Thursday, March 28, 2024

Legal Briefs

OBA Legal Briefs – January 2005 – February 2024

February 2024 OBA Legal Briefs

  • CFPB Proposes New NSF Fee Rule
  • Overdrafts — Comments Requested

Editor’s Note: We do not usually write about proposed rules in Legal Briefs because so much can change between publication of a proposal and issuance of a final rule. However, we believe that Oklahoma’s bankers need to know about both of the recent CFPB proposals discussed in this edition.

CFPB Proposes New NSF Fee Rule

By John Burnett

On January 24, 2024, The Consumer Financial Protection Bureau announced a proposal for a new regulation on non-sufficient funds (NSF) fees. That should not have been a surprise, because the CFPB mentioned the possibility of a rule on NSF fees at least as long ago as 2022, when its Fall Regulatory Agenda indicated the Bureau was considering whether to issue new rules regarding them.

Now, the “other shoe” has dropped. Perhaps we should call it “a mismatched shoe,” because the new regulation proposal does not reference current financial institution practices regarding NSF fees. Instead, it anticipates that a bank or credit union might just be looking for a new fee income source, and the Bureau proposes to “nip it in the bud” before the idea can become a reality.

In short, the Bureau wants to ban something that almost no one (that the Bureau knows of) practices, but someone might try in the future. Here is what the proposal is all about.

It happens all the time — Someone taps their debit card on a POS terminal at Walmart to pay for a cartload of groceries, and the terminal displays “denied” or provides some gentler negative response because the cardholder’s bank account isn’t up to the task, the well is dry, or, in banker-speak, the account balance is “non-sufficient,” and the bank will not approve a transaction that would overdraw the account. The same result can be seen at an ATM, and in some peer-to-peer transfer networks.

The Bureau thinks that there might be a bank, credit union, or P2P network out there looking for ways to replace some of the fee income it has given up (perhaps in the current campaign against “junk fees”), and counting the number of NSF responses it sends back on ATM, POS and transfer authorization requests to see if they might be leaving some fee income on the table.

So, in a remarkably short (only 68 pages in all, with just over one page devoted to the words of the regulation) Federal Register document, the Bureau has proposed as new regulation (Part 1042) to say, in essence, “Don’t you even THINK about doing that!” by borrowing the definitions of “account” and “covered financial institution” from Regulation E and defining a “covered transaction” as “an attempt by a consumer to withdraw, debit, pay, or transfer funds from their account that is declined instantaneously or near-instantaneously [sic] by a covered financial institution due to insufficient funds.”

That’s followed by a definition of “nonsufficient funds fee” as “a charge that is assessed by a covered financial institution for declining an attempt by a consumer to withdraw, debit, pay, or transfer funds from their account due to insufficient funds” regardless of how the financial institution labels the fee. Then the proposed rule declares the charging of such a fee to be an abusive practice and prohibits it. A short little regulation with three little sections, about 270 words (including headings), and no official interpretations (as proposed).

I will not ask whether your bank has been thinking about imposing these “real-time” NSF fees, or whether, after reading the proposed rule, your bank changed its mind.

Comments are due by March 25, 2024. If you have a comment to offer, check out the guidance for commenters at the end of Andy’s article below.

Overdrafts – Comments Requested

By Andy Zavoina

In late 2023 there were a reported 4,645 commercial banks, 574 savings and loan associations and 4,994 credit unions in the United States. That is 10,213 financial institutions if you do not want to do the math. This gives you an idea of the “universe” which can be impacted by a new rule or interpretation. But some rules and interpretations do not actually affect all financial institutions.

When a new proposal or rule is published, the first things I would do is determine the impact of the proposal on my bank based on a general description, and if it will apply to me, when is it going to be effective? Well, on January 17, 2024, the CFPB released its proposal to “close the overdraft loophole that costs Americans billions each year in junk fees.” How will it accomplish this? With a tweak of a few words in a few regulations in certain conditions overdraft fees will be considered finance charges under Reg Z and Truth in Lending. Now my head begins to spin as I fear making APR disclosures, usury limits, periodic statements and those things associated with loan closings and lines of credit. But am I getting ahead of myself? To be clear, this rule will impact only the largest banks, those at or over $10 billion in assets.

If your bank is not in that category, please DO NOT STOP reading now and move on to more meaningful issues affecting your bank. While the CFPB estimates only 175 financial institutions will be impacted, and the math tells us that this amounts to a mere 1.71 percent of all financial institutions, there are some people who believe this rule could trickle down to smaller, community banks. According to the FDIC, Oklahoma has 178 banks with main offices in Oklahoma. Only a small percentage of these will be in the larger bank category and subject to the new rule, when and if approved.

Think about the process involved in a Notice of Proposed Rulemaking (NPRM). A proposal is made, and comments are requested. In a proposal that will relieve the American public of paying “billions of dollars” each year in non-sufficient funds – junk fees – charged by “banks” (meaning the financial institutions referenced above) where will the comment letters in support of, and against, all or some of the proposed rule come from? Will more come from the consumer protection organizations and the American public, or from those 175 banks? And will the final rule indicate overwhelming support for the proposal based on the comment letters, or that thoughtful comments indicated that overdraft fees are not always bad, these serve a purpose, and help in controlling fees in general charged by banks, they act as a deterrent for writing bad checks and should not be mischaracterized as “junk fees.” Would you be surprised to read that “based on overwhelming support of the proposal” it is approved? And do not forget the political aspects of this in an election year. The president and his staff have dwelled on junk fees and the large dollars collected by banks from consumers.

I want to explore the concept of “consumer protections” and the intent of these rules and contrast this to rules applicable to larger banks as compared to smaller banks. Using the Home Mortgage Disclosure Act (HMDA) as an example, when reporting is limited to larger institutions, the amount of data gathered is proportional to the size of those lending institutions. By limiting the application of the rule to the larger volume lenders the public gets the vast majority of the lending data gathered. Having such a rule excluding the smaller lenders makes review and analysis of trends much easier and it is cost effective, especially for those smaller lenders who have the same data gathering burden but far few resources and less technology to meet the requirements. Having the smaller lenders exempt from reporting takes away little data. In years past the CFPB did increase the reporting threshold for HMDA applicable loans. This increased the number of exempt lenders and therefore took away a small amount of data. It worked just as planned. The public and regulatory agencies received useful data and the smaller lenders were able to still make loans supporting the housing efforts of their communities yet deploy funds and assets elsewhere to facilitate an overall more effective community bank.

But no good deed goes unpunished. There was a court case which argued that data was necessary to properly evaluate the housing efforts of even the smaller lenders and the action was successful. The argument that less data still accomplished the goals of HMDA was not enough and the CFPB did not appeal the decision. The threshold dropped to its prior limit. Now a larger segment of smaller volume lenders is once again recording and reporting HMDA information. My point is, the objectives were met even with the higher limit, but the argument that a more microscopic application better meets the needs for more finite reviews prevailed. At the end of the day, consumer protections against discrimination were deemed better met by applying the rules uniformly down to smaller lenders and eliminating only the smallest of low-volume lenders.

Contrast this HMDA example to a true consumer protection regulation. The former is based on a bulk of transactions and analysis using a broad brush, and the latter is based on individual transactions. The overview of the proposed overdraft fee rule includes three important points.

  1. The proposal would require very large banks to treat commonly used overdraft protection as credit, making it subject to Reg Z disclosure requirements and other protections that apply to credit cards and loans.
  2. The proposed rule provides those banks subject to the rule two options on how to approach handling overdrafts. The bank could offer overdraft loans, officially offering lines of credit and triggering a multitude of disclosures and statements (e., processing) meaning potentially systems improvements and all that comes with such an undertaking. Alternatively, the bank could offer overdrafts as a courtesy service where fees do not exceed costs and losses, using a “breakeven standard” calculation or, optionally, a “benchmark fee.” Currently these benchmark fees being proposed are $3, $6, $7, or $14. The CFPB estimates the average fee is currently $35.
  3. The new rules would apply to banks and credit unions with $10 billion or more in assets and, if finalized as proposed, would go into effect in October 2025. That provides nearly two years to prepare from the publication of the NPRM.

Under a data gathering rule, there is the broad brush used to effect protections and these take extended periods to provide substantive information to act on. In this proposal it is individual transactions which will be impacted. Which is truly the most effective form of consumer protection? There is no denying that individuals who are protected at each transaction receive the most benefit and more quickly than is derived from data which takes years to accumulate and analyze. How can any regulatory agency that is responsible for consumer protection actions justify applying such a rule based on the asset size of the lender when all banks are subject to Reg Z already? A depositor with an overdraft at a smaller community bank would not be entitled to the same protections afforded a similar consumer at a larger bank even when both banks are subject to the same regulation that provides the protections.

If you are keeping a tally of the impact this rule poses and are comforted by the fact that your bank is under the $10 billion threshold, do not take that sigh of relief too soon. The CFPB has hinted at potentially applying this rule to smaller banks, stating that the CFPB intends to “monitor the market’s response” before deciding whether to expand the scope to smaller banks in the future. In the future it would be quite easy to justify expanding this proposal to all banks.

I ask you, what is the “market’s response” to this proposal if fewer than 175 banks comment? Certainly, banking organizations will respond but I would add that thoughtful comments from the smaller and as of yet unaffected banks need to be made to better protect those who do not want the options described above in their future. I would add that once the larger banks have adapted to the new rule and vendors have worked through the technological hurdles, it will be deemed a much easier process for smaller banks to adopt the same rules.

As a brief background, Congress gave us the TILA in 1969 and the Federal Reserve then gave us Reg Z to implement it. As to the use of currency, checks were frequently used by consumers to send money and pay bills. Zelle and similar programs were not invented. Check volume was huge and growing annually. It was recognized at that time that check processing was labor intensive. The processing technologies banks have used for decades did not exist then. Checks were manually encoded, and the items were compared to account balances. They were typically manually reviewed, account analysis was completed, and someone made a decision to pay or return an item. The bank had policies that would have included considering how long the bank has had the account, the average deposit balance, when deposits were made (direct deposit was not required  or even highly encouraged until the 1970s) and how often the account had checks presented that exceeded the available balance. It was a costly and manually intensive process. The Fed exempted overdraft=related costs from Reg Z requirements if the bank honored a check when its depositor “inadvertently” overdrew their account. Over recent years banks have been careful not to confuse inadvertent overdrafts with lines of credit because the costs of disclosing the latter can be high and smaller banks may not even have the technology to meet the Reg Z disclosure requirements. Overdrafts were not nearly as frequent in 1969 as today, and banks imposed fees to cover these processing costs as well to incentivize the depositor to not overdraw their account.

Banking technology has come a long way, and these costs are now greatly reduced and may be deemed truly minimal, other than the costs of the technology used and the cost of funds. Reg Z has retained this exemption, but this is what is now being considered for removal. This intentional exemption is the loophole in question.

The loophole is in the definition of “finance charge” at 1026.4(c)(3). Paraphrasing from the NPRM, page 64, “These proposed changes require compliance with not only Reg Z when providing higher than breakeven overdraft credit services described below, but would allow those banks to continue to comply with Regs DD and E when providing non-covered overdraft credit services at or below breakeven pricing. This means the banks that have invested in compliance with Regs DD and E could maintain their current processes for providing consumers with non-covered overdraft credit so long as it priced such credit at or below breakeven pricing.” Reg E will require some tweaking as well to allow complete compliance with this proposal and as credit products, banks may start reporting these overdraft lines to credit bureaus.

Reg Z would have new key terms and definitions that would become commonplace in discussions as operations and lending bridge these overdraft gaps, terms like, overdraft credit, above breakeven overdraft credit, covered asset credit account, covered overdraft credit, covered overdraft credit account, and hybrid debit-credit card.

I also find it interesting that it is never mentioned that in most cases writing a check against non-sufficient funds is typically a misdemeanor, a crime. Neither banks nor regulatory agencies should encourage such an act. Providing both payment options, the approval of an inadvertent item and a line of credit cause the items to be paid rather than returned, avoiding misdemeanors and fees from those on the receiving ends of the checks. This protection ends when banks begin returning the items because they cannot pay the items due to cost inefficiencies. These inefficiencies will be based on the lower income derived from overdrafts, potentially increased costs due to losses and the cost of technology to support lines of credit if that is what banks opt to offer.

While banks can continue to provide courtesy overdraft credit as is often done now, the fees which will be regulated would be assessed against a breakeven calculation or a benchmark amount. If the fees are equal to or less than these metrics, the overdraft credit provided would not be subject to Reg Z. Using this low-cost approach will exempt the bank.

  1. To use a breakeven standard the CFPB would require the bank to determine its total direct costs and charge-off losses for providing overdraft credit to all accounts open at any point during the previous 12 months. This amount would then be divided by the total number of overdraft transactions attributable to those accounts occurring in the previous 12 months. The proposal includes guidance on the types of costs and charge-off losses that a bank may consider when making this calculation.
  2. The CFPB proposes to set this alternative fee, a breakeven fee at $3, $6, $7 or $14, and the Bureau believes this would create a “simple bright-line method” for the very large banks to use when assessing whether the overdraft credit they provide is below or above the breakeven threshold. The CFPB reached each of the benchmark fees by applying different calculations to relevant data collected from eight of the large banks.

The alternative to use of the breakeven or benchmark fees is overdraft lines of credit. Overdraft credit can be provided at a cost higher than the breakeven standard or the benchmark fees described above, but the cost to the bank is that these would be subject to Reg Z.

This compliance would require treating transfer fees (line of credit to overdrawn account) as finance charges, or the bank can eliminate those fees altogether. This line of credit then offers consumers a means of repaying their overdrafts other than by preauthorized EFTs. This line of credit facility also means compliance with the regulatory provisions in Reg Z that apply to credit cards that would newly apply to certain types of covered overdraft credit. This requires systems and new skillsets for your staff.

Banks would then be required to make mandatory disclosures to consumers disclosing the cost of credit and more. Hybrid debit-credit cards used by consumers to access overdraft credit would be subject under the proposal to the Credit Card Accountability Responsibility and Disclosure (CARD) Act-related sections of Reg Z. These would include, but are not limited to, ability-to-pay underwriting requirements and limitations on penalty fees.

The proposal also requires that overdraft credit be structured as a separate credit account, not a negative balance on a checking or other type of transaction account. The underlying checking or transaction account would be considered the asset account and tied to the separate credit account created for the overdraft credit. This separate credit facility would have its own due date at the same time for each period. That means that if a $100 item is paid on the first against a deposit balance of $40, the $60 goes to the credit facility. If a deposit of $100 to the deposit account is received on the second, there is no setoff available. The $60 owed is under the credit line and is not owed until the billing is due, possibly at the month end, as an example. The billing dates will have to be on the same day of each billing cycle.

The banks subject to the proposed new rule would also be prohibited from compelling consumers to use automatic payments to repay overdraft credit, which would effectively require them to provide consumers with at least one alternative repayment option.

One point I have not seen addressed yet includes those consumers subject to the Military Lending Act (MLA). The bank would need to know who these consumers are in order to meet the disclosure requirements of the MLA. Currently the MLA is moot. In the FAQs published in the Federal Register, Vol. 81, No. 166, Friday, August 26, 2016, under Section II, question 1, it asks, “What types of overdraft products are within the scope of 32 CFR 232.3(f) defining ‘‘consumer credit’’?” The answer includes, “The MLA regulation generally directs creditors to look to provisions of TILA and its implementing regulation, Regulation Z, in determining whether a product or service is considered “consumer credit” for purposes of the MLA. Also, the supplementary information to the July 2015 Final Rule discusses coverage of overdraft products.

The MLA regulation defines “consumer credit” as credit offered or extended to a covered borrower primarily for personal, family or household purposes that is either subject to a finance charge or payable by a written agreement in more than four installments, with some exceptions. The exceptions include “residential mortgage transactions; purchase-money credit for a vehicle or personal property that is secured by the purchased vehicle or personal property; certain transactions exempt from Regulation Z (not including transactions exempt under 12 CFR 1026.29); and credit extended to non-covered borrowers consistent with 32 CFR 232.5(b).”

If overdrafts are paid from a line of credit and are subject to Reg Z, in addition to the CARD Act and ATR, there will be MLA requirements. The bank will have to know if it is dealing with a covered borrower at the time the credit is offered. This includes dependents. There are written and oral disclosures required as well as a Military Annual Percentage Rate.

Most banks are aware of the “all in fee” nature that the MAPR has resulting in a higher rate than Reg Z APR. But the open-end MAPR is different still. From the CFPB exam manual — “…the MAPR for open-end credit should be calculated following the rules for calculating the effective APR for a billing cycle as set forth in 12 CFR 1026.14(c) and (d) of Regulation Z (as if a creditor must comply with that section) based on the charges listed above. Even if a fee is otherwise eligible to be excluded under 12 CFR 1026.14(c) and (d), the amount of charges related to opening, renewing, or continuing an account must be included in the calculation of the MAPR to the extent those charges are among those in the above Types of Fees to Include in MAPR Calculation.” While the MAPR will still be capped at 36 percent and presumably all the fees will be compliant and reasonable, the minimum fees will have to be weighed against the amount of the credit and the date of the payment due from the consumer. How close to 36 percent could possible scenarios get? When and how often will banks be required to verify with the DMDC database that their overdrawing consumers are covered or not?

There are many questions, and I believe that every banker who reads the 211-page proposal will ask themselves similar questions, but also a few unique ones. Comment letters that all banks are encouraged to submit should pose these questions so that guidance can be included in a final rule and not offered in the distant future when the questions are real and not hypothetical.

While this article is not intended to serve as a how-to on writing a comment letter, I am asking all banks with an interest in the overdraft topic now or in the future to seriously consider sending one. Therefore, I will include points common to comment letters though few comment letters would ever be considered wrongly sent.

  1. Read the entire proposal to best understand the requirements and ask meaningful questions supported by realistic and factual scenarios to support them.
  2. Where any questions are asked in the NPRM of those submitting comments, answer them. This increases the usefulness of the process especially in those which ask, “what is the impact of…” on a bank or consumer.
  3. Use facts and refrain from personal comments such as “the proposal is unfair because…” or in this case, “the consumer wrote the check, and we disclosed the fee and that’s all that matters.” That would take the process nowhere and is often just subjective. Cite facts and conditions which support the bank’s position that this is a cost-effective option when considered overall. If more checks are being returned the consumer will suffer more costs, especially from merchants not obligated to keep fees low for returned payments, and for consumers who later find it harder to bank anywhere due to poor management of checking accounts in the past.
  4. Specifically quote the proposal where appropriate so the reader knows exactly what your comment pertains to.
  5. Some banking organizations may prepare comment letter templates. These are useful as to providing guidance on topics and formats. But the regurgitation verbatim of someone else’s comment letter is nothing better than a tick mark for, or against something as the comments have already been stated and read. It will add to support your position, but in a less meaningful way.
  6. Offer suggestions on issues that are realistic and meet the goals of both your bank and the consumer’s needs for protection. After reading the proposal, you will read about issues such as, “For example, CFPB research found that in 2012 the median overdraft fee was $34, the median size of a debit card transaction incurring an overdraft fee was $24, and that the majority of non-covered overdraft credit transactions were repaid within three days. Putting these figures in lending terms, the annual percentage rate (APR) for such a non-covered overdraft credit transaction would be 17,000 percent (if transaction fees were included in the APR calculation).” This is where the cost to actually process a transaction comes into play, as well as losses and collection expenses. I see the APR as less of an issue when the fees are reasonable. It is not enough to say an APR is not reasonable when the actual fee is only a matter of a few dollars. Expressing that minimal fee as an annual rate provides an unbalanced calculation.
  7. Balance your comment letter based on the bank’s experience as a whole. That is, consider the side of the loan department as well as operations for the big picture.
  8. The pounds test is not a goal to be met here. Do not add comments that go on and on so that if printed, you will have the longer document. Succinct and meaningful comments that convey valid points will be held in higher regard as being productive for all. You don’t need to address every issue raised in the proposal. Focus on the elements most important to you and your bank.
  9. If you read other comment letters or reports in the press, you will understand those who disagree with your position. With this understanding you can better offer intelligent counterpoints.
  10. The comment period for this proposal ends April 1, 2024. You should have your letter in by that date. Sending it electronically is the fastest and easiest way to make a submission. Prior to sending yours, you can read others that have been submitted and remember your comment letter will also be publicly available. For this reason, bank management and/or counsel may want to be involved in the process. The NPRM itself contains instructions for all this.

 

January 2024 OBA Legal Briefs

  • ’Tis Still the Season — Security and Fraud Losses
  • MLOs Hirable Now — Changes in Section 19
  • AI in Banking

’Tis Still the Season

By Andy Zavoina

Security and Fraud Losses

The holiday season has ended and now it is all about the returns. Side note – it is a great time not to be working at Amazon. What does all this have to do with banking? Money. Your depositors have it and there are thieves out there who want it even more than the retailers. When a retailer is paid by your customer, it is because your customer spent their money at that store. It is an honest buyer and seller relationship. But there are thieves out there waiting to scam and steal from your customer. In many cases, when the thieves steal your customer’s money, they are really stealing from the bank by using the weakest link, the customer, to get access to it. Some of these customers may be negligent and others fall for a good story filled with deception and technology tricks. The type of customer and type of loss will influence whether the customer or the bank will be taking this loss.

We have all seen check fraud increase even as the overall use of checks has declined by 7 percent according to the Federal Reserve. One report indicated that 70 percent of banks have experienced an increase in fraud over 2021. Fraud losses are increasing by about 65 percent from $2.3 million in 2022 to $3.8 million in 2023.
One barometer to see what is happening on this front is the growth in the numbers of Suspicious Activity Reports (SARs) for check fraud cases filed by banks. According to Financial Crimes Enforcement Network (FinCEN) data, it is up 201.2 percent between 2018 and 2022. With 447,525 SAR check fraud reports in 2023 through October, the year was on track to beat the 2022. Check fraud SARs have increased more for personal and business checks than for any other financial instrument. Check fraud accounts for one-third of all the fraud banks are experiencing, excluding mortgage fraud.

The Federal Trade Commission (FTC) estimates Americans lost $330 million to text scams in 2022. That is up from $86 million in 2020. Text messages are fast, cheap, and easy to send from anywhere. The median loss in cases like these is $1,000.

Your consumer customers are often the main target of these thieves, especially during peak sales seasons such as the holidays we are now recovering from. You may not have heard of all the fraud committed yet, as many customers will not be aware until they have their latest statements – that is, if they actually review them.
Scams accounted for 12 percent of the fraud transactions, with two key scams standing out. The first is a thief impersonating a bank security or support person and the other is an IRS scam. The former instills a fear of immediate loss with the hopes of an immediate recovery if they act fast, and the latter one of red tape and a never-ending issue of audit, collections and threats of arrest.

Let’s look at business customers. Say your business customer “A” regularly pays business “B” for services rendered. One day an employee in accounting receives an email from a person at “B” they frequently correspond with. The message says they have changed banks and provides new payment routing information. What is the proper procedure here? Should “A” verify these changes with a trusted source at “B” or make the changes and move on? Business email compromise (BEC) happens, and if that email is not questioned and verified, future payments will go to a thief and the payor will not be aware until “B” contacts them about the past due status. As soon as funds reach the thief’s account, they are almost immediately wired out and unrecoverable. If either the payor or payee is aware of the payment within a day, there is a chance for a recovery. In instances like this the payor still has to make a payment, and “B” may be having cash flow problems while this is figured out. The payor’s procedures will be questioned, and the bank may be held to blame if its customer is the payor in this scenario. Why the bank? Because it has deep pockets. and customers who demand privacy also believe the bank knows this payment is uncharacteristic for one or more reasons.

BECs often take the form of fake invoices from real vendors or business partners, fake requests from upper management to transfer funds to a bank account that actually belongs to the attacker, and fake notifications from real vendors and business partners of changes in banking account information. These bank customers are not protected by Reg E and the Electronic Fund Transfer Act, but they may be under the Uniform Commercial Code (UCC). That is their hope, and the bank may be their best chance for recovery. The fact that the bank followed the payment order it was given is a moot point. But there is hope for the bank. Review UCC 4A-207 in situations like this. This section provides that if a payment order (including wire transfers) received by the payee’s bank includes the payee’s name and a different account number than the payee’s real account number, the bank is not liable for the misdirected wire unless the bank had “actual knowledge” that the payee’s name and account number referred to different persons or entities. The bank does not need to affirmatively determine whether the name and number refer to the same person. UCC 4A-207(b)(1). But if someone in your wire room is keying in information on incoming transfers and your system displays the account owner name before the input date is checked and “enter” is clicked, it will be hard to claim the bank was not aware of a mismatched name and account number.

Much of the loss prevention effort employed by banks today is older technology dating back to the 1990s. Those banks experiencing sizable amounts of check fraud losses should invest in newer technology and these banks should see a significant return on the investment as losses are curtailed. Artificial Intelligence (AI) can be employed and will make it easier, for example, to detect unusual transactions in a customer’s account and immediately confirm those transactions with the consumer. This technology can play a dual role to both reduce fraud and indicate Bank Secrecy Act red flags on transactions and account relationships.

The customers can take another preventative measure themselves as banks tout the security of using electronic payments over paper. Businesses have many cost-effective options such as automated cash management services. At the end of the day, their loss exposure is lessened with each check they do not write.

Banks must do a more effective job of educating customers about security. A recent survey by PYMNTS.com indicated customers prefer multifactor authentication (MFA) each time they access their accounts and send or receive funds. According to the poll, eighty-three percent of respondents said they want MFA for riskier transactions, such as accessing a bank account from an unknown device, changing personal information in a bank account, and spending or sending larger sums of money electronically. Sixty-two percent wanted MFA for routine transactions such as accessing a bank account from any device or transferring money to family and friends. More than half said they prefer MFA for low-risk transactions such as paying bills, rent or loans. Smartphones are making this easier than ever with biometrics such as fingerprint and facial recognition to act as their MFA.

When I was in the military there was always the same lesson plan to be followed when teaching, which is what the bank should be doing here. Tell them what you’ll tell them, tell them, and tell them what you told them. It is difficult to get the attention of customers and to convince them that security of their access information is everyone’s job. So, you must constantly remind them and mix your messages about security protocols. Marketing needs to work with compliance, security and those who investigate fraud and other losses to deliver the message.

1. Does your bank encourage customers to review their statements or at least regularly review their balances and transactions online? Perhaps customers can be incented to do either or Marketing can make doing so fun in one way or another. But customers need to be reminded of this important responsibility.

