the whole year, so what “new” requirement are you talking about?” In a nutshell, the Home Mortgage Disclosure Act (HMDA). Many HMDA reporters received benefit of a threshold change for reporting a HMDA Loan Application Register. The floor amount was raised in 2020 and the threshold for reporting was increased from 25 to 100 closed-end loans. More details on that in a minute, but the Consumer Financial Protection Bureau’s (CFPB) methodology for justifying this change was challenged in court and the CFPB “lost” meaning the Court is declaring the change to be invalid. Those banks taking advantage of the increased threshold may find themselves scrambling to complete HMDA LARs again.

Now some details for a better understanding. The case was between the National Community Reinvestment Coalition and the CFPB in the U.S. District Court for the District of Columbia. It was a federal judge who moved to vacate the HMDA changes by the CFPB to lower the reporting requirements by increasing the closed-end loan threshold.

HMDA rules require a lender to review two preceding years of mortgage loan activity to determine if reporting requirements apply. There is one threshold for closed-end loans and another for open-end. In 2015 the closed-end threshold for required reporting was 25 or more and the open-end threshold was 100 or more. Additional qualifications such as asset size and location are not addressed here but would still apply.

In 2020 the CFPB opted to reduce the reporting burden by increasing the threshold of reportable closed-end loans from 25 to 100. In theory this reduces the smaller, low volume reporters and still retained the bulk of the active HMDA reporters. In May 2020, the CFPB estimated there are about 4,860 financial institutions required to report their closed-end mortgage loans and applications under HMDA. These were banks and credit unions and together in 2018 they accounted for 6.3 million closed-end loans. The CFPB further noted that the total number of institutions that were engaged in closed-end mortgage lending in 2018, regardless of whether they met all HMDA reporting criteria, was about 11,600, and the total number of closed-end mortgage originations in 2018 was about 7.2 million. In other words, under the current 25 closed-end loan threshold, about 41.9 percent of all mortgage lenders are required to report HMDA data, and they account for about 87.8 percent of all closed-end mortgage originations in the country. Further, 3,250 of these insured depository institutions and insured credit unions were already partially exempt for closed-end mortgage loans under the Economic Growth, Regulatory Relief, and Consumer Protection Act (EGRRCPA), and thus were not required to report a subset of the data points currently required by Reg C for these transactions. So, the percentage of loans and lenders receiving the benefits of the exemption was small. The CFPB estimated that when the closed-end threshold would increase to 100 under this final rule, the total number of financial institutions required to report closed-end mortgage loans would drop to about 3,160, a decrease of about 1,700 financial institutions.

The plaintiffs were referred to as the National Community Reinvestment Coalition (“NCRC”), but actually also included Montana Fair Housing (“MFH”), Texas Low Income Housing Information Service (“TxLIHIS”), Empire Justice Center (“EJC”), and the Association for Neighborhood & Housing Development (“ANHD”)—and the City of Toledo, Ohio. They said that HMDA data have been invaluable in “uncovering and addressing redlining, fair lending violations, and other inequitable lending practices” over the decades and the CFPB did not dispute that claim. It was noted that open-end loans were reported after a 2015 HMDA change to the rule, but eventually that, “22 percent of depository institutions” that had previously been required to report HMDA data, were exempted and this resulted in a significant loss of data in certain census tracts.

The burden on low volume lenders to file HMDA reports did not justify the costs to complete that task, the CFPB heard and accepted as evidenced by changes in 2020. The CFPB increased the threshold from 25 to 100 closed-end loans in April of that year and it required the collection of HMDA data through June 30, for institutions that would no longer be subject to HMDA requirements for closed-end loans. These institutions no longer had to collect data starting July 1, 2020, and the reporting of any closed-end loan data collected in 2020 was optional for them.

The plaintiffs stated that each of them “use HMDA data in their research, education, and advocacy to promote access to credit, and thus to housing opportunities” in minority and rural communities. Not having the data from these low-volume lenders leaves holes and unanswered questions and could allow these lenders to violate fair lending laws because the controls are no longer in place to police them.”

The District Court ruled in favor of the plaintiffs and  invalidated the closed-end loan exemption expansions but let stand the of 200 open-end lines threshold. Remember reporting of those lines had been optional until these changes began. The court vacated and remanded the closed-end mortgage loan reporting threshold to the CFPB.

Now there are two questions we do not have the answers to, but banks must begin to prepare for in any case. What action will the CFPB take, and when will it take it? The CFPB could take the case to a higher court and seek to justify the changes it made, or it could reverse the closed-end loan reporting threshold back to the 25 closed-end loan limit. It is reasonable to assume that they will let the record stand for 2021 and 2022 and could enforce the new – old – limit effective for 2023. That is to me a logical plan but the CFPB’s intention has not yet been made public as of this writing. If that is the option they will select, those estimated 1,700 banks that fell out of reporting and any others who controlled their application counts with product restrictions need to consider training, systems and controls to get back up to speed with these new – old – rules. If this is less than two months away, HMDA reporters who were exempt deserve time to evaluate and react to their needs. If your bank may fall into this category, you must make some determinations and meet with senior management to advise them of your situation and action plan if one is needed.

Defunding the CFPB

By Andy Zavoina

Another legal case the CFPB is involved in may bring additional changes to the “keeper of the consumer protection regs.” In mid-October 2022, a three-judge panel of the United States Court of Appeals for the Fifth Circuit ruled on a pending case, Community Financial Services of America vs Consumer Financial Protection Bureau.

In this case, Community Financial sued the Bureau in 2018 on behalf of payday lenders and other small lending businesses. They wanted to set aside the 2017 Payday Lending Rule which affected personal loans with short term or balloon-payment structures, typically including payday, vehicle title loans and many high-cost installment credit products.

Community Financial alleged that the CFPB exceeded its statutory authority, and it further attacked the CFPB claiming that the rulemaking authority violated the Constitution’s separation of powers. Remember, the CFPB is set up to request its funding each year from the Federal Reserve. The amount is determined by the CFPB’s Director, and the Federal Reserve must approve the request so long as it does not exceed 12 percent of the Federal Reserve’s total operating expenses. Unlike other federal government agencies, the CFPB determines its own needs, and it automatically gets that funding from the Federal Reserve – bypassing Congressional appropriation steps. This limits Congressional control and makes the agency’s structure unconstitutional in the Court’s view.

This multi-pronged attack was not new. In Seila Law, LLC v. Consumer Financial Protection Bureau, the Supreme Court ruled that the CFPBs  structure of being a single director agency who was only removable by the President “for cause” violated the separation of powers requirements. The Court found that provision to be severable, and simply invalidated the “for cause” requirement in the Dodd-Frank Act meaning the President could replace the CFPB director at will. The Court did not invalidate actions taken by the CFPB. This new case with Community Financial differs in that the Fifth Circuit leaves the funding mechanism and the CFPBs actions connected.

In this case the Court ruled that the CFPB’s funding structure violates the Constitution’s Appropriations Clause and separation of powers. Because the funding used by the CFPB to create the Payday Lending Rule was drawn through the unconstitutional funding structure, the Court ordered the Rule vacated. In this case the Court stated that the “Bureau’s perpetual insulation from Congress’s appropriations power, including the express exemption from congressional review of its funding, renders the Bureau no longer dependent and, as a result, no longer accountable to Congress and, ultimately, to the people.” The three-judge panel noted that this constitutional problem is even more of a problem given the CFPB’s authority. The panel then quoted the Supreme Court in the Seila Law case as the CFPB “acts as a mini legislature, prosecutor, and court, responsible for creating substantive rules for a wide swath of industries, prosecuting violations, and levying knee-buckling penalties against private citizens.”

The debate goes on as to funding because not all agencies are covered by the Congress’s appropriations power. The FDIC as an example assesses fees to stakeholders in the industry. The CFPB does not. It gets funding as noted, from the Federal Reserve from funds that would normally be remitted to the Treasury Department. Treasury is itself appropriated under federal law. So, in a roundabout way the CFPB’s funding comes at the expense of the Treasury Department and therefore Congress is forced to appropriate more to Treasury than it otherwise would.

The Fifth Circuit panel then connected the dots. The Court explained that the remedy is based on “the distinction between the Bureau’s power to take the challenged action and the funding that would enable the exercise of that power.” Because Congress “plainly (and properly)” authorized the CFPB to promulgate the Payday Lending Rule, it is not per se invalid. Instead, Community Financial has to show that the unconstitutional funding provision of the law “inflicted harm.” The Court said that showing that was easy, because the CFPB used the unconstitutional funding to promulgate the Payday Lending Rule. The Court therefore held the Plaintiffs were entitled to “a rewinding of the [the Bureau’s] action.” The Court rendered judgment for Community Financial, vacating the Payday Lending Rule “as the product of the Bureau’s unconstitutional funding scheme.”

So, what does all this mean? As Yogi Berra said, “it’s never over till it’s over.” The CFPB is expected to request an “en banc” hearing where all the judges of the Fifth Circuit Court of Appeals will hear the case instead of the three-judge panel. If that is not successful, it could then go to the Supreme Court.

In this case the Payday Lending Rule was defeated, but remember the court did not say the law itself was not valid, just the way it got there. Still, that opens the door to other challenges. Community Financial’s case, if it becomes final, would only be binding on federal district courts in in Texas, Louisiana, and Mississippi. But the door is open and less than one week after this ruling by the Fifth Circuit we have seen a challenge on an Illinois case, the CFPB v. TransUnion, in which the CFPB alleges that TransUnion violated a prior consent order with the CFPB entered into in 2017, citing the Community Financial case. There is also now a Utah case, CFPB v. Progrexion Marketing, Inc., in which the CFPB alleges that the methods used by the defendants to market credit repair services violated the Telemarketing Sales Rule and the Consumer Financial Protection Act. Again, attributes of the Community Financial case are being used here. And there is a third case in the Ninth Circuit, the CFPB v Nationwide Biweekly Administration again following a similar argument. In this case a California district court imposed a $7.9 million civil penalty against Nationwide for allegedly misleading marketing practices but did not award the nearly $74 million in restitution sought by the CFPB. The CFPB is still pursuing that remedy in the court system.

As to the pending TransUnion case, the CFPB filed an immediate response saying the Fifth Circuit ruling was “neither controlling nor correct” and “mistaken.” The CFPB maintains the court cited no case law holding that Congress violates the appropriations clause or separation of powers when it authorizes spending by statute, that the funding through the Federal Reserve contains checks and balances via audits, reports and appearances it makes to Congress among other arguments.

There is no projecting how long this Community Financial case or those new cases with similar arguments will take to become final. One ruling may quickly resolve all the satellite cases coming from it and it is doubtful that everything the CFPB has done will be invalidated with one decision, but management does need to be apprised of the case and understand this is not a final word and that business cannot revert to a pre-CFPB era based on the Fifth Circuit ruling.

New “Junk Fees”

By Andy Zavoina

I had a frantic message on Slack the morning of October 26, 2022, from one of my bosses. President Biden was on national television talking about banks charging “junk fees” which is a new and derogatory term in many cases for fees consumers agreed to pay, but which are now, to use a phrase, “politically incorrect” to charge. These are unjust or unearned fees which take advantage of a consumer. It makes me wonder sometimes how many fees are justified and really good to a consumer. If a bank charges a fee for paying someone into an overdraft, rather than charging a fee and returning the check to another entity which might then charge a fee for the returned check, add a late fee and then refuse to accept any personal checks from that person again for the next six months, that first bank fee does not sound too bad. But hey, remove all these “junk fees” and the consumer will be happier and at no cost, right? It is like a toll-free telephone line, “don’t cost nobody nothing.” Well, except the bank paying for the toll-free calls that are not free at all.

I do take offense when it is said that if a bank charges “surprise overdraft fees … they may be breaking the law.” Firstly, what law prohibits the imposition of this agreed upon fee? Is it that subjectively someone decided that fee is “unfair” and hey again, “unfair” is in a law so it must be illegal. The Unfair, Deceptive or Abusive Acts or Practices (UDAAP) law is becoming the catch-all law many were afraid it could be. Classifying a fee as unfair just seems politically correct for a number of reasons – mostly because the majority does not like to pay them.

Here is my analogy. A person with tritanomaly has a hard time telling the difference between blue and green, and between yellow and red. Should yellow and red be deemed junk colors? Should yellow cabs be outlawed because they do not appear yellow to everyone? Should the government revise the colors at traffic lights because they can cause confusion to some color-blind people? Well, no. But if there were more people with this color blindness and they had a hard time with the order of stop lights red, yellow, and green vertically, top to bottom, or horizontally, left to right, banning these colors might be “politically correct” and they would be used less when colors matter. There one could cite the Americans with Disabilities Act more than UDAAP, but it is subjective nonetheless.

It is important that many agencies of the U.S. government are headed up by political appointees who are there to serve the president. That is their job, in addition to serving the people of the United States. In this national broadcast President Biden appeared at the White House with CFPB Director Rohit Chopra, the FTC Director and others proclaiming his administration was taking action to eliminate all “junk fees.” These include fees for deposited checks that are returned unpaid, surprise banking overdraft fees, and other non-bank fees like hidden hotel booking fees and termination charges to stop people from changing cable plans. President Biden said that this was about  making fees for depositing a check that bounces and overdraft fees for transactions that are authorized into a positive balance but later settle into a negative balance “illegal” and he wants to save consumers over $1 billion each year. The CFPB is developing rules and guidance that will reduce credit card late fees that cost credit card holders $24 billon each year. And his administration has “encouraged” banks to reduce the fees they charge consumers across-the-board and that the CFPB is developing rules that will require banks to go further in addressing additional types of junk fees.