2. When sending One Time Passwords (OTP), think of those six-digit codes to verify the device and access authorization to the account as the same, and ensure that each one clearly says, we will never ask you for this code. That is a very common technique for that thief to get access after sending thousands of text messages like “XYZ bank – we need to verify your $5,026 transaction at Big Box, reply “Y” to accept the charge and “N” to deny it. If you have a question, call the bank at 623-387-6862.” All the customer wants is to refuse the charge. The thief will get a verification that this a fish is ready to take the bait when they reply “N,” or the customer will call, and the hook will be set. The thief discusses how this happened and what needs to be done to save the customer their money and part of that is verifying they have the right customer. To do that the bank (thief) will send a six-digit code and the customer needs to give them that number back. That is when the customer must have had positive reinforcement TO NEVER GIVE THAT OTP CODE OUT. Even when the security officer says it is OK this time. The security officer/thief will immediately change that password to the account and clear out the balance. The bank is then carefully reviewing Reg E to see who is liable for the losses — the bank or the consumer. And by the way, the “bank’s phone number” above translates on the phone touch pad to “MAD EUP NMBR” and if your customer is calling the bank, they should look for a known number. That “direct” line is not to the bank in any way.

3. Check washing is very popular again. Blue or black gel pens are preferred for checks as that ink is much harder to remove. Like yard signs that tout protection services, they may be real or not, but it is easier to move to the next house than find out. Skipping the gel inked check for the next one is a logical move as even for thieves, time is money.” And remind customers to avoid dropping outbound mail in those blue boxes or leaving it in their mailbox with the flag up. Have it picked up by postal personnel or drop in a lobby slot at the Post Office.

4. Use the internet banking bill pay services when checks are needed for recurring payments.

5. If the customer transfers money using Zelle, PayPal and the like, have they verified who they are sending that money to? Sending $1 and getting verification that it was received with a call or verified text and then sending the rest can save money when there is a thief or just a wrong number.

6. When it comes to passwords, four-digit numerical PINs are terrible security even though there are 10,000 possible combinations. Hackers who steal phones are not sitting at the table trying 0 – 0 – 0 – 0, then 0 – 0 – 0 – 1, and so on until it works. A four-digit PIN can be cracked by a computer in less than a second. Six-digits are better but ‘real” passwords are better yet, and biometrics are best. If the desired security is “something they have” and biometrics is not acceptable to customers or is one part of a verification process, another option is a security key. These cost about $50, and a device will not unlock or a site requiring logon credentials will not work without the physical key. The less expensive way to accomplish this is with a OTP generator so the customer has to know where to go and to sign in to get the OTP.

Good security is a pain in wallet area, but also a great preventer of another pain in the wallet when a customer finds out their accounts have been drained, that lines of credit were accessed automatically to cure overdrafts, and that they still have to replace the phone they lost.

7. Teach customers not to click on links or respond to text messages from an unknown source. When a text comes in asking, “This is Tina. Are we still on for lunch tomorrow at 1?” They are setting that hook and looking for a sucker. If they find that elderly, lonely customer with a savings account, suddenly the thief is a caring and good person who is willing to talk and spend time with them. Have no doubt money is the motive and that thief has no remorse as to the effects of what they do. When such a text comes in, either block the number and delete the message, or reply, “wrong number” and then block and delete. If interested, the FTC asks that suspicious texts be reported to ReportFraud.ftc.gov or forwarded to 7726 (SPAM).

8. Remind commercial depositors about BEC and account takeover thefts and encourage them to protect themselves.

Customers, all customers, should be reminded with paper statements, e-statements, when they log on to internet banking and when they receive an email or text message from the bank. In some cases, just email or text the reminder solo, without any other message. Just like for scammers, email and text messages are easy to send in bulk and inexpensive.

Another common scam is the undeliverable package. Here is one from my spam box as I write this article.

“ZAVOINA, you have (1) package pending in our warehouse.

Unfortunately, we could not deliver your postal parcel on time because your address is not correct.

Please reply to us with the correct delivery address. ___ here ____

Best regards,

Track & Trace Rewards”

There were various emojis in this HTML email and the thieves wanted the receiver to click the HTML link. They will attempt to get more information, especially banking info, or infect the computer. When was the last time you received a computer-generated message like that from Fed Ex, UPS or another professional company? My old home, in the city limits and to which packages are regularly delivered, is not difficult to find. Yet the only reason the scam is being run is because it works. In a recent cybersecurity presentation I attended, one session discussed when law enforcement recovered the original mailing list from a thief. The police contacted those on the list and found that 18 percent of the recipients had responded favorably to the thief. Your Marketing department would be ecstatic to have a near 20 percent response to a mass mailing.

I recently taught on my own experience where my Apple password, then 10 characters long, had been cracked. MFA prevented the thieves from getting into my accounts. I simply added a character to what I had and went on with my business. Not 12 hours later they were at it again. I had not outsmarted anyone. Long story short I made painful changes, and that logon password is now 23 characters long and I have more security protocols in place. Are they problematic when I need quick access to something? Yes, but it is all less problematic than losing everything and having some or all financial liability on top of it.

If you really want your customer’s attention, ask them if they are using cloud services from a provider tied to their phone. In the case of the Apple ecosystem things just work seamlessly and life is good. But if a thief shoulder-surfs and sees that easy to remember four-digit code and then grabs the phone and runs, they can change that person’s security code and even their main password to their Apple accounts. The thief does not need the current password to change it and the real owner can be locked out forever in minutes. That includes email, photos and Apple TV. Emphasize “photos” to your customer. If they do not have a separate backup of those photos, there may be years and years of photos and videos documenting births, deaths, weddings, holidays, and general memories only in the cloud. When your customer is locked out of their own account because of the thief, Apple will tell them there is nothing they can do as it does not have the codes or master codes to access the photos. They’re gone. Money comes and goes, but those photos are gone forever. Now the customer has a genuine interest. As a side note, Apple is working on a fix for this security change issue in an upcoming update to the operating system.

MLOs Hirable Now

We generally do not get too involved in Human Resources issues but this one has some compliance crossover implications, so it is worth mentioning, especially since we are just through the annual renewal period. Section 19 of the Federal Deposit Insurance Act contains restrictions on hiring employees with criminal backgrounds. That is, Section 19 prohibits hiring individuals convicted of crimes of dishonesty, breach of trust, or money laundering, including theft, misappropriation, embezzlement, false identification, and writing of a bad check, among others, from working in a bank without written consent from the FDIC.

But in December 2022, President Biden signed the National Defense Authorization Act for Fiscal Year 2023. Section 5705 of that Act is the “Fair Hiring in Banking” section, which instructs banks to disregard certain criminal convictions. While this eases the restrictions on the hiring of individuals with criminal records, the changes open questions regarding the de minimis standard, and whether the changes to Section 19 effectively amended Reg Z, as it applies to mortgage loan originators because of Reg Z’s references to Section 19. Specifically, § 1026.36(f)(3)(ii) addresses the qualifications individual loan originator employees and requires the bank to review the person’s background as to meeting certain standards and states that if they do not meet these standards, “before the individual acts as a loan originator in a consumer credit transaction secured by a dwelling, that the individual loan originator:

(A)( 1 ) Has not been convicted of, or pleaded guilty or nolo contendere to, a felony in a domestic or military court during the preceding seven-year period or, in the case of a felony involving an act of fraud, dishonesty, a breach of trust, or money laundering, at any time;
( 2 ) For purposes of this paragraph (f)(3)(ii)(A):

( i ) A crime is a felony only if at the time of conviction, it was classified as a felony under the law of the jurisdiction under which the individual was convicted;

( ii ) Expunged convictions and pardoned convictions do not render an individual unqualified; and

( iii ) A conviction or plea of guilty or nolo contendere does not render an individual unqualified under this § 1026.36(f) if the loan originator organization has obtained consent to employ the individual from the Federal Deposit Insurance Corporation (or the Board of Governors of the Federal Reserve System, as applicable) pursuant to section 19 of the Federal Deposit Insurance Act (FDIA), 12 U.S.C. 1829, the National Credit Union Administration pursuant to section 205 of the Federal Credit Union Act (FCUA), 12 U.S.C. 1785(d), or the Farm Credit Administration pursuant to section 5.65(d) of the Farm Credit Act of 1971 (FCA), 12 U.S.C. 227a-14(d), notwithstanding the bars posed with respect to that conviction or plea by the FDIA, FCUA, and FCA, as applicable; and

(B) Has demonstrated financial responsibility, character, and general fitness such as to warrant a determination that the individual loan originator will operate honestly, fairly, and efficiently…”

So, there are the rules and some exceptions now. Section 5705 provides that an individual no longer needs the consent of the FDIC (or NCUA if you are keeping score. Add NCUA in most places when you read FDIC here) to become employed with an insured bank or credit union for “Certain Older Offenses.” These exceptions apply where:

1. It has been seven years or more since the individual committed the offense; or
2. The individual was incarcerated with respect to the offense, and it has been five years or more since the individual was released from incarceration; or
3. The individual committed the offense when they were 21 years of age or younger, if more than 30 months have passed since the sentencing for the offense occurred.

These are lower thresholds than recognized under prior law and FDIC rules. In addition, other de minimis offenses may be exempt, subject to the FDIC rulemaking capabilities and meeting the following criteria:

1. Punishable by a term of three years or less confined in a correctional facility;”
2. Offenses for writing insufficient funds checks must require that the aggregate total face value of all insufficient funds checks (regardless of the number of convictions or program entries at issue) be $2,000 or less; and
3. Other lesser offenses, like the use of a fake ID, shoplifting, trespass, fare evasion, and driving with an expired license or tag, if at least one year has passed since the conviction or program entry for such offense.

There is greater opportunity for exempting de minimis offenses. Banks are now able to move through the hiring process more easily for individuals with lesser, minor convictions than in the past. I will draw attention to the fact that the rules do not say “may consider” or “may waive,” as in “this is optional.” It says banks should disregard prior requirements where these conditions exist. Theoretically if a young employee embezzled from the bank and has been released and meets these conditions, the bank could not stand on Section 19 of the FDI Act and refuse employment.

Under the current Section 19 rules, offenses are considered de minimis and a waiver is automatically granted if the maximum punishment for the crime was:

1. imprisonment of one year or less, and the individual served three days or less of jail time, and
2. a fine of $2,500 or less.
3. Offenses for writing “bad checks” are considered de minimis so long as the aggregate value of the “bad checks” written is less than $1,000 and the payees were not an insured depository institution (IDI) or a credit union.

For a direct comparison, the Fair Hiring in Banking changes this auto-exception to:

1. if the maximum punishment for the crime were three years, calculated based on the time an individual spent incarcerated and not including pretrial detention, probation, or parole.
2. The fine is not referenced.
3. The aggregate amount of the bad checks was increased to $2,000.

Now the Reg Z issues. Reg Z prohibits banks from employing individuals in loan originator positions if that individual was:

1. convicted of a felony in the preceding seven years, or
2. “at any time” for felonies “involving an act of fraud, dishonesty, a breach of trust, or money laundering,”
3. unless they have received consent from the FDIC pursuant to Section 19.

But now the Fair Hiring in Banking provisions removed the requirement that an individual must obtain consent under Section 19 for offenses where:

1. it has been seven years or more since the offense occurred, or
2. the individual was incarcerated for the offense, and it has been five years or more since the individual was released from incarceration; and (ii) the individual was 21 years or younger when he or she committed the offense and 30 months or more have passed since the individual was sentenced.

The result is a set of convictions that would require FDIC consent under Reg Z that are no longer covered convictions under Section 19. Fast forward to October 23, 2023, and the FDIC’s Notice of Proposed Rulemaking Concerning Section 19. The NPRM states:

The proposed rule would incorporate statutory changes to Section 19, including the following:

• Certain older offenses. The Act excludes certain offenses from the scope of Section 19 based on the amount of time that has passed since the offense occurred or since the individual was released from incarceration.

• Designated lesser offenses. Under the Act, Section 19 does not apply to the following offenses, if one year or more has passed since the applicable conviction or program entry: using fake identification; shoplifting; trespassing; fare evasion; and driving with an expired license or tag.

• Criminal offenses involving dishonesty. The Act excludes certain offenses from the definition of “criminal offenses involving dishonesty,” including “an offense involving the possession of controlled substances.” Historically, the FDIC has required an application as to drug-related offenses—aside from simple-possession offenses. In light of the Act, however, the FDIC believes that Congress intended to exclude, at least, the offenses of simple possession and possession with intent to distribute from the “involving dishonesty” category because of the statute’s use of the phrase “involving the possession of controlled substances.” Additionally, the FDIC believes it should shift from the presumption that other drug-related offenses are subject to Section 19 as crimes involving dishonesty, breach of trust, or money laundering. This revised approach would treat drug offenses the same as all other types of crimes, which do not automatically trigger the need for an application, but which may require an application depending on the elements of the underlying criminal offense.

• Expunged, sealed, and dismissed criminal records. The Act excludes certain convictions from the scope of Section 19 that have been expunged, sealed, or dismissed. The existing FDIC regulations already exclude most of those offenses. The proposed rule would modestly broaden the statutory language concerning such offenses to harmonize the FDIC’s current regulations concerning expunged and sealed records with the statutory language.

• Standards for FDIC review of Section 19 applications. The Act prescribes standards for the FDIC’s review of applications submitted under Section 19.

The proposed rule also provides interpretive language that addresses, among other topics, when an offense “occurs” under the Act, whether otherwise-covered offenses that occurred in foreign jurisdictions are covered by Section 19, and offenses that involve controlled substances.

Comments are due by January 16, 2024, as this appeared in the Federal Register on November 14. https://www.federalregister.gov/documents/2023/11/14/2023-23853/fair-hiring-in-banking-act. Compliance may want to coordinate with Human Resources on a comment letter if there are questions your bank has, clarifications you want, or changes to recommend.

AI in Banking

Is your bank an early adopter of technology? I do not see many community banks jumping on to the cutting edge of technology but soon it will become a more commonly offered service from vendors. Now is the time to become familiar with what is happening in this arena. Not banking but looking for shortcuts could be dangerous. If a “techie auditor” wants to use a ChatGPT or similar program to dress up an audit report, who fact checks it? In December the CEO of The Arena Group, which publishes Sports Illustrated, was fired weeks after the magazine was accused of publishing articles generated using artificial intelligence (AI).

The CFPB in June reported on consumer dissatisfaction with chatbots, another common use of AI. The report noted that about 37 percent of the U.S. population has interacted with chatbots. In banking, the use of chatbots raised several risks including: (i) noncompliance with federal consumer financial protection laws; (ii) diminished customer service and trust; and (iii) harm to customers. There have been complaints received by the CFPB. We have also seen AI result in fair lending cases based on poorly targeted marketing. You can find the CPPB’s report here: https://www.consumerfinance.gov/data-research/research-reports/chatbots-in-consumer-finance/chatbots-in-consumer-finance/

December 2023 OBA Legal Briefs

  • Year End, Year Start

Year-End, Year Start

By Andy Zavoina

This is a time of celebrations, family, and looking forward to a new beginning as the calendar turns to 2024. But, has every “i” been dotted and “t” crossed for 2023? Do you get to exhale in a sigh of relief as you enjoy the holiday season, chill for a moment, and start anew on January 1? The answers are, “You need to know they are,” and “Absolutely not.” As 2023 ends, 2024 begins as a new year but what’s not done from the year-end still has to be. So, let’s do a quick review of those annual tasks and ensure you are really ready to close the books on 2023 and open the new one for 2024.

What must you always consider as you begin planning your year? The major events you anticipate, especially changes.

HMDA

Are you a HMDA reporter, or now will be, based on your bank’s size and transactions and what ramifications does that bring? (See 1-5 immediately below for the requirements applicable to 2023 data. Each test must be met.) If applicable, are you ready for the March 1 filing deadline this year? Do you have only the final quarter’s Loan Application Register (LAR) entries to scrub, and if not, how long will that take? Are the first three quarters of 2023 ready to go?

1. Asset-Size Threshold Test. On December 31, 2022, your bank had assets in excess of $54 million. This was for data collection threshold for 2023. We expect the 2024 threshold to be released in late December.
2. Location Test. On the preceding December 31, your bank had a home or branch office located in a metropolitan statistical area (MSA).
3. Loan Activity Test. During the preceding calendar year, your bank originated at least one home purchase loan or refinancing of a home purchase loan secured by a first lien on a one-to four-unit dwelling.
4. Federally Related Test. Your bank is federally insured, regulated, or originated at least one home purchase loan or refinancing of a home purchase loan that was secured by a first lien on a one- to-four-unit dwelling and, well there is more to this test at 12 CFR 1003.2(g)(1)(iv) but I think we had you at “insured.”
5. Loan-Volume Threshold. Your bank meets or exceeds either the closed-end mortgage loan or the open-end line of credit loan volume threshold in each of the two preceding calendar years. A bank that originated at least 25 closed-end mortgage loans in each of the two preceding calendar years or originated at least 200 open-end lines of credit in each of the two preceding calendar years meets or exceeds the loan-volume threshold. (If the loan or line of credit is not a closed-end mortgage loan or an open-end line of credit, it does not need to be reported.

If you barely missed any of these five criteria, you’ll want to pay attention to any revisions to them next year, such as the asset threshold or loan volume.

Small Business Lending Data Rule

Small Business Lending Data Rule. The Reg B small business data gathering rule referred to as “1071” was released and there were legal challenges affecting the rule. It is important to note that the 1071 rule was not challenged, but the CFPB was. On July 31, 2023, the U.S. District Court for the Southern District of Texas ordered the CFPB not to implement or enforce the 1071 rule. The order stays all deadlines for compliance and in subsequent cases and rulings the stay applies to all banks. The Supreme Court has to rule on the case and that is expected about mid-2024. At that point, if the CFPB is successful, it may simply redesignate the deadlines and if it is not, the 1071 rule will be implemented in some form as it is based on Section 1071 of the Dodd-Frank Act, which is not in question. Ask yourself, if the CFPB is successful and that seems likely to many but remains an unknown, how fast will you be able to react on implementation and change management?

In the BOL Lending Compliance Triage Conference in November, Kimberly Boatwright recommended five critical steps compliance officers need to take now.

1. Determine your bank’s status/tier as a covered institution.

2. Conduct a Gap Analysis to understand your products, delivery channels and lending life cycle.

3. Commercial Lending Challenges that need focus, training, and action.

4. Based on your bank’s needs, allocate a budget.

5. Raise the Board’s and senior management’s awareness of issues related to implementation of Section 1071.

When is your next compliance exam?

That is a compliance officers’ direct responsibility. What has been done to prepare for it and depending on when that is expected, more importantly, what has not been done? Start making that list if your exam is imminent. What other exams do you contribute to – Bank Secrecy Act, Safety and Soundness which may include Reg O, any fair lending or mortgage origination and servicing requirements?

The New CRA Rule

One more biggie that cannot be ignored is the new Community Reinvestment Act rule that was recently published. Most of us are beginning to digest it now as the final rule takes effect on April 1, 2024, but with staggered compliance dates of January 1, 2026, and January 1, 2027. So, it is not an immediate need to completely revamp your policy and procedures, but the changes are enormous and you must start planning now. The November Legal Briefs edition has more on the new CRA, but here are a few key elements.

• Asset thresholds for small, intermediate and large banks will increase.
• Most of the rule’s requirements will go into effect on January 1, 2026, to give you time to prepare for implementation.
• Data reporting requirements, which only apply to large banks, will become applicable starting January 1, 2027.
• The rule allows small banks to be evaluated under the existing framework or opt in to be evaluated under the new framework.
• The final rule does not include a start date for examinations pursuant to the performance tests in the amended regulation. We will have to watch as the agencies prepare for and announce this.

Don’t forget the little things

Now let’s look at the future and eliminate some of the small things for peace of mind. These are minimal tasks that need to be sorted and ensure there are no issues with compliance. It’s the little things that sometimes catch you unprepared.

Let’s talk about signage requirements. In our main branch we had a “Fed wall,” which was one area which had the federally required (and state, as applicable) notice requirements. It should be in an area that is highly visible to the public to meet the intent of the posted notice requirements. It does no good to put these on the wall behind a door that stays open or the plastic trees in the lobby which prevent viewing them. You will not get credit during an exam for posting them where they cannot be seen. If there was a remodel done and the signage was taken down for maintenance, ensure it went back up, and in the right location.

As to being unsightly, beauty is in the eye of the beholder. If you put courier font printed pages in a $2 frame and nailed it to the wall, that is what it will look like. I recommend you lay out all the applicable disclosures and buy one large frame, have a matte cut for all these in one space and then everything is accounted for in one space. As a new branch is opened, just order another of the same design. This ensures everything is easily accounted for and posted easily on the wall rather than trying to lay out several frames, especially if those frames were each different giving a hodgepodge appearance. It is also a simple task to pull the frame down, remove the backing and switch out disclosures when necessary. As a tip, there is a transparent tape and removable tape that uses the same adhesive as sticky notes. It will hold your documents to the matte securely yet provide the flexibility to switch them out without destroying the matte or other documents.

Here are suggestions and justifications for your fed wall and other required signage.

1. Community Reinvestment Act Notice: This is to be posted in each lobby with one version in your main office and another in each branch, other than off premise electronic deposit facilities, the Public Notice described in 12 CFR 345.44 (FDIC), 228.44 (FRB), 25.44 (OCC).

2. Equal Housing Lending Poster: Post in lobby of main office, all branches, and in any other areas where loans are made. Note, this is an 11”x14” poster and unlike most other requirements for signage, the size requirements are specifically stated. 12 CFR 338.4 (FDIC), 24 CFR 110.15 and 110.25 (HUD and OCC) the FRB requirements fall under the Fair Housing Act. .

In August 2022 the FDIC made changes to its version of the sign. Refer to Federal Register Vol. 87, No. 151, Page 48079 as the Fair Housing and Consumer Protection Sale of Insurance Rule are both impacted. To improve efficiency and effectiveness the FDIC consolidated the Consumer Response Center and the Deposit Insurance Section under one organization, entitled the National Center for Consumer and Depositor Assistance. Fair Housing signage and the Sales of Insurance disclosure should refer to, “…National Center for Consumer and Deposit Assistance.” The effective date of the change was August 8, 2022. The OCC has also had changes to its poster. Refer to Bulletin 2021-35, August 5, 2021.

3. Home Mortgage Disclosure Act (HMDA). General notice of availability must be posted in each home office and physical branch offices located in an MSA. 12 CFR 1003.5(e). Non-HMDA banks do not post this notice.

4. Fair Credit Reporting Act (FCRA) requires that a consumer be allowed to notify the bank of an error in their consumer report. If a notice is posted informing consumers where to direct their notice, they may not be delivered to just any employee and must be properly directed. 623(a)(1)(C) (Note, this is a recommendation, not a requirement. Not having such a notice does set the bank up for failure as virtually all staff would need awareness training on how to handle such a notice from a customer.)

Additional signage requirements while you are auditing those above.

A. Customer Information Program procedures require providing adequate notice the bank is requesting information to verify customer identities prior to opening account. May be given or posted, 31 CFR 1020.220(a)(5)

B. FDIC Deposit Insurance Notices are to be displayed at each station or window (including drop boxes, teller windows, new accounts, drive-ups) where insured deposits are normally received, excluding automated service facilities such as ATMs, night depositories and POS. These signs must be 3″X7″ in size. 12 CFR 328.2 & FDIC 93-42, 94-17.

C. Funds Availability Policy is for banks routinely delaying availability of any deposited item. Disclosure is required of several items in a conspicuous place in each location where deposits are accepted. This includes the abbreviated text on ATMs but excludes drive-ups. These disclosures are contained in our Facts About Funds Availability brochure that doubles as the posted notice. 12 CFR 229.18

D. ATM Surcharge Notice requirements apply if your bank, as an ATM owner/operator, imposes a fee to complete a transaction or inquiry. The bank must disclose on the ATM that a fee may be imposed. 12 CFR 1005.16(c).

And for employees there are several other requirements.

E. 5-in-1 Employment Poster is required to be visible to job applicants and employees, 42 USC 2000e-10(a). This poster should include five parts, and if not in a combined poster, individual signs must be posted in the manager’s office or lobby. The five laws are: Equal Employment Opportunity Act, Fair Labor Standards Act, Employee Polygraph Protection Act, Family Medical Leave Act, and OSHA’s Plain Language “It’s The Law.” Refer to 29 USC 201, 29 USC 2003, 29 CFR 825.300, and 29 CFR 1903.2(a)(3)

F. Rate Board requirements under TISA/Reg DD are that indoor signs are exempt from many advertising requirements. But if a rate is stated it will use the term “annual percentage yield” or “APY” and contain a statement advising consumers to contact an employee for further information on terms and fees. 12 CFR 1030.8(e)(2)

G. Notice of Employee Rights has two requirements; 1) Executive Order 13496 is a Notice of Employee Rights under the National Labor Relations Act, the primary law governing relations between unions and employers in the private sector. See 29 CFR Part 471. Banks need to follow this for various reasons including due to FDIC insurance, savings bond transactions, TTL accounts and government contracts. Post the notice conspicuously in offices where employees covered by the NLRA perform contract-related activity, including all places where notices to employees are customarily posted both physically and electronically. 2) Employee Rights under the NLRA See section 7 of the NLRA, 29 U.S.C. 157

Now that signage requirements are addressed, let’s ensure “annual” tasks have been completed.

Annual compliance tasks

Reg BB (CRA), Content and availability of Public File § 228.43 – Your Public Files must be updated and current as of April 1 of each year. Many banks update this continuously, but it’s good to check. You want to ensure you have all written comments from the public from the current year plus each of the two prior calendar years. These are comments relating to the bank’s efforts in meeting community credit needs (your SBA loans may play a key role here) as well as any responses to comments. You also want a copy of the last public section of the CRA Performance Evaluation. That actually is to be placed here within 30 days of receipt. Ensure you are keeping up with branch locations and especially ATMs as those may fluctuate. The regulation has more on the content of this file. It may be best to review it with an audit workpaper to use as a checklist to avoid missing any required items.

CRA Notice and Recordkeeping § 228.42, 228.44, 1003.5 – CRA data, which can include small business and small farm as well as home mortgages, are gathered based on specific reporting requirements for the Loan Application Registers (LAR). CRA and HMDA information, if applicable, must be submitted by March 1, for the prior calendar year. If you are a reporter of either LAR you should start verifying the data integrity now to avoid stressing the process at the end of February. HMDA mortgage data should be compiled quarterly so this should not be a huge issue, but a thorough scrubbing as the new year starts and submission preparation approaches is always warranted.

Pertaining to this, national banks should ensure they have reviewed and updated as needed the CRA, FHA and ECOA notices in accordance with the Aug. 5, 2021, OCC Bulletin 2021-35. This bulletin provided updated content for the appropriate names and addresses for notices required by the Community Reinvestment Act and Equal Credit Opportunity Act, and for posters under the Fair Housing Act. National banks were required to make the appropriate changes to their notices and posters within 90 days of the issuance which then had a mandatory compliance date of Nov. 3, 2021.

Reg C – HMDA Notice and Recordkeeping § 1003.4, 1003.5 – HMDA data are gathered as home mortgage loans are applied for and are compiled quarterly if your bank is a HMDA reporter. There are specific and detailed reporting requirements for the Loan Application Register (LAR) itself. The LAR must be submitted by March 1, for the prior calendar year. If you are a reporter, you should start verifying the data integrity now and this is of vital importance if you have a large volume of records to report.

Reg E § 1005.8– If your consumer customer has an account to or from which an electronic fund transfer can be made, an error resolution disclosure is required. There is a short version that you may have included with each periodic statement. If you’ve used this, you are done with this one. But if you send the longer version that is sent annually, it is time to review it for accuracy and ensure it has been sent or is scheduled to be. Electronic disclosures under E-SIGN are allowed here.

This is also a good time to review §1005.7(c) (additional electronic fund transfer services) and determine if any new services have been added and if they were disclosed as required. Think Person-to-Person transfers like Zelle, Venmo or Square.

Reg G – Annual MLO Registration § 1007.102, 1007.103 – Mortgage Loan Originators must go to the online Registry and renew their registration. This is done between November 1 and December 31. If this hasn’t been completed, don’t push it to the back burner and lose track during the holidays and then have to join a year-end rush to complete this task. This is also a good time to plan with management and Human Resources any MLO bonus plans. Reg Z Section 1026.36(d)(1)(iv)(B)(1) allows a 10 percent aggregate compensation limitation on total compensation which includes year-end bonuses. Additionally, paragraph (b) of 1007.103 requires updates that may require coordination with HR – were there name changes of an MLO or a move to another location?

Regulation O, Annual Resolution §§ 215.4, 215.8 – In order to comply with the lending restrictions and requirements of § 215.4, you must be able to identify the “insiders.” Insider means an executive officer, director, or principal shareholder, and includes any related interest of such a person. Your insiders are defined in Reg O by title unless the Board has passed a resolution excluding certain persons. You are encouraged to check your list of who is an insider, verify that against your existing loans, and ensure there is a notification method to keep this list updated throughout the year.

Reg P § 1016.5 –There are exceptions allowing banks which meet certain conditions to forgo sending annual privacy notices to customers. The exception is generally based on two questions; does your bank share nonpublic personal information in any way that requires an opt-in under Reg P, and have you changed your policies and practices for sharing nonpublic personal information from the policies and procedures you routinely provide to new customers? Not every bank will qualify for the exception, however. John Burnett wrote about the privacy notice conundrum in the July 2017 Legal Briefs. That article has more details on this.

When your customer’s account was initially opened, you had to accurately describe your privacy policies and practices in a clear and conspicuous manner. If you don’t qualify for the exception described above, you must repeat that disclosure annually as well. Ensure that your practices have not changed and that the form you are sending accurately describes your practices.

For Reg P and the Privacy rules, annually means at least once in any period of 12 consecutive months during which that relationship exists. You may define the 12-consecutive-month period, but you must apply it to the customer on a consistent basis, so this is not necessarily a December or January issue, but it could be. And each customer does not have their own “annual date.” If a consumer opens a new account with you in February, you provide the initial privacy notice then. That is year one. You can provide the annual privacy notice for year two at any time, up until December 31 of the second year.

It is important to note that unlike most other regulatory requirements, Reg P doesn’t require E-SIGN compliance for your web-based disclosures. You can use e-disclosures on your bank web site when the customer uses the web site to access financial products and services electronically and agrees to receive notices at the web site, and you post your current privacy notice continuously in a clear and conspicuous manner on the web site. So, the demonstrable consent requirements and others in E-SIGN’s 15 USC Sect. 7001(c) do not apply, but there must still be acceptance to receive them on the web. Alternatively, if the customer has requested that you refrain from sending any information regarding the customer relationship and your current privacy notice remains available to the customer upon request this method is acceptable.

Fair Credit Reporting Act – FACTA Red Flags Report – Section VI (b) (12 CFR 334.90) of the Guidelines (contained in Appendix J) require a report at least annually on your Red Flags Program. This can be reported to either the Board, an appropriate committee of the Board, or a designated employee at the senior management level.

This report should contain information related to your bank’s program, including the effectiveness of the policies and procedures you have addressing the risk of identity theft in connection with the opening of covered accounts and with respect to existing covered accounts, as well as service provider arrangements, specifics surrounding and significant incidents involving identity theft plus management’s response to these and any recommendations for material changes to the bank’s program. Times change, customers’ habits change, and importantly criminals change and each may require tweaks to the bank’s program.

Reg V, Fair Credit Reporting Act – Affiliate Marketing Opt-Out § 1022.27(c) – Affiliate marketing rules in Reg V place disclosure restrictions and opt out requirements on you. Each opt-out renewal must be effective for a period of at least five years. If this procedure is one your bank is using, you must know if there are there any expiration dates for the opt-outs and whether those consumers have been given an opportunity to renew their opt-out.

RESPA Reg X, Annual Escrow Statements § 1024.17 – For each escrow account you have, you must provide the borrower(s) an annual escrow account statement. This statement must be done within 30 days of the completion of the escrow account computation year. This need not be based on a calendar year. You must also provide them with the previous year’s projection or the initial escrow account statement, so they can review any differences. If your analysis indicates there is a surplus, then within 30 days from the date of the analysis you must refund it to the borrower if the amount is greater than or equal to $50. If the surplus is less than that amount, the refund can be paid to the borrower, or credited against next year’s escrow payments.

Reg Z Thresholds and Updates § 1026.3(b)– These changes are effective January 1, 2024. You should ensure they are available to staff or correctly hard coded in your systems. The exemption for Reg Z disclosures will increase from $66,400 to $69,500, meaning consumer loans over that amount (except for loans secured by real or personal property expected to be used as the consumer’s principal dwelling or a private education loan) will be exempt.

BSA Annual Certifications – Your bank is permitted to rely on another financial institution to perform some or all the elements of your CIP under certain conditions. The other financial institution must certify annually to your bank that it has implemented its AML program. Also, banks must report all blockings to OFAC within ten days of the event and annually by September 30, concerning those assets blocked.

Information Security Program part of GLBA – Your bank must report to the board or an appropriate committee at least annually. The report should describe the overall status of the information security program and the bank’s compliance with regulatory guidelines. The reports should discuss material matters related to the program, addressing issues such as: risk assessment; risk management and control decisions; service provider arrangements; results of testing; security breaches or violations and management’s responses; and recommendations for changes in the information security program.

Security, Annual Report to the Board of Directors § 208.61 – The Bank Protection Act requires that your bank’s Security Officer report at least annually to the board of directors on the effectiveness of the security program. The substance of the report must be reflected in the minutes of the meeting. The regulations don’t specify if the report must be in writing, who must deliver it, or what information should be in the report. It is recommended that your report span three years and include last year’s historical data, this year’s current data and projections for the next year.

Similar to the Compliance Officer reporting to the board, this may include a personal presentation, or it may not. I recommend that it is because this is an opportunity to express what is being done to control security events from the recent past as well as foreseeable events and why these are important issues. These facts can assist Security in getting the budget and assets necessary for the coming year. There is no prescribed period during which the report must be made other than “annually” and this may be based off the timing of the prior report, give or take a month. Annual presentations such as this are better done when the directors can focus more on the message, so try to avoid quarter ends, and especially the fourth quarter. This is not a “how-to” on the annual security report, but you can find more on the topic, free, on the BankersOnline Tools by searching on “annual security program.”

Training – An actual requirement for training to be conducted annually is rare, but annual training has become the industry standard and may even be stated in your policies. There are six areas that require training (this doesn’t mean you don’t need other training, just that these regulations have stated requirements).

– BSA (31 CFR §1020.210(b)(4), and 12 CFR §208.63(c)(4) Provide training for appropriate personnel.
– Bank Protection Act (12 CFR §21.3(a)(3) and §208.61(c)(1)(iii)) Provide initial and periodic training
– Reg CC (12 CFR §229.19(f)) – Provide each employee who performs duties subject to the requirements of this subpart with a statement of the procedures applicable to that employee.
– Customer Information Security found at III(C)(2) (Pursuant to the Interagency Guidelines for Safeguarding Customer Information), training is required. Many banks allow for turnover and train as needed, imposing their own requirements on frequency.)
– FCRA Red Flag (12 CFR 222.90(e)(3)) Train staff, as necessary, to effectively implement the Program;)
– Overdraft protection programs your bank offers. Employees must be able to explain the programs’ features, costs, and terms, and to explain other available overdraft products offered by your institution and how to qualify for them. This is one of the “best practices” listed in the Joint Guidance on Overdraft Protection Programs issued by the OCC, Fed, FDIC and NCUA in February 2005 (70 FR 9127, 2/24/2005), and reinforced by the FDIC in its FIL 81-2010 in November 2010.

MISCELLANY – Some miscellaneous items you may address internally in policies and procedures include preparation for IRS year-end reporting, vendor due diligence requirements including insurance issues and renewals, documenting ORE appraisals and sales attempts, risk management reviews, following records retention requirements and destruction of expired records, and a designation by the bank’s board of the next year’s holidays.

And finally, has there been a review of those staffers who have not yet taken five consecutive vacation or “away time” days per Oklahoma Administrative Code 85:10-5-3 “Minimum control elements for bank internal control program”?

November 2023 OBA Legal Briefs

  • Loans, ECOA, and Noncitizen Discrimination
  • New CRA Final Rule Released

Loans, ECOA, and Noncitizen Discrimination

By Andy Zavoina

To me, this is one of those statements that says it is a warning shot and you need to know where the bullet may drop. This is your opportunity to evaluate the situation and step to the side to avoid injury, if necessary. On October 18, 2023, the Consumer Financial Protection Bureau (CFPB) and the Department of Justice (DOJ) published a joint statement in the Federal Register (https://www.federalregister.gov/d/2023-22968), “to assist creditors and borrowers in understanding the potential civil rights implications of a creditor’s consideration of an individual’s immigration status under the Equal Credit Opportunity Act (ECOA)”. The DOJ enforces civil rights violations as well as fair lending, so its involvement identifies the purpose of the statement.

First, let’s review what the joint statement says. It clearly states that lenders need to understand, “the potential civil rights implications of a creditor’s consideration of an individual’s immigration status under ECOA. ECOA does not expressly prohibit consideration of immigration status…,” and then it gets to the intent of the statement, “creditors should be aware that unnecessary or overbroad reliance on immigration status in the credit decisioning process, including when that reliance is based on bias, may run afoul of ECOA’s antidiscrimination provisions and could also violate other laws.”

I have taught Reg B, which implements ECOA, for many years. In subsection 1002.5(e) it states, “A creditor may inquire about the permanent residency and immigration status of an applicant or any other person in connection with a credit transaction.” That is under the section titled, “Rules concerning requests for information.” When I teach, I mention this section as being a nondiscriminatory way to ascertain residency status as it pertains to future collection of a debt. This should have nothing to do with color, race, religion or any other protected basis that cannot be used in making a loan decision. The intent of the question is, would this person be subject to, or scheduled to move out of the country during the term of the loan, and where might your collateral be at that time? When a person has few ties to where they live, it is easier for them to move and harder for you to contact them when necessary. I can tell you from experience that repossessing collateral internationally is much harder, and you are at the mercy of others when it comes to the bill and a sale.

As an example, person A arrived in your area a few months ago from South America. She is an executive at a large company that is a particularly good customer of the bank. She wants to buy a new car and finance it for sixty months. If your applicant has a B-1 visa and applies for this loan, be aware that the typical stay is usually six months for work, with a possible extension for another six months. What will happen to this new car in just a few months? What if the extension being requested is not approved? These are valid concerns.

On the other hand, if the lender reviews an application from the same person but for a short term loan that will be repaid prior to the visa’s expiration, and interviews the person, but still does not like the fact that English is a second language, communication is difficult at best, and the applicant is not a U.S. citizen, and denies the request for those reasons, that could be the Reg B issue this joint statement is concerned with. This is an obviously made-up scenario, but the point is, you may consider the immigration status but be cautious if it is a key reason for the denial. Lenders are still concerned with credit risk based on capacity, character, capital, collateral and conditions. Quoting from the joint statement, “Creditors should therefore be aware that if their consideration of immigration status is not ‘necessary to ascertain the creditor’s rights and remedies regarding repayment,’ and it results in discrimination on a prohibited basis, it violates ECOA and Regulation B.” At the end of the day, does the lender predict the loan would perform and pay as agreed or not? Is it a collateral rights or access issue? These are questions for the bank. A lender’s bias should not influence the credit decision of the bank as it is the bank making the loan. That is the heart of the joint statement as I read it.

Reg B tells us “…a creditor may consider any information obtained, so long as the information is not used to discriminate against an applicant on a prohibited basis.” If immigration status is a proxy for race, religion, national origin, color, or any prohibited basis, that would be a violation. As the joint statement explains it, “Regulation B notably provides that a ‘creditor may consider [an] applicant’s immigration status or status as a permanent resident of the United States, and any additional information that may be necessary to ascertain the creditor’s rights and remedies regarding repayment.’ 12 C.F.R. § 1002.6(b)(7). Regulation B does not, however, provide a safe harbor for all consideration of immigration status.” And this is where I would like to remind readers that, as noted above, it is the bank taking action here through a lender, and it is the bank’s responsibility to ensure compliance.
Considering the above, we may also introduce Bank Secrecy Act prohibitions here. Like the issues above, this may be a training issue that lenders should be reminded of. In section II of the joint statement we find, “As a general matter, creditors should evaluate whether their reliance on immigration status, citizenship status, or “alienage” (i.e., an individual’s status as a non-citizen) is necessary or unnecessary to ascertain their rights or remedies regarding repayment. To the extent that a creditor is relying on immigration status for a reason other than determining its rights or remedies for repayment, and the creditor cannot show that such reliance is necessary to meet other binding legal obligations, such as restrictions on dealings with citizens of particular countries, 12 C.F.R. pt. 1002, Supp I. ¶ 2(z)-2, the creditor may risk engaging in unlawful discrimination, including on the basis of race or national origin, in violation of ECOA and Regulation B.” What does comment 2(z)-2 address? It addresses National Origin. “A creditor may not refuse to grant credit because an applicant comes from a particular country but may take the applicant’s immigration status into account. A creditor may also take into account any applicable law, regulation, or executive order restricting dealings with citizens (or the government) of a particular country or imposing limitations regarding credit extended for their use.”

Going forward, banks should consider training in-person or at the least by memorandum or computer-based training reminding lenders of these issues. No bank or lender should look to automatically decline loan applications from certain groups of noncitizens regardless of the credit qualifications because of the citizenship unless there is a legal prohibition preventing working with them. To carry this to the next level of fair banking, the same rules should apply to deposit and service relationships. Denying a loan, deposit or service to someone solely because they do not have a Social Security account number is too broad a reach based on that one criterion. The absence of an SSAN should not be a proxy for non-citizenship which ignores other credit qualifications and causes an automatic denial. Treating this group of applicants differently would also be a Reg B violation. For example, that could include requiring all non-SSAN applicants to apply in person. When such a requirement is applied to a group and is predicated on a prohibited basis, it would be a discriminatory act.

It was recently noted that rules are changing to allow more people to be paired testers who enter a bank and apply for loans. The paired testers involve one applicant who has characteristics of a prohibited basis and another who does not, but the underlying credit qualifications for both are similar. An example would be a white couple applying for a joint loan and a Black couple asking for the same product and terms. The object is to detect if they are treated differently. I recall one evaluation from paired testers which criticized the lender because the majority testers were offered soft drinks, and the minority testers were not. The evaluations drill way down of what is considered being “treated similarly.” In addition to this training, the bank should ensure there are no conflicts in any policies and procedures. It should be an accepted fact that examiners will be scrutinizing this issue in your next compliance or fair lending exam. All banks would be wise to review the issues in advance of that.

I must be clear that I am not a lawyer, and this is not legal guidance. The joint statement gets its points across, but it offers advice that you can consider immigration status but cannot consider it completely or in a broad, overreaching manner. There is subjectivity in the terms used, but with what I read between the lines, the objective is as I stated above, make loans to those qualified, do not exclude a qualified borrower because they are a non-citizen, and lend in a safe and sound manner to comply with ECOA and civil rights.

Other Fair Lending Concerns

If your bank considers implementing a review and training on this fair lending and civil rights issue, you might as well get the most bang for your training buck and consider adding some “lessons learned” from mid-year CFPB release of its “2022 Fair Lending Annual Report to Congress” found here, https://www.consumerfinance.gov/about-us/blog/the-cfpbs-2022-fair-lending-annual-report-to-congress/ .
It shows how the CFPB set its sights on redlining and appraisal discrimination in the prior year, and we can rest assured it did not end there. Since that report was filed, an Oklahoma bank settled a redlining case for $1.15 million for failing to provide mortgages in all areas for a four-year period from 2017 through 2021. That case originated as a referral from the FDIC to the DOJ, which has the authority to handle fair lending cases. The bank allegedly engaged in a pattern or practice of lending discrimination by redlining historically Black neighborhoods in the Tulsa MSA. In part, the proposed consent order calls for the bank to:

1) Invest at least $950,000 in a loan subsidy fund to increase credit for home mortgage loans and lines of credit for consumers applying in majority-Black and Hispanic census tracts in the Tulsa MSA;
2) Spend at least $100,000 in advertising, community outreach, and consumer financial education programs and credit counseling in the Tulsa MSA;
3) Spend at least $100,000 in developing partnerships with one or more community-based or governmental organizations that provide the residents of majority-Black and Hispanic census tracts in the Tulsa MSA with services related to credit, financial education, homeownership, and foreclosure prevention;
4) Establish a community-oriented loan production office in a majority-Black and Hispanic census tract in the Tulsa MSA;
5) Assign at least two full-time loan officers to solicit mortgage applications primarily in majority-Black and Hispanic census tracts in the Tulsa MSA;
6) Employ a full-time director of community lending to oversee the continued development of lending.

Another recent redlining case occurring after the 2022 report involves a $9 million settlement agreement with a Rhode Island bank that allegedly failed to provide mortgage lending services in majority-Black and Hispanic neighborhoods in Rhode Island between 2016 and 2022. This case had its settlement agreement released at the end of September 2023. In this case the DOJ announced the bank would, among other things:

1) Invest at least $7 million in a loan subsidy fund for majority-Black and Hispanic neighborhoods in Rhode Island to increase access to credit for home mortgage, improvement, and refinance loans, and home equity loans and lines of credit;
2) Invest $1 million towards outreach, advertising, consumer financial education, and credit counseling initiatives;
3) Invest $1 million in developing community partnerships to expand access to residential mortgage credit for Black and Hispanic consumers;
4) Establish two new branches, ensure at least two mortgage loan officers, and employ a “Director of Community Lending” in majority-Black and Hispanic neighborhoods in Rhode Island;
5) Conduct a community credit needs assessment; and
6) Produce a fair lending status report and compliance plan and conduct fair lending training.

Back to the 2022 Fair Lending Annual Report— For those interested in getting up to date on enforcement actions, it recaps 2022’s enforcement actions related to fair lending, including an action against Trident Mortgage Company for alleged unlawful discrimination on the basis of race, color or national origin.
The CFPB also referred five fair lending cases to the DOJ which included four related to redlining and one related to discriminatory underwriting.
I have written previously here on appraisal discrimination and reconsideration of value complaints so I will not go over that again. While there are still hearings being held, the most recent on November 1, 2023, you can find more in our June and July 2023 Legal Briefs.

New CRA Final Rule Released

By Andy Zavoina

The modernized Community Reinvestment Act (CRA) final rule was released on October 24, 2023. It is a joint release by the FDIC, OCC and FRB. You’ll find it here if you haven’t already downloaded a copy to work from: https://www.federalreserve.gov/aboutthefed/boardmeetings/files/frn-cra-20231024.pdf . It is nearly 1,500 pages, so plan to break it into chunks. This is marked as a draft, but it’s the final form we have to start with.

Here are some quick facts for an overview:

Under the final rule, banks are classified as either a:
1) large bank – those with assets of at least $2 billion as of December 31 in both of the prior two calendar years
2) intermediate bank – those with assets of at least $600 million as of December 31 in both of the prior two calendar years and less than $2 billion as of December 31 in either of the prior two calendar years
3) small bank – those with assets of less than $600 million as of December 31 in either of the prior two calendar years
4) limited purpose bank – a bank that is not in the business of extending certain loans, except on an incidental and accommodation basis, and for which a designation as a limited purpose bank is in effect.

These asset-size thresholds will be adjusted annually for inflation.

In general, the rule is effective April 1, 2024. But to understand the complexity of what is effective when, you must dissect a copy of the rule as certain amendments are effective based on conditions such as the legal cases surrounding the Small Business Loan Reporting requirements. The agencies will publish an announcement of an effective date for those delayed amendments. One group of selected sections of the common rule text adopted by the agencies will be applicable on January 1, 2026; while another group of sections implementing reporting requirements will be applicable January 1, 2027, with data reporting each April 1, beginning in 2027.

The CRA was implemented originally to help low- and moderate-income borrowers receive loans. The old saying that banks would only loan money to those who didn’t need it was not completely inaccurate. The spirit and intent of the law was to ensure that banks were making loans to customers in their market area from which deposits were being received. So, the bank would loan to its community that was supporting it with deposits to lend.

The 1977 law was not meant to work in today’s economy, as much has changed and the CRA needed to be updated. This was a huge project that needed coordination and adoption by each of the regulatory agencies. Banks needed a unified CRA so that they are similarly graded, and the same rules apply across the board. That is the attempt with the modernization of the CRA. While there is unification, each agency will still publish its own set of rules as each has its own section of the laws. Banks regulated by the:

– Office of the Comptroller of the Currency will follow 12 CFR 25 (national banks) and 12 CFR 195 (federal savings associations)
– Board of Governors of the Federal Reserve System will follow 12 CFR 228
– Federal Deposit Insurance Corporation will follow 12 CFR 345.

The massive re-write to modernize the CRA will require extensive preparation on the part of each bank. You will need to prepare for these finalized requirements as they will go into effect in stages beginning on April 1, 2024, and continuing on January 1, 2026, and January 1, 2027. One or more persons in the bank will have to digest the CRA and “chunk it out” as different deliverables will have to be decided on for each bank and the complexity of those deliverables will depend on your bank’s market, niche, strategic goals going forward, and capabilities, all compounded by the court’s actions on the 1071 rule. It is important to note that the legal cases may involve 1071 and payday lending, but they challenge more the constitutionality of the CFPB, and its method of funding designed by Congress. The Senate has had bills submitted as to 1071 revisions but there may be no consensus in the House to facilitate change. At the center legal actions are going against the cause, the CFPB, not necessarily the rules themselves. The 1071 rule for small business data gathering was brought about by the Dodd-Frank Act, another law. The CFPB was slow to enact these requirements and was taken to court in California because of it. That law is not really in question at this time so there is little reason to believe that if the CFPB were to be criticized, that the work it has done would be reversed. It is quite possible that, like the challenges which were decided by the Supreme Court on the ability to appoint a new director at the CFPB as decided on by the current President, the court agreed and said just that would be changed, now go back to work. SCOTUS could rule that funding needs to be done by Congress annually, and now go back to work. In that case the CFPB could say everything stands as planned. Some extensions might be allowed based on the delay due to the wheels of justice moving slowly, but banks may not even get an extension equal to that gap. I encourage banks to prepare now for 1071 and not to expect the rule to change. That creates a domino effect with the Reg B 1071 rule and the new CRA rule. Start looking at the CRA as though the 1071 rule will be implemented as planned, however those rules affect your bank.

Here are five key issues in the new CRA.

1) Asset thresholds for small, intermediate and large banks will change and increase.
2) Most of the rule’s requirements will go into effect on January 1, 2026, to give you time for implementation and change management procedures.
3) Data reporting requirements will begin as of January 1, 2027, and will only apply to large banks.
4) The rule allows small banks to be evaluated under the existing criteria or opt in to be evaluated under the new criteria.
5) The final rule does not include a start date for examinations pursuant to the new performance tests so that is a wait-and-see issue.

I’ve mentioned the new thresholds above in the initial recap, but here they are with some additional explanation. These go into effect January 1, 2026.

Small banks will be those with total assets of less than $600 million. This is an increase from $376 million under the current CRA. The regulatory agencies estimate that this increase will shift approximately 778 banks from intermediate to small status.

Intermediate banks will be those with total assets of at least $600 million, but less than $2 billion. This is an increase from a range of $376 million to $1.503 billion under the current CRA. It is estimated that this increase will shift approximately 216 banks from large to intermediate status.

Large banks will be those with total assets of $2 billion or more. This is an increase from $1.503 billion under the current rule. There will be additional requirements for large banks with total assets of $10 billion or more. Those items are not carved out into a separate “very large” bank category, however.

Like the current CRA, the minimum asset threshold for an intermediate or large bank must be met for two consecutive calendar year-ends to reach the intermediate or large status. The threshold amounts will be adjusted annually for inflation. The new CRA includes a definition for limited purpose banks that includes those banks that are considered a limited purpose or wholesale bank under the current regulation, but it does not use those terms.

There is a definition of “military bank” which now means a bank whose business predominantly consists of serving the needs of military personnel who serve or have served in the U.S. armed forces or their dependents. There is an exception for assessment areas carved out for these military banks. Because the customer base is literally all over the world these banks may delineate its entire deposit customer base as its assessment area.

Excluding the military banking exception, the new CRA includes two types of assessment areas — facility-based assessment areas and retail lending assessment areas.

Facility-based assessment areas will be similar to current assessment areas except for the requirement that they include entire counties. An exception to the entire-county requirement exists for small and intermediate banks so long as the assessment area consists of contiguous whole census tracts. This section of the regulation is effective April 1, 2024, but the new definition of small and intermediate banks does not become effective until January 1, 2026. This may cause confusion, but a conservative compliance approach would be for banks that meet the current definition of a small or intermediate bank to have a facility-based assessment area that does not consist of entire counties. Otherwise keep them whole for now and assess if there is good reason to divide them.

Retail lending assessment areas will be applicable to large banks, and these are not effective until January 1, 2026. Retail lending assessment areas must be established when less than 80% of retail lending occurs within facility-based assessment areas. Retail lending assessment areas will then need to be designated in any nonmetropolitan area of a state or MSA where at least 150 closed-end home mortgage loans or 400 small business loans were originated or purchased during each of the prior two calendar years.

Small banks will have the easiest road to implementation. Small banks can opt-in to the new Retail Lending Test or continue to be evaluated under the current Small Bank Lending Test.

As to evaluations, the Retail Lending Test will be optional for small banks. Intermediate and large banks may be evaluated with this test when it becomes effective January 1, 2026. The agencies have not yet indicated when evaluations under the new CRA will begin. I’m sure it has not been a priority given the time gap and that they, too, need to grasp all the nuances of the new rule.