The CFPB then provided guidance on two new fees often charged by banks that it classifies as “junk fees,” which is certainly a derogatory sounding fee label regardless of the fact that the fees have been around a very long time, and both disclosed to and accepted by consumers. In fact, the consumer opts in. The guidance document is Circular 2022-06, “Unanticipated overdraft fee assessment practices.” The circular even points this out in the Analysis section subtitled, “Violations of the Consumer Financial Protection Act,” as it states, “consumers generally cannot reasonably be expected to understand and thereby conduct their transactions to account for the delay between authorization and settlement—a delay that is generally not of the consumers’ own making but is the product of payment systems. Nor can consumers control the methods by which the financial institution will settle other transactions—both transactions that precede and that follow the current one—in terms of the balance calculation and ordering processes that the financial institution uses, or the methods by which prior deposits will be taken into account for overdraft fee purposes.” This is augmented by footnote 23, which states, “While financial institutions must obtain a consumer’s ‘opt-in’ before the consumer can be charged overdraft fees on one-time debit card and ATM transactions, 12 CFR 1005.17(b), this does not mean that the consumer intended to make use of those services in these transactions where the consumer believed they had sufficient funds to pay for the transaction without overdrawing their account.”

In a nutshell, the justification says a consumer agreed to it, but that was before they knew they would be responsible for their own actions and have to pay for it. I can understand that consumers have a difficult time with payment priority of items. Bankers do as well. When a check is written it is presented through payment channels and it may have had sufficient funds when it was written, but the cash withdrawal at an ATM reduced the balance and now that check will not pay. Disclosures a bank gives would have a hard time making sense of all the different channels that can add and subtract from a consumer’s balance. But at the end of the day, if I rely not on what the computer says I have available but rather on my account register, if I started with $100 and wrote a check for $80, I know I should not take $60 from the ATM regardless of what the computer says I have available.

The Circular does make it clear that UDAAP is the enforcement action of choice. It asks one question: “Can the assessment of overdraft fees constitute an unfair act or practice under the Consumer Financial Protection Act(CFPA), even if the entity complies with the Truth in Lending Act (TILA) and Regulation Z, and the Electronic Fund Transfer Act (EFTA) and Regulation E?” and answers this with 13 pages of explanation.

The short answer is Yes, and that is because it is a UDAAP violation to charge such fees because “overdraft fees assessed by financial institutions on transactions that a consumer would not reasonably anticipate are likely unfair.” At the risk of sounding redundant, would an account register help the consumer understand they can not spend more than has gone into the account? Is relying on what a computer says the balance is what we used to call “playing the float,” and is not writing a check for funds not on deposit still “theft by check”? In my state it is a Class C or Class B Misdemeanor. But nowadays a consumer has more ways to access funds and it is a UDAAP violation of law by a bank.

One key concern in the circular are accounts that “authorize positive, settle negative” (APSN). That is, an unanticipated overdraft is charged because the consumer would not reasonably anticipate a fee because there were sufficient funds when an authorization was made.

The Circular differentiates between an overdraft which is a negative balance created when the bank pays an item for which there was not enough money to pay the item presented, and non-sufficient funds where the bank incurs no credit risk when it returns a transaction unpaid for insufficient funds. The overdraft is a loan which involves credit risk and banks charge fees for paying these items. The fee is typically a flat amount and is not based on the amount of the overdraft.

Two areas of concern are:

A fee banks have not seen targeted by the CFPB before—one imposed on a depositor when a bank charges back a check that has “bounced” (that is, it was returned unpaid) by the paying bank, and

“Surprise” fees, including overdraft fees charged when a consumer had enough money in their account to cover a debit charge at the time the bank authorized it.

In the first case (addressed in Compliance Bulletin 2022-06, issued the same day as Circular 2022-06), when the consumer deposits a check into their account, they assume these are good funds. We would believe this is less of a problem today as more payments are made electronically through Zelle, Venmo and the like. But while checks have declined in volume, they have not been eliminated. People are not accustomed to the potential bouncing and reversal of a check that they deposited whether a Reg CC hold notice was provided or not. These are not typically bad customers unless they played a role in the deception and no matter how meticulous they are at keeping a check register, they truly could not prevent the reversal and declining balance that would result from a deposited item coming back. The bank, however, dedicated staff time, decisioning, and technical resources to this process, so a fee for compensation is both disclosed and charged. Your bank accepted the deposit and never participated in the decision to pay or return the item. That was the paying bank’s decision.

According to the CFPB, while charging these fees across the board potentially violates existing law – UDAAP, banks may opt to have a targeted fee policy that charges depositor fees only in situations where a depositor could have avoided the fee. One such situations is when that depositor repeatedly accepts checks from the same originator who has paid them with checks which have bounced before. It would appear this process, while deserving of a fee, would be even more cumbersome and labor intensive to research and present to a depositor.

The second area of concern (covered in Circular 2022-06) are the surprise overdraft fees. The CFPB believes that these overdraft fees occur when a bank account balance reflects that a customer has sufficient funds to complete a debit card purchase at the time of the transaction, but the consumer is subsequently charged an overdraft fee because additional payments/withdrawals arrived possibly through a variety of channels which cause the balance to now be insufficient to cover that debit card withdrawal. The CFPB’s discussion here references the practice of using APSN (referenced above) to assess overdraft fees.

The CFPB asserts that a recent consent order entered into by the CFPB related to APSN overdrafts is applicable industrywide. It noted actions and discussions on these types of fees going back to 2010 by the CFPB, the Federal Reserve and the FDIC. It notes the FDIC cautioned banks on this in 2010 when it issued its Final Overdraft Payment Supervisory Guidance. In 2015, and the CFPB issued public guidance explaining how banks acted unfairly and deceptively when they charged certain overdraft fees. And in 2016, the Federal Reserve publicly discussed issues with unfair fees related to transactions that authorize positive and settle negative. They mentioned it again in 2018 in an issue of the Consumer Compliance Supervision Bulletin, describing it in terms of UDAP and Section 5 of the FTC Act. Then, in June 2019, the FDIC issued its Consumer Compliance Supervisory Highlights and raised risks regarding certain use of the available balance method. And finally in September 2022, the CFPB found that a financial institution had engaged in unfair and abusive conduct when it charged APSN fees and that is the case which is applicable to the industry. This was, of course, the Bureau’s action against Regions Bank where the bank was ordered to reimburse $141 million to customers, pay a civil money penalty of $50 million, and forgo charging any Authorized-Positive Overdraft Fees going forward.

The CFPB opined that, under the circumstances described, these “unanticipated” overdraft fees likely violate the Consumer Financial Protection Act(UDAAP) as they “are likely to impose substantial injury on consumers that they cannot reasonably avoid and that is not outweighed by countervailing benefits to consumers or competition.”

This is an area Compliance is involved in but needs to work with Operations and management to determine the extent of the circumstances in your bank described here. How often does it happen? What are the fees imposed and paid and the losses incurred? What are the risks of facing a regulatory enforcement action as a result? From there budget considerations can be made after a plan of action has been determined along with a policy change, if necessary.

October 2022 OBA Legal Briefs

  • Concerns about overdrafts and fees grow (Part 2)
  • 2022 OK legislative changes
  • A Reg O FAQ

Concerns about overdrafts and fees grow — Part 2

By John S. Burnett

In Part 1 of this article, I began a review of the FDIC’s August 18, 2022, “Supervisory Guidance on Multiple Re-Presentment NSF Fees,” issued with FIL-40-2022 ( I ended Part 1 of that review with a comment summarizing what the Guidance had suggested in the section on Consumer Compliance Risk.

Part 2 of this article starts with a restatement of that closing comment, with some added thoughts.

Comment: Thus far, the Guidance has suggested that banks need to ensure that their disclosures reflect what actually happens in the case of multiple re-presentments for a single transaction, and that something may need to be done about better notifying customers when an item is returned and an NSF is assessed and/or banks may want to consider setting some limit on how many times re-presentments of items derived from the same transaction will trigger another NSF fee.

On the first point — agreement between disclosures and practice —that can be approached from different directions. If a bank is charging an NSF fee for multiple presentments derived from the same transaction, the bank can formulate the right words to relate those facts to its consumer customers. On the other hand, if the bank isn’t disclosing that multiple re-presentments will trigger multiple NSF fees, it may determine a way to detect multiple re-presentments and not charge for more than one. Another possible option could be to stop charging NSF fees altogether so as not to mention them at all in disclosures. Could this be what 16 of the 20 banks included in the CFPB’s report on the top 20 banks by overdraft-related income decided to do?

Let’s move on to the next topic in the Guidance.

Third-Party Risk: The FDIC’s Guidance also expresses the agency’s concerns about risks that can be presented by third-party arrangements with core processors and others who may play significant roles in processing payments, identifying and tracking re-presented items, and assessing NSF fees when items are returned for insufficient funds. If not properly managed, such third-party arrangements can present risks for client financial institutions.

The FDIC expects (as all the regulators do) that financial institutions maintain adequate oversight of third-party actions and appropriate quality control over the products and services provided through third-party arrangements. Institutions are responsible for identifying and controlling such risks to the same extent as if the institution itself were handling the activity.

More succinctly, banks are responsible for what the third parties do for (or to) the bank’s customers. In that regard, banks should review and understand the risks presented by their core processing system settings related to multiple NSF fees, as well as the capabilities of such systems, such as identifying and tracking re-presented items and maintaining data on such transactions.

Litigation Risk: Cases involving Bank of America and the Navy Federal Credit Union are evidence there is litigation risk involved in multiple NSF fee practices. Class action lawsuits may allege breach of contract and raise other claims because of a failure to adequately disclose re-presentment NSF fee practices in bank account disclosures. Some cases have already resulted in substantial settlements, including customer restitution and legal fees.

Risk mitigation

The FDIC encourages banks to review their practices and disclosures concerning charging NSF fees for re-presented transactions. The agency shared these risk-mitigation actions banks have taken to reduce the potential risk of consumer harm and avoid potential violations of law:

  • Eliminating NSF fees
  • Charging no more than one NSF fee for a transaction, regardless of whether there are re-presentments
  • Conducting a comprehensive review of policies, practices, and monitoring activities related to re-presentments and making appropriate changes and clarifications, including providing revised disclosures to all existing and new customers
  • Clearly and conspicuously disclosing the amount of NSF fees to customers and when and how such fees will be imposed, including:
    • Information on whether multiple fees may be assessed in connection with a single transaction when a merchant submits the same transaction multiple times for payment
    • The frequency with which such fees can be assessed\o The maximum number of fees that can be assessed in connection with a single transaction
  • Reviewing customer notification or alert practices related to NSF transactions and the timing of fees to ensure customers are provided with an ability to effectively avoid multiple fees for re-presented items, including restoring their account balance to a sufficient amount before subsequent NSF fees are assessed

If your bank finds issues …

If your bank reviews its NSF fee practices surrounding multiple re-presentments and finds issues, what does the FDIC expect the bank to do about it?

Doing nothing and waiting for the FDIC to demand action is not an option. The FDIC expects a bank with issues to self-initiate corrective action, to include restitution to affected consumers consistent with the approach described in the Guidance. Such banks should also:

  • Promptly correct NSF fee disclosures and account agreements for both existing and new customers, including providing revised disclosures and agreements to all customers
  • Consider whether additional risk mitigation practices are needed to reduce potential unfairness risks
  • Monitor ongoing activities and customer feedback to ensure full and lasting corrective action

The FDIC’s Supervisory Approach

The Guidance indicates the FDIC intends to take appropriate action to address consumer harm and violations of law. It will focus on identifying re-presentment-related issues and ensuring correction of deficiencies and remediation to harmed customers. They consider such issues serious.

They will recognize a bank’s proactive efforts to self-identify and correct violations. They generally will not cite UDAP violations that have been self-identified and fully corrected before the start of a consumer compliance exam. The FDIC will also consider a bank’s record keeping practices and any challenges a bank may have with retrieving, reviewing, and analyzing re-presentment data, on a case by case basis when evaluating the lookback time period used for customer remediation. But failing to provide restitution for harmed customers when information on re-presentments is reasonably available will not be considered full corrective action.

If examiners find violations of law that have not been self-identified and fully corrected before an exam, the FDIC will consider appropriate supervisory or enforcement actions, which could include civil money penalties and restitution.

In simpler terms, this is not a concern that FDIC-supervised institutions can ignore and hope it goes away.

Is your bank’s overdraft program ‘dynamic’?

The March 2022 edition of the FDIC’s Consumer Compliance Supervisory Highlights includes compliance exam observations concerning automated overdraft programs that have been converted from static to dynamic overdraft limits.