Under the current rule, which products will be evaluated may depend on borrower profiles and geographic distribution of loans. Now there will be Retail Lending Volume Screens and Major Product Line Standards which will provide the metrics. The loan types, such as home mortgages, multifamily, small business, small farm, and automobile loans, which will be evaluated can vary by assessment area and by Outside Retail Lending Areas. These are areas nationwide where the bank originated or purchased loans in a product line that is being evaluated outside any of its facility-based or retail lending assessment areas. Modernization, remember. This is not foreign to military banks as their effective lending areas exceeded local geographies. The bank’s lending performance will be evaluated in outside retail lending areas for large banks and in certain circumstances for intermediate and small banks.

Intermediate and small banks will be evaluated when more than 50% of certain loans have been originated or purchased outside of their assessment areas during the prior two calendar years or, if desired at your bank’s option.

As is the case under the current CRA, intermediate banks will be subject to two tests, and each contributes one-half to the total rating. The Retail Lending Test replaces the current lending test. Banks will have the option to be evaluated under the current Community Development test for intermediate banks for community development loans and services, along with qualified investments or a new Community Development Financing Test.

This new test evaluates your bank’s dollar volumes for community development loans and investments. This is compared to your deposit base and uses a new Impact and Responsiveness Review.

Community development activities have long been an area of subjectivity and there are changes effective January 1, 2026, to these.

You will now have eleven qualification criteria to determine if a loan, investment or service is a valid community development activity. You may also be eligible to receive full or partial credit. You will consider affordable housing, revitalization, and stabilization as well as economic development. There will also be considerations for community support services and new possibilities such as essential community facilities and infrastructure, disaster preparedness and weather resiliency as examples.

The Impact and Responsiveness of community development activities will be evaluated using a list of about twelve factors including:

– the benefit to counties with persistent poverty or census tracts with a poverty rate of 40 percent or more;
– support for minority depository institutions, women’s depository institutions, low-income credit unions or certified community development financial institutions;
– support of businesses or farms with gross annual revenues of $250,000 or less;
– whether it benefits or serves residents of Native Land Areas or benefits projects financed with low-income housing tax credit or new markets tax credit.

You will now be able to receive credit for community development activities anywhere in the country.

Large banks will now be evaluated under four tests. The Retail Lending Test and the Community Development Financing Test will each contribute 40%. The Retail Services and Products Test and the Community Development Services Test will each contribute 10%.

The Retail Services and Products Test will evaluate the bank’s credit and deposit products and programs along with the responsiveness of these programs to the needs of LMI communities. It will also assess your delivery methods, including digital, as well as the availability of branch and remote service facilities.

Deposit products will be evaluated based on availability and usage and only receive positive consideration for those larger banks with more than $10 billion in total assets or at the bank’s option for those with assets of $10 billion or less.

September 2023 OBA Legal Briefs

OK Legislation 2023

By Pauli D. Loeffler

Oklahoma Uniform Consumer Credit Code Title 14A

Sec. 1-106 of the Oklahoma Uniform Consumer Credit Code  in Title 14A (the “U3C”) is the section that determines when and how much dollar limits under Title 14A are subject to change. These changes are based on increases in the Consumer Price Index for Urban Wage Earners and Clerical Workers compiled by the Bureau of Labor Statistics, U.S. Department of Labor.

Legislation enacted in the last session modified Subsection (4)(a) of § 1-106 removing the 3% increase cap on increased amounts. The amendment became effective April 23, 2023, and is part of the notification by the Oklahoma Department of Consumer Credit of changes in dollar amounts effective July 1, 2023. I covered these changes in the June 2023 OBA Legal Briefs. The OK DOCC notice can be accessed here.   It is also accessible on the OBA’s Legal Links page under Resources. In order to gain access to the Legal Briefs online archive and the Legal Links, you will need to create an account through the My OBA Member Portal if you have not done so already.

  • 3-508A Loans

This section of the “U3C” sets the maximum annual percentage rate for certain loans. It provides three tiers with different rates based on unpaid principal balances that may be “blended.” It also has an alternative maximum rate that may be used rather than blending the rates. Effective for loans consummated on or after November 1, 2023, § 3-508A is amended to read:

(2) The loan finance charge, calculated according to the actuarial method, may not exceed the equivalent of the greater of either of the following:

(a) the total of:

(i) thirty-two percent (32%) plus the federal funds rate per year on that part of the unpaid balances of the principal which is Seven Thousand Dollars ($7,000.00) or less;

(ii) twenty-three percent (23%) plus the federal funds rate per year on that part of the unpaid balances of the principal which is more than Seven Thousand Dollars ($7,000.00) but does not exceed Eleven Thousand Dollars ($11,000.00); and

(iii) twenty percent (20%) plus the federal funds rate per year on that part of the unpaid balances of the principal which is more than Eleven Thousand Dollars ($11,000.00); or

(b) twenty-five percent (25%) plus the federal funds rate per year on the unpaid balances of the principal…

(7) As used in this section, the “federal funds rate” means the rate published by the Board of Governors of the Federal Reserve System in its statistical release H.15 Selected Interest Rates [Click HERE] and in effect as of the first day of each month immediately preceding the month during which the loan is consummated.

Title 60 O.S. § 121 – Alien ownership of Oklahoma real estate

I covered loans to non-U.S. citizens in the January 2016 OBA Legal Briefs. Effective November 1, 2023, § 121 is amended as follows:

  1. No alien or any person who is not a citizen of the United States shall acquire title to or own land in this state either directly or indirectly through a business entity or trust, except as hereinafter provided, but he or she shall have and enjoy in this state such rights as to personal property as are, or shall be accorded a citizen of the United States under the laws of the nation to which such alien belongs, or by the treaties of such nation with the United States, except as the same may be affected by the provisions of Section 121et seq. of this title or the Constitution of this state. Provided, however, the requirements of this subsection shall not apply to a business entity that is engaged in regulated interstate commerce in accordance with federal law.
  2. On or after the effective date of this act, any deed recorded with a county clerk shall include as an exhibit to the deed an affidavit executed by the person or entity coming into title attesting that the person, business entity, or trust is obtaining the land in compliance with the requirements of this section and that no funding source is being used in the sale or transfer in violation of this section or any other state or federal law. A county clerk shall not accept and record any deed without an affidavit as required by this section. The Attorney General shall promulgate a separate affidavit form for individuals and for business entities or trusts to comply with the requirements of this section, with the exception of those deeds which the Attorney General deems necessary when promulgating the affidavit form.

The affidavit is only required for deeds transferring ownership of real estate on or after the November 1, 2023, effective date. It does not apply to deeds filed of record prior to that date nor does it apply to leases or personal property. If the bank is making a purchase money loan for real estate on or after the effective date, it will require that the affidavit be executed by the purchaser and recorded with deed. (Updated November 1, 2023)

I reached out to the Oklahoma Attorney General’s office regarding the affidavit. Drafts of the affidavit are currently being circulated. They anticipate the affidavit form will be finalized shortly and will be available to view next month. Expect an update with the link to the affidavit in a future article.

Title 12 – Garnishment Forms

Effective November 1, 2023, the Oklahoma garnishment forms, i.e., affidavits, pre- and post- judgment garnishment summonses, garnishee’s answer, etc., will be under the purview of the Oklahoma Bar Association rather than the Administrative Office of the Courts. Inasmuch as the garnishment statutes themselves did not have any substantive changes, there should be no changes in the forms themselves.

I worked with the Administrative Office of the Courts in amending the forms in 2011 when the Garnishment of Accounts Containing Federal Benefits rule became effective. I was also involved in changes to the garnishment summonses with regard to the amount and time of payment of the garnishment fee when a federally regulated financial institution is the garnishee as provided under § 1190 of Title 12 in regard to legislation effective November 1, 2016, and November 1, 2022. I have reached out to the Oklahoma Bar Association to find out who specifically is in charge of the forms.

Title 43A O.S. § Section 10-111.1 – Vulnerable Adult Abuse, Neglect and Exploitation Report

Elder financial exploitation has been the topic of three OBA Legal Briefs articles: July 2006, June 2007, and July 2008. These are available to read online on the OBA website.

  • 10-111.1 was added to the Oklahoma statutes in 2018. The statute as amended requires the Office of the Attorney General to maintain the Vulnerable Adult Abuse, Neglect and Exploitation Report accessible to the public on the Internet in an electronic format that is easily and readily searchable to include persons found guilty by a court of law or who have entered a plea of guilty or nolo contendere (Latin for “no contest”) to a charge of abuse, neglect, or exploitation of a vulnerable adult. The Report will provide the full name of the offender, information necessary to identify the individual, information regarding the case regarding convictions and confessions made in a court of law, and the date the offender was convicted or pled guilty or no contest. The Report is required to be updated quarterly.

The Oklahoma Uniform Power of Attorney Act that became effective November 1, 2021, which is covered in the September and October 2021 OBA Legal Briefs, requires banks to accept an acknowledged Power of Attorney (signed by the principal in the presence of a notary). There are six exceptions, one of which stated in § 3020 of the Act:

The person makes, or has actual knowledge that another person has made, a report to the Adult Protective Services office stating a good-faith belief that the principal may be subject to physical or financial abuse, neglect, exploitation or abandonment by the agent or a person acting for or with the agent.”

Title 58 O.S. § 1252 – Transfer-on-death (“TOD”) deeds

Oklahoma has allowed Transfer-on-Death-deeds since November 1, 2008, (see August 2008 OBA Legal Briefs), but the statute has had a few amendments over the years. Additional changes were made this last legislative session. The amendments are effective November 1, 2023.

TOD Deeds convey any estate or interest in, over or under land, including surface, minerals, structures and fixtures. The signature, consent, or notice to a beneficiary or beneficiaries is not required prior to the owner’s death.

Subsection C. is amended and provides:

A designated grantee beneficiary may accept real estate pursuant to a transfer-on-death deed only on behalf of himself, herself, or a legal entity over which he or she has proper authority. A beneficiary shall not accept such real estate on behalf of another designated beneficiary.

Subsection D. is amended to require:

Each designated grantee beneficiary wishing to accept real estate pursuant to a transfer-on-death deed shall execute an affidavit affirming:

  1. Verification of the record owner’s death;
  2. Whether the record owner and the designated beneficiary were married at the time of the record owner’s death; and
  3. A legal description of the real estate.

Former Subsection D. is now E.:

  1. The grantee shall attach a copy of the record owner’s death certificate to the beneficiary affidavit. For a record owner’s death occurring on or after November 1, 2011, the beneficiary shall record the affidavit and related documents with the office of the county clerk where the real estate is located within nine (9) months of the grantor’s death, otherwise the interest in the property reverts to the deceased grantor’s estate; provided, however, for a record owner’s death occurring before November 1, 2011, such recording of the affidavit and related documents by the beneficiary shall not be subject to the nine-month time limitation. Notwithstanding the provisions of Section 26 of Title 16 of the Oklahoma Statutes, an affidavit properly sworn to before a notary shall be received for record and recorded by the county clerk without having been acknowledged and, when recorded, shall be effective as if it had been acknowledged.

Subsection F. is new:

  1. A beneficiary affidavit recorded pursuant to this section before November 1, 2023, in which one or more, but not all, named beneficiaries of a transfer-on-death deed explicitly accept the interests being conveyed by the deed on behalf of all or some of the beneficiaries named shall be effective to accept such interests if executed by at least one of the named beneficiaries accepting such interests.

The real estate interest conveyed by a TOD Deed taken by the beneficiary/beneficiaries is subject to the bank’s existing mortgage.

Title 42 O.S. § 91 – Personal property liens

I last covered changes to this statute in the December 2014 OBA Legal Briefs, much of which remains unchanged.

This section applies to every vehicle, all-terrain vehicle, utility vehicle, manufactured home, motorcycle, boat, outboard motor, or trailer that has a certificate of title issued by the Oklahoma Tax Commission/Service Oklahoma or by a federally recognized Indian tribe in the State of Oklahoma.

The special possessory lien provided under this section will have priority over any perfected liens (e.g., lien entries and other lien claimants), ONLY if the lien claimant strictly complies with ALL applicable provisions of § 91 with regard to submission of claim and documentation, notice and mailing requirements to owner and other lien holders with regard to the lien, as well as notice of sale. If the lien is denied, the claimant may resubmit its claim once within 15 business days of denial. One change to the existing statute is when the possessory lien claimant has been in possession of the property for at least 21 days before the Notice of Sale is to be mailed. The second change is that proceedings for foreclosure in 20 days after the lien accrued, except as provided elsewhere by Oklahoma law.

RESPA – Section 8

By Andy Zavoina

In December 1974 Public Law 93-533 was passed. That may not mean much to you initially, but Section 8 of that law is very meaningful. In short, I’m referring to Section 8 of the Real Estate Settlement Procedures Act (RESPA). I’m not sure why we commonly reference the section of the actual law instead where there is a violation instead of Reg. X where we study it and read about the restrictions, but at times it is good to go to the roots of the law and see what it says. The law and the Reg follow each other closely in this section, which is implemented in § 1024.14 of Reg. X. Briefly, it prohibits a person from giving or accepting anything of value for referrals of settlement service business related to a federally related mortgage loan. It also prohibits a person from giving or accepting any part of a charge for services that are not performed. These are also known as kickbacks, fee-splitting and unearned fees.

Penalty Overview: Violations of Section 8 are subject to criminal and civil penalties. A person who violates Section 8 may be fined up to $10,000 and imprisoned for up to one year. In a private lawsuit a person who violates Section 8 may be liable to the person charged for the settlement service an amount equal to three times the amount of the charge paid for the service.

Background: When you search on “Section 8” or “kickbacks” you will find many resources including those from real estate brokers and Realtors. I am not a Realtor but those I know have all been trained on Section 8. “Thou shall not give, nor receive” and the emphasis is on any gift that could be construed as an incentive for a mortgage referral. The law aims to punish both sides of that violation because it is intended to protect the third party in this, the consumer – the borrower in these transactions.

If Lender A pays Realtor B to send business its way, Lender A gets more business but now has more costs. Lender A has to recover these costs and that would be compensated for by higher fees charged to Borrower C. This makes the loans less affordable. That is why we have this section of law and regulation. The common issues that promote discussions on Section 8 are inadvertent violations. That is, things not truly intended to violate the rules but at face value, may.

Lender A is at lunch and sees his friend, Realtor B. They chat about the Friday night football game the whole town is excited about and about business. If Realtor B mentions, “hey, I have a prospect you may be interested in. They just moved to this area, and I found them a great house. Qualifying for a new mortgage is hard, though, because of his new job.” Lender A is always looking for mortgage production and a new depositor prospect is icing on the cake. Lender A picks up the lunch tab. Is that a kickback, a Section 8 violation?

At other times, the violations appear concrete and completely justified. Let’s examine the August 17, 2023, Consent Order between the Consumer Financial Protection Bureau (CFPB) and Freedom Mortgage Corporation, (Freedom), File No. 2023-CFPB-0008. This is a case of both giving and receiving so we will include an examination of a separate Consent Order (File No. 2023-CFPB-0009) against Realty Connect USA Long Island, Inc. (Realty Connect) issued on the same day.

Section 8 violations do not appear to be common as this was the first for the CFPB since 2017, but it was egregious, as you will see. The CFPB is not the only agency looking at RESPA rules and compliance with them, however. The Federal Deposit Insurance Corporation (FDIC) published its Consumer Compliance Supervisory Highlights, in March 2023. It stated, “In 2022, the FDIC identified RESPA Section 8(a) violations where a bank contracted with third parties that took steps to identify and contact consumers in order to directly steer and affirmatively influence the consumer’s selection of the bank as the settlement service provider. In some cases, this process involved the third party calling identified consumers and directly connecting and introducing them to a specific mortgage representative on the phone. This process is often referred to as a “warm transfer.” In other cases, the process involved operation of a digital platform that purported to rank lender options based on neutral criteria but where the participating lenders merely rotated in the top spot. Although each case is fact specific, indicators of risk in these arrangements include a third party that does one or more of the following activities:

  • Initiates calls directly to consumers to steer them to a particular lender;
  • Offers consumers only one lender o will only transfer the consumer to one lender;
  • Describes the lender in non-neutral terms such as preferred, skilled, or possessing specialized expertise;
  • Receives payment from the lender only if a “warm transfer” occurs; or
  • On a consumer-facing digital platform that purports to rank settlement service providers based on objective factors, includes providers that pay to take turns appearing in the top spot in a round-robin format.

Payment for activities that go beyond the simple provision of a “lead” may be improper payment for referrals when the activity affirmatively influences the consumer towards the selection of a particular lender. The warm transfers were of particular interest in the report.

Consent Orders: Let’s review the specific compliance issues in the two consent orders, but first an attention getter – the Consent Orders provide for civil money penalties of $1.75 million against Freedom and $200,000 against Realty Connect, along with other compliance obligations. While each party has its own obligations to adhere to RESPA and Reg. X, one is not doing the other any favors with enticements that lead to long term and expensive problems such as these enforcement actions.

The period during which these actions took place began in January 2017 and essentially extends to August 2022. The focus was on Freedom’s “Traditional Retail Unit,” which was part of Freedom until about August 2021, and then these activities were conducted through a former subsidiary, RoundPoint Mortgage Servicing, Inc. The traditional retail unit was one in which loan officers went directly to real estate brokers and agents to obtain new loans.

Issue One: Freedom paid for subscription services and gave real estate agents and brokers (collectively “brokers”) free access. These were professional publications which offered useful information to the brokers concerning property reports, comparable sales, and foreclosure data in their markets. For RESPA this was a “thing of value,” as the retail cost would be $300 per month for this service. While the Realty Connect Consent Order states more than 100 of its brokers accepted this service, (Freedom’s cost based on a retail subscription would be $30,000 per month) the Freedom Consent Order indicates over 2,000 brokers accepted subscriptions. (Perhaps that was different brokers over a period of time and perhaps Freedom had a multi-user license at a lower cost. Still, a “thing of value” is based on the retail value.)

Issue Two: Freedom sometimes required brokers to be paired up specifically with an individual in the Traditional Retail Unit and this also influenced that broker’s access to the valuable subscription service. These brokers made more than 1,000 mortgage referrals and it was a quid pro quo arrangement, according to the Freedom Consent Order. Realty Connect’s Consent Order indicated more than 400 referrals were made during the period reviewed which affirms there were issues with other brokers as well.

Issue Three: From at least July 2017 through 2022, Freedom hosted and subsidized events for certain real estate brokers and agents. This included food, beverages, alcohol and entertainment. Freedom also gave away free tickets to sporting events, charity galas and other events that would each have had a cost had the brokers paid their own way. Some of these events cost Freedom thousands of dollars and more. One event paid for by Freedom and held at a restaurant and bar cost them more than $6,300 as it included rented sports simulators. There were fifty brokers there because they referred the most mortgage loans to Freedom and new brokers were also in attendance in a recruitment effort by Freedom to develop more referral brokers.

Freedom denied requests for event sponsorship from brokers who did not refer mortgage business to its loan officers.

These activities were viewed as part of a pattern, practice, or course of conduct of giving things of value to create, maintain, and strengthen mortgage referral relationships. It clearly went beyond mere business development.

Issue Four: in October 2020, the CFPB produced a guidance document to clarify its position on Marketing Service Agreements (MSAs) and Section 8 practices. An MSA involves two or more parties whereby one agrees to market or promote the services of another and receives compensation for the work provided. A lawful MSA is an agreement for the performance of marketing services where the payments under the MSA are reasonably related to the value of services actually performed.

Freedom had marketing agreements with over forty real estate brokerages. Payments varied but ranged from a few hundred to several thousand dollars per month. The total amount Freedom paid under its MSAs during the period reviewed here was approximately $90,000 per month.

One agreement included promotion rights by Freedom to the brokers at Realty Connect. Freedom was allowed to have its loan officers promote themselves at Realty Connect internal meetings and to allow those lenders to email the brokers directly as “referral partners.”  It was also agreed that Freedom would host at least one training event for Realty Connect’s brokers at least quarterly to maintain and increase the referrals from those brokers.

The MSA with brokerages, of which Realty Connect was one, required brokerages to provide marketing services. Realty Connect received $6,000 per month from Freedom under the MSA from January 2017 to December 2022. This equates to $432,000 for marketing services.

Realty Connect failed to execute many of the marketing tasks required by its MSA with Freedom. Realty Connect was to send 15,000 marketing emails each month, allocating 50% of the content to Freedom. Realty Connect sent no marketing emails at all. The MSA required Realty Connect to maintain three “physical locations showing video loop or kiosk advertising” for Freedom. Realty Connect had no video loops or kiosks. And the MSA required Realty Connect to create an average of 75 property websites per month showing Freedom’s content, but it never created any property websites.

As further demonstration that the MSAs were a sham to pay for referrals and not generally advertise for Freedom, the Realty Connect Consent order provides an example between a loan officer and broker in which a lender was to help promote a Realty Connect open house. The lender said, “I want to continue to help you with this, do you think on your listing you can try to get me some referrals to work with?” The agent replied, “I have recommended you many times—Gave them your info on the last two sales.”

Additionally, Freedom had its own professional design team to create the marketing copy it advertised with, including co-branded mailers and open house flyers. Freedom also owned and operated its own print shop that created the hard copies it used as advertisements. Freedom essentially created and produced its own advertisements and was not using the services the MSAs called for. Realty Connect’s actual role in the marketing activities was limited to offering minor design suggestions and it paid the postage for the co-branded mailers. The monthly $6,000 fee was excessive compensation for the services actually performed.

Freedom also encouraged those brokerages with MSAs to use a third-party smartphone app, which Freedom’s loan officers would share with the brokers. The brokers would then share the app with their clients. The app then featured the Freedom loan officer’s headshot and Freedom’s logo at the top, and included buttons where the client could directly contact the loan officer for assistance. It is inferred that this proprietary app is considered akin to a direct referral by the CFPB, although I have seen no specific guidance on this.

Some brokers who worked with Freedom and its MSAs received direct payments. This also emphasized to the CFPB that the MSA was a method to pay compensation for referrals and not for advertising.

Closing: Additional requirements in the Consent Orders require that there be no further Section 8 violations. I used to think it made no sense for an enforcement order to say “for the next 3 years you cannot violate Section 8…” as an example. There was never any inference that anyone could. But if there is a subsequent violation, it is not only a repeat violation but violates the enforcement action they specifically agreed to, allowing even more charges to be added to a new action. Additionally, the Consent order emphasizes that the Board of Freedom has the ultimate responsibility for compliance and the board must review all the plans and reports required in the Consent Order. It is putting them on notice. There are accounting and reporting requirements and additional prohibitions placed on things related to Section 8. One year from the Consent Order a detailed report has to be filed with the CFPB describing its progress. It also states that in the event the company is sold, the purchaser must agree to the terms of this Consent Order, effectively removing the possibility of a reorganization by the same or similar ownership attempting to dodge these restrictions and requirements.

Section 8(c) of RESPA does describe allowable payments as it states, “Nothing in this section shall be construed as prohibiting (1) the payment of a fee (A) to attorneys at law for services actually rendered or (B) by a title company to its duly appointed agent for services actually performed in the issuance of a policy of title insurance or (C) by a lender to its duly appointed agent for services actually performed in the making of a loan, or (2) the payment to any person of a bona fide salary or compensation or other payment for goods or facilities actually furnished or for services actually performed.”

The FDIC in its Consumer Compliance Supervisory Highlights referenced earlier also noted five things that banks can do to mitigate risks associated with Section 8 violations.

  1. Train applicable staff on what is permitted to generate leads, and what is prohibited and would be an illegal referral.
  2. The lenders and management need to review any referral program the bank is participating in to clearly understand the functions of the program and any cost structure and cost justification.
  3. Management must develop policies and procedures which strictly comply with the regulatory requirements in Reg. X and RESPA as to programs designed to generate leads.
  4. Require loan officers to report annually the established relationships that are used for mortgage loan generations and new ones which develop, so that they may be reviewed and approved by management.
  5. The bank must impose controls to monitor lead generation activities for compliance with the bank’s policy and procedures as well as RESPA and Reg. X.

August 2023 OBA Legal Briefs

  • HMDA Analysis
  • Personal Responsibility
  • Forms Update

HMDA Analysis

By Andy Zavoina

If your bank is a reporter under the Home Mortgage Disclosure Act (HMDA), you may well have some work to do if you have not already done some or all of this. On June 29, 2023, the Federal Financial Institutions Examination Council (FFIEC) announced the availability of data on 2022 mortgage lending transactions reported under HMDA. This HMDA data is the largest source of publicly available data on mortgage lending in the United States. If your bank is reporting, your data is here. Other banks in your geographic areas who report also have data here. Banks outside your area which may be similar to yours, yes, that data is here too. It is all available and can more easily than ever before be analyzed. This article is a discussion on why — and a little bit of how — to analyze your data and that of your peer banks.

Years ago, the system was far less automated than we have today. When the HMDA data came out it was sent to central repositories. In my case it was held as reference material in the local public library which happened to be a few blocks from the main branch I was working out of. It was set up by Metropolitan Statistical Area (MSA) and was a treasure trove if you knew what you wanted to do with it.

When teaching compliance management, I often say compliance is not a cost center as it is often described, but a resource because it touches so many areas in the bank. In this case you are touching on loan production, and you can compare your bank’s production against that of your peers. Management likes to know how the competition is doing and you can compare apples to apples, at least as far as HMDA reportable loans are concerned.

Your Marketing area can use this data to see what type of applicants for HMDA loans it is attracting and where these applicants may be from as well as where they want to move to. Consider the ways you can use this data. You can easily build a picture of who your applicants are and where they live. That means you also know the areas they are not living in, and this is what can help Marketing redirect advertising campaigns if those are areas you need or want to market to. This information is data gold for Marketing and management as well, and you have it all available right now.

You can plot where the mortgage loans (so long as they are HMDA reportable, so not everything, but a lot) are not just for your bank, but for all those peer lenders in your area as well. And you can reach farther if desired. One of my banks was a military bank. We had borrowers literally all over the world and, while it was less common than say a car loan, we did some mortgage financing all over the country. Other military banks may be doing the same. It is often difficult to get a lot of data about your peer banks when they happen to be across the country from you, but as a military bank, they were our peers, and it was important to understand how my numbers compared to theirs. We recognized that there were different markets and quite different conditions, yet when it came to the Community Reinvestment Act (CRA) this was a comparison you wanted to be aware of. Were our numbers close to our peers or far different – and in either case why? When you compare your loan volumes to your peers, and when you understand the different lending strategies of these other lenders, it helps set benchmarks and goals as well as to understand your own loan patterns.

Again, when you know to whom you are lending, you also know those to whom you are not lending. Are your numbers good or bad when you look, for example, at racial demographics? When you ask in the loan committee meeting why (as a hypothetical) there were so few loans to Blacks and the response is there are few Black applicants applying, it sets off questions such as:

  • Are we marketing to areas of a majority minority?
  • Are we trying to reach this demographic in targeted ads? Why or why not?
  • What percent of our applicants were Black?
  • What percent of our Black applicants were approved, denied, withdrawn, or closed for other reasons?
  • And if there is a level of complacency with those figures, next compare yourself to those peer banks’ lending in the same area, to the same would-be home buyers.

When it comes to fair lending justifications of your bank’s actions, read fair lending enforcement actions, and learn how regulators and the Department of Justice (DOJ) attorneys compare the results of your bank to peer banks. As one example, consider when the Consumer Financial Protection Bureau (CFPB) and the DOJ took action against Trident Mortgage Company LP (Trident) under the Fair Housing Act (FHA), the Equal Credit Opportunity Act (ECOA),  and Regulation B, as well as the Consumer Financial Protection Act of 2010 (CFPA) (also referred to as Unfair, Deceptive, or Abusive Acts or Practices (UDAAP)) to remedy discrimination in Trident’s mortgage lending. There were many problems with Trident, and we covered many of the problems in last April’s edition of the Legal Briefs. Here is a snippet from that edition to emphasize the points of this HMDA analysis.

Trident received 80 percent of its mortgage applications for properties located in that MSA its defined as its market area. But the actual loan distribution pattern showed a disproportionate number in the majority-white areas. As a foundation there was the selection of office locations and limited outreach and marketing which led to these lending patterns which are confirmed by HMDA data. One must ask, “was this a choice?” When comparing HMDA data, Trident significantly underperformed its peer lenders in generating home mortgage applications from majority-minority neighborhoods and the disparity between the rate of applications generated by Trident and by its peer lenders from majority-minority neighborhoods and high-minority neighborhoods was both statistically significant.

Of the nearly 31,000 applications on the HMDA reports from 2015 through 2019, 12 percent came from majority-minority areas. Peer lenders generated 21.5 percent of their 135,000 applications. The disparity was seen year after year. In in high-minority neighborhoods, Trident showed 4.1 percent of its applications as coming from high-minority areas, compared to 10.8 percent of its peer lenders.

Trident significantly underperformed its peer lenders in making home loans in majority-minority neighborhoods as well. The complaint notes that, “…of the 22,960 HMDA-reportable loans Trident made for single family dwellings from 2015 through 2019 in the Philadelphia MSA, 11.7% came from residents of majority-minority areas. By contrast, Trident’s peers made 16.2% of their 50,060 loans from these same majority-minority neighborhoods.” And only 3.7 percent of Trident’s loans were made in high-minority areas, while peer lenders made 6.9 percent of their loans in these same areas.

Enforcement actions are a good “go by” for the type of analysis done when lending is questionable. CRA Public Evaluations are another resource not only for key analytics, but also for comments as to what was good, bad and ugly. Remember that HMDA analysis is a basis for fair lending examinations which are a foundation for your next CRA exam. When you can identify weaknesses in your numbers, you can proactively impose corrective actions, and this demonstrates to examiners reviewing your bank’s lending activity and your compliance program that you are aware of and managing the processes.

The data available will help show whether your lenders and therefore your bank are serving the housing needs of the communities you serve as your market area. It includes information that helps management make recommendations to the board on decisions and policies and draws attention to your lending patterns that could be discriminatory. Your bank, as a HMDA filer, recorded up to 110 different data points for each HMDA applicable mortgage application received on a Loan Application Register (LAR). What you have in your bank is your complete LAR. In March, the FFIEC provided your bank with a modified, or sanitized, LAR. The modified LAR data provides information from the most current HMDA submission that was required to be submitted essentially a month earlier, by March 1, of each year. This modified LAR is available to the public, and to your bank and your peer banks who are also evaluating your bank’s performance. Section 1003.5(c) of Regulation C requires that you post, “a written notice that clearly conveys that the institution’s loan/application register, as modified by the Bureau to protect applicant and borrower privacy, may be obtained on the Bureau’s Web site at www.consumerfinance.gov/hmda.” The publicly released data excludes or modifies several data points reported by all the institutions submitting LAR data, such as the universal loan identifier, the date the application was received or the date shown on the application form, the address of the property, the credit score or scores relied on in making the credit decision, and any applicant or borrower ethnicity free-form text field. In theory this makes it difficult to review entries and identify a particular applicant and therefore data about that applicant which is protected by privacy laws. Others have pointed out faults in this system as deeds are public documents and with a little work a knowledgeable person can connect many dots. Connecting those dots is not the point of this article, but rather what you can do with the LAR data to analyze the mortgage lending picture your lenders are painting and how you compare to peer banks.

So, where would you find HMDA data now that the old central repositories are automated? HMDA data is available at https://ffiec.cfpb.gov/. You can also find a HMDA Data Browser at https://ffiec.cfpb.gov/data-browser/ which will help you filter any and all of the LARs that were submitted. In June 2022 the CFPB published, “A Beginner’s Guide to Accessing and Using Home Mortgage Disclosure Act Data” which you can find online here, https://files.consumerfinance.gov/f/documents/cfpb_beginners-guide-accessing-using-hmda-data_guide_2022-06.pdf. In addition to background HMDA information, this is a step-by-step guide on how to filter the data to extract just what you want to know. In computer coding there is an old adage, garbage in – garbage out,” meaning you can get out what you put in. Your LAR has that “up to 110 data points” mentioned already. Data for your peers is modified information but as said earlier, it is still especially useful to management, Marketing, those working on your bank’s strategic plan, everyone analyzing fair lending and certainly Compliance. A sound recap and analysis of the data available will be a compliance value-added exercise to the bank for the information you need to know anyway.

Review the Beginner’s Guide mentioned just above as it takes a user through the steps to apply the filters and it has additional instructions with graphics to help you use Excel and Pivot Tables to get the most out of your analysis. In total this is a 29-page PDF that will help ignite your analytical curiosity and provide needed information to your bank. Compare your results, especially those government monitoring demographics, to the breakdown for your market areas. That is, if your area is X percent white, Y percent Black and Z percent Asian, how do your applications correlate to those numbers, and your approved loans, and do not forget the denials and withdrawn applications. Based on the HMDA data tables available annually from the CFPB and ideas of key data points gleaned from enforcement actions and CRA Performance Evaluations, choose the data you want to focus on.

While you can do peer comparisons only annually, you can track your bank’s progress using quarterly updates to further refine corrective actions. Then determine how your numbers compare to peers. Does this analysis indicate strengths, weaknesses, and areas upon which you can improve? The lending data you arrive at should influence or confirm what you are doing with marketing activities, lending policies, and exceptions being made, and may shed light on complaints.

Here are some high-level observations about the 2022 HMDA data that are of interest.

  • The 2022 LAR data includes information on 14.3 million home loan applications.
  • 5 million applications (82 percent) were for closed-end credit, while 2.5 million (18 percent) were for open-end products.
  • As to the aggregate demographics of the borrowers’ race and ethnicity, the portion of closed-end home purchase loans made to Black borrowers rose from 7.9 percent in 2021 to 8.1 percent in 2022. The portion made to Hispanic borrowers decreased slightly from 9.2 percent to 9.1 percent, and those made to Asian borrowers increased from 7.1 percent to 7.6 percent.
  • In 2022, Black and Hispanic applicants experienced denial rates for home purchase loans of 16.4 percent and 11.1 percent respectively, while the denial rates for Asian and non-Hispanic White applicants were 9.2 percent and 5.8 percent, respectively.

After management has had an opportunity to study the data, your board of directors should receive a high-level summary of where you are and where the data will be taking you. This is an opportunity to influence the confidence they have in your abilities and the resources available for your compliance management program.

Personal Responsibility

By Andy Zavoina

If you have taught regulatory requirements before, you likely mentioned the potential penalties for noncompliance. As an example, Reg B has penalties for noncompliance in § 1002.16(b) that include Actual damages in individual or class actions – without a limit, and Punitive damages in individual or class actions, where liability for punitive damages is limited to $10,000 in individual actions and the lesser of $500,000 or 1 percent of the lender’s net worth in class actions.

By the time an instructor gets to this part of the presentation the listener’s eyes are glazing over and they hear Charlie Brown’s teacher saying, “never has happened, don’t worry, the bank gets penalized not the employee or officer.” But that is not always the case, and it is often wise to remind everyone of that, from the newest teller to that longest-standing director on the board. Everyone in the bank is responsible for ethical behavior and compliance. And while everyone has a boss they report to, I remind officers of a bank that they work for the bank, and not necessarily for their boss. This is especially important for those in the role of auditor and those responsible for compliant and ethical performance evaluations. Just as in the military, we follow instructions, but we also trust that no “illegal” orders will be given.

It may have seemed harmless initially, but let’s look back at Wells Fargo for a moment. A few years ago, Wells Fargo’s troubles really came to the forefront when the bank was accused of, among other things, opening accounts for consumers without those consumers’ requests or consents. At the center was a push to meet lofty sales goals. In September 2016, the bank agreed to pay a $185 million fine and return $5 million in fees wrongly charged to customers. The problem originated with bank employees allegedly opening more than two million deposit and credit card accounts without customers’ permission. Wells Fargo’s ex-CEO John Stumpf apologized during a congressional hearing in which he accepted the blame saying, “I accept full responsibility for all unethical sales practices.”  In the long term, however, 5,300 Wells Fargo employees lost their jobs because of the practices employed.

A personal observation of mine was that because the employees created the accounts without authorization and moved deposits to and from the accounts to activate them, I could have seen a case for identity theft and fraud against those employees. Thankfully, I never heard of that happening and the root of the problem was not the employees’ actions, but the push to meet goals and the potential that “illegal orders” were given or at least insinuated. Here are three examples of how unethical sales practices sprang from minor unethical compromises.

  1. A new accounts representative is under pressure to meet sales goals and pushes a customer to add a credit card, even though the rep knows it’s not in the customer’s best interest and was not requested.
  2. As the month progresses, the rep is short of the goal and asks friends and family to open new accounts. These accounts served one purpose – to inflate account production numbers. In reality, the bank staff spent time programming these new accounts which were closed shortly thereafter, and the cost was greater than the income that was never produced.
  3. With the account production goal still out of reach, the rep opens accounts without asking customers and transfers a small amount of money. These accounts are also closed shortly after opening and the money is transferred back. Customers may question what happened but when they see the funds transferred back, why frustrate themselves by calling the bank to complain and inquire as to what happened?

But to be clear, Wells Fargo was not alone, they were just the first big bank to gain national coverage for unethical and illegal practices surrounding creating deposit and credit accounts that were not requested by the consumer’s whose names they carried. Fifth Third was accused of this and In March 2020 the CFPB initiated a suit against that bank. The complaint alleged that Fifth Third’s cross-selling practices, which included sales goals and an incentive-compensation program, caused Fifth Third’s employees to open new consumer accounts for existing customers without their knowledge or consent. The CFPB alleged that such conduct in certain respects was unfair and abusive (yes, a UDA(A)P issue) and that issuing unauthorized credit cards and opening deposit accounts without required disclosures violated Reg Z and Reg DD.

Fast forward to July 2023, when the OCC and CFPB ordered Bank of America to pay $100M in consumer redress and $150M in fines for and an out-of-control incentive program that resulted in unauthorized account openings, credit reports, etc., which is a basic rehash of the problems at Wells Fargo and Fifth Third. These were not the only issues, as the Bank of America action also cites junk fees relating to multiple presentments of NSF items and for mismanagement of credit card systems. As it typically happens, many regulatory and ethical violations are part of a snowball that grows as the investigation continues and additional violations are uncovered or found to have evolved, such as the failure to make disclosures on an account that was fraudulently opened anyway.

Let’s look closer at one case of a former executive involved in the Wells Fargo case. Carrie Tolstedt was an executive, or THE executive, accused of overseeing programs that resulted in the millions of fraudulent customer accounts at Wells. In March 2023, she agreed to plead guilty to criminal charges which could impose actual prison time. In her agreement with the court, she will serve a 16-month prison sentence for obstructing regulators’ investigations into abusive sales practices that culminated in the bank paying what has turned into billions of dollars in fines. Tolstedt also agreed to pay a $17 million fine in a separate settlement with the OCC that also bans her from working again in the banking industry. BankersOnline covered this in its Top Story at https://www.bankersonline.com/topstory/173048.

Tolstedt was not alone in the list of executives who fell as a result of the new account production goals that were virtually unattainable. These goals were emphasized with a slogan of “eight is great.” That was, each customer should have eight separate accounts at the bank. Why eight? It was said that was selected because it rhymed with “great.”

Take a moment to look at your product offerings and try to determine what sales techniques you could use to accomplish this. Now reconsider it as if your job is on the line as it was for the 5,300 former employees who talked of supervisors screaming at them to meet the goals. They were told if they could not meet their goal, they would be working at McDonald’s. Those missing goals would have what was essentially an after-school detention and were often tasked with “call sessions” on Saturdays. Presumably, these sessions were to make calls and hone sales skills. Employees in many cases either reverted to unethical and illegal techniques or were embarrassed in front of their peers, demoted, or fired. In the three-step process to meet goals, consider that some new accounts reps were able to meet goals. Now the pressure was up because others had to employ the same tactics. And that culture fed on itself and has caused huge fines to be imposed as well as direct personal responsibility. Goals should be realistic, and rules should be well known and to police the rules, controls must be in place.

Forms Update

By Andy Zavoina

We are in the heat of summer as this edition of Legal Briefs goes to the presses, but it is a perfect time to get a pesky change out of the way. Often this might be something to do at year end, but as some banks prepare for 1071 changes, and the normal year-end tasks followed by HMDA submissions will all be coming about at the same time, why wait? These changes impact Reg B’s Adverse Action Notices, some Fair Credit Reporting Act disclosures, and a bit of Reg E. There were several others, but we will cover in detail what impacts our banks.

If you use preprinted forms that will change, you will want to use up any supply and not reorder any bulk that may not be used by the mandatory compliance date. You will want to get the new addresses on your next order. And if you need to have a forms vendor program the changes, well, they will be busy at year-end and beginning of 2024 too, so just get this out of the way so you can enjoy summer.

Change management is what I’m speaking of and notices – disclosure changes. On March 20, 2023, the CFPB published a Final Rule in the Federal Register. Look for Vol. 88, No. 53, Monday, March 20, 2023, and page 16531 if you want all the details. The “Regulations” pages on BankersOnline.com also reflect these changes. These were considered non-substantive corrections and updates. The “Cliff Notes” version of the changes simply tells you that some regulatory agencies have had address changes for notices you provide to your customers and those disclosures and notices need to be corrected. The effective date for optional compliance has passed. It was April 19, 2023, so you may comply now, but compliance with these changes is not mandatory until March 20, 2024. Again, why wait and risk this falling through the cracks?

Reg B and Adverse Action Notices
The most significant change for banks is under Reg B. Appendix A, which lists contact information for the CFPB, OCC, FDIC, National Credit Union Administration (NCUA), Federal Trade Commission (FTC), and other agencies. (The Federal Reserve is listed but did not change.) This contact information listed must be included in Reg B adverse action notices. This is separate from the FCRA disclosure many banks have combined onto the Reg B, adverse action notices. The two are called the same thing but have different disclosure rules and content. The FCRA notice on Reg B’s forms has not changed, although there is an FCRA change noted below.

The OCC regulated institutions should be showing the following:

Office of the Comptroller of the Currency
Customer Assistance Group
P.O. Box 53570
Houston, TX 77052

The FDIC regulated institutions should be showing the following:

Division of Depositor and Consumer Protection
National Center for Consumer and Depositor Assistance
Federal Deposit Insurance Corporation
1100 Walnut Street, Box #11
Kansas City, MO 64106.

The CFPB regulated institutions should be showing the following:

 Bureau of Consumer Financial Protection
1700 G Street NW
Washington DC 20552

And without change but for the record and accountability in case you want to check, the FRB regulated institutions should be showing the following:

Federal Reserve Consumer Help Center
P.O. Box 1200
Minneapolis, MN 55480

Interpretations
The CFPB also corrected its contact information in Reg B’s Appendix D, for the process for requesting official CFPB interpretations of Reg B. The same address below is applicable for Reg E interpretations. The difference between the old and new addresses was a change in the ZIP code.

A request for an official interpretation should be in writing and addressed to:

Assistant Director, Office of Regulations,
Division of Research, Monitoring, and Regulations,
Bureau of Consumer Financial Protection,
1700 G Street, NW
Washington, DC 20552

Fair Credit Reporting Act
In Reg. V and the Fair Credit Reporting Act (FCRA), the CFPB amended the model form in Appendix K for the “Summary of Consumer Rights” to correct the contact information for various agencies, including the OCC, FDIC, and NCUA. Those addresses are on the form itself. A Word version is in a link on the BankersOnline, Regulations page. Consumer reporting agencies must provide the Summary form when making written disclosure of information from a consumer’s file or providing a credit score to a consumer. Most importantly, this Summary must also be provided by Human Resources at your bank, before obtaining  an investigative consumer report (under 1681d(a)(1)), and with pre-adverse action notices for employment purposes (under 1681b(b)(3)). As Compliance and/or Internal Audit complete a periodic FCRA audit this is one of those potential “gotchas” you want to look at to ensure the procedures are correct for providing these notices if someone is denied employment or a promotion, as examples, based on a credit report.

Real Estate Settlement Protections Act
In Reg. X, the Real Estate Settlement Protections Act (RESPA), the CFPB has corrected its contact information in the definition of “Public Guidance Documents” in section 1024.2(b) and in the introductory section of Supplement I, which provides the procedure for requesting copies of public guidance documents from the CFPB and the procedure for requesting official CFPB interpretations of Regulation X.

Truth in Savings Act
In Reg. DD, and the Truth in Savings Act (TISA), the CFPB has corrected its contact information in Appendix C, which provides the procedure for requesting a determination from the CFPB regarding whether a state law is inconsistent with TISA and Regulation DD.

Truth in Lending Act
In Reg. Z, the Truth in Lending Act (TILA), the Bureau has corrected its contact information in Appendices A, B, and C which provide the procedures for requesting a determination from the CFPB regarding whether a state law is inconsistent with or substantially the same as TILA and Reg Z, the process for a state to apply to the CFPB to exempt a class of transactions from TILA and Reg Z, and the process for requesting official CFPB interpretations of Reg Z.  In Appendix J, the CFPB has corrected its postal address for requests to the CFPB for APR calculation tables and to add a URL on its website at which the tables can be accessed.

July 2023 OBA Legal Briefs

  • Appraisal bias – Part II
  • Reconsideration of value
  • 1071 – Small Business Lending Rule, Basics

 

Appraisal bias – Part II

By Andy Zavoina

In March 2021 HUD approved a settlement between JPMorgan Chase and an African American woman over appraisal bias. There was no admission of fault on Chase’s side, but the bank agreed to pay the woman $50,000, and to improve and increase training of its staff, particularly on Reconsideration of Value (“ROV”) processes related to appraisals. The training includes specifics on how to manage complaints of discrimination in the appraisal process and the process for customers to submit an ROV request. The CFPB has said a lender’s reconsideration of value process must ensure that all borrowers have an opportunity to explain why they believe that a valuation is inaccurate and the benefit of a reconsideration to determine whether an adjustment is appropriate.

An ROV is a request to the appraiser to reconsider the analysis and conclusions the appraisal was based on and potentially information not presented in the appraisal report. Only the lender may request an ROV from an appraiser on the borrower’s behalf and most would be due to the appraised value being less than what the seller or borrower desires. ROVs became common vernacular when appraisal bias was in the news and in the courts and many regulators believe it should be routinely discussed with borrowers now.

Back to that Chase settlement, one provision of the agreement is that when a borrower gets a copy of the appraisal as required by Reg B, they’ll also get a cover letter and part of it will say:

Chase is committed to maintaining appraiser independence and preventing attempts to influence appraisers in the preparation of appraisal reports, as well as avoiding any discrimination or bias in the appraisal process. If you believe that any person has attempted to influence the appraiser in the preparation of the appraisal of your property or have any concerns with the reliability or credibility of the appraisal, please contact Chase mortgage support by calling 1-855-242-7346 Option “0”, as soon as possible to report any concerns of discrimination or bias or to discuss your options to contest the reliability of the appraisal.

Appraisals will be changing. On May 5, 2023, the Appraisal Standards Board voted to adopt the Fifth Exposure Draft of proposed changes to the Uniform Standards of Professional Appraisal Practice. Exposure drafts are developed by the Appraisal Standards Board and released for public comment. The new edition will be available this fall and will become effective on January 1, 2024. Press releases did not highlight the changes and I have not seen the draft yet, but bankers doing appraisal reviews should review it, and look for educational opportunities on them when finalized. ROVs and appraisal bias will be of special interest, although I did not find these in a keyword search of the latest draft. The Fifth Exposure Draft is available here, https://appraisalfoundation.sharefile.com/share/view/s1c715f1ed49541e6a5170f7bda14329f and the Appraisal Foundation says on its website that even if the comment period is over, and this draft closed in April, they still welcome comments on the rules.

Reconsideration of value

By Andy Zavoina

Well, no sooner than we went to press with last month’s Legal Briefs discussing appraisal bias and the regulatory agencies, the Office of the Comptroller of the Currency (OCC), Federal Reserve Board (FRB), Federal Deposit Insurance Corporation (FDIC), Consumer Financial Protection Bureau (CFPB) and even the National Credit Union Administration (NCUA) (collectively referred to as the regulators) issued proposed guidance on Reconsiderations of Value (ROV) of Residential Real Estate Valuations. This is just an interagency proposal, but because your bank has compliance obligations today under anti-discriminatory laws and regulations, if you do not already have a compliance and risk management plan to deal with this issue, this proposal will certainly help you with interim steps to comply. By interim steps, I recommend you take your existing policy and procedures and consider incorporating key compliance techniques here, or if you are starting from nothing, use these recommendations as a starter document to help you comply with the existing requirements today. Starting from scratch is not a bad thing, because the agencies do not currently have any uniform ROV guidance.

This proposal will be a new concept to many lenders and contains and alters no existing law or regulation; it simply helps your bank to direct compliance actions to requirements that you already have, and where you may not have recognized there was a specific need. You may ask, “is there really a need?” The answer is a resounding Yes. Just refer to last month’s Legal Briefs. Mortgage applicants may ask about it, appraisal rules are being altered to comply, and since each of the federal regulators is a part of this guidance proposal, you can expect your examiners to ask what your bank is doing, are you proactive on these compliance needs, and how often you may have heard from an applicant who disagreed with an appraisal, so it is known that your bank actively seeks out compliant appraisals.

I will refer to the applicant as an interested party, but the guidance is focused on consumers. These terms should be used interchangeably and recognize that this could be a buyer or seller and a claim of a discriminatory process carries weight regardless of who it is from. And to be clear, in this context an appraisal includes any valuation your bank is using. I believe the “proactive” issue here may be the most important for many banks. You cannot afford to wait until there is a problem or until your examiners recommend you take action.

The proposal can be found here, https://www.consumerfinance.gov/about-us/newsroom/agencies-propose-interagency-guidance-on-reconsiderations-value-residential-real-estate-valuations/ As of this writing it has not been published in the Federal Register, but it will be, and banks will have 60 days to comment. The proposal contains all the information to include objectives and where to send your comments to each agency. With this pre-release you may start gathering thoughts now as to if and what you would comment on. We will point out some of the objectives below, but there are nuggets of compliance ideas in this proposal regardless. So, improve your existing procedures with these nuggets today, and finalize them in approved policies and procedures after the guidance is finalized.

Your bank is now aware that there have been obvious appraisal issues affecting the mortgage loan process and discriminatory practices whether they were overt, covert, or just the way the numbers came out, as some appraisers have put it. This is not a solution in search of a problem. Examinations and complaints indicate this is a nationwide problem. Two questions to ask are, have you experienced this discriminatory practice, and would you have recognized it if you had seen it? Appraisal reviews may need enhanced procedures. Applicants may need to be aware of their rights. And absolutely all mortgage lenders and those involved in the appraisal process must be cognizant of their responsibilities both to the applicant and the appraiser.

This proposed guidance describes how financial institutions may create or improve ROV processes that comply with existing laws and regulations yet preserve appraiser independence, which is an equally key element required in the mortgage lending process. You do not want to jump from the frying pan into the fire as you conduct ROV processes.

Comments requested on specific issues in the proposal aside, let’s look at some of those nuggets that you may use to improve compliance procedures surrounding appraisals immediately.

Justification – Issues to Mitigate

In October 2022, the CFPB blogged an opinion piece, “Mortgage Borrowers Can Challenge Inaccurate Appraisals Through the Reconsideration of Value Process, clearly stating that applicants have rights to contest a valuation. (Also refer to June 2023’s Legal Briefs.) In June 2023, the FDIC also published its “FDIC Consumer News,” in which it states when appraisals are required, and the applicant will pay some or all the costs. It goes on to explain, “Once the appraisal has been completed, a lender is required to provide you with a copy of the appraisal as soon as reasonably possible, but no later than three days prior to closing. Therefore, if you receive an appraisal that you suspect has inaccuracies that affect the resulting value, some initial work on your part may help to expedite a secondary review of the valuation and assist in closing on time.

“One thing you can do to prepare is to ask your lender early in the loan process whether they have a process for re-analyzing an appraisal, particularly if a consumer provides information that may affect the valuation. This process of re-analyzing an appraisal is also known as a reconsideration of value. If your lender has such a process, ask what information they will need and what their procedures are to request a reconsideration of value. Also, to set expectations, find out how the lender will keep you informed about the status of the review of the information you provide and of any action the lender may take to address your concerns.”  It later states, “If you believe your property appraisal was not accurate, suspect any possible discrimination in the lending process, or have an appraisal-specific complaint, you should contact your lender to request reconsideration of value, if they have a process to do so, or to file a complaint regarding the appraisal with the lender if they do not.

“If you believe that the lender has not addressed your concerns, you can contact the lender’s primary federal regulator.”

Consumers are being made aware of the ability to dispute an appraised value and essentially encouraged to do so. This challenge may be made when they feel the valuation was completed with a bias or simply errors. Improperly completed appraisals may devalue the collateral. These could be caused by errors, omissions, poor comparable properties, or discrimination, all of which may affect the final valuation as being either incorrectly stated high or low. Undervaluing a property value can have long reaching negative effects and overvaluing it could be a safety and soundness issue for the lender. (Also refer to the Interagency Appraisal and Evaluation Guidelines, 75 FR 77450 (Dec. 10, 2010)). If an appraisal is questioned, corrective actions may include ordering a second appraisal or attempting to resolve the issue with the appraiser directly. Let’s assume the bank has discussed any noted shortcomings with the appraiser that both the bank and applicant brought to light and they have not adjusted it to your satisfaction.