Static limits are usually set at account opening and seldom change. Institutions use limits ranging from $100 to over $1,000 that may vary by account type. Some banks assign the same limit to all customers. Those limits are usually communicated to customers at account opening, in subsequent disclosures (particularly when participating in an overdraft program is delayed for a period after account opening) or through some other method, such as online or mobile banking channels.

Dynamic limits, on the other hand, vary for each customer and may change periodically (daily, weekly, monthly, for example) as a customer’s usage or bank relationship changes. In some cases, a customer’s assigned overdraft limit might be $1,000 one day and reduced to zero within a few days.

Changes are often controlled by an algorithm (a set of system rules) that attempt to manage risk by weighing variables and customer behaviors. Variables involved often include account age, balance, overdraft history, deposit amounts and frequency and other customer relationships with the bank. Algorithms may be adjusted based on policy changes, competition, customer behavior, etc. And, based on examination observations, banks do not always communicate limit changes to their customers.

Failures to communicate: In 2021, the FDIC identified several banks that converted their programs from a static limit to a dynamic limit. Examiners had concerns with how some of the conversions were implemented and cited violations of section 5 of the Federal Trade Commission Act due for deceptive acts or practices. Those institutions failed to disclose enough information about the change to a dynamic limit. Some institutions did not communicate with their customers about the change at all. In many cases, banks failed to disclose some or all of these key changes:

  • Replacement of the fixed amount with an overdraft limit that may change and could change as frequently as daily
  • Use of a new overdraft limit that may be lower or higher, at times, than the fixed amount to which the customer had become accustomed
  • Suspension of the overdraft limit when it falls to zero and how such a change may result in transactions being returned unpaid to merchants/third parties due to insufficient funds.

Those omissions were considered material by the FDIC. They included necessary information customers needed to make informed decisions about how the new dynamic limit program operated. Customers were not able to understand how to avoid fees associated with an overdraft or fees for transactions declined for payment. The FDIC determined that changes without adequate disclosure resulted in consumer harm.

Mitigating risk: As with its guidance to banks concerning assessing NSF fees for multiple re-presentations derived from the same transaction, the FDIC included in the “observations” article on implementation of overdraft program dynamic limits a list of risk-mitigating activities banks can consider to reduce the risk involved in implementing such limits:

  • Providing clear and conspicuous information to existing customers so they have advance notice of how the change from a fixed overdraft limit to a dynamic limit will affect them. This is especially important when the bank previously disclosed the amount of the fixed overdraft limit to customers.
  • Disclosing changes to overdraft limits in real time to consumers, as these vary, with the opportunity for consumers to adjust their behavior
  • Reviewing and revising account opening disclosures or other communications used to inform new customers about the automated overdraft program to avoid engaging in deceptive practices
  • Explaining that the dynamic limit is established based on algorithms, or a set of rules, that weigh numerous variables and customer behaviors, how the limit may change (including the frequency of change), and how the limit may be suspended or reduced to zero when eligibility criteria are no longer met
  • Training customer service and complaint processing staff to explain the features and terms of the automated overdraft program’s dynamic features. This training should be provided to staff who work with new customers as well as those who work with existing customers.

2022 OK Legislative Changes

By Pauli D. Loeffler

Title 12 O.S. § 1190

Garnishment fee increase

A history of garnishment fees in Oklahoma: Going back as far as 1996, and perhaps even before, a garnishee holding the judgment debtor’s funds was only allowed to deduct a fee in the amount of § 10.00 from funds of the judgment debtor as payment for processing the garnishment. Keep in mind that the Oklahoma statutes require the federally insured depository garnishee to:

  • Maintain a garnishment and note the receipt of the garnishment summons
  • Mail or deliver the garnishment packet to the judgment debtor
  • Segregate funds of the judgment debtor on deposit at the time the garnishment summons is serve
  • Determine whether the judgment debtor leases a safe deposit box, and if so, seal the box from entry for 30 days (Banking Code § 1312)
  • Respond to the garnishment summons by filling out the Garnishee’s Affidavit/Answer and filing it with the court within 10 business days (days the court issuing the garnishment is open, not the days the bank is open for business
  • Provide a copy of the Affidavit/Answer to the creditor’s attorney or the creditor
  • Remit a check to the creditor

If the judgment debtor does not have an account or lease a safe deposit box, the garnishee must still comply with the last three bullets and request the $10.00 fee. Law firms whose practice is representing creditors usually are very good about remitting the fee, but some collection firms, creditor’s representing themselves, and attorneys that rarely did collections would ignore the garnishee’s request. The $10.00 fee is pretty paltry, and if the creditor didn’t send the fee upon request, it isn’t efficient to take action against the creditor.

Handling garnishments became even more time and labor intensive with the U.S. Treasury Fiscal Services Garnishment of Accounts Containing Federal Benefit Payments, 31 C.F.R., Part 212 (“the Federal Benefits Rule”} effective May 1, 2011. In addition to requirements of Oklahoma law, the Federal Benefits Rule came with new and more onerous requirements:

  • The bank had to determine whether it has an account holder as defined in § 212.3: “Account holder means a natural person against whom a garnishment order is issued and whose name appears in a financial institution’s records as the direct or beneficial owner of an account.” Accounts held by corporations, LLCs, partnerships, limited partnerships, etc., even if they, for some reason, were receiving federal benefits by direct deposits, are not subject to the Federal Benefits Rule. On the other hand, revocable trust accounts and sole proprietorship accounts receiving federal benefits ARE subject to the Federal Benefits Rule.
  • The bank had to determine whether a federal benefit payment was paid by direct deposit to an account of an account holder. If so, the bank was required to determine the amount of benefits directly deposited during the lookback period, and
  • Establish the amount of protected funds, and
  • Provide the Notice to account holder under § 212.7. Under the 2013 revision, If ALL funds ae protected, the notice is not required.

Bankers ask whether Oklahoma has a maximum fee amount that can be charged customers for garnishments. Oklahoma has no limit the bank can charge a customer for a garnishment. The low-end fee is generally $25 while some banks charge two or three times that much particularly for garnishments on commercial accounts. If the amount in the judgment debtor’s account exceeds the judgment, the bank can satisfy its fee, but this is rarely the case. The bank can take the account negative to grab the fee if and when the account receives a deposit.

However, for accounts subject to the Federal Benefits Rule, banks were wholly prohibited from collection of their fee other than from unprotected funds. The bank could not collect under the original 2011 § 212.6 (h), which prohibited the bank from charging or collecting a garnishment fee against a protected amount or collecting a garnishment fee after the date of account review. This was modified in 2013 to allow the bank to “charge or collect a garnishment fee up to five business days after the account review if funds other than a benefit payment are deposited to the account within this period, provided that the fee may not exceed the amount of the non-benefit deposited funds.”

Scatter-gun garnishments

In addition to the garnishment fee remaining the same amount for two decades, banks were receiving more and more garnishments where the judgment debtor never was a customer of the bank. I envisioned the creditor took an Oklahoma map and used a compass to draw a circle around the judgment debtor’s home or place of business and sent garnishments to all banks within a 50-mile radius. OBA and several reputable collection attorneys held discussions regarding a proposed amendment to 12 O.S. § 1171 to require the creditor to exhibit good faith with some factual basis to believe the debtor has or previously had a relationship with the garnishee such as an inquiry, loan or account with the bank from a credit report or checks from the judgment debtor drawn on the bank. The collection attorneys had no objection to increasing the fee and mailing a check with the garnishment summons but did not support language that the service without the check allowed the garnishee to delay attachment of the fund. Their concern was due to their practice of providing the court clerk with the affidavit, garnishment summons, etc., together with a stamped and a pre-addressed envelope for mailing to the garnishee after filing done by the court clerk. If the garnishee claimed the check was not provided, there was no way to determine whether the creditor didn’t include it, the court clerk mislaid it, or it was mislaid by the garnishee.

Amendment clarifying bank’s duties if the fee doesn’t accompany the garnishment

One question I could not confidently answer under the 2016 amendment was: “What does the bank do if the check is NOT provided with the garnishment summons? “My belief was that while it was possible that the bank might misplace the check after receiving the garnishment, the person logging the garnishment should note the details of the check in the log. Further, the creditor was responsible for making sure the check was in the envelope with the garnishment summons, and if the court clerk mislaid it, s/he was the agent for the attorney. While I believed that if the check wasn’t provided, the bank wasn’t required to freeze the judgment debtor’s funds, I cautioned our members that a court could construe the provision differently. The statute effective for garnishments issued on and after November 1, 2022, not only increases the fee to $35.00 but also removes the uncertainty:

2. A judgment creditor shall remit a fee of Thirty-five Dollars ($35.00) as reimbursement for costs incurred in answering a garnishment issued pursuant to subparagraph d of paragraph 2 of subsection B of Section 1171 of this title to garnishees which are federally insured depository institutions. Such fee shall be delivered to the garnishee with the garnishment summons, and the garnishee shall not be required to attach funds of the judgment debtor until such fee is received. Any fee paid to a garnishee pursuant to this paragraph shall be taxed and collected as costs.

This language also works well as far as the Garnishment of Federal Benefit Payments is concerned. No funds of an account holder will be frozen until the check is received. The account review, lookback period, and determination of protected amount will be triggered upon receipt of the check. Further, the mailing or delivery of the garnishment package to the judgment debtor can and probably should be delayed until the check is received. Garnishments are public record, so the judgment debtor may learn of the garnishment before the bank receives the check and freezes the account, but I would not advise the bank to notify the customer until the check is received. The time to file the garnishee’s answer, mail the answer to the creditor or creditor’s attorney, and remit the judgment debtor’s funds to the creditor will be determined by the date the check is received.

I have been in contact with the Administrative Office of the Courts (the AOC), which is responsible for promulgating the Official Garnishment Forms. The revised non-continuing Pre- and Post-Judgment Garnishment forms will clearly state below the signature line: (Pursuant to 12 O.S. § 1190 a judgment creditor must remit a Thirty-five Dollar ($35.00) fee for costs to any federally insured depository institution garnishee. Fee must be delivered with the garnishment summons. Garnishee is not required to attach the funds of the judgment debtor until such fee is received.)
The AOC is responsible for drafting legal forms for use under a number of Oklahoma statutes. and the categories of forms is accessible at this link: The Garnishment Forms required to be used under the various statutes are available at and several are available in both Microsoft Word and PDF formats.

The first time I had the pleasure of working with the AOC was in 2011 in making changes to the forms with regard to the Garnishment of Federal Benefit Payments rule. The Federal Benefits Rule flew under the radar of the AOC because it wasn’t a change in state law, but it did require the revision of the garnishment summons and the garnishment Affidavit/Answer. On the other hand, when § 1190 was amended in 2016, the AOC had the revised forms ready to post on the website, removed the old forms on November 1, 2016, the date the amendment became effective, and removed the outdated forms.

Issues to expect

Based on past experience, banks should expect there will be some problems at first with the most recent changes. Banks should not expect garnishment summons issued on and after November 1, 2022, to contain the language on the AOC form. The majority of attorneys keep templates of the forms on their computers. With the 2011 revision to the AOC forms, a fair number of creditors’ attorneys were oblivious to the Federal Benefits Rule and didn’t revise their forms. When § 1190 became effective November 1, 2016, based on emails from OBA members, the OBA Compliance Team learned that some attorneys still hadn’t updated their forms more than five years later. I don’t expect it will be any different this time around. Note that when an outdated garnishment summons is used, the Garnishee’s Affidavit/Answer will likewise be an outdated form. That was an issue with regard to use of the Garnishee’s Affidavit/Answer for garnishments on and after the May 1, 2011, effective date of the Garnishment of Accounts Containing Federal Benefit Payments, so book marking the AOC webpage is a good idea not only for this reason but also when the garnishment packet doesn’t include the Claim for Exemption and Request for Hearing Form.

The majority of garnishments filed by pro se creditors (creditors representing themselves rather than through an attorney) also used the old forms for several months after the AOC issued revised forms in 2011 and again in 2016. Not all court clerks were aware of the changes, and court clerks tend to be a frugal bunch. Most clerks maintain packets of garnishment forms used by pro se creditors. Either to save money, time and labor, or to avoid killing trees, some clerks didn’t print the new forms until they ran out of the old ones. Court clerks are the primary forms source for pro se creditors. There is nothing to prohibit filing an outdated form. Clerks will file it if it is properly captioned, i.e.,  includes the names of the court, the plaintiff, the defendant, the case number, and the filing fee is paid.

Unlike the 2016 amendment to § 1190, the bank doesn’t need to do more than log the garnishment and note that the $35 did not accompany the garnishment Summons. I suggest contacting the creditor’s attorney or creditor and advise of the change to § 1190. If the bank receives the fee, I don’t believe that the creditor/creditor’s attorney needs to file a new or amended affidavit and garnishment summons.

Uniform Consumer Credit Code Amendments Effective November 1, 2022

Title 14A O.S. § 1-106

Effective November 1, 2022, § 1-106 Change in Dollar Amount Used in Certain Sections which includes late fees, $ 3-508A lender’s closing fee, § 3-511, and other sections is amended. The amendment removes § 3-508B loans from subsection (1) of this section. Subsection (2) provides the manner and index for adjustments to amounts under § 3-508B loans. Former Subsection (2) is renumbered as Subsection (3) and covers Sections under Subsection (1). Subsection (3) is renumbered as Subsection (4) and covers Sections under Subsection (2) i.e., § 3-508B. Subsection (4) is renumber Subsection (5), Subsection (5) is renumbered Subsection (6), and Subsection (6) is renumbered Subsection (7).