It makes sense that the proposed guidance says that an ROV is a request from the financial institution to the appraiser to reassess the report based on potential deficiencies or other information that may have affected the value. It does not say any other party may make that request and because the financial institution made the request and understands the importance of appraiser independence, we will hope this also makes the final guidance.

The goal is to design an ROV procedure which is consistent with safety and soundness requirements, complies with pertinent laws and regulations, respects the appraiser independence requirements, and responds in a suitable manner to the applicants. The proposed guidance will assist you, as it has four intentions.

  1.  It describes the risks when collateral valuations are incorrect.
  2.  It outlines applicable statutes, regulations, and existing guidance that govern ROVs and collateral valuations.
  3.  It explains how ROV processes and controls can be incorporated into existing risk management functions, such as your appraisal review and complaint management programs.
  4.  It provides examples of ROV policies, procedures, and controls.

As you begin to outline your policy and procedures, consider these elements:

Why. Accurate valuations of all collateral, especially for mortgage loans, are essential to the loan process.

What. Deficiencies identified in appraisals, whether through appraisal review processes or from the applicant-provided information, may be a basis for financial institutions to question the credibility of the appraisal or valuation report.

How. Anyone reviewing the appraisal, whether for the bank or the applicant, may believe the valuation is biased based on some form of:

  • discrimination,
  • errors or omissions,
  • valuation methods,
  • assumptions,
  • data sources, or
  • conclusions that are otherwise unreasonable, unsupported, unrealistic, or inappropriate.

Laws, Regulations and Guidance

Resources for your policy and procedures should include meeting the compliance requirements of the following:

  • Equal Credit Opportunity Act (ECOA) and Reg B. These prohibit discrimination in any aspect of a credit transaction, and the valuation is a part of the transaction.
  • Fair Housing Act, as it prohibits discrimination in all aspects of residential real estate-related transactions.
  • Unfair, Deceptive, or Abusive Acts or Practices UDA(A)P – Section 5 of the Federal Trade Commission Act (UDAP) which prohibits unfair or deceptive acts or practices and the “Abusive” addition from the Consumer Financial Protection Act which prohibits any covered person or service provider of a covered person from engaging in any unfair, deceptive, or abusive act or practice. Undervaluing property deprives the borrower and potentially a seller of funds which translates into many issues such as wealth, funds for education, business, home improvements, etc.
  • Truth in Lending Act (TILA) and Reg Z, which prohibit compensation, coercion, extortion, bribery, or other efforts that may impede the appraiser’s independent valuation in connection with any covered transaction.However, Reg Z explicitly clarifies that it is permissible for covered persons (which includes creditors, mortgage brokers, appraisers, appraisal management companies, real estate agents, and other persons that provide “settlement services” per RESPA and Reg X) to request the preparer of the valuation to consider additional, appropriate property information, including to, among other things, request the preparer of the valuation to consider additional, appropriate property information, including information on comparable properties or to correct errors in the appraisal.
  • The appraisal regulations issued by the regulatory agencies require these valuations to conform to the Uniform Standards of Professional Appraisal Practice (USPAP) (the latter is currently being revised and may be finalized for use in January 2024). USPAP requires compliance with ECOA and the FH Act.

The proposal reminds bankers that they are to conduct an independent review prior to providing the consumer with a copy of the appraisal. Additional review may be warranted if the consumer provides information that could affect the value conclusion or if deficiencies are identified in the original appraisal. This in itself justifies an ROV based on the applicant’s request, but the bank must continue respecting the appraiser’s independence.

If during the review process or based on information from the applicant, you determine that the appraisal does not meet the minimum standards outlined in the appraisal regulations and if the deficiencies remain uncorrected, that appraisal cannot be used as part of the loan decision.

When this issue arises, there are three actions the bank may employ as corrective action.

  • Resolve the deficiencies directly with the appraiser.
  • Use an independent party who is qualified (perhaps a state certified or licensed appraiser) to review the valuation and the suspected deficiencies.
  • Obtain a second appraisal.

Authority vs. Responsibility

As with all vendor/third party relationships, the bank may delegate its authority to act for the bank, but the responsibility for compliance with all laws and regulations remains with the bank. That is the reason any appraisal potentially tainted with a discriminatory bias must be resolved.

ROV Policy & Procedures

Any of three issues may trigger an ROV process. There may be discrepancies found during the bank’s review activities, after a complaint or other information is received from the applicant, or any request to the loan officer or other lender representative.

The ROV must be requested by the bank. When there are potential issues either from the bank’s review or the applicant’s complaint, the bank must understand the issues and react accordingly. The Interagency Appraisal and Evaluation Guidelines from December 2010 state, “An institution should establish policies and procedures for resolving any inaccuracies or weaknesses in an appraisal or evaluation identified through the review process, including procedures for:

  • Communicating the noted deficiencies to and requesting correction of such deficiencies by the appraiser or person who prepared the evaluation.
  • An institution should implement adequate internal controls to ensure that such communications do not result in any coercion or undue influence on the appraiser or person who performed the evaluation.
  • Addressing significant deficiencies in the appraisal that could not be resolved with the original appraiser by obtaining a second appraisal or relying on a review that complies with Standards Rule 3 of USPAP and is performed by an appropriately qualified and competent state certified or licensed appraiser prior to the final credit decision.
  • Replacing evaluations prior to the credit decision that do not provide credible results or lack sufficient information to support the final credit decision.”

The applicant will typically receive their copy of the appraisal after the bank has completed its review. Chronologically then, the bank will have had its opportunity to review the appraisal and have any discrepancies it found corrected. That last version is what goes to the applicant.

The applicant may then place a complaint or inquiry preferably denoting specific, verifiable information which was not in the final appraisal either because it was omitted or was not available at the time the appraisal was being completed. This may include such things as‚ including comparable properties which were not identified in the appraisal, specific characteristics of property being evaluated, or other information about the property that may have been incorrectly reported or was not considered but may affect the valuation.

If your bank has a Complaint and Inquiry Procedure to compliment UDA(A)P, your ROV procedures may refer to that, or that Complaint Procedure may refer to the ROV procedure in these specific instances, but one should refer to the other for reasons of accountability. I do not recommend being redundant as one of the two may be revised at some point and then the procedures would be out of sync and potentially lead to confusion and noncompliance. That is not desired, but what is important is that the bank has an effective policy and procedure for UDA(A)P and discrimination/ROV issues. The Complaint and Inquiry procedures should be already established and should record desired information broadly about all products and services as well as who complained, why, where, how, and the resolution with both start and end dates to ensure the bank’s actions were timely. The reason a separate procedure may be desired for ROVs is because of the sensitivity of the complaint, the necessary skillset to respect the appraiser’s independence and the prescribed steps required while also considering the pending loan request.

The Appraisal Bias Part I from June 2023, and the Appraisal Bias Part II in this month’s issue each support the reasons why this deserves immediate attention and without waiting for final guidance from the regulators. Basing the bank’s corrective actions on the three resolution methods above should be described in your procedures so there is a roadmap for staff to follow.

The proposal also makes suggestions you can use while developing your risk-based ROV policies, procedures, control systems, and complaint processes that identify, address, and mitigate the risk of problematic appraisals that may involve prohibited discrimination. Here are the eight topics with six additional subtopics:

  • Consider ROVs as a possible resolution for consumer complaints related to residential property valuations.
  • Consider whether any information or other process requirements related to a consumer’s request for a financial institution to initiate an ROV create unreasonable barriers or discourage consumers from requesting an ROV.
  • Establish a process that provides for the identification, management, analysis, escalation, and resolution of valuation related complaints across all relevant lines of business, from various channels and sources (such as letters, phone calls, in person, regulators, third-party service providers, emails, and social media).
  • Establish a process to inform consumers how to raise concerns about the valuation sufficiently early enough in the underwriting process for any errors or issues to be resolved before a final credit decision is made. This may include suggesting to consumers the type of information they may provide when communicating with the financial institution about potential valuation deficiencies.
  • Identify stakeholders and clearly outline each business unit’s roles and responsibilities for processing an ROV request (e.g., loan origination, processing, underwriting, collateral valuation, compliance, customer experience or complaints).
  • Establish risk-based ROV systems that route the request to the appropriate business unit (e.g., ROV requests that allege discrimination could be routed to the appropriate compliance, legal, and appraisal review staff that have the requisite skills and authority to research and resolve the request).
  • Establish standardized processes to increase the consistency of consideration of requests for ROVs:
    • Use clear, plain language in notices to consumers of how they may request the ROV;
    • Use clear, plain language in ROV policies that provide a consistent process for the consumer, appraiser, and internal stakeholders;
    • Establish guidelines for the information the financial institution may need to initiate the ROV process;
    • Establish timelines in the complaint or ROV process for when milestones need to be achieved;
    • Establish guidelines for when a second appraisal could be ordered and who assumes the cost; and
    • Establish protocols for communicating the status of the complaint or ROV and results to consumers.
  • Ensure relevant lending- and valuation-related staff, inclusive of third parties (e.g., appraisal management companies, fee-appraisers, mortgage brokers, and mortgage servicers) are trained to identify deficiencies (inclusive of prohibited discriminatory practices) through the valuation review process.

Automated Valuation Models

The problem of appraisal bias in residential real estate appraisals has been a hot topic for regulators and promises to continue as it is fueled by court cases, complaints, and settlements with regulatory agencies like the Federal Housing Administration, and as they are reported by the news media and social media. This proposed ROV guidance follows by a week a proposed rule with a request for comments to implement quality control standards for automated valuation models (AVMs). Third-party relationships and tools used for mortgage loans are under scrutiny. That AVM proposal – request is at https://files.consumerfinance.gov/f/documents/cfpb_automated-valuation-models_proposed-rule-request-for-comment_2023-06.pdf. This AVM proposal would require mortgage originators and secondary market insurers that use AVMs to adhere to quality control standards designed to:

1) ensure a high level of confidence in the estimates,

2) protect against the manipulation of data,

3) seek to avoid conflicts of interest,

4) require random sample testing and reviews, and

5) comply with applicable nondiscrimination laws.

1071 – Small Business Lending Rule, Basics

By Andy Zavoina

Is 1071 approaching and do you need to worry about it yet? The answer is, “it depends” because there are many variables. There are optional compliance dates and mandatory dates. We will focus on the mandatory for now. The final rule, which is Subpart B of Regulation B, https://www.bankersonline.com/regulations/12-1002-subpart-B was issued in March of this year. Banks can begin collecting data as early as October 2023, but for the higher tier banks mandatory collection begins in October 2024. The smallest tier is required to begin collection in January 2026. 2026 you say! Yes, if you are in the smallest tier, you have a lot of work to do, but 1071 is not an immediate front-burner task on your to-do list. The immediate task is to know where you fall in the tier breakout so you know when you will be required to begin reporting. To define your tier, you have to know how many qualified loans your bank has made in the immediate past, and therefore you have to know what a covered loan is.

Covered Loans

Sometimes compliance definitions are basic, like Reg Z and its definition of closed end credit, “Closed-end credit means consumer credit other than ‘open-end credit’.“ That’s a very basic definition and fortunately we do get a little more in Regulation B describing a covered loan under Subpart B, but just a little more. The term “covered credit transaction” includes all business credit (including loans, lines of credit, credit cards, and merchant cash advances) unless otherwise excluded under § 1002.104(b). So, all business loans unless excluded. So, what is excluded?

  • Trade credit, (The financing arrangement between businesses for goods or services from without immediate payment in full. This will not likely hit your radar. The CFPB has opined this trade credit as being a business loan and will add the relationship between franchisees and franchisors to its purview with the lending entity considered a financial institution);
  • HMDA-reportable transactions (Yes – if you are not a HMDA bank, you need to learn what these are);
  • Insurance premium financing, (generally financing when a business agrees to repay a bank the proceeds advanced to an insurer for payment of the premium on the business’s insurance contract and the business assigns to the bank certain rights, obligations, and/or considerations in its insurance contract to secure repayment of the advanced proceeds);
  • Public utilities credit (see 1002.3(a)(1));
  • Securities credit (see 1002.3(b)(1)); and
  • Incidental credit (see 1002.3(c)(1), but without regard to whether the credit is consumer credit, is extended by a creditor, or is extended to a consumer).

A covered origination is a covered credit transaction that the financial institution (your bank) originated to a small business. Refinancings can be covered originations. (A refi is a loan created when an existing loan is satisfied and replaced by a new one by the same borrower.)  Note, extensions, renewals, and other amendments of existing transactions are not considered covered originations even if they increase the credit line or credit amount of the existing transaction.

Tier 1
If your bank originated at least 2,500 covered loans in both 2022 and 2023, you must begin collecting data and otherwise complying with the final rule on October 1, 2024.

Tier 2
If your bank originated 500 to 2,499 covered loans in both 2022 and 2023 and at least 100 in 2024, you must begin collecting data and otherwise complying with the final rule on April 1, 2025.

Tier 3
If your bank originated at least 100 covered loans in both 2024 and 2025, you must begin collecting data and otherwise complying with the final rule on January 1, 2026.

Guidance Documents – Tools

Above we note that “trade credit” is likely something your bank will not be involved in. It isn’t impossible, but it is not likely in my experience. The CFPB offered this guidance as its interpretation rather than formally update the Reg B interpretations/commentary. You can find the rule, FAQs, a data points chart, a key dates chart  and more on the CFPB’s resource page  here https://www.consumerfinance.gov/compliance/compliance-resources/small-business-lending-resources/small-business-lending-collection-and-reporting-requirements/ to help guide you through creating your 1071 Small Business Lending Rule implementation process.

 

June 2023 OBA Legal Briefs

  • Appraisal Bias, ECOA, FHA and USPAP
  • Changes in UCCC amounts effective 7/1/23

Appraisal Bias, ECOA, FHA and USPAP

By Andy Zavoina

Appraisal bias is a new big thing. Well, not brand new. It has been a problem for a few years and the current thrust is to promote an understanding of the rules and the results when an appraisal is done with fairness and accuracy in mind.

I recently attended a BOL Learning Connect webinar entitled, “Building a Safe & Sound Real Estate Program” by noted speaker and appraiser Eric Collinsworth. He started a segment on appraisal bias by referring to an interagency task force and PAVE, which stands for Property Appraisal and Valuation Equity. One of the task force’s major goals is to address “the persistent mis-valuation and undervaluation of properties experienced by families and communities of color.”

This task force also relates to actions from the Biden Administration, which said early on its goals include equal opportunity. In a 42-page National Strategy on Gender Equity and Equality it was stated that, “Women face barriers in access to consumer loans and other credit products, and women business owners have less access to capital. These inequalities compound over the course of a woman’s lifetime, jeopardizing her financial security later in life and affecting the generations that follow.”

It was also noted in Feb 2022 by AmericanProgress.org that, “To increase equitable access to loans, mortgages, and other lending for home-buying and renting, HUD began the process to restore the discriminatory effects rule to protect against housing policies, such as zoning requirements, lending and property insurance policies, criminal records policies, and others that have a disparate impact by race. Also, HUD issued a letter encouraging lenders to devise special purpose credit programs to remedy racial inequities in homeownership.” This philosophy of reducing barriers to allow consumers and their families and heirs to access equity and to pass it on to future generations to build wealth is also a part of the impetus behind eliminating appraisal bias.

AmericanProgress.org also noted, “Racial discrimination and injustice have entrenched stark racial disparities in homeownership rates and home values. Homeownership rates for Black Americans amount to 44 percent, well below the rates for white Americans at 74 percent and behind the national average of 65 percent. Hispanic and Asian, Native Hawaiian, and Pacific Islander (AAPI) people also own homes at rates lower than the national average, at 48 percent and 60 percent, respectively.”

Generally speaking, a home is often the largest single purchase the average American makes. We’ve all heard that home values only go up. While this is not a rule, it is generally true over time. And this increased value and decreasing debt against a home do combine to build wealth and provide wealth to the next generation often inheriting a home. The equity in a home can be used for many things that further build wealth and provide for a higher quality of life. This is one reason so many in the industry see appraisal bias as a major factor.

Carla Duffy’s appraisals

In 2021 National Public Radio ran a segment on appraisal bias. In Indianapolis, Indiana, Carla Duffy has a three-bedroom home in a historic Black neighborhood. The home had been completely renovated and was across from an attractive and well-maintained park. She purchased the home four years prior for $100,000. Duffy felt based on the renovation, appreciation, and low interest rates it was a good time to use her equity from a refinance to help her daughter renovate and improve her home. Duffy had an appraisal done and it indicated her home was worth $125,000. This is a thorough way to ascertain a value, but Duffy was not convinced the appraisal was accurate. She decided to get a market analysis as a way to verify the value and it indicated her home was worth $187,000. The latter is not an appraisal, but a 50 percent higher value was more of what she felt the home was worth. So, believing the first appraisal was low for some reason, and wanting the credibility an appraisal brings, she had a second appraisal done just a few months later. This one came in $15,000 lower than the first.

Duffy was persistent and had a theory. She applied with a different lender for a refinance and this time she omitted her gender and racial information from the government monitoring information section of her application. And before this third appraisal was done, she “cleaned” the home of racial indicators like family photos, and had a white friend of the family, a male, at her home to meet the appraiser when he came to view the property.

The third appraisal shocked Duffy – but this time in a good way. This appraisal came back with a value of $259,000. That is 107 percent higher than the first appraisal and 135 percent higher than the second. When a borrower wants to consolidate debt, purchase a car, or start a business as three common examples of equity funds use, those are significant differences. Just for the purposes of asset valuation, such disparities are very significant and obviously contribute to the wealth gap reported between whites and minorities.

Several housing studies have shown this, and cumulatively the Brookings Institute estimates Black people have lost an estimated $156 billion dollars. The effect of a discriminatory practice impacts more than the current owner; everyone is touched by how the equity is used in the homes. In this case, Duffy said, “the thing devaluing her home, was her” and she knew this was not right. She filed a complaint with HUD against two of the lenders.

The appraiser providing Duffy’s lowest appraised value commented on the story. He said his values are data driven and he couldn’t change the value if he wanted to because he cannot change the data. He explained that he prepares every appraisal with the knowledge that he may have to defend his results to peers and others, and this was no exception.

Gwen and Lorenzo Mitchell

One may read the Duffy story and believe this is surely an isolated incident – an anomaly. But let’s move to Denver, Colorado. The Philadelphia Inquirer ran a story on January 27, 2021, about Gwen and Lorenzo Mitchell. Their three-bedroom house sits in a racially diverse area where homes typically sell for $450,000 to $550,000. The couple estimated their home would appraise for about $500,000. Values had been going up and they saw this as an opportunity to refinance because they were in a strong housing market. Lorenzo was home with their three kids when the appraiser was there. Lorenzo is Black, and the home appraisal came back at $405,000. That seemed low. The comps were all taken from north of Martin Luther King Boulevard — a dividing line, if you will, between a predominantly Black neighborhood where the comps were, even though the Mitchells’ home is south of the boulevard in a more diverse area. That was a red flag to the Mitchells. So, they ordered a second appraisal. This time, only Gwen was home during the appraisal visit, and Gwen is white. This appraisal came back with a value of $550,000. That is a $145,000 increase in value, almost 36 percent. That’s quite a discrepancy, and there were no changes to the home between appraisals; the Mitchells said they didn’t even mow the yard between appraisals, it was in the exact same condition.

And in Connecticut  …

And in a story similar to Duffy’s, let’s finally consider a Black homeowner in Connecticut who had his home appraised at $340,000. He thought that was low and decided a second appraisal was advisable, so he took down family photos and other family racial indicators and had his white neighbor stand in during the on-site appraisal. In his case there was an 18 percent increase in the value of his home to $400,000, a $60,000 increase.  If you are financing or refinancing a home, these differences are significant and may be impacted by external circumstances, but race appears to be a common denominator.

A regulator’s view

Michael Hsu, the Acting Comptroller of the Currency, delivered remarks to raise awareness about the need to reduce bias in real estate appraisals at a CFPB event in June 2021 on bias in appraisals. His comments highlighted the significant impact bias in appraisals has on minority families. A few notable nuggets from Hsu’s remarks were that “We are here at an opportune time in history where the energy to tear down barriers to fair and equal participation in our economy may finally exceed the resistance protecting the status quo.” The Biden administration sees this as a chance to facilitate change and it is my opinion that those in charge of the regulatory agencies are in agreement with the administration and share these goals. Hsu went on to cite a few reasons appraisals with a bias are problematic. “Biased appraisals can keep a family from getting approved for a loan or raise the price of a loan. They can trap “undervalued” neighborhoods by depressing property taxes, resulting in lower income to support education and infrastructure. Biased appraisals mean good loans to creditworthy customers go unmade.” He went on to say, “discrimination and bias in appraisals contribute to inequity in housing values and adversely affect a critical source of wealth accumulation for minority families. The impact is large and cannot be ignored. Studies have found that homes in Black neighborhoods are valued at roughly half the price [of] homes in neighborhoods with few or no Black residents.” The undervaluing of property snowballs, as it can impact tax revenue and then everything which develops from that, schools, emergency services, public facilities, etc.

Hsu did point out that appraisal processes are not seen as a part of the banking industry, but that there are intersections, and the OCC expects banks to ensure their vendors treat customers fairly and do not discriminate. We are seeing banks held accountable for discrimination in appraisals they use. He also noted that holding banks accountable is necessary, but the problem as a whole is bigger than just banks. That is why PAVE is forcing USPAP’s processes to improve the appraisal process.

Reg B requires a disclosure of the consumer’s ability to receive a copy of any appraisal(s) and valuation(s) prepared in connection with first-lien loans secured by a dwelling to be provided to applicants within three business days of receiving the application. This is not new — it’s been in effect since January 18, 2014.  Appraisal bias is why this disclosure is a big deal and its importance in the disclosure and compliance process was accelerated more than a year ago. As an example, regulators are working to provide more oversight over the activities of the Appraisal Foundation, which has power over the appraisal industry. The CFPB has had public meetings to discuss appraisal bias.

Lenders, take note

More recently, the CFPB and the DOJ filed a joint Statement of Interest in the case of Nathan Connolly and Shani Mott, v. Shane Lanham, 20/20 Valuations, LLC, and loanDepot.com, LLC, in the United States District Court, District of Maryland case Civil Action No. 1:22-cv-02048-SAG. These two agencies say that mortgage lenders can be liable if they rely on a discriminatory appraisal even from a third-party appraiser. This case was brought by a Black family that had an appraisal done, replaced the photos with those of a white family, had a second appraisal done, and had an immediate increase in value. The defendants maintain they should not be the ones liable for the third-party appraisal. Appraisers must have independence. But this is when the CFPB and DOJ jumped in and said both the FHA and ECOA (Reg B) require lenders NOT to rely on appraisals that are inaccurate or violate the law. It was added that TILA’s (Reg Z) rules on appraisal independence agree that there is no requirement to follow a biased appraisal.

Regulatory agencies are expected to develop and implement changes to examinations procedures for mortgage lenders. Future examinations may look for evidence that a lender’s compliance management programs are considering appraisal bias as a risk, and the examiner may collect additional information on appraisal attributes and tailor exam aides to evaluate irregularities in appraisals which are evident in the loan file.

If you are making notes of to-do items, the importance of your appraisal reviews has just gone to a higher level, based on the opinion of these two agencies and expectations of future exams. There are new classes being offered specifically to combat appraisal bias. These are being offered to appraisers according to Collinsworth, but I suspect appraiser reviewers in bank could enroll or find similar training. He also stated, “Regulatory agencies will, as needed, devise and implement changes to how examinations of mortgage lenders under their purview are conducted. For example, examinations can look for evidence that a lender’s compliance management programs are considering appraisal bias as a risk, collect additional information on appraisal attributes and tailor exam aides to evaluate irregularities in appraisals documented in the loan file.”

Reg Z prohibits banks, lenders, and any other covered party from coercing, instructing, or inducing an appraiser to cause the appraised value to be based on any factor other than the appraiser’s independent judgment. Lenders and others also cannot alter an appraised value. Banks have gone to great lengths to separate the lender on a loan from having any control over the selection or instructions to an appraiser. Although the bank can ask the appraiser to consider additional information, provide further details or an explanation for this, or correct errors in the appraisal, there is a line the bank may not cross here as to influencing that appraisal’s outcome. The Statement filed with the court by the CFPB and DOJ does indicate the bank would be protected if it asks an appraiser to reconsider a value under certain circumstances. No specific examples were provided as to what would be acceptable to do this and remain protected. For appraisers, the Conduct section of the Ethics Rule states an appraiser “must not use or rely on unsupported conclusions relating to characteristics such as race, color, religion, national origin, gender, marital status, familial status, age, receipt of public assistance income, handicap, or an unsupported conclusion that homogeneity of such characteristics is necessary to maximize value.” A violation of these may be a circumstance allowing reconsideration especially if a bank believes discrimination may be involved. That then raises another concern—would the bank have to consider reporting an appraiser for such conduct?

When an appraisal is completed, there may be situations when the bank and the borrower believe the value is lower than expected or the reasoning for the values are flawed. This would be especially so if an inappropriate bias was believed to exist. Such a belief should be supported by facts. A reviewer would require adequate training and experience to support such a conclusion, and this would be based in part on their competence to perform the review and the complexity of the transaction and type of property in question. The bank should also have a policy and procedures to both protect the parties involved and maintain appraisal independence. From the Collinsworth webinar, here are four examples regarding periods when the institution may exchange information or contact with the appraiser include:

  1. A request to provide additional supporting information about the basis for the valuation
  2. Requesting consideration of additional sales or information provided by the lender or borrower
  3. Correct factual errors in an appraisal
  4. Requesting consideration of additional information about the subject property or comparable properties.

A duty to report?

What if the bank does reject an appraisal? Collinsworth said, “If an appraisal is “rejected” for failing to comply with USPAP or applicable state laws, or if the institution suspects the appraiser performed in other unethical or unprofessional conduct, a complaint should be filed with the appropriate state appraiser regulatory officials.  Furthermore, as of April 1, 2011, an institution MUST file a complaint with the appropriate state licensing agency if it believes the appraiser has materially failed to comply with USPAP or applicable state or federal laws according to Supplement I of Part [1026] of Regulation Z – Truth in Lending.  For purposes of this deficiency, material failure to comply is one that is likely to affect the value assigned to the consumer’s principal dwelling.  An institution MUST also file a suspicious activity report (SAR) with the Financial Crimes Enforcement Network of the Department of the Treasury (FinCEN) when suspecting fraud or identifying other transactions that meet the SAR filing criteria.

It should also be noted that if an examiner finds evidence of unethical or unprofessional conduct by an appraiser, they should instruct the institution to file a complaint with the necessary state appraiser regulatory officials and to file a SAR with FinCEN when required.  If the examiner determines there is a concern with the institution’s ability or willingness to file a complaint or make a referral, the examiner should forward his or her findings and recommendations to their supervisory office for disposition and referral to the state regulatory officials and FinCEN as necessary.  In addition, penalties could be assessed to the institution and the reviewer if deficiencies are found by the examiner and not reported as mentioned above.”

What if the bank or borrower wants a second appraisal? The regulators do expect the bank to follow a policy of selecting the most credible appraisal and not specifically the one with the highest value. Documentation should be maintained in the loan file to support the decision for using the valuation selected as most appropriate.

Editor’s note: Part II of Andy’s article on Appraisal Bias will appear in our July 2023 Legal Briefs.

Changes in UCCC amounts effective 7/1/23

By Pauli D. Loeffler

Sec. 1-106 of the Oklahoma Uniform Consumer Credit Code  in Title 14A (the “U3C”) makes certain dollar limits subject to change when there are changes in the Consumer Price Index for Urban Wage Earners and Clerical Workers, compiled by the Bureau of Labor Statistics, U.S. Department of Labor.  You can download and print the notification from the Oklahoma Department of Consumer Credit by clicking here.   It is also accessible on the OBA’s Legal Links page under Resources once you create an account through the My OBA Member Portal. You can access the Oklahoma Consumer Credit Code with regard to changes in dollar amounts for prior years on that page as well.

Increased Late Fee

The maximum late fee that may be assessed on a consumer loan is the greater of (a) five percent of the unpaid amount of the installment or (b) the dollar amount provided by rule of the Administrator for this section pursuant to § 1-106. As of July 1, 2023, the amount provided under (b) will increase by $2.00 to $31.00.

Late fees for consumer loans must be disclosed under both the UC3 and Reg Z, and the consumer must agree to the fee in writing. Any time a loan is originated, deferred, or renewed, the bank has the opportunity to obtain the borrower’s written consent to the increased late fee as set by the Administrator of the Oklahoma Department of Consumer Credit.  However, if a loan is already outstanding and is not being modified or renewed, a bank has no way to unilaterally increase the late fee amount if it states a specific amount in the loan agreement.

On the other hand, the bank may take advantage of an increase in the dollar amount for late fees if the late-fee disclosure is properly worded, such as:

“If any installment is not paid in full within ten (10) days after its scheduled due date, a late fee in an amount which is the greater of five percent (5%) of the unpaid amount of the payment or the maximum dollar amount established by rule of the Consumer Credit Administrator from time to time may be imposed.”

§ 3-508A. This section of the “U3C” sets the maximum annual percentage rate for certain loans. It provides three tiers with different rates based on unpaid principal balances that may be “blended.” It also has an alternative maximum rate that may be used rather than blending the rates. The amounts under each tier are NOT subject to annual adjustment by the Administrator of the Oklahoma Department of Consumer Credit under §1-106. However, a new subsection (4) was added allowing the lender to charge a closing fee which IS subject to adjustment under § 1-106. The closing fee, which was $167.33, has increased as follows:

(4)  In addition to the loan finance charge permitted in this section and other charges permitted in this act, a supervised lender may assess a lender closing fee not to exceed One Hundred Seventy-Eight Dollars and Eighty-Seven Cents ($178.87) upon consummation of the loan.

Note that the closing fee is NOT a finance charge under the OK U3C, and therefore not considered for purposes of usury. However, the fee IS a finance charge under Reg Z. Most banks use Reg Z disclosures. This means that it is possible that the fee under Reg Z disclosures will cause the APR to exceed the usury rate under § 3-508A. If that happens, document the file to show that the fee is excluded under the U3C in order to show the loan does not in fact violate Oklahoma’s usury provisions. Please note that the bank is NOT required to charge a closing fee at all, and banks may choose to not charge the fee at all, or charge less than the amount permitted under the statute.

You can access the § 3-508A Table https://www.oba.com/wp-content/uploads/2022/11/3-508A-ABS-Chart.pdf

§ 3-508B Loans

Some banks make small consumer loans based on a special finance-charge method that combines an initial “acquisition charge” with monthly “installment account handling charges,” rather than using the provisions of § 3-508A with regard to maximum annual percentage rate.

The permitted principal amounts for § 3-508B are adjusting from $1,740.00 to $3,450.00 for loans consummated on and after July 1, 2023.

Sec. 3-508B provides an alternative method of imposing a finance charge to that provided for Sec. 3-508A loans. Late or deferral fees and convenience fees as well as convenience fees for electronic payments under § 3-508C are permitted, but other fees cannot be imposed. No insurance charges, application fees, documentation fees, processing fees, returned check fees, credit bureau fees, nor any other kind of fee is allowed. No credit insurance, even if it is voluntary, can be sold in connection with § 3-508B loans. If a lender wants or needs to sell credit insurance or to impose other normal loan charges in connection with a loan, it will have to use § 3-508A instead.  Existing loans made under § 3-508B cannot be refinanced as or consolidated with or into § 3-508A loans, nor vice versa.

As indicated above, § 3-508B can be utilized only for loans not exceeding $3,450.00. Further, substantially equal monthly payments are required. The first scheduled payment cannot be due less than one (1) calendar month after the loan is made, and subsequent installments due at not less than 30-day intervals thereafter. The minimum term for loans is 60 days. The maximum term of any loan made under this section shall be one (1) month for each Ten Dollars ($10.00) of principal up to a maximum term of eighteen (18) months.  This would be loans not exceeding $621.00.  Loans under subparagraphs e through i of paragraph 1 of this section ($621.01 up to $2,300.00) the maximum terms shall be one (1) month for each Twenty Dollars ($20.00) of principal up to a maximum term of eighteen (18) months, and under subparagraphs j and k of paragraph 1 of this section ($2,300.01 – $3,450), the maximum terms shall be one (1) month for each Twenty Dollars ($20.00) of principal to a maximum term of twenty-four (24) months.

Lenders making § 3-508B loans should be careful and promptly change to the new dollar amount brackets, as well as the new permissible fees within each bracket for loans originated on and after July 1st. Because of peculiarities in how the bracket amounts are adjusted, using a chart with the old rates after June 30 may result in excess charges for certain small loans and violations of the U3C provisions.

Since §3-508B is “math intensive,” and the statute whether online or in a print version does NOT show updated acquisition fees and handling fees. I have inserted the current amounts effective on July 1, 2023 into the statute which you will find toward the bottom of the OBA Legal Links page under Sec. 3-508B – Effective July 1, 2023. Again, you will need to register an account with the OBA in order to access it.

The acquisition charge authorized under this statute is deemed to be earned at the time a loan is made and shall not be subject to refund. However, if the loan is prepaid in full, refinanced or consolidated within the first sixty (60) days, the acquisition charge will NOT be deemed fully earned and must be refunded pro rata at the rate of one-sixtieth (1/60) of the acquisition charge for each day from the date of the prepayment, refinancing or consolidation to the sixtieth day of the loan. The Department of Consumer Credit has published a Daily Acquisition Fee Refund Chart for prior years with links here: https://www.ok.gov/okdocc/Licenses_We_Regulate/Supervised_Lender/index.html  The Oklahoma Department had not published the Chart for 2023 at the time this article was written. Note if a loan is prepaid, the installment account handling charge shall also be subject to refund. A Monthly Refund Chart for handling charges for prior years can be accessed on the page indicated above, as well as § 3-508B Loan Rate (APR) Table.  I expect the charts and table for 2023 to be added shortly.

§3-511 Loans

I frequently get calls when lenders receive a warning from their loan origination systems that a loan may exceed the maximum interest rate. Nearly always, the banker says the interest rate does not exceed the alternative non-blended 25% rate allowed under § 3-508A according to their calculations. Usually, the cause for the red flag on the system is § 3-511. This is another section for which loan amounts may adjust annually. Here is the section with the amounts as effective for loans made on and after July 1, 2023, in bold type.

Supervised loans, not made pursuant to a revolving loan account, in which the principal loan amount is $6,200.00 or less and the rate of the loan finance charge calculated according to the actuarial method exceeds eighteen percent (18%) on the unpaid balances of the principal, shall be scheduled to be payable in substantially equal installments at equal periodic intervals except to the extent that the schedule of payments is adjusted to the seasonal or irregular income of the debtor; and

(a) over a period of not more than forty-nine (49) months if the principal is more than $1,860.00, or

(b) over a period of not more than thirty-seven (37) months if the principal is $1,860.00 or less.

The reason the warning has popped up is due to the italicized language: The small dollar loan’s APR exceeds 18%, and it is either single pay or interest-only with a balloon.

Dealer Paper “No Deficiency” Amount

If dealer paper is consumer-purpose and is secured by goods having an original cash price less than a certain dollar amount, and those goods are later repossessed or surrendered, the creditor cannot obtain a deficiency judgment if the collateral sells for less than the balance outstanding. This is covered in Section 5-103(2) of the U3C. This dollar amount was previously $5,800.00 and increases to $6,200.00 on July 1.

March 2023 OBA Legal Briefs

  • Reputation risk and theft
  • Deposit mismatches and liability

Reputation risk and theft

By Andy Zavoina

I think I’ve always been fascinated by “the con” and the way some people will steal, and others will be gullible. That fed a degree of interest and intrigue in me for many years and led me to a hobby of magic (where lying and stealing is for entertainment) and my first job in law enforcement. I was then involved in security at my bank, but my full-time duty was compliance. In the bigger picture, however, as an officer of the bank, my first responsibility was to the bank. That means I was always interested in the safety and soundness and reputation of the bank. I believe all our readers share those same interests and all of this was the inspiration for this month’s Legal Briefs. First, we’ll take a deep dive into much of the information available to you in several court cases and enforcement orders and then we’ll use the pertinent facts to provide the information needed to assist in improving policies and procedures in your bank to avoid similar instances, when warranted.

Maguire: On the 24th of February 2023, the United States Attorney’s Office for the Northern District of Florida posted a notice about Nicole Maguire. She was just sentenced to three years in federal prison after she pleaded guilty to conspiracy to commit bank fraud, bank fraud, and aggravated identity theft charges. That issue would involve the safety and soundness of the bank. The fact that I also had it show up in my alerts because there was also a story about her in The News & Observer, and I’m certain many other online and paper-based publications also ran the story, made it a bank reputation-related issue.

Nicole Maguire sold the names of bank customers, their identification card numbers, and bank account numbers to others who then stole more than $125,000 from those customers, and ultimately from the bank, in 2019. Yes, the wheels of justice turn slowly. But I’m sure the case is still of interest to customers of Regions Bank in Florida, Alabama, Iowa, and Missouri where the victims were.

Maguire was obviously not alone in this. Her co-defendants were Desmond Brannon, who was sentenced to four years in prison after pleading guilty to conspiracy to commit bank fraud and bank fraud charges; Steven Mussington, who was sentenced to 1 year and 1 day in prison for conspiracy to commit bank fraud and bank fraud charges; and Chelsie Worthen, who pleaded guilty to conspiracy to commit bank fraud, bank fraud, and aggravated identity theft charges. Then there were co-conspirators Darrell Wells and Georgia Ward who both reside in New York and were or are being prosecuted in the Southern District of New York under a separate but related indictment. Ward pleaded guilty to conspiracy to commit bank fraud and was sentenced to time served and an additional nine months of home confinement. Wells is awaiting trial on charges of conspiracy to commit bank fraud and aggravated identity theft.

The FBI and police departments in Florida, Iowa, and Missouri, along with the bank’s security investigators, were all involved in the case as well. It was far-reaching and I’m certain complex to unravel. At the end of the day, the short story is Maguire was the insider who sold the IDs and information and another woman had fake IDs made with others’ photos and the customers’ information to make withdrawals. They also passed some fake money orders and checks.

When a Regions customer, especially those in the four states specifically mentioned in this case, reads this story they will do one of three things— check their own accounts and worry about the security of their money, know this person was caught and that no customer lost any money, or worry that next time the perpetrator won’t be caught and the customer will be unaware of a loss from their own account. In any scenario, we do not want customers to worry. And while I said “no customer lost money” that is a supposition. There was no statement from the bank for whatever reason.

If your bank were to suffer such a loss, the bank should have a reaction plan in place. You should be able to fill in the blanks and put together an official statement in short order to demonstrate control of the situation and to instill confidence in the public and your customers. The bank should always look to emphasize that the bad actors were caught, and that no customer has lost money, not one dime. There are customers and customers-to-be who may need to be reassured.

This is the most recent case I have read about. But there are many others, and we want to explore some of those this month. When we pay particular attention to what happened, how and sometimes why, we learn valuable lessons about things that can be done in our own banks to avoid such problems. One common fact we see in internal cases is that they can take years to discover. This is especially so when the thief is going to “take a little, leave a little” and has the knowledge and authority, to cover their tracks. This is a key reason areas like security and audit need unfettered access when it comes to internal audits and investigations and staff need to speak up when they see transactions outside the ordinary. It is also a reason your bank should have a vacation or “period of absence” policy that will take a person away from their desk and out of control of internal accounts for a period long enough for discrepancies to show up. Those discrepancies should not be explained away but understood, accepted, or corrected. Questioning transactions and documents should be viewed as a constructive and protective act. If nothing wrong is found, it is a reassurance, and if something is amiss, the review is money saved overall and an opportunity to improve procedures.

Torgerson: In another recent case, Brady Daniel Torgerson from Beulah, North Dakota, was sentenced in February 2023 to two years in federal prison, three years of supervised release and a $200 special assessment. Torgerson pleaded guilty to two separate counts of bank fraud against financial institutions located in Beulah. This case also went back to 2019 and extended to 2021. Torgerson was employed as the president of First Security Bank-West and separately as a loan officer at the Union Bank. He used these positions of authority to conduct transactions that caused harm to both the banks he was working at and their customers.

While employed at First Security Bank-West, Torgerson funded loans which should have raised red flags with the most basic of controls. These questionable loans lacked necessary financial information, security interest documentation and even promissory notes. He created deceptive transactions by falsifying records in the bank’s computer system, increasing loans which then exceeded the original approved loan amounts, and extended maturity dates of loans to keep them off the past due listings and therefore anyone’s radar.

When he was working at the Union Bank, Torgerson created fraudulent loans in the amounts of $225,487.44 and $225,487.45 in the names of three separate individuals who neither knew about these loans nor received the funds. Torgerson had three co-defendants who were sentenced to both short jail terms which included one day of time served and a year of supervised release plus a monetary fine for each and $98,ooo restitution from one. I believe one of these was his father and the other two likely friends. You can almost hear the offer of something for nothing and them making a quick buck to help him out.

Anything that is transacted on the bank’s systems should be traceable to an employee based on logon credentials. An employee doing account maintenance at the direction of a superior should remember what was done and why, and their credentials should never be shared. When someone leaves a terminal, they should sign off. This helps protect everyone and promotes the integrity of the systems in place. Similarly, when loans are funded and booked without the standard security agreements and collateral documentations, and especially without executed note forms, questions must be asked, and the notification chain accelerated upward as that is a serious issue that would be difficult to explain.

On that same note, I remember “back in the day” when I was on the loan desk. This was at a military bank and predated internet banking. A young lieutenant who banked with us called from a large city about three hours away. He had found a car he just had to have. I got the necessary information from him and already knew his father was a retired colonel and his grandfather was a retired general, both West Point graduates. Of key interest was that fact that he would be back in town in two or three days, and he promised to come in and sign his contract. I provided the dealership with draft instructions so I as good as made the loan. I proudly informed my boss because I knew this was excellent customer service and would help build loyalty of this up-and-coming military officer. Unfortunately, after day three I had not heard from him. I waited nervously on day four and called him on day five. Even after all these years, I still remember his answering machine as he introduced himself and he said he was “either out rescuing a damsel in distress or a cat from a tree.” I just knew at that moment I had a nutcase for an almost borrower. But he came in shortly thereafter, the paperwork was done, and the loan paid as agreed. I never did that again. But it would explain what happened and there was no loan being booked without a note and collateral.

Seck: A case as recent as we can get was published February 27, 2023, by the U.S. Attorney’s Office, District of Maryland. In this case Diape Seck, of Rockville, Maryland, was at the time of the bad acts a customer service representative at a bank. He and his eight co-conspirators stole or attempted to steal almost $2 million by fraud, including by stealing checks from the mail of churches and religious institutions. Seck was the ringleader.

Seck fraudulently opened bank accounts using fake identities. He took cash bribes for his efforts. Among other illegal acts, his accomplices then deposited stolen checks from churches and other religious institutions into the fraudulent new bank accounts. The co-conspirators withdrew and spent those funds as compensation for their efforts.

There were more than 400 accounts opened in just over a year beginning in January 2019. Identification relied on was often Romanian passports and driver’s license information. Generally, the deposits were made to ATMs the bank owned. From those deposits cash withdrawals would be made and debit cards associated to the fraudulent accounts would be used for purchases.

Seck’s sentencing is scheduled for June. He faces up to 30 years in prison. The accomplices generally are facing three to five years each. One in Dania Beach, Florida, and another in Baltimore are the only two facing restitution with each exceeding $1 million. Raise your hand if you think the restitution will actually be paid. I’m not raising mine.

What might have helped stop this sooner than a year into the scheme? Sending new account verification letters could have helped alert an auditor that an address was bad if that was the case here. So would address scrubs where the bank compares accounts with the same address and different owners. That could show as an example multiple owners using the same post office box address.

Schroeder: Let’s turn our attention to Ronald Wayne Schroeder and the Bank of San Antonio where he was the bank president. His crime dated back to before 2020, but it was August 2022 when he was sentenced to 97 months in federal prison as his fraudulent activities cost the bank $13 million.

Schroeder himself took nearly $3.2 million. He and his co-defendants conspired to defraud various banks of money through the factoring of false and fraudulent invoices.  They began with Southwest Bank, then included Schroeder’s bank, Bank of San Antonio, and finally included the TransPecos Bank.

Schroeder sent false and fraudulent invoices of companies owned or controlled by the other defendants in the case, to be factored by these financial institutions.  This is a process where a company sells its receivables to a third party, in this case the victim banks. Factoring is intended to provide a quick capital injection into the business selling the receivables as they are sold at a discount which provides an immediate short-term gain and allows for a profit margin to the buyer as the receivables pay back over time. Schroeder and other co-defendants would then use that money for their own personal enrichment or to pay off old invoices owed to the banks much like a Ponzi scheme where money from new investors is used to pay old investors. Schroeder used his $3.2M to buy a beach house, airplane, boat, and vehicles.

Schroeder and the others obviously knew what they were doing. It was a definite abuse of authority by Schroeder and that certainly would have influenced the first bank they factored with. Once they got the first bank in place, they were able to leverage credibility and get a second and then a third victim bank. Like all Ponzi schemes it would reach a point where there was not enough money coming in to support the debt already established. When the receivables stop paying and they are discovered to be fraudulent, the house of cards falls and, in this case, there were $13 million of them.

As you can imagine, based on this case and others, an abuse of position was a contributing factor. Staff must be able and willing to question transactions, loans, and arrangements where the bank is paying some high-ranking officer or board member or someone or a company associated with that person. When it is an unusual arrangement, it deserves to be questioned and that person, if legitimate, really should not mind so everything is transparent and above reproach.

Romero: Orlando Romero worked at Deutsche Bank as a client service specialist. Always wanting to improve his position he was seeking employment opportunities in the banking field. He received a written employment offer from another bank. While that offer was good, he knew he could do better. He decided to look within his current bank, and he doctored that offer by adding to the salary the competitor bank was offering him. He presented this “modified” offer to his supervisor at Deutsche Bank who agreed to meet that offer and Romero received a $28,000 increase to his annual salary. One might believe the bank must have been under-compensating him to provide such a hefty increase all at once. But Romero left Deutsche Bank some thirty months later when his prior deception became known. Romero was deemed By the Federal Reserve to have violated the bank’s internal policies and committed violations of law or regulation, unsafe or unsound practices, or breaches of fiduciary duty. He was ordered to cease and desist and has been banned from banking.

Many are of the opinion that the bank made the decision to pay him presumably what he was worth as an employee. But the way he went about it was deemed unacceptable. Staff needs to be aware that ethics policies do have teeth.

Ratcliff: James Ratcliff worked at the First National Bank and Trust Company of Vinita for 20 years. He was an executive vice president and vice-chairman and chairman of the board at his bank at different times. Abusing his position, he had the bank engage and pay entities owned by him as third-party vendors. This in itself is not the violation, but the manner in which the relationship was handled was. He set up financial arrangements between the bank and the entities he owned. There should have been someone else managing that relationship just as tellers should not complete transactions for relatives. Work was not tracked or verified but was paid for. There was little evidence that what was billed for was actually done, which causes doubts as to the validity of the billing. Because of his insider status and long standing at the bank, he was not sufficiently challenged by others in management. He failed to ensure employee compensation was commensurate with the employees’ responsibilities and actual work performed for the bank.

Ratcliff also directed employees and contractors to perform work for the entities he owned, at the bank’s expense. He made unsafe and unsound loans. The OCC noted in its consent order that delinquent borrowers were instructed to form new entities and Ratcliff had the debt transferred to that new entity without correcting the problems leading to the delinquency, which only hid those past due accounts from accurate recordkeeping., These loans were also made without sufficient documentation such as financial statements.

Ratcliff was handed a $100,000 civil money penalty and was banned from banking. Here again, we see officers in high positions run a bank as though it was their personal piggybank and they had unfettered control. That is not how it should ever appear and internally the bank requires a culture of separation and transparency.

Fritz: Ratcliff was not doing everything alone at First National Bank and Trust Company of Vinita. Tony Fritz was the former chief lending officer and a director at the bank.

Fritz was cited for failing to ensure that credit administration and risk management practices and controls were effective and commensurate with the risk and complexity of the loan portfolio. He failed to develop a system to ensure ongoing monitoring of complex commercial credits and to ensure the bank kept adequate loan documentation. He failed to formalize loan review and approval processes and failed to properly document lending decisions. He failed to provide credible challenge to members of senior management who maintained loan portfolios and failed to maintain adequate oversight over their portfolios. Fritz approved and/or originated multiple unsafe or unsound loans that were liberally underwritten and included inaccurate credit memorandums containing insufficient financial statement and cash flow analysis. He originated loans to cover customers’ overdrafts and overdraft fees. He extended additional loans to borrowers who were not creditworthy, sometimes through creating new entities, in order to make payments on such borrowers’ non-performing loans. In short, Fritz was a key officer whose authority and duties were in part to balance the scale for what others might do and to ensure controls were in place and functioning as they were designed to. That did not happen in this case. Sometimes staff can only do so much, and when bad acts are committed willingly by the most senior of officers, the regulators take action. Fritz was cited with a $20,000 civil money penalty.

While these last two enforcement orders from late 2022, the bad acts were from years before. BancFirst purchased this bank early 2021.

Deposit mismatches and liability

By Andy Zavoina

Continuing with the theme of fraudulent transactions but changing to liability, let’s review a new case that screams “what you do know, can hurt you,” especially if a bank turns a blind eye to the obvious.

This is a legal case, Studco Building System U.S., LLC, plaintiff, V. 1st Advantage Federal Credit Union,  (Studco) Civil Action No: 2:20-cv-417 in Virginia. This case began about August 2018 when 1st Advantage opened an account for an individual. In the court documents he is referenced as “John Doe.” The court does not know who the actual account holder is. With Bank Secrecy Act regulations, 1st Advantage would have had to follow basic requirement to know the customer. But it did not verify John Doe’s identity, physical or mailing address, prior banking history, whether John Doe was eligible to be a member, nor did it verify the source of funds intended for the account.

This is not a case of an account takeover but a BEC or Business Email Compromise. The end result is similar, as the scammer gets the victim’s money. But in a BEC there is hacking or social engineering to get into a corporate email account. Once inside, the scammer looks for some discussion about a project and bill for that project that is due or will be soon. Studco Building Systems sounds like a company that would buy large amounts of materials and then pay the large bills they receive for them. Once he finds one of those the scammer is halfway there.

In this case, about two months after opening his account, Doe impersonated Olympic Steel out of Ohio. He sent Studco instructions to make an ACH payment to the 1st Advantage account he opened. 1st Advantage received those funds and was aware that Olympic Steel was not a depositor of theirs.  Beginning in October 2018, Studco sent one ACH to 1st Advantage to the account number of Doe in the amount of $156,834.55. That transfer identified Studco as the originator and Olympic Steel as the intended receiver. This did not match any account holder with 1st Advantage. The ACH credit identified a personal account number, but the transfer was coded commercially as a “CCD” meaning it was a “Corporate Credit or Debit.”  In this case NACHA rules require CCD payments to be restricted to transactions that involve only businesses. Any CCD payments directed to personal accounts are required to be rejected by the receiving bank. In this case 1st Advantage did not do that. A short time later 1st Advantage accepted three more large commercial ACH credits for Doe’s personal account totaling nearly $559,000.

Doe wasted no time as he began transferring the funds out. Typically, when these funds reach John Doe’s account, the valid originating bank’s customer and the originating bank have to take fast action as Doe will be getting that cash out of the account. Doe’s goal is to beat any reclamation claim by the originating bank or the company paying its bill. Sophisticated scammers may send these funds through several banks and then convert it to crypto or have it sent to a foreign bank. In this case, Doe was taking the funds incrementally — all $559,000 — and he did it in person and with the assistance of 1st Advantage staff. It took him more than a month as 1st Advantage employees issued thirteen cashier’s checks and wire transfers to move the funds out. Nine of the thirteen withdrawals were reportedly to an individual or entity known to the 1st Advantage staff who assisted him. This added validity to his transfers.

When there is a BEC you may find yourself with many of the same questions you would have for a takeover:

  • Who may be responsible for the loss?
  • Did the bank that sent the funds following the company’s orders (Studco) follow the instructions precisely?
  • Was this an unusual transaction for Studco?
  • Is Studco liable for the loss, what were their actions, and how did they protect themselves?
  • Was the hacker using an actual vendor’s system, and if so, does that vendor have liability?

The FBI in Rochester, New York, initiated the investigation. During the investigation, Studco alleged that 1st Advantage intentionally concealed, and continued to conceal, material information from Studco related to John Doe and the account. That both hindered the investigation and aided John Doe in his theft. Studco initiated actions against 1st Advantage in November 2019.

You may be surprised how the Virginia court ruled in this case. 1st Advantage, the credit union that received the funds, would have liability under Article 4A of the UCC. The credit union had AML software and that software provided alerts on mismatch between the account name and the name in the ACH transfers, but no one acted on those alerts. 1st Advantage certainly did not follow BSA requirements to know its customer. There was no indication that 1st Advantage had actual knowledge of John Doe’s illegal activities. But the court found that there was certainly an inference the bank should have made, as its AML software generated several alerts pertaining to account discrepancies, fraudulently diverted payments, and withdrawals by the John Doe himself. There were many indications that the account was being used for fraudulent purposes.