Title 14A O.S. § 3-508B

Sec. 3-508B provides an alternative method of imposing a finance charge to that provided for Sec. 3-508A loans. Late or deferral fees and convenience fees as well as convenience fees for electronic payments under § 3-508C are permitted, but other fees cannot be imposed. No insurance charges, application fees, documentation fees, processing fees, returned check fees, credit bureau fees, nor any other kind of fee is allowed. No credit insurance, even if it is voluntary, can be sold in connection with in § 3-508B loans. If a lender wants or needs to sell credit insurance or to impose other normal loan charges in connection with a loan, it will have to use § 3-508A instead. Existing loans made under § 3-508B cannot be refinanced as or consolidated with or into § 3-508A loans, nor vice versa. The statute as amended is available on the OBA’s Legal Links web page.

Oklahoma’s Telephone Solicitation Act of 2022 effective November 1, 2022

The June 2022 OBA Legal Briefs has in-depth information on this Act.


By Pauli Loeffler

We often get asked what happens when a borrower becomes an insider or an executive officer of the bank? The Federal Reserve covers this in one of its FAQs:

Q2: When do the requirements of Regulation O apply to extensions of credit to a person that becomes an insider after the member bank made the extension of credit (transition loans)?

A2: Transition loans need not conform to the requirements of Regulation O until such extensions of credit are renewed, revised, or extended, at which time the extensions of credit would be treated as a new extension of credit and therefore subject to all of the requirements of Regulation O. However, transition loans must be counted toward the individual and aggregate lending limits of Regulation O as soon as the borrower becomes an insider.

This same treatment would apply to extensions of credit to a director or principal shareholder that later becomes an executive officer. Such extensions of credit need not conform to the provisions of Regulation O that apply only to executive officers until such extensions of credit are renewed, revised, or extended. However, the amount of any such extensions of credit count toward the quantitative limits for loans to executive officers in section 215.5 of Regulation O as soon as the director or principal shareholder becomes an executive officer.

Many lines of credit by a member bank to an insider must be approved by the bank’s board of directors every 14 months. Each such approval constitutes a new extension of credit. Accordingly, transition loans that are lines of credit generally must conform to the requirements of Regulation O within 14 months of the borrower becoming an insider.

Notwithstanding the general principles noted above, the treatment described here does not apply to extensions of credit made by a member bank in contemplation of the borrower becoming an insider or executive officer. Under such circumstances, the extension of credit should comply with all requirements of Regulation O at the time it is made.

September 2022 OBA Legal Briefs

  • Concerns about overdrafts and fees grow (Part 1)
  • Repossessions and the SCRA

Concerns about overdrafts and fees grow — Part 1

By John S. Burnett

Regulators have run hot and cold on the topics of overdraft programs and associated fees for well over a decade. A few landmark issuances along that rocky road were:

Enter the CFPB

The subjects of overdrafts and associated fees have been studied and written about by the CFPB almost since the Bureau opened its doors in 2011. The Bureau’s first Director, Richard Cordray, was a harsh critic of then-current overdraft programs and fees during his tenure at the Bureau. He advocated for “safer” accounts designed to prevent overdraft fees, and even suggested the use of prepaid cards as an alternative to expensive checking accounts and their fees. In August 2017, in a press call on overdrafts, Cordray spoke of a study that found frequent overdrafters who have opted in to debit card and ATM overdraft service typically pay almost $450 more in overdraft fees per year comparted to frequent overdrafters who had not opted in. The Bureau issued updated model disclosure prototypes to replace the Regulation E Model A-9 disclosure form with that study

In April 2015, the Bureau issued a consent order in an administrative proceeding against Regions Bank for failing to obtain required opt-ins from customers who had linked their savings accounts to checking accounts to cover overdrafts, but charging the customers overdraft fees when the savings account was wiped out by ATM or one-time debit card transactions, but had not obtained an opt-in for overdraft service as required by Reg E. For that violation and others, Regions Bank was fined $7.5 million and refunded over $47 million to customers before the order was issued, and was ordered to identify any other customers who were owed a refund.

In July 2016, the Bureau ordered Santander Bank, N.A., to pay a $10 million fine for illegal overdraft service practices. This case involved a telemarketing vendor that deceptively marketed the service and signed some of the bank’s customers up without their consent.

In January 2017, a federal district court approved a Bureau settlement with TCF National Bank regarding its marketing and sale of overdraft services. The Bureau had alleged that, when attempting to obtain consent for OD service as required by Reg E, TCF obscured the fees it charged and made consenting to fees seem mandatory for new customers. TCF agreed to pay $25 million in restitution and a penalty of $5 million.

In August 2020, the Bureau issued a consent order against TD Bank, N.A. regarding its marketing and sale of its optional overdraft service, Debit Card Advance (DCA). The Bureau found that TD Bank’s overdraft enrollment practices violated the Electronic Fund Transfer Act (EFTA) and Regulation E by charging consumers overdraft fees for ATM and one-time debit card transactions without obtaining their affirmative consent. The Bureau found that TD Bank violated the Consumer Financial Protection Act (CFPA) prohibition against deceptive acts or practices by making misleading representations to consumers regarding DCA while offering that service to consumers in person, over the phone, and through mailed solicitations. The Bureau also found that TD Bank violated the CFPA’s prohibition against abusive acts or practices by materially interfering with consumers’ ability to understand the terms and conditions of DCA. . TD Bank paid a $25 million penalty and was ordered to pay an estimated $07 million in restitution.

Recent CFPB activity

One of the first actions taken by the Bureau’s newest director, Rohit Chopra, has been an ongoing campaign against “junk fees,” with an undisguised disdain for bank overdraft and NSF fees.

In December 2021, the CFPB released research on OD and NSF revenue, which reached an estimated $15.47 billion in 2019. Three banks (JPMorgan Chase, Wells Fargo, and Bank of America) brought in 44 percent of the total OD and NSF income reported in 2019 by banks with assets over $1 billion. The CFPB also said that while small institutions with overdraft programs charged lower fees on average, consumer outcomes were similar to those found at larger banks. The research also notes that, despite a drop in fees collected, many of the fee harvesting practices persisted during the COVID-19 pandemic,

In February 2022, the Bureau posted a blog article comparing overdraft fees and policies across the top 20 banks ranked by 2019 reported overdraft income. The article noted significant changes by several of the banks. In an update of the table provided in that blog. The Bureau now reports that, since the 2021 review, 15 of the banks have eliminated NSF fees (you will see a possible reason for that change later in this article). Fifteen reported no sustained OD fee (up from 12 in 2021). Two banks (up from one), reported they charge no OD fees at all. Four banks (up from three) reported they don’t charge OD fees on debit card purchases, and eight banks don’t charge OD fees on ATM withdrawals (up from four in 2021).

The Bureau is highlighting these changes to demonstrate that some big banks are paying attention to regulatory saber-rattling, or are just plain tired of fighting the battle over what the Bureau has termed “junk fees.”

Multiple NSF fees and the FDIC

There has been growing regulator concern over the practice of charging multiple NSF fees for multiple presentments of items for a single transaction. Briefly, this can happen when a bank charges a first NSF fee for a check drawn on insufficient funds and returns the check, and, when the check is presented a second time against insufficient funds, returns the check again, assessing a second NSF fee. In some cases, checks get presented more than twice, or they are converted to ACH debits (a re-presented check or RCK entry), which can be used once if the check has been returned twice, or twice if the check has only been returned once. Imagine a $50 check  being bounced three times at $35 an event!

Regulators have been voicing their concerns over the practice and point to recent litigation in which banks and a very large federal credit union have been sued for charging multiple NSF fees for a single transaction. A class action suit against Navy FCU was dismissed, but when the lead complainant appealed, the CU agreed to a settlement.

The FDIC issued “Supervisory Guidance on Multiple Re-Presentment NSF Fees” with FIL-40-2022 ( on August 18, 2022, “to address certain consumer compliance risks associated with assessing multiple non-sufficient funds (NSF) fees arising from the re-presentment of the same unpaid transaction.” In the Guidance, the FDIC also shared “its supervisory approach when a violation of law is identified, as well as expectations for full corrective action.”

According to the Guidance, during consumer compliance examinations, the FDIC has “identifies violations of law when financial institutions charged multiple NSF gees for the re-presentment of unpaid transactions.” The FDIC found that “some disclosures provided to customers did not fully or clearly describe e the institution’s re-presentment practice, including not explaining that the same unpaid transaction might result in multiple NSF fees if an item was presented more than once.”

Comment: Some banks might be tempted at this point to pull out Regulation DD’s commentary to section 1030.4(b)(4) – Account disclosures; Content of account disclosures; Fees— and run down the page to comment 4(b)(4)-5, Fees for overdrawing an account, which says, “Under § 1030.4(b)(4) of this part, institutions must disclose the conditions under which a fee may be imposed. In satisfying this requirement institutions must specify the categories of transactions for which an overdraft fee may be imposed. An exhaustive list of transactions is not required. It is sufficient for an institution to state that the fee applies to overdrafts ‘created by check, in-person withdrawal, ATM withdrawal, or other electronic means,’ as applicable. Disclosing a fee ‘for overdraft items’ would not be sufficient.”

The point being made by the FDIC, however, isn’t that the banks that charged multiple fees for re-presentments violated the Truth in Savings Act or Regulation DD; it’s that not disclosing that multiple NSF fees may be charged if multiple items for the same transaction are presented and not explaining how that can occur creates “a heightened risk of violations of Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive acts or practices (UDAP).” The Guidance continues, “While specific facts and circumstances ultimately determine whether a practice violates a law or regulation, the failure to disclose material information to customers about re-presentment and fee practices has the potential to mislead reasonable customers, and there are situations that may also present risk of unfairness if the customer is unable to avoid fees related to re-presented transactions.”

In a footnote, the FDIC suggests that these practices may also violate Section 1036(a)(1)(B) of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (12 U.S.C. § 5536(a)(1)(B)), which prohibits any covered person or service provider from engaging in, among other things, abusive acts or practices in connection with a consumer financial product or service. That portion of the Dodd-Frank Act is also referred to as the Consumer Financial Protection Act.

Deceptive practices: The guidance continues: In a number of consumer compliance examinations, the FDIC determined that if a financial institution assesses multiple NSF fees arising from the same transaction, but disclosures do not adequately advise customers of this practice, the misrepresentation and omission of this information from the institution’s disclosures is material. The FDIC found that if this information is not disclosed clearly and conspicuously to customers, the material omission of this information is considered to be deceptive pursuant to Section 5 of the FTC Act.”

Unfair Practices: On this topic, the Guidance offers, “In certain circumstances, a failure to adequately advise customers of fee practices for re-presentments raises unfairness concerns because the practices may result in substantial injuries to customers; the injury may not be reasonably avoidable; and there may be no countervailing benefits to either customers or competition. In particular, a risk of unfairness may be present if multiple NSF fees are assessed for the same transaction in a short period of time without sufficient notice or opportunity for customers to bring their account to a positive balance in order to avoid the assessment of additional NSF fees. While revising disclosures may address the risk of deception, doing so may not fully address the unfairness risks.

Comment: Thus far, the Guidance has suggested that banks need to ensure that their disclosures reflect what actually happens in the case of multiple re-presentments for a single transaction, and that something may need to be done about better notifying customers when an item is returned and an NSF is assessed and/or banks may want to consider setting some limit on how many times re-presentments of items derived from the same transaction will trigger another NSF fee.

Watch for Part 2:  In Part 2 of this article, we’ll look at third-party risk and what the FDIC expects of a bank that discovers it has problems like those described in the Guidance. We will also look at another relatively new regulatory concern about overdraft programs.

Repossessions and the SCRA

By Andy Zavoina

I want to share a recent issue that a compliance officer consulted me on. This is your opportunity to realize that even when you train and have sound policies and procedures, people can – and will — still make mistakes.

I had a disturbing call recently from a banker who appears to have a good compliance program. I say the program is “good” not because I have audited it, but because she was auditing files from three months prior and she found a questionable repossession. As you will read, she was right to question it, and that is why I say that part of her Compliance Management Program is working. Detecting errors leads to an earlier correction when that may be possible, and to fewer repeat problems because a part of any corrective action typically involves re-training.  Very often an auditor reviews a file, scans it to understand what has happened and explains the actions away as a way of justification.

In this case, the lender had a car loan that was past due and was ready for a repossession order. Having recently had some training on repossession procedures and the Servicemembers Civil Relief Act (SCRA), he checked the DMDC database to verify the borrower was not covered.

In my SCRA training materials I recommend that banks “Design [their] foreclosure procedures to ensure counsel is following all requirements, to include completion of all background research and proper notice as expected by the regulators. This includes repossession of personal property as well. When you check the SCRA database you will enter a date in a field for ‘Active Duty Status Date’ and the response you will receive based on that date, is the status of the individual – whether or not the individual was actively serving, received a notice to serve, or was serving  – for a period of 367 days prior to the given date. So when you check this, you are getting the status for the last year.” The yearlong lookback allows for real property foreclosure protections that last for a year after discharge. That does not apply to vehicle repossessions.

In this case the lender checked, received a negative response and put the car out for repossession by a third-party agent. This is where it gets questionable. I do not know how much time elapsed, but on the day of the repossession itself, the lender checked again. As you can predict, the response was now affirmative. As of that day the borrower was a servicemember and afforded all the protections under section 302 of the SCRA (50 U.S.C. 3952).

“After a servicemember enters military service, a contract by the servicemember for–

(A) the purchase of real or personal property (including a motor vehicle); or

(B) the lease or bailment of such property,

may not be rescinded or terminated for a breach of terms of the contract occurring before or during that person’s military service, nor may the property be repossessed for such breach without a court order.

This section applies only to a contract for which a deposit or installment has been paid by the servicemember before the servicemember enters military service.”

I do not know if the car was repossessed before or after the second verification was done. If it was done before, repo order should have been rescinded. If it was not possible to do immediately it should have been done as soon as possible. Now that the car could not technically be repossessed, those expenses will be paid for by the bank and without the ability to collect them as a collection cost. Add to that the bank may now have to pay to return the car to the servicemember which adds to the cost of the already delinquent loan. The benefit here would be that a recent check did not indicate a protected status but one on the day of the repossession did. The car could be retuned and the bank could claim “no harm, no foul” so long as there is no claim of damage to the car from the repossession. But it did not stop there. That would not be an interesting lesson.

This repo occurred three months before. Regardless of the above recommendation to immediately return the car and undo a bad situation, that advice is too late. The lender, now knowing the borrower was protected, proceeded to sell the car and apply the proceeds against the loan balance. Why?

As an auditor there are now more questions to be asked. This file escalates from a routine audit to damage control.

  • When was the protected status known?
  • Why was the car sold?
  • Was this a commercially reasonable sale, were personal items returned, were notifications of the sale sent and was the borrower provided an ample period to cure the default?
  • When was the lender last trained on the bank’s policy and procedure?
  • Was the training thorough?
  • Was the second DMDC check a standard procedure (I would say it would be a good one) or did the lender suspect the borrower was going to be protected and wanted to “beat the clock” so to speak and get the car before protections were actually in effect?
  • What was the cost of the repo?
  • What was the sale price and was there a deficit?
  • Has the borrower contacted anyone at the bank?

The Compliance Officer also has immediate work to do, and it was needed yesterday.

  • Review training records to verify the lender was appropriately trained. If he was not, why not?
  • Advise all lenders/collectors of the requirements to immediately prevent a repeat violation. It would move to catastrophic to have the same thing happen after the bank is aware of this instance.
  • Was this an anomaly? Realistically all repossessions need to be reviewed for a period of (my recommendation) three years. After the most recent six months is done management needs to be aware of the problem. Since there have been no other alarms, attorney calls, anyone from JAG or the borrower, the issue is thus far contained, but now must be controlled.
  • Discuss the case with management. Advise them of the case and the fact that a review is being conducted and so far, how it looks.
  • The Compliance Officer is not Human Resources, but assuming training was done, and policies and procedures were provided, HR may have to be involved. Disciplinary action may well be called for.

Some readers may be asking why all this work, what’s the big deal if the borrower has not claimed any protections after three months? Here is the deal, and it can be costly. SCRA violations are reviewed by the Department of Justice (DOJ), not your banking regulator, although they will likely be involved if the case is worth pursuing.

There was one very similar case to this. On March 28, 2018, the United States vs California Auto Finance (CAF), Case No. 8:18-cv-00523 was filed. CAF is a large sub-prime lender in Southern California and the Southwest. The suit alleges CAF repossessed a servicemember’s car after being made aware the borrower was in the service.

Andrea Starks purchased a car in Glendale, Arizona, in September 2015. She made her first payment in October 2015 which was pre-service and meets the requirements for SCRA protection. She enlisted in April 2016 and reported for active duty on May 9, 2016, the same day her vehicle was repossessed. Two days after enlisting, she provided CAF with a copy of her orders. She would not have been protected as a reservist being called to active duty based on receipt of her orders, but rather when she met the definition of “military service” which, in this case, would be when she was paid by Uncle Sam.

Had the vehicle been repossessed the day before, Starks would not have been technically protected. In any case, it was taken on the same date as she reported for duty. CAF sold the vehicle on or about May 25, 2016.

This was the single complaint against CAF made by Starks to the DOJ in November 2016. There were no other complaints against CAF mentioned. In describing the violations committed by CAF, the DOJ explains the facts it reviewed in its investigation that began in December 2016.

  1. The Defense Manpower Data Center (DMDC) is a free database allowing lenders to determine if a person is protected under the SCRA. The CAF did not verify her status prior to repossessing the vehicle. (It would be interesting to know if Starks would have been shown as currently serving, it being her first day.) Regardless, CAF had already been given a copy of Starks orders by Starks herself.
  2. This was pre-service debt under the SCRA.
  3. No court order was obtained prior to the act of repossessing the vehicle.
  4. The CAF believed at the time, and still as of this court filing, that only deployment orders would have provided protections to a servicemember. (This is incorrect. It is the act of serving, whether that be in the continental United States or overseas.)
  5. The CAF had and still has no policies or procedures to provide staff with SCRA compliance guidance.
  6. Because of a demonstrated lack of knowledge and guidance (the policy or procedures) the DOJ stated they “may have repossessed motor vehicles without court orders from other servicemembers” and as such viewed this as a pattern or practice of violating the SCRA protections and requirements of the SCRA. This means that Starks and other servicemembers have suffered damages.
  7. The actions of CAF were “intentional, willful, and taken in disregard for the rights of servicemembers.”

The bank has obviously done more than CAF had and is aware of the protections the servicemember had. But it seems the violation was blatant and willful and because the lender represents the bank, the bank is at fault. The bank repossessed the car and knowing the borrower was protected, sold the car anyway.

In the Starks case there was $30,000 paid to Martinez, the only other violation the DOJ found after scrubbing years’ worth of repossession files and a $50,000 penalty. We do not know how much Starks was paid but I would be confident in estimating that in addition to the $80,000, plus the cost of attorneys, motions, court expenses, and employee cost on the CAF side of the file reviews, that CAF spent $125,000 because of that one repossession, which turned into two. Two is not excessive, but it is two too many.

In May 2017 Wells Fargo repossessed the car of Jin Nakamura. He was protected by the SCRA and paying, but the bank repossessed and sold his car. That launched an investigation, and a pattern was found. The bank paid $5,125,000 plus a third of the legal expenses for its violations. Each servicemember was paid $12,300 from the settlement except for Nakamura, who received a greater share as he instigated the case, which was settled in May 2019.

In our recent case the bank should immediately involve counsel who is familiar with the SCRA and enforcement actions. The bank should consider settling with the borrower if possible. That might avoid DOJ involvement. Servicemembers are trained on their benefits when they enlist, but it may have gone in one ear and out the other. But the military periodically retrains them, and the matter will likely come up again. Any amount of research and the borrower could decide that car was special and worth far more than the bank sold it for. The bank needs to consider zeroing the loan balance, removing the credit rating in total or certainly the repossession, and reimbursing the agreed value of the car to the servicemember. These costs combined would be far less than a DOJ investigation and the reputational risk the bank would suffer.

Here is an example/article from “Housing Wire” of a foreclosure that happened in 2010, but the complaint was not made for six years. The DOJ was heavily involved, and the complaint was years after the foreclosure.

In late 2017, Northwest Trustee Services, the “largest foreclosure trustee in the Pacific Northwest,” illegally foreclosed on dozens of military veterans and servicemembers over the last few years, the DOJ claimed in its lawsuit. According to the DOJ, in the prior six years, Northwest had foreclosed on at least 28 homes owned by servicemembers without the necessary court orders.

The lawsuit came after the DOJ launched an investigation into Northwest’s foreclosure practices at the urging of Marine veteran Jacob McGreevey of Vancouver, Washington, who submitted a complaint to the DOJ’s Servicemembers and Veterans Initiative in May 2016.

Portland’s The Oregonian has been all over McGreevy’s story, previously chronicling his fight against Northwest and PHH Mortgage, his mortgage servicer, for foreclosing on his home shortly after he returned from active duty.

According to the DOJ, Northwest foreclosed on McGreevey’s home in August 2010, less than two months after he was released from active duty in Operation Iraqi Freedom.

In 2016, McGreevey sued both PHH and Northwest, but a U.S. District Court Judge accepted PHH and Northwest’s argument that McGreevy had waited too long to file his case and dismissed the case on that basis.

Here’s how the Oregonian described that process in one of its reports:

Altogether, he served four tours in either Iraq or Afghanistan. In between deployments, McGreevey would return to Vancouver, where he bought a house on Northeast 24th Court. But he fell behind on payments.

PHH Mortgage repossessed his house in June 2010. Knowing next to nothing about the consumer protections afforded him as a member of the military, McGreevey didn’t contest it. The foreclosure became final the following September.

McGreevey had advanced from private to staff sergeant by the time his final deployment ended in 2012. Though diagnosed 80% disabled with post-traumatic stress syndrome, hearing loss and a back injury, he set about reinventing himself for civilian life. He earned a business degree from Portland State University and got a job at a bank.

That’s when he learned about consumer protection laws, including the Servicemembers Civil Relief Act.

From there, McGreevy sued Northwest and PHH. But McGreevy’s case was dealt a blow earlier that year, when the DOJ sided with Northwest and PHH in McGreevy’s lawsuit.

But later, the DOJ reversed its position and cites McGreevy’s case as the impetus for its lawsuit against Northwest. It should be noted that the DOJ had taken no action against PHH in this case, to this point.

According to the DOJ, its investigation revealed that, beyond McGreevey, Northwest foreclosed on other homes of SCRA-protected servicemembers in violation of the SCRA since 2010.

“The loss of a home is a devastating blow for anyone – but far worse for active duty service members often called to war zones far from Western Washington,” said U.S. Attorney Annette Hayes.

Our investigation revealed that Northwest Trustee Services repeatedly failed to comply with laws that are meant to ensure our service members do not have to fight a two-front war – one on behalf of all of us, and the other against illegal foreclosures,” Hayes continued. “My office will continue to work closely with our colleagues in the Civil Rights Division in Washington, D.C. to protect Western Washington service members from this kind of misconduct.”

According to the DOJ, it is seeking monetary damages for affected servicemembers, as the SCRA provides for civil monetary penalties of up to $60,788 for the first offense and $121,577 for each subsequent offense.

But Sean Ridell, who served in the Marines and is McGreevy’s lawyer, told the Oregonian that he wants much more than just money.

“I want Northwest Trustee and PHH put out of business, their buildings burned down, and the ground salted so that nothing ever grows for what they did to veterans,’ Ridell said.

As you can see, historically these violations do not end well for the bank whether it is a home foreclosure or auto repossession and there can be years between the violation and the final reckoning. During that time there are expenses and distractions, none of which are good for the bank. The actions of the lender may have cost the bank six figures. If it acts proactively, it will emerge smarter and only at a five-figure expense. This is a real case, and all bankers should assess their own situation and ask, “Could this have happened here?”

August 2022 OBA Legal Briefs

  • COVID coughs up and update
  • FCRA is on the front burner

COVID coughs up an update

by Andy Zavoina

Perhaps your staff is all back in the bank, some are travelling for summer vacation, masks are seen sparsely, and COVID-19 seems to be something viewed only in the rearview mirror. But that does not mean the pandemic is over, or that your pandemic procedures can be put back on the shelf as life moves forward once again. In addition to yet another variant, some things “pandemic” are still in motion and your bank needs to be aware. Your Human Resources department may need a copy of this update if they haven’t seen the information already. You may recall our covering the U.S. Equal Employment Opportunity Commission (EEOC) rules addressing pandemic procedures in the May 2021 Legal Briefs. This is an update to that article.

On July 12, 2022, the EEOC revised the informal guidance ( The EEOC has updated employee testing protocols and any mandates imposed for vaccine requirements as well as a few other related issues. Depending on what your bank was doing, there may be less justification for it today.

The EEOC revised its position on COVID-19 screening of employees. Screening or testing is no longer considered automatically a “business necessity” in order to operate day-to-day as it was at the beginning of the pandemic. Instead, your bank should evaluate your local conditions and individual circumstances to determine if continued screening or testing is justified as a business necessity, or if it is doing so today based on a potentially outdated policy or procedure.

The EEOC guidance provides eight factors to consider in determining whether circumstances indicate continued screening or testing would be considered a business necessity in your bank and branches:

1. The level of community transmission
2. The vaccination status of employees
3. The accuracy and speed of processing for different types of COVID-19 tests deemed acceptable
4. The degree to which breakthrough infections are possible for employees who are “up to date” on vaccinations
5. The ease of transmissibility of the current variants
6. The possible severity of illness from the current variants
7. What types of contacts employees may have with others in the workplace or elsewhere that they are required to work (e.g., working with medically vulnerable individuals)
8. The potential impact on operations if an employee enters the workplace with COVID-19.