The court’s order effectively said there exists a “should-have-known” standard under the relevant provision of UCC Article 4A, but this is in contrast to many other court decisions that required proof of actual knowledge by the receiving bank of the discrepancy between named payee and actual account holder at the time the payment was credited to the account. Other courts have yielded to part of Article 4A stating, “If the beneficiary’s bank has both the account number and name of the beneficiary supplied by the originator of the funds transfer, it is possible for the beneficiary’s bank to determine whether the name and number refer to the same person, but if a duty to make that determination is imposed on the beneficiary’s bank the benefits of automated payment are lost.”

The court hearing the Studco case reviewed both the UCC and NACHA rules requiring a commercially reasonable manner or exercise of ordinary care when processing ACH payments. The court held 1st Advantage fell short of this standard in the way it opened the account and ignored red flags generated from its own software. The court stated that 1st Advantage “did not maintain reasonable routines for communicating significant information to the person conducting the transaction. If 1st Advantage had exercised due diligence, the misdescription would have been discovered during the first ACH transfer.”

Finally, while it is an unusual finding, it is one that bank customers would likely agree with. The red flag warnings would have been triggered based on criteria 1st Advantage defined, yet it failed to do anything when the alerts were generated.

Let’s look at a basic argument that many banks rely on — if we have a valid account number, deposit the funds. We in the Compliance team hear this question regularly and thoroughly expect to again this year as tax refunds begin to be deposited. What do you do when there is a known mismatch in a tax refund between the name in the direct deposit ACH record and the name of the account holder? This is sometimes complicated because the person named on the deposit may be a convenience signer on the account, but not an owner. They may be a known associate of the owner, but not an owner. Could this person be hiding assets from a creditor and shielding those funds in an account that could not be touched legally because that person is not the account owner? What if the account owner takes the funds? Technically the funds are their property, but does the bank want to be involved in that? What if the account owner is served a garnishment and the other person’s funds are taken as a result? Again, it is their property by virtue of account ownership, but does the bank want to be involved? Would it not be more responsible to require that even with personal accounts, the account number and name in the deposit record must match? Based on this Studco opinion, could your bank find itself with liability? And lastly, how much is the bank willing to spend to find out?

February 2023 OBA Legal Briefs

  • Signage management
  • SCRA and a new best practice recommended?
  • The child support levy moratorium is over

Signage management

By Andy Zavoina

As we enter the new year, let’s continue from last month on getting the little things squared away so we can focus on a new year of compliance work. Let’s talk about signage requirements. In our main branch we had a “Fed wall” which was one area which had the federally required (and state, as applicable) notice requirements. It should be in an area that is highly visible to meet the intent of the posted notice requirements. It does no good to put these on the wall behind a door that stays open and prevents viewing them. You will not get credit during an exam for posting them where they cannot be seen. Similarly, when the branch manager thinks your Fed wall is an eyesore and puts the plastic Ficus trees in front of your detailed work – no points. If there was a remodel done and the signage was taken down for maintenance, ensure it goes back up.

As to being unsightly, beauty is in the eye of the beholder. If you put courier font printed pages in a $2 frame and nailed it to the wall, that is what it will look like. What we did was to lay out all the applicable disclosures and we bought one large frame, had a mat cut for all these in one space and then everything was accounted for in one space. As a new branch was opened, we ordered another of the same design. This ensured that everything was easily accounted for and posted easily on the wall rather than trying to lay out several frames, especially if those frames were each different giving a hodgepodge appearance. It was also a simple task to pull the frame down, remove the backing and switch out the disclosures when necessary. As a tip, there is a transparent and removable tape that uses the same type of glue as sticky notes have. It will hold your documents to the mat securely yet provide the flexibility to switch them out without destroying the mat or other documents.

Here are suggestions and justifications for your Fed wall and other required signage.

  1. Community Reinvestment Act Notice: This is to be posted in each lobby with one version in your main office and another in each branch, other than off premise electronic deposit facilities, the Public Notice described in 12 CFR 345.44 (FDIC), 228.44 (FRB), 25.44 (OCC).
  2. Equal Housing Lending Poster: Post in lobby of main office, all branches, and in any other areas where loans are made. Note, this is an 11”x14” poster and unlike most other requirements for signage, the size requirements are specifically stated. 12 CFR 338.4 (FDIC), 24 CFR 110.15 and 110.25 (HUD and OCC) the FRB requirements fall under the Fair Housing Act. .
  3. In August 2022 the FDIC made changes to the sign. Refer to Federal Register Vol. 87, No. 151, Page 48079 as the Fair Housing and Consumer Protection Sale of Insurance Rule are both impacted. To improve their efficiency and effectiveness the FDIC consolidated the Consumer Response Center and the Deposit Insurance Section under one organization, entitled the National Center for Consumer and Depositor Assistance. Fair Housing signage and the Sales of Insurance disclosure should refer to, “…National Center for Consumer and Deposit Assistance.” The effective date of the change was August 8, 2022. The OCC has also had changes to its poster. Refer to Bulletin 2021-35, August 5, 2021.
  4. Home Mortgage Disclosure Act (HMDA). General notice of availability must be posted in each home office and physical branch offices located in an MSA. 12 CFR 1003.5(e). Non-HMDA banks do not post this notice. First-time filers post it after receiving notice their disclosure is ready after they have submitted their file for the prior year.
  5. Fair Credit Reporting Act (FCRA) requires that a consumer be allowed to notify the bank of an error in their consumer report. If a notice is posted informing consumers where to direct their notice, they may not be delivered to just any employee and must be properly directed.  623(a)(1)(C) (Note, this is a recommendation, not a requirement. Not having such a notice does set the bank up for failure as virtually all staff would need awareness training of how to handle such a notice from a customer.)

Additional signage requirements while you are auditing these:

  1. Customer Information Program procedures require providing adequate notice the bank is requesting information to verify customer identities prior to opening account. May be given or posted. 31 CFR 1020.220(a)(5)
  2. FDIC Deposit Insurance Notices are to be displayed at each station or window (including drop boxes, teller windows, New Accounts, drive-ups) where insured deposits are normally received, excluding automated service facilities such as ATMs, night depositories and POS. These signs must be 3″X7″ in size. 12 CFR 328.2 & FDIC 93-42, 94-17. [Editor’s note: The FDIC has a proposed rule out for comment through April 7, 2023, that could affect this requirement]
  3. Funds Availability Policy is for banks routinely delaying availability of any deposited item. Disclosure is required of several items in a conspicuous place in each location where deposits are accepted. This includes abbreviated text on ATMs but excludes drive-ups.  These disclosures are contained in our Facts About Funds Availability brochure that can double as the posted notice.  12 CFR 229.18
  4. ATM Surcharge Notice requirements apply if your bank, as an ATM owner/operator, imposes a fee to complete a transaction or inquiry. The bank must disclose on the ATM or ATM screen that a fee may be imposed. 12 CFR 1005.16(c).
  5. Rate Board requirements under TISA/Reg DD are that indoor signs are exempt from many advertising requirements. But if a rate is stated it will use the term “annual percentage yield” or “APY” and contain a statement advising consumers to contact an employee for further information on terms and fees. 12 CFR 1030.8(e)(2)

And for employees there are several other requirements.

  1. 5-in-1 Employment Poster is required to be visible to job applicants and employees, 42 USC 2000e-10(a).

    This poster should include five parts, and if not in a combined poster, individual signs must be posted in the manager’s office or lobby. The five laws are: Equal Employment Opportunity Act, Fair Labor Standards Act, Employee Polygraph Protection Act, Family Medical Leave Act, and OSHA’s Plain Language “It’s The Law”. Refer to 29 USC 201, 29 USC 2003, 29 CFR 825.300, and 29 CFR 1903.2(a)(3)

  2. Notice of Employee Rights has two requirements; 1) Executive Order 13496 is a Notice of Employee Rights under the National Labor Relations Act, the primary law governing relations between unions and employers in the private sector. See 29 CFR Part 471. Banks need to follow this for various reasons including due to FDIC insurance, savings bond transactions, TTL accounts and government contracts. Post the notice conspicuously in offices where employees covered by the NLRA perform contract-related activity, including all places where notices to employees are customarily posted both physically and electronically. 2) Employee Rights under the NLRA See section 7 of the NLRA, 29 U.S.C. 157

SCRA and a new best practice recommended?

By Andy Zavoina

The Servicemembers Civil Relief Act (SCRA) has been around a very long time. It has existed under several names and can trace its origins to the Civil War. Prior versions were enacted and would terminate, but the Soldiers’ and Sailors’ Civil Relief Act has been in force since 1940. It was modified and became the current SCRA in December 2003.

The premise of the law has not changed. The intent of Congress was to give peace of mind to the servicemember by granting special protections to their rights and property interests while they are in the service of our country. The provisions of the SCRA allow servicemembers to have their legal rights secured until they can return from the military to defend themselves, when necessary, and to better afford existing debt which may be more difficult to service with a reduced income from military service.

Many banks misunderstand the SCRA and believe it is a wartime protection, but the SCRA is in effect at all times – not just when the country is at war. Many SCRA protections affecting the banking relationship your customer has with you apply to debts incurred prior to military service. That is the 6 percent maximum rate many bankers are aware of.

You will find the actual law at 50 U.S.C. 3901 and it is conveniently located in the “Other / Misc Regulations” section of the BankersOnline Regulations pages. There is no implementing regulation. Often when looking for guidance a banker should review the SCRA workpapers of its overseeing agencies, court cases, and enforcement actions published by any of the banking agencies. There are also guidance documents that may be issued. The agency with “key” enforcement powers is the Consumer Financial Protection Bureau (CFPB). Although it is responsible for the larger banks (with assets over $10 billion) it is very connected to the SCRA and even has a department dedicated to servicemembers. This department provides many updates each year about the treatment of servicemembers, although each of the prudential agencies has oversight as well. In fact, most have established rigorous exam schedules to ensure the SCRA is being adhered to, and it is not uncommon to read of enforcement actions by any of them. These may be for repossessions that were not following SCRA requirements, and also for violating that six percent rule. That rule is what this article is really about as the CFPB has issued its opinion that may be read as guidance, and practically requires banks to be proactive on providing the interest rate reduction even when a servicemember does not request it. In a nutshell, it is recommended that banks seek out possible opportunities to reduce interest rates and do so at any indication that there may be SCRA protections available.

Servicemembers do receive training on the availability of these protections and in many cases I have read that there are articles and training available periodically to remind them of this law. In fact, recruiters “sell” the rate reductions as a benefit of military service. But as I have studied the law and its evolution, I understand that it was intended to offer the thanks of a grateful nation for their service. This six percent interest rate reduction was offered (read – required) by law but at the expense of lenders, not taxpayers. That is what politicians call a win – win.

Here is an example. Assume your customer has a civilian occupation earning $63,000 annually. This person has an annual debt service requirement of $42,000 which yields a debt ratio of 67 percent. Now let’s have your customer called up for active duty. He is an E-6 with over six years of service. His annual income is now $44,544 for 2023 and his debt service jumps to 94 percent. It seems like he might benefit from an interest rate reduction.

This reduction in income is not always the case. When the law originated there was a draft and military pay was not competitive with the same jobs’ civilian counterparts. There was an article in 2006 that cited a RAND National Defense Research Institute study which revealed 72 percent of servicemembers surveyed were making more money in the service than as civilians. The original law’s intent was to assist a servicemember when needed and it was not an automatic protection. It was to be requested based on a lower income due to military service. A classic example is Gene Autry, the Singing Cowboy in the 1940s. He enlisted to serve in WW II. His income went from $400,000 a year to $1,008.

Where did the six percent rate originate? I honestly do not know how Congress arrived at that number in 1940, but that was it. The rate allowed does not fluctuate and is not adjusted with the cost of living. The prime rate in 1940 was 1.5 percent so there was a margin of 4.5 percent. In January 2023 the prime rate is 7.50 percent which with that same margin would yield an SCRA adjusted rate of 12.00 percent – double what is currently allowed.

A general rule of thumb is that a person being paid by Uncle Sam is “in the military.” The recent high school graduate who enlists in the military is being paid by the military the day they report for basic training. This is an easy and clear-cut test but there are always other possibilities. Based on definitions in the SCRA, a servicemember (reservist) being called up is afforded protections upon receipt of their orders.  Further, the definitions tell us that a servicemember is “in the military” when they are employed full-time in this capacity and further, that debts incurred prior to that are subject to SCRA Section 3937, which provides the 6 percent rate cap. These are two different events, the date of being protected, and being “in the military” and paid by the U.S. government (Uncle Sam). When the debt was incurred and when the person was protected can be exclusive of one another. It is possible that a reservist will receive their orders, borrow, and later claim protected status and want a rate reduction. I discussed this with an Army Judge Advocate General officer (JAG attorney) and he said while that was not the intent, it does seem to be the result.

What is happening in theory is a person has that civilian debt ratio and all is fine. There is a national emergency, and this person wants to go into the military and serve their country. Loan rates are reduced, and this makes that government paycheck stretch a bit farther. A servicemember borrowing after they are in the service is not required to be given a rate of no more than 6 percent because they know what their income is now and should borrow responsibly, only when they know they can afford to repay it. This supports my understanding of why this exists and it is not to be a benefit and reason to serve but rather one less inhibitor for those wanting to serve.

The protections under Sec. 3937 apply to debts incurred by the servicemember, or the servicemember and their spouse, jointly. This is a clarification from the old law, the SSCRA. Industry practices then were to apply the protections against any loan on which the servicemember was obligated.  The new law specifies who is covered. As reassuring as this may be, it can also be troubling as there would be reputational risks if you refused to lower the rate on a loan to the servicemember and their parents or children, as an example. The same debt service standards may apply, but the law isn’t written to protect other borrowing relationships.

Pre-service debt is a key factor. The interest rate on a pre-service credit card balance today of a servicemember must be reduced if it exceeds 6 percent. Charges made tomorrow (or at any time during military service) are not pre-service and thus not subject to the cap.

The SCRA made it very clear that a bank’s knowledge alone that a customer was now a servicemember was not sufficient to justify any adjustment to the loan rate. The SCRA required the servicemember to provide a written request for relief and provide a copy of their military orders as well as any extensions of those orders. Keep in mind, however, that the servicemember may invoke their rights under this section at any time up to 180 days after their release from military service. The application of the six percent rate becomes retroactive.  Even if the debt was paid in full before the servicemember invoked their rights, a re-amortization and refund could be owed based on the date they were under protection of the SCRA until their release.

Notification requirements were changed a little by Public Law No. 115-232 on August 13, 2018. The SCRA now says the servicemember shall provide to the creditor written notice and a copy of—

  1. military orders calling the servicemember to military service and any orders further extending military service; or
  2. any other appropriate indicator of military service, including a certified letter from a commanding officer.
  3. a creditor may use, in lieu of notice and documentation under 1 or 2 above, information retrieved from the Defense Manpower Data Center (DMDC) database through the creditor’s normal business reviews for purposes of obtaining information indicating that the servicemember is on active duty.

So, item 2 provides a more flexible notice and a third option was added for, “normal business reviews.” So, a safe harbor was introduced for a creditor that uses the information retrieved from the DMDC with respect to a servicemember if—

a. such information indicates that, on the date the creditor retrieves such information, the servicemember is not on active duty; and

b. the creditor has not, by the end of the 180-day period, received the written notice and documentation required requesting protection. (There is no six percent rate requirement.)

4. A substitute for copies of the servicemembers orders is a certified letter from the servicemembers’ commanding officer. This term, “certified letter” is not defined but in its purest United States Postal Service form would be “a special USPS service that provides proof of mailing via a receipt to the sender. With electronic USPS Tracking, the sender is notified when the mailing was delivered or that a delivery attempt was made.” This is not Registered Mail which has different handling and security features from Certified Mail.

The existing SCRA, 3937(b)(1) already included the 180-day period, but the certified letter from a commanding officer is a new alternative for invoking the rate reduction.

Many banks can verify individual servicemembers as well as batch process requests with the DMDC SCRA database. Many banks adopted the batch processing method and check the bank’s CIF records against it on a monthly or other regular basis. New hits could show active duty status and immediately bank records would be adjusted or a relationship manager would contact the customer and verifications would be initiated or protections would go in effect. They could be reversed later if in error.

In December 2022, the CFPB published an analysis of servicemembers not getting the benefits of interest rate reductions for various reasons. “Protecting Those Who Protect Us” discusses those Guard and Reserve servicemembers who are activated but are not receiving these benefits.

Here are some points brought out in the publication:

  • Reserve and National Guard members called to active duty are paying an extra $9 million in interest every year because they are not always receiving the benefit of their right to rate reduction.
  • In an odd selection of a time period, the CFPB estimates that between 2007 and 2018, data show fewer than 10 percent of auto loans and 6 percent of personal loans received a reduced interest rate and it is believed this reflects lower numbers than should exist.
  • It is estimated the underutilization amounted to $100 million of interest that was paid unnecessarily to lenders for auto and personal loans.

Who is entitled to these protections? The regulators expect banks to use the DMDC database which has proven accurate enough to warrant a safe harbor when used for verifications under the SCRA and the Military Lending Act. (Note, the SCRA has one database, and the MLA has another. You would expect that the servicemembers themselves would be on both and dependents would be on the MLA. So, if you are checking on the servicemember, either should suffice, right? When I spoke to someone at the DMDC they could not explain a servicemember difference but were emphatic to check the respective database based on the purpose of the inquiry. I believe one difference may be that some SCRA benefits extend beyond the period of military service but not for MLA use. The results of the query may include that. The DMDC has a manual that among other things denotes “Title 32 outlines the role of the United States National Guard; normally Title 32 members are not covered under SCRA. Those Title 32 members and others who meet the criteria referenced in Title 50 USC App. §§ 3901 below are accurately represented on the SCRA website.

In order to be considered for SCRA coverage a Title 32 member must be called “…to active service authorized by the President or the Secretary of Defense for a period of more than 30 consecutive days under section 502(f) of title 32, United States Code, for purposes of responding to a national emergency declared by the President and supported by Federal funds.””

The CFPB says in its 39-page publication, “Existing literature suggests that the interest rate reduction benefit is underutilized, and continued enforcement efforts suggest that some creditors continue to violate protections against repossession, despite efforts to increase awareness of SCRA protections and improve information about servicemember eligibility for those protections. There is also limited information on utilization rates, making the development and evaluation of public policy efforts to increase benefit utilization difficult.” The paper indicates servicemembers are not receiving the protections they are entitled to for various reasons, that banks (that is my term as the CFPB refers to financial institutions, creditors, finance companies, etc. but I am writing for banks) are violating the SCRA and that servicemembers must jump through too many hoops to get these protections. Further the CFPB complains that banks are not thorough in retroactively applying the interest rate reductions.

The law is clear that the servicemember can request protections, but the CFPB wants to emphasize option 3 above where banks will voluntarily use the DMDC database. It actually goes further and attacks creditors who insist on following the law’s stated requirements, saying in the publication: “However, creditors could just as easily access a Department of Defense system [the Defense Manpower Data Center SCRA website] that checks any borrower for active-duty status.” This raises two issues bankers need to consider. First, how much would be involved in the bank regularly batch processing its CIF files against the database, and second, would this be a cost-effective use of resources? Positive hits would require additional procedures to verify the status with the customer. That is, a positive hit could be verified before progressing, or the bank could take that positive hit and respond with a  confirmation letter. The bank could explain how it made its discovery, that the customer’s loan has been reduced in rate, the effective date, the reamortization of those applicable payments and the deposit or attached check for the refund of interest that had been paid and is being refunded. The letter will explain the new payment amount as it will be reduced and what to expect if the servicemember’s protections end before the loan is repaid in full. This is also an opportunity to thank them for their service, point out the benefits of internet banking and request a copy of the person’s orders if the bank wants them for their files. The CFPB recommends the best practice is to provide the rate discount without burdening the servicemember with any requests. Your bank needs to determine if it agrees with that. At the very least it is an opportunity to verify the bank has the correct mailing address as we all know it is typically a requirement in account agreements, but typically a completely ignored requirement as well.

I may have downplayed the CFPB’s intention as it actually encourages bank employees to be whistleblowers, “Employees who believe their companies have violated federal consumer financial protection laws are encouraged to send information about what they know to whistleblower@cfpb.gov. To learn more about reporting potential industry misconduct, visit the CFPB’s website.“ This is not in the published document but the online news release. https://www.consumerfinance.gov/about-us/newsroom/cfpb-finds-members-of-the-reserves-and-national-guard-paying-millions-of-dollars-in-extra-interest-each-year/

Here is a takeaway list for banks to consider:

  1. Should it be batch checking CIF files?
  2. What follow-up if any with the servicemember is desired?
  3. Will protections be applied automatically?
  4. Procedures should already be to retroactively apply the rate reduction to the date of protected status.
  5. When the borrower has one or more loans, the benefits should apply to all.

The SCRA does allow in Section 3937(c) for a challenge to the rate reduction. A court may grant a creditor relief from the limitations of this section (3937) if, in the opinion of the court, the ability of the servicemember to pay interest upon the obligation or liability at a rate in excess of 6 percent per year is not materially affected by reason of the servicemember’s military service. As an example, let’s assume the bank makes a car loan to a college student who is working their way through college on scholarships and delivering pizza. The student is not making a lot of money but enough to survive and make a small car payment. Come graduation day the student graduates and becomes a military officer and doctor, receiving a huge increase in their income. They request a rate reduction because “it is their right.” That was not the intent of the law initially, but it has become so political. The bank has the right to contest the request, but the reputation risk is severe, and the bank could appear unpatriotic.

I believe a challenge to protections would require an extraordinary case and we have yet to see a deserving one. But the CFPB is promoting a new best practice which is not called for in the law. Bankers should understand, what is requested by the CFPB is purely optional and would come at a cost. Banks individually must determine if it is a reasonable cost or not.

The child support levy moratorium is over

By Pauli D. Loeffler

During COVID-19, the Oklahoma Child Support Service (“OCSS”) took a break from issuing levies. The moratorium has ended, and banks are receiving levies again. I covered child support levies in the February 2018 OBA Legal Briefs, which you can access online once you register an account through the My OBA Member Portal. Here are few bullet points to keep in mind.

  • The levy is exempt from the Garnishment of Federal Benefits rule.
  • The levy attaches to all deposit accounts OWNED by the Obligor/customer whether or not the account number is included on the levy. That includes accounts held in sole ownership, joint ownership, sole proprietorships, grantor trusts, CDs, MMDAs, IRAs, retirement, annuities, 401Ks, and HSAs. It will NOT reach accounts owned by an LLC (even if it uses a sole member’s SSN), a corporation, partnership, a limited partnership, IOLTA, insurance premium trust account, etc.
  • The levy is effective for 60 days after receipt and subsequent deposits will be captured. The bank may cash “on-us” checks payable to the account owner but should not cash checks drawn on other financial institutions.
  • A copy of the levy will be mailed to the account owner by OCSS, so the bank does not mail a copy. The bank is free to let the owner know of the levy as soon as it locks the account down.
  • OCSS may release or partially release the levy prior to 60 days. The release must be signed by an attorney.

 

January 2023 OBA Legal Briefs

  • Has your bank suddenly become a HMDA reporter?
  • Minutiae matter
  • Joint owners’ signatures on new joint accounts

Has your bank suddenly become a HMDA reporter?

By John S. Burnett

A recent federal court decision has lowered the loan reporting threshold for closed-end mortgage loans under the Home Mortgage Disclosure Act-implementing Regulation C from 100 to 25 closed-end mortgage loans in each of the two preceding calendar years. If your bank has been routinely making 50 or 60 closed-end mortgage loans and very few open-end mortgage loans each year for the last several years, you might have been planning to enjoy another year in 2023 of not being a HMDA reporter.

All that has changed. And if you haven’t realized that yet, you’ve got some scrambling to do.

Background

In a final rule that became effective in 2015 (the “2015 final rule”), the CFPB set the HMDA reporting threshold for closed-end mortgage loans at 25 in either of the two preceding calendar years.

On May 2, 2019, the Bureau issued a proposal to, among other things, increase the 25 closed-end mortgage loan reporting threshold to either 50 or 100 such loans in either of the two preceding calendar years.

On May 12, 2020, the CFPB issued a final rule (the “2020 final rule”) that, among other things, increased the closed-end mortgage loan reporting threshold to 100 such loans in either of the two preceding calendar year. The change was effective July 1, 2020.

After the adoption of the 2020 rule, the National Community Reinvestment Coalition, Montana Fair Housing, Texas Low Income Housing Information Service, Empire Justice Center, the Association for Neighborhood & Housing Development, and the City of Toledo, Ohio, filed a lawsuit challenging the changes to the closed-end reporting thresholds (and other provisions) in the 2020 final rule, asserting that the 2020 final rule was arbitrary and capricious, contrary to law, and in excess of the Bureau’s statutory authority under the Administrative Procedure Act.

On September 23, 2022, the U.S. District Court for the District of Columbia issued an order vacating (nullifying) only the portions of the 2020 final rule that increased the closed-end mortgage loan reporting threshold. The court found that the “CFPB failed adequately to explain or support its rationales for adoption of the closed-end reporting thresholds under the 2020 Rule, rendering this aspect of the rule arbitrary and capricious.”

The court cited the preamble to the 2015 final rule in noting that the CFPB explained that “the loss of data in communities at closed-end mortgage loan-volume thresholds higher than 25 would substantially impede the ability of the public and public officials in these locales and others to understand access to credit in their communities.”

The CFPB offered no comment on the court’s ruling until December 6, 2022, when an article, “Changes to HMDA’s closed-end loan reporting threshold,”[https://www.consumerfinance.gov/about-us/blog/changes-to-hmda-closed-end-loan-reporting-threshold/] was posted to the Bureau’s blog. The article simply said, “The [court’s] decision means that the threshold for reporting data on closed-end mortgage loans is now 25 loans in each of the two preceding calendar years, which is the threshold established by the 2015 HMDA Final Rule, rather than the 100-loan threshold set by the 2020 HMDA Final Rule.”

The Blog article went on to say that the “CFPB recognizes that financial institutions affected by this change may need time to implement or adjust policies, procedures, systems, and operations to come into compliance with their reporting obligations. In these limited circumstances, in allocating the CFPB’s enforcement and supervisory resources, the CFPB does not view action regarding these institutions’ HMDA data as a priority. Thus, the CFPB does not intend to initiate enforcement actions or cite HMDA violations for failures to report closed-end mortgage loan data collected in 2022, 2021, or 2020 for institutions subject to the CFPB’s enforcement or supervisory jurisdiction that meet Regulation C’s other coverage requirements and originated at least 25 closed-end mortgage loans in each of the two preceding calendar years but fewer than 100 closed-end mortgage loans in either or both of the two preceding calendar years.”

On December 21, 2022, the CFPB published a final rule at 87 FR 77980 [https://www.federalregister.gov/d/2022-27204] with technical amendments to Regulation C that changed each mention of the 100 closed-end mortgage loans reporting threshold in subsections 1003.2(g) [definition of financial institution] and 1003.3(c) [excluded transactions] and