Note: many of the terms used above are explained in greater detail with links on the EEOC site linked in this article. In making these assessments, the bank should check the latest CDC guidance as well as other relevant sources and determine whether screening or testing is appropriate for these employees.

If your branches are all in one area, it may be easy to handle them all the same. If, however, they are spread across many miles, it may be appropriate to tailor procedures to the outlying branches separately, based on the local conditions of each branch. In any case it is time to review the policy and procedures followed for the extreme circumstances a pandemic requires and ensure there is flexibility in screening and testing requirements as the threat level has been lowered and there are fewer protections from violations of the Americans with Disabilities Act.

FCRA is on the front burner

by Andy Zavoina

The Fair Credit Reporting Act (FCRA) is shifting to your front burner, at least until you complete a review and ensure your bank is completely compliant. Rarely is a compliance process one that you can “set and forget.” Procedures need controls that provide checks and balances and on occasion we get little reminders that at least some in our industry were slacking, or just plain doing it wrong.

The Consumer Financial Protection Bureau (CFPB) released an Advisory Opinion on July 7, 2022, on the FDCRA and Regulation V. The reality is that the CFPB is extending its authority in this case to emphasize data protection requirements and privacy. On July 26, 2022, we read an enforcement action from the CFPB against Hyundai for – yes – FCRA violations. The enforcement action included some language that alleged Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) in addition to the FCRA and Reg V violations. “Piling on” is seen more often in these enforcement actions and this one cost Hyundai over $19 million.

So, let’s discuss some of the FCRA reminders from the Advisory Opinion and the lessons learned from the enforcement action, so you can review your FCRA practices and ensure compliance is in order.

In fact, the enforcement action carries lessons far beyond the FCRA, as it says a lot about compliance management. In this case, deficiencies were found. But it took years for the fixes to be put in place and therein lies part of problem leading to the penalty. Problems were found, plans were made to address the issues, but it never really got done. “Follow through” is an important part of the compliance management and audit process and it did not work here.

This Advisory Opinion, “Fair Credit Reporting; Permissible Purposes for Furnishing, Using, and Obtaining Consumer Reports,” is an interpretation of the existing rules and is not intended to change the law or Reg V, but rather to provide guidance in your efforts to comply with the existing rules. This information should be preserved with your regulatory materials as a future reference for use in audits, training, and development of policies and procedures.

This Advisory Opinion applies to Credit Reporting Agencies (CRA) as providers of credit reports as well as users of those reports. Our emphasis here is on the latter but we must also appreciate the former and be aware that changes could result from this. As it relates to the Advisory Opinion, 604(a)(3) of the FCRA is consumer-specific and requires a CRA to ensure that only a specific consumer’s data is released when a credit report is requested. This data protection rule provides that John A Smith’s credit information should not be released when John A Smith Jr.’s file is accessed. It seems some CRAs have been lax in matching up just a name instead of several data points such as a Social Security number, date of birth or addresses to better narrow down the file actually requested.

As to name only matching, one CRA stated when providing a consumer report: “This record is matched by First Name, Last Name ONLY and may not belong to your subject. Your further review of the State Sex Offender Registry is required in order to determine if this is your subject.” That disclaimer sends up several red flags. This is a problem for the CRA as the provider of the report and for the bank as a user of the report. The Advisory Opinion makes it clear that any disclaimer from the CRA that the file “could” have someone else’s information is not sufficient to protect them from penalties resulting from the release of this information. It also does the bank no good to have information on John A Smith when it is Junior who is applying for a loan. Similarly, if the bank requested the file on John A Smith instead of Junior, it would have violated the FCRA because it had no permissible purpose to request that file. And because the bank’s contract with the CRA will require it only requests files when it has a permissible purpose, that contract would be violated.

Congress enacted the FCRA with particular goals, including, “to ensure f air and accurate credit reporting, promote efficiency in the banking system, and protect consumer privacy.” There were concerns that the contents of a credit file were not kept confidential. The FCRA is intended to protect the individual’s privacy by controlling both the collection and dissemination of credit information. The CFPB is respecting the privacy goals of the FCRA with its Advisory Opinion.

Section 604 of the FCRA is, “Permissible purposes of consumer reports,” and it identifies an exclusive list of “permissible purposes” under which a CRA can release the credit report including in accordance with the written instructions from the consumer to whom the report relates and for purposes relating to credit, employment, and insurance. Let’s place emphasis here on the fact that the consumer has to authorize the bank to request this report from the CRA and the fact that this is an exclusive list, meaning these are the only reasons allowed. Obviously if there is another person’s information in the file, which contributes to a violation. Among the key reasons a bank would access this includes, 604(a)(3)(A),” in connection with a credit transaction involving the consumer on whom the information is to be furnished and involving the extension of credit to, or review or collection of an account of, the consumer,” and, “(F) otherwise has a legitimate business need for the information (i) in connection with a business transaction that is initiated by the consumer; or (ii) to review an account to determine whether the consumer continues to meet the terms of the account.” These are the direct banking issues. This section includes other reasons such as employment and insurance as well. Paragraph (F) seems broad with its use of having a legitimate business need and to review an account. In fact, these are not as broad as some lenders or collectors may think as the purposes can be narrow.

There is A LOT of content in the FCRA that cannot be covered here today. Suffice it to say that when the CFPB took the FCRA regulation from the Federal Reserve it inherited the consumer protection provisions. When you research the FCRA, be sure to look at what the FRB retained as well as what the CFPB has ownership of (, and the FCRA itself ( The last link includes a link to a document, “FTC Staff Report – July 2011”. The FCRA and Reg V do not have an Official Staff Commentary with explanations and interpretations. But there were guidance opinions issued by the Federal Trade Commission (FTC) as it had a key role in FCRA oversight and enforcement.

One of the major changes to the FCRA was the FACT Act which provided the FTC with specific rulemaking authority. The FTC issued more than 430 opinion letters to act as compliance guidance. This 117-page document assembles many of these opinions to act as a proxy for a Commentary. This is a must read for FCRA compliance as it defines the difference between using a credit report for a loan request, and then also using it to prequalify the consumer for another loan product. Such a use violates the permissible use requirements as access was not granted for that cross-sale. These are the nuggets you will find in this booklet. It may be 11 years old as of this writing, but the information there is still pertinent.

Back to the Advisory Opinion itself. The CFPB places emphasis on the use of consumer reports and the circumstances under which they may be accessed – “and no other.” It drives this home by reminding the reader that Section 620 carries with criminal liability for any employee or officer of a CRA who knowingly and willfully provides an unauthorized report. This triggers two points which need to be mentioned. First, this could cause some CRAs to tighten up controls and requirements that users must follow so that the CRA can comply. Second, if the bank were to release this information to another party, it could be deemed to be acting as a CRA and now it would be subject to these penalties as well. That is why the bank must ensure staff be aware of when credit reports may be accessed and for what purposes.

FCRA section 604(f) provides that “a person shall not use or obtain a consumer report for any purpose unless” the consumer report “is obtained for a purpose for which the consumer report is authorized to be furnished under [FCRA section 604]” and “the purpose is certified in accordance with FCRA section 607 by a prospective user of the report through a general or specific certification.” FCRA section 619 imposes criminal liability on any person who knowingly and willfully obtains information on a consumer from a consumer reporting agency under false pretenses. I remember early in my banking days when there was an incident of single person in the loan area looking at credit reports of customers who had asked her out. Certainly, that would not be an authorized use and if the credit report was pulled for that purpose, well in today’s FCRA environment that would have to be a terminable offense.

Having a permissible purpose is at the core of the FCRA’s protections. When a credit report is provided to unauthorized persons and for unauthorized purposes the consumer can suffer harm in a number of ways. It is an invasion of one’s financial privacy and as the Advisory Opinion puts it, this is a “reputational, emotional, physical and economic harm.” That’s from the CFPB, I will not try to interpret each. Suffice it to say, these harms are on the record and violations may include these points in the justification of a penalty. Take each seriously. There are some examples cited which explains some of the reasoning. “For example, in a case that resulted in a 2006 settlement with a consumer reporting agency, the FTC alleged that the agency violated the FCRA’s permissible purpose provisions by providing consumer reports to persons without a permissible purpose, resulting in at least 800 cases of identity theft. More recently, in 2020, a group of companies and individuals settled Bureau allegations that they obtained consumer reports without a permissible purpose when they obtained consumer reports for use in marketing debt relief services. Also in 2020, a mortgage broker settled FTC allegations that it used consumer reports for other than a permissible purpose when, in response to negative reviews on a website, it publicly posted information it had obtained from a consumer report about the reviewer.”

Recognizing the importance of permissible purposes, when was the last time staff with access to credit reports, being accessed or in credit files, were reminded of the requirements and the potential penalties for unauthorized access? A resource for teaching includes a booklet published by the CFPB in 2020, “List of Consumer Reporting Companies “ as it includes not just who is considered a CRA and therefore a major part of this topics discussion, but information for a consumer on who can see their credit reports, how to review them for free, how to dispute information and more on uses such as for credit, employment, check screening and more. ( This is good information for staff to be aware of as a banker and a consumer. Staff should be trained on this topic before they are granted access to credit reports just as tellers get Bank Secrecy Act training before operating a teller drawer on their own. It could be a requirement in the vendor contract with your CRAs and based on the Advisory Opinion, it may be something these vendors emphasize in the future as well.

Under 604(a)(3)(A) of the FCRA, a CRA may provide a consumer report “to a person which it has reason to believe . . .  intends to use the information in connection with a credit transaction involving the consumer on whom the information is to be furnished and involving the extension of credit to, or 18 15 U.S.C. 1681b(a).review or collection of an account of, the consumer.” Similarly, FCRA section 604(a)(3)(F) permits a CRA to provide a consumer report “to a person which it has reason to believe . . . has a legitimate business need for the information . . . in connection with a business transaction that is initiated by the consumer or to review an account to determine whether the consumer continues to meet the terms of the account.” These are a few of the teachable points which deserve emphasis.

Note one particular phrase, “reason to believe.” The CFPB is directing this to users of consumer reports who lack a permissible purpose and want to rely on this as justification. The Advisory Opinion specifically rejects some judicial decisions that have applied a “reason to believe” standard to FCRA Section 604(f)’s permissible purpose requirement for users. Instead, the CFPB used a plain language approach to impose a prohibition on using a consumer report without a justifiable permissible purpose. The “reason to believe” standard will not provide an excuse for innocent mistakes. The CFPB appears to be taking a strict liability approach to permissible purpose requirements. With a high risk of enforcement by all federal agencies and state attorneys’ general who have been reminded, and almost invited by the CFPB to join in enforcement actions, plus the ability for private plaintiffs to obtain significant monetary relief, banks are advised to practice risk management and mitigate this with training.

The bank is a user of consumer reports and must ensure that it does not violate consumer privacy by obtaining consumer reports when it lacks a permissible purpose. From the CFPB, “For example, in 2018 a company settled Bureau allegations that it violated FCRA section 604(f) when its agents obtained consumer reports for consumers who were not seeking an extension of credit from the company and the company had no other permissible purpose for the consumer reports it obtained. In some instances, for example, the company’s agents initiated credit applications for the wrong consumer by incorrectly inputting consumer information into the company’s application system or by selecting the wrong consumer from a list of possible consumers identified in the system. When these applications were initiated in error, the company obtained a consumer report for a consumer with respect to which it had no permissible purpose, violating the FCRA’s permissible purpose provisions and the privacy of the consumers that were the subject of those reports, and also generating an inquiry on the consumers’ credit reports.” Making a choice from a list of possible customers and ensuring that the correct identifying information is input will help prevent violations and inadequate controls.

Hyundai Capital America

What are the ramifications of non-compliance? Let’s look at a Consent Order between Hyundai Capital America and the CFPB. This may seem like an extreme case, but there are lessons here that extend beyond the FCRA, and this is a good case to discuss with management and potentially your board.

On July 27, 2022, prompted initially by numerous consumer complaints over credit reporting problems, the CFPB investigated Hyundai for FCRA and Reg V. It expanded into UDAAP as well.

Violations cited indicated Hyundai:

1. Failed to promptly update and correct information it furnished to CRAs that it determined was not complete or accurate, and continued to furnish this inaccurate and incomplete information, in violation of the FCRA, 623(a)(2).
2. Furnished information about severely delinquent and charged-off accounts but failed to provide the “date of first delinquency” (623(a)(5)) which is a key date because it triggers several FCRA requirements.
3. After determining its reporting was inaccurate as to consumer accounts, failed to correct or delete it.
4. Lacked reasonable procedures to respond to notifications from CRAs indicating information Hyundai provided was the result of identity theft and therefore must be blocked from a victim’s credit report. It violated 623(a)(6) by reporting this information after notices from consumers without any validation process.
5. Failed to establish and implement reasonable written policies and procedures regarding the accuracy and integrity of information provided to CRAs, or to consider and incorporate the guidelines in Appendix E (in the CFPB’s Reg V link, App. E is “Interagency Guidelines Concerning the Accuracy and Integrity of Information Furnished to Consumer Reporting Agencies”)

Note, while cited as a violation, the FCRA and Reg V do not explicitly require a policy and procedure for the FCRA. It could be argued however, that there was a genuine need by Hyundai based on the array of violations and lack of direction provided by management and the board.

Some of the above were cited a second time as violations of the Consumer Financial Protection Act (CFPA) which incorporates UDAAP. It was noted Hyundai used ineffective manual processes and systems containing known logic errors to furnish information to CRAs and therefore willfully violated the FCRA.

The “relevant period” for this action is cited as January 2016 through March 2, 2020. That’s going back nearly 7 years ago, however, evidence of problems as you will read date back to 2013. The “affected consumers” refers to those with inaccurate information that they were 30 or more days past due.

To establish a foundation here are some figures used in the consent order.

• Hyundai services approximately 2 million customers and has assets in excess of $45 billion as of 2021.

• The credit reporting format was Metro 2, which is very common in the finance industry.

• Inaccurate payment histories were reported 8.7 million times across 2.2 million accounts.

• In approximately 570,000 instances, Hyundai inaccurately inserted codes showing delinquent or no payments in the payment history.

• Due to coding errors related to lease accounts, in 1.4 million instances, payment history codes indicating that the consumer’s payment history was disputed by the consumer or that no data were available when neither of these things was true. This error affected the entire lease portfolio.

• When credit reporting disputes were made, a manual tradeline correction could be made, but then the auto-reporting systems overrode the corrections and reinserted the errors.

• In over 537,000 instances across more than 168,000 accounts, Hyundai furnished date of first delinquency (DOFD) information regarding consumer accounts that Hyundai itself had determined was inaccurate.

• Compounding the problem, Hyundai delayed fixes for errors affecting the DOFD reporting for nearly a year due to prioritization of allotted resources for the new credit furnishing system planned for release over the then-existing systems that were being replaced.

• An inaccurate DOFD may be particularly problematic for consumers because use of the DOFD field in the Metro 2 format reflects the existence of an ongoing delinquency and the date itself shows how recently the delinquency occurred, both of which could negatively affect a consumer’s credit profile if the DOFD field is inaccurate.

• In tens of thousands of instances, Hyundai reported an inaccurate DOFD, which changed from month to month due to system issues, making some delinquencies appear more recent than was accurate.

• For thousands of delinquent accounts, they failed to furnish any DOFD at all.

• In over 2.2 million instances for over 1.2 million accounts, they furnished inaccurate amounts as to the highest credit or original loan amount.

• After furnishing the correct original loan amount (a field that should not change), they furnished increased amounts for the “original loan amount,” making it appear that a consumer had taken out a larger loan than they had actually taken out.

• In over 2.9 million instances on more than 189,000 accounts, they reported consumers’ accounts as delinquent, but also reported there was no amount past due

• For paid accounts, more than 17,000 reported a negative payment rating that was inaccurate.

• In at least 29,000 instances for approximately 3,900 accounts, they failed to report a DOFD where it reported other information instead, such as the accounts were placed for collection, charged-off, or at least 120 days delinquent.

The issue in this case is that Hyundai repeatedly furnished information to CRAs knowing it to be inaccurate. The company was making little attempt to correct the errors. A basic tenant of the FCRA is that a creditor is not required to report accounts but must report accurately when they do. In an audit report in March 2013, it was determined that required data in the Metro 2 fields was not always fully complete, accurate, or consistently reported. These appeared to be systemic logic issues and Hyundai lacked subject matter experts or a process to ensure accuracy and integrity of data reported. The audit also identified issues relating to the processing, monitoring, and tracking of direct disputes between processing units, and those policies and procedures reviewed as current did not accurately reflect actual practices.

When deficiencies are found compliance management systems call for a response that should be agreed upon as suitable, and a timeline under which corrective actions should occur. This is how repeat violations are avoided. In this case the corrective actions were going to be coordinated with an outside consulting firm. Hyundai initiated a “Credit Bureau Project” in July 2015, more than two years after the audit noted problems.
Completion of the Credit Bureau Project occurred in June 2016 for its vehicle retail installment portfolio and in February 2017 for its vehicle lease portfolio. However, the logic changes failed to address or resolve some of the issues identified in the 2013 audit, and created new, additional problems for both portfolios.

In October 2017, Hyundai began working on a different project to address credit report furnishing logic issues. It started work on a “next generation system” to support credit report furnishing across both lease and retail portfolios as one system. The rollout for this new system was not planned to occur until 2020.

In January 2018, the internal audit team concluded that its furnishing and dispute management controls remained unsatisfactory. It cited the same 2013 errors that remained unresolved. Additionally, there were other issues across its legacy credit report furnishing systems.

The 2018 audit also found that one upgrade to the company’s furnishing systems caused almost 18,000 consumers who were paid-in-full on their retail installment contracts to be erroneously reported as delinquent because Hyundai still lacked an adequate test environment for accuracy and logical consistency before the data was released to CRAs. In internal emails they acknowledged that this error may have caused significant drops in consumers’ credit scores.

As work continued on the “next generation system,” from 2017 until its rollout in March 2020, upgrades to the legacy credit report furnishing systems were deprioritized, and, as a result, many issues identified in the 2013 and 2018 audits, were not resolved until 2020.

So, for a period of years inaccurate information was reported and consumers were harmed as a result. Lower credit scores may have prevented a consumer from borrowing, borrowing at a preferred rate, obtaining a home loan or receiving promotional offers for which they may have qualified. Hyundai lacked policies and procedures that would have provided much needed guidance. Correcting errors and reducing harm to consumers was moved to a lower priority and the problems only grew.

In addition to many added compliance and reporting requirements, Hyundai was ordered to pay a $6 million civil penalty and at least $13.2 million in restitution to current and former customers as well as to take steps to correct all inaccurate account information.

July 2022 OBA Legal Briefs

  • What’s new with Reg B? – A Lot!
  • Electronic liens

What’s new with Reg B? – A lot!

by Andy Zavoina

In a world where Reg B has essentially been around since 1974 when Congress passed the Equal Credit Opportunity, after all these years there can’t be much new to it – right? WRONG! While it has not changed recently, Reg B has been in the news – a lot!

In this issue we will examine an advisory opinion from the CFPB on Reg B which describes some protections that apparently some creditors, “just don’t get” as to who is protected by Reg B and ECOA and deserving of required notices when adverse action is taken. Then we will look at another gray area involving adverse action notices and what information is not just a good idea to provide, but your legal requirement.

First, you may be asking if there is nothing new, why is Reg B worthy of this space and more importantly, your time? We need to start with a court case, Fralish v Bank of America. I will recap that case in a moment because it is what lead to a 16-page Advisory Opinion from the Consumer Financial Protection Bureau (CFPB). Understanding this requires some background on Reg B and this was described in detail in the Advisory Opinion. This background will also help you understand a second topic which pertains to a discussion clarifying why adverse action notices are given. Understanding their purpose helps us understand why there are content requirements for these disclosures. And last, we will do a little analysis on adverse action notices and what should be there, perhaps in moderation but in a misunderstood way, not necessarily.

Define Applicant

Fralish v. Bank of America (3:20-CV-418 RLM-MGG, United States District Court, Northern District of Indiana) is a suit brought by John Fralish in which he alleged Bank of America violated his rights under the Equal Credit Opportunity Act, which is implemented by Reg B. The suit actually cites the law at 15 USC § 1691(d) which addresses adverse action and notice requirements. Fralish had an existing loan account with Bank of America. That credit line was terminated. Fralish was not informed of the reasons for the adverse action and initiated a lawsuit for violations of the ECOA and Reg B.

In the U.S District Court, Bank of America moved for a judgment based on the pleadings as it contended that Fralish had no standing to sue under ECOA because he was not an “applicant” as defined in the law. Under ECOA, 15 USC 1691a(b), an applicant is defined as “any person who applies to a creditor directly for an extension, renewal, or continuation of credit, or applies to a creditor indirectly by use of an existing credit plan for an amount exceeding a previously established credit limit.” Bank of America was defending itself based on this definition maintaining that Fralish had not applied for any credit.

Reg B at § 1002.2(e) defines an applicant as, “any person who requests or who has received an extension of credit from a creditor, and includes any person who is or may become contractually liable regarding an extension of credit.”

The court also reviewed “adverse action.” as Fralish maintains he received no notification as to Bank of America’s reasoning for its action. “For purposes of this subsection, the term ‘adverse action’ means a denial or revocation of credit, a change in the terms of an existing credit arrangement, or a refusal to grant credit in substantially the amount or on substantially the terms requested. Such term does not include a refusal to extend additional credit under an existing credit arrangement where the applicant is delinquent or otherwise in default, or where such additional credit would exceed a previously established credit limit.” Key terms here are “revocation of credit, a change in the terms of an existing credit arrangement.” Must there be an application pending for a revocation of credit to be adverse action deserving a formal notice? That was one of the legal questions requiring an answer.

Bank of America maintained Fralish needed to show four points to continue his suit. That:

(1) Bank of America is a “creditor”;
(2) Mr. Fralish is an “applicant”;
(3) The Bank took adverse action with respect to his application for credit; and
(4) The Bank failed to provide Mr. Fralish with a notification that complied with the ECOA.

While Bank of America believes that to be an applicant as the term is defined, there must be a request for credit pending. The September 29, 2021, final decision from the court notes, “The vast majority of courts that have addressed the issue have found that the statutory definition of “applicant” is not ambiguous, and that existing account holders, like Mr. Fralish, aren’t “applicants” within the plain meaning of the ECOA because they weren’t applying for an extension, renewal, or continuation of his existing credit when the alleged violation (in this case the alleged failure to provide the notice of adverse action required under the statute) occurred, and don’t have standing to bring a claim under the ECOA’s notice provisions. The court finds the reasoning of those cases persuasive.”

This seemed to set of a bit of a compliance firestorm. By December the CFPB, the Federal Trade Commission, the U.S. Department of Justice and the Board of the Federal Reserve filed friend of the court (amicus) briefs with the United States Court of appeals for the Seventh Circuit. The CFPB said it was standing up for civil rights protections.

The CFPB’s premise is that if Bank of America argues, and a court agrees that the creditor can disregard ECOA provided rights for existing customers, it undermines the intended antidiscrimination protections. Acceptance of this could mean that a bank could offer a credit card, as an example, to a protected class and the law is complied with. It could then revoke that credit line because of the applicant’s demographics and because the consumer was not an applicant, it would still be compliant with the law.

Now fast forward to May 18, 2022, when the CFPB issued an Advisory Opinion on this topic. For the management version, succinctly it says that to comply with the spirit and intent as well as the commonly accepted definitions, a bank must provide ECOA and Reg B protections to the applicant throughout the life of the loan. An applicant’s rights do not end upon approval of a credit request.

Now the longer explanation adapted from the Advisory Opinion because these details must be understood by those who manage compliance in your bank.
To begin with, the Advisory Opinion applies to all “creditors” as this is a defined term under section 15 USC 1691a(e). It includes, “any person who regularly extends, renews, or continues credit; any person who regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew, or continue credit.” Yes, your bank is definitely a creditor.

And now let’s look at what an Advisory Opinion actually is. The CFPB is the agency empowered to interpret Reg B and, in this case, the Advisory Opinion is an interpretive rule under the Administrative Procedure Act (APA) that responds to a specific need for clarity on a statutory or regulatory interpretive question. It is not a change in a law or regulation and therefore requires no advance notice or comment period. It is the official interpretation. Period. As you will read the CFPB is providing the interpretation as an instructive document for banks, but it also seems to be directed to at least some courts. I recall a bit of a quip from a TV judge who said, “he wasn’t last because he was right, he was right because he was last.” The CFPB believes this is the last word.

The summary of the Advisory Opinion affirms Reg B protects those actively seeking credit as well as those who sought and received credit. To support this position the document states ECOA made it unlawful for “any creditor to discriminate against any applicant on the basis of sex or marital status with respect to any aspect of a credit transaction.” From the beginning, this prohibition has protected both those actively seeking credit and those who sought and have received credit.

ECOA has always defined “applicant” to mean “any person who applies to a creditor directly for an extension, renewal, or continuation of credit, or applies to a creditor indirectly by use of an existing credit plan for an amount exceeding a previously established credit limit.”

Here I must emphasize that ECOA’s prohibition on discrimination “applies to all credit transactions including the approval, denial, renewal, continuation, or revocation of any open-end consumer credit account.” I was always taught and do teach that Reg B applies to the entire life of a credit transaction. This is stated at § 1002.4(a) of Reg B, “A creditor shall not discriminate against an applicant on a prohibited basis regarding any aspect of a credit transaction.” “Any aspect” means the application, the credit decision process, terms, collections, etc. “All aspects” means all aspects. In the Bank of America case better legal minds than mine are arguing that the definition in ECOA is more limiting. As bankers we know we must follow Reg B which implements it. It makes me wonder if the attorneys are arguing their point because they must for their client, or because they believe that is a correct interpretation and action, with no regard for Reg B.

When ECOA first passed, the Federal Reserve had rule-writing and interpretive authority. To substantiate that the CFPB’s opinion is not new, it states “Reg B made clear that the new law’s protections against credit discrimination cover both those currently applying to receive credit and those who have already received it. It did so by defining ‘applicant’ to expressly include not only ‘any person who applies to a creditor directly for an extension, renewal or continuation of credit’ but also, ‘[w]ith respect to any creditor[,] . . . any person to whom credit is or has been extended by that creditor.’”

The original ECOA prohibited discrimination based on sex or marital status. Two years after ECOA passed, Congress added to the prohibited bases six more items, race, color, religion, national origin, age, and receipt of public assistance. It also added, “[e]ach applicant against whom adverse action is taken shall be entitled to a statement of reasons for such action from the creditor.” The amendments defined “adverse action” as “a denial or revocation of credit, a change in the terms of an existing credit arrangement, or a refusal to grant credit in substantially the amount or on substantially the terms requested.” Going back many years to compliance school in Norman we learned that adverse action notices were required when, as an example, a borrower did something and was no longer qualified for their credit. Applicants, (read that also as borrowers) are entitled to an explanation when adverse action is taken.

This explanation meets two objectives for ECOA and Reg B. It protects the consumer when an explanation must be provided because the bank knows it will have to provide a reasonable explanation. Reg B was enacted before my time on a compliance desk, but I heard stories from the old-timers who were there. I recall one who said he knew “a good ol’ boy” on the loan desk who swore if he had to make a loan to an unmarried woman he’d retire. And he did – retire. We could not fathom such an attitude today and would never expect to read as a reason for denial, “single woman.” Providing actual reasons for a declination of a loan request helps protect the applicant from an illegal discrimination-based decision.

The second objective is informing the applicant. When John Smith Sr. is denied a loan due to bad credit, he is told why that decision was made. Senior is also advised that a credit report was used and under the Fair Credit Reporting Act he knows which agency provided the information and can contact them to find out what was reported. Senior might then confirm the report with the creditor only to discover that it was actually John Smith Jr’s account that was bad. Very similar name, same address, erroneous reporting. Senior can then reapply and the corrected credit report should no longer be an obstacle. The same holds for debt-to-income ratios or too short a period of employment. When an applicant is informed as to the reasons for adverse action, they may be able to correct an error or have known parameters that must be met to qualify for credit with your bank. When the person can fix these issues, they are more likely to return to you because they believe they have overcome the stated objections to their last application.

The 1976 ECOA amendments not only included in adverse action the termination of an account or an unfavorable change in terms that does not affect all or substantially all of a class of the creditor’s accounts, but it required a statement of reasons. These are required to be specific and indicate the principal reasons causing the adverse action. We will discuss the reasons in more depth in a few minutes. For this Advisory Opinion and the Fralish case, suffice it to say that a reason must be provided and here, Bank of America failed to provide any because it maintains Fralish was not protected by the ECOA.

During this amendment, the Federal Reserve Board made a “minor editorial change” to Regulation B’s definition of “applicant.” The intent was to “express more succinctly the fact that the term includes both a person who requests credit and a debtor,” a debtor being one who has already requested and received credit.

Reg B originally defined “applicant” to include anyone who “applies to a creditor directly for an extension, renewal or continuation of credit” as well as, “with respect to any creditor . . . any person to whom credit is or has been extended by that creditor,” the revised definition clearly stated that “applicant” includes “any person who requests or who has received an extension of credit from a creditor.”

Bank of America was not alone in its stance on ECOA’s definition and application of the term “applicant.” The CFPB noted that other creditors also did not agree that both ECOA and Reg B apply to that debtor after an extension of credit is made and includes treatment when there is a revocation of credit or an unfavorable change to the terms of that credit agreement. It went on to say, “some creditors fail to provide applicants with required notifications that include a statement of the specific reasons for the adverse action taken or disclose an applicant’s right to such a statement.” As further explanation, a footnote stated,

Credit cards are one of the most commonly held and widely used financial products in America—over 175 million Americans hold at least one credit card. During the COVID-19 pandemic, credit cards played a vital role as both a source of credit in emergencies and a payment method as more transactions occurred online. According to the CFPB’s 2021 Credit Card Report, about 2%, or over 10 million credit card accounts, were closed in 2020 and consumers with low credit scores are two to three times more likely to have their accounts closed than those with a higher credit score. See Bureau of Consumer Fin. Prot., The Consumer Credit Card Market (Sept. 2021). Additionally, the same report shows that over 10 million accounts experienced a credit line decrease in 2020. See also 5 Reasons Credit Card Companies Close Accounts Without Notice – And How to Fix Them, USA TODAY (July 13, 2021).

To reinforce its opinion that the protections an applicant receives extend beyond the granting of a loan, it drew a parallel to a Supreme Court case, Robinson v. Shell Oil Co., where the Court held the use of “employees” in the Civil Rights Act of 1964, Section 704(a) included former employees who were subjected to discriminatory treatment as well. Justice Thomas explained in the decision that, “at first blush, the term ‘employees’ . . . would seem to refer to those having an existing employment relationship with the employer in question,”… that “initial impression … does not withstand scrutiny in the context of § 704(a).”

The Court observed, there is “no temporal qualifier in the statute such as would make plain that § 704(a) protects only persons still employed at the time of the retaliation.” The same reasoning applies to the term “applicant” in ECOA, which is not expressly limited to those currently in the process of seeking credit.

The Advisory adds to this that,

Reading ECOA’s definition of “applicant” alongside the Act’s other provisions makes clear that the term includes applicants who have received credit and become existing borrowers. For example, ECOA’s core anti-discrimination provision protects “applicant[s]” from discrimination “with respect to any aspect of a credit transaction”—not just during the application process itself. The phrase “any aspect of a credit transaction” is most naturally read to include both the initial formation of a credit agreement as well as the performance of that agreement. Consistent with this ordinary meaning, Regulation B has always defined the term “credit transaction” to encompass “every aspect of an applicant’s dealings with a creditor,” including elements of the transaction that take place after credit has been extended.”

Adverse action notices

Let’s spend a moment now on the notification of adverse action to an applicant. ECOA’s disclosure provision requires that creditors give a statement of reasons to “each applicant” against whom they take “adverse action.” In ECOA, adverse action is defined to include a “revocation of credit” as well as a “change in the terms of an existing credit arrangement.” Connecting the dots, the CFPB points out these are actions that can be taken only with respect to persons who have already received credit.

ECOA’s private right of action points in the same direction. It allows an aggrieved “applicant” to bring suit against creditors who fail to comply with ECOA or Reg B. These references to “applicant[s]” cannot be interpreted then, to refer only to those with credit applications awaiting decisions. Otherwise, a person whose application was denied on a prohibited basis would have no recourse under ECOA’s private right of action.

The point of the Advisory Opinion is to clarify any misunderstandings of these terms and the CFPB is pointing that out to courts and the judges who make rulings. The CFPB states, “Those courts that have properly read the term “applicant” in its statutory context, including the only court of appeals to have addressed the issue, have agreed that the statute protects existing borrowers.” Obviously then, it is stating there are courts which have ruled otherwise, and those lower courts were wrong. The Advisory goes on to say,

The Bureau acknowledges that a few other district court decisions have interpreted “applicant” to include only persons actively seeking credit, but the Bureau does not believe this interpretation is persuasive. No court of appeals has endorsed these district courts’ narrow reading. These district court decisions read “applicant” in isolation instead of reading this statutory term in context, as required by the Supreme Court. For example, these decisions did not attempt to square their interpretation with ECOA’s requirement that “applicants” receive an explanation when their existing credit is terminated or modified. Nor did they grapple with the clear loophole their interpretation would create or the degree to which it would frustrate the Act’s remedial purposes.

The point is to be clear that no court of appeals has disagreed with this interpretation of the term “applicant.”

In researching “John Fralish,” in addition to the suit against Bank of America in 2021, I also found John Fralish v Digital Media Solutions, (CASE NO. 3:21-CV-00045-JD-MGG) in 2021 dealing with spam calls to Fralish after his cell phone was on the Do Not Call list. There is also a class action suit against Early Warning Services, LLC in 2021 for violation of the Fair Credit Reporting Act. Early Warning Services is a consumer reporting agency out of Scottsdale, Arizona. It describes itself as being bank-owned and it sells credit reports to over 2,500 financial institutions. Fralish requested copies of his credit reports after being denied credit with one or more of his creditor banks. He claims to have not been advised by the lender why his credit was denied and he requested a copy of his credit report to review what his bank may have seen. This would allow him to have incorrect entries fixed but he was not provided with the information Early Warning Systems had on him.

I cannot render any opinions on the lawsuits involving John Fralish as I have no idea how much merit any of them has. But I will emphasize that compliance with the letter of the law, and the banking regulation, will help a bank avoid becoming the subject of a lawsuit, especially from a consumer looking for that single violation and an opportunity to file an action or class action suit. Often a bank will settle with a litigant to make the case go away and avoid the expense of a protracted lawsuit. The alternative may be to defend what your interpretation is and to pay for those legal defense costs for potentially years to come. Yes, your bank has to worry about that litigious consumer, but there is less worry if you stay current on the compliance requirements, train staff, and follow sound policies and procedures. I’m hoping your bank did not pass on studying this Advisory Opinion as it is the CFPB that has the last word on interpretating ECOA and its implementing Reg B. And the CFPB is not afraid to tell that to the courts as well. For a bank to challenge that it would need a very strong case and six or seven digits to the left of the decimal place in the legal defense section of its budget.

Recommended action

We recommend that banks take this opportunity to review Reg B and fair lending policies and procedures to ensure they are clear as to protections a customer has and that these are considered throughout all aspects of the life of a loan.

As you have read in prior Legal Briefs the CFPB has also opined that discriminatory acts are unfair. Read that to say that your deposit customers who are not protected under fair lending laws are protected under the prohibition on Unfair, Deceptive, or Abusive Acts or Practices (UDAAP), so broadly review fair lending more in the terms of fair banking.

We expect to see the CFPB continue to expand its supervisory and enforcement actions going forward. This is especially so in the area of fair lending/banking as the current administration has made fair access, including to credit, and equal treatment of all people a priority.

Reasons for Adverse Action

We have established that adverse action notices may be required to be given to an applicant and the purpose of such a disclosure includes stating the reason or reasons for denial. It is time to explore two facets of what this can mean.

To begin, Reg B § 1002.9(a)(2) requires that adverse action notices (in most cases, and here emphasis is on consumer loans) shall be in writing and contain four specific things, one of which includes a statement of specific reasons for the action taken. The Commentary to this section goes on to explain that “A creditor must disclose the principal reasons for denying an application or taking other adverse action. The regulation does not mandate that a specific number of reasons be disclosed, but disclosure of more than four reasons is not likely to be helpful to the applicant.” We will break this into two parts for discussion here, principal reasons, and then the number of reasons stated.

On May 26, 2022, the CFPB released a document titled, “CFPB Acts to Protect the Public from Black-Box Credit Models Using Complex Algorithms.” This emphasized that Reg B and ECOA, a federal antidiscrimination law, require specific reasons for taking adverse action. Above we described that is helps keep a creditor honest and informs the applicant. This notice is to emphasize that these rules apply even when using credit models which rely on complex algorithms.

In 1974, when ECOA and Reg B were conceived, a loan decision was based on an application for credit. A lender typically learned the five Cs of credit — character, capacity, capital, collateral and conditions — and applied them against the application. A human being made a decision and Reg B required that in the case of a denial, the reason would be given. It was not enough to say, “you do not meet our requirements for a loan,” as that was not a specific reason. The denial had to specify something about a debt ratio or excessive debt or length of employment. Remember part of the intent here is to inform the applicant so they can fix what is wrong and then reapply and receive credit.

In 2022 there is often less human being and more artificial intelligence involved. In a time of automation and analytics computer models use predictive analysis based on data input to compute credit scores, and to make loan decisions very quickly. “Companies are not absolved of their legal responsibilities when they let a black-box model make lending decisions,” said CFPB Director Rohit Chopra. “The law gives every applicant the right to a specific explanation if their application for credit was denied, and that right is not diminished simply because a company uses a complex algorithm that it doesn’t understand.”

What the CFPB is cautioning lenders about is technology is driving the reasons for adverse action back to a nondescript, “you do not meet our requirements for a loan.” These lenders understand less of what went into the computer’s loan decision than they do about how to compute a credit score. And “the computer model said No” is not informing the applicant, nor is it keeping the lender honest. The CFPB has accused artificial intelligence models of discrimination already. If a lender cannot explain the principal reasons for a decision, it needs a different way to make the decision. Computer models’ reasons for denial must be specific for the lender to comply with Reg B.

Lastly, I want to revisit the required number of reasons for denial. The Commentary says, “The regulation does not mandate that a specific number of reasons be disclosed, but disclosure of more than four reasons is not likely to be helpful to the applicant.” Many lenders read this to say you cannot quote more than four reasons but that isn’t so. It says it does not mandate the number of reasons. If you are criticized for providing five or more, consider challenging the critic. But if you have four reasons that will be difficult for the applicant to overcome, you do not need to pile on more reasons. What you do not want is to have (say) six reasons but list only four which are easily fixable. The applicant corrects those and comes back in only to be refused for two others that are very difficult to correct. It’s like kicking them when they’re down. List the most severe and exceed four reasons when necessary.

Electronic liens

By Pauli Loeffler

The PowerPoint presentation from the informational session presented by the Oklahoma Tax Commission covering electronic liens is accessible through this link: It is also available on the OBA’s Legal Links Webpage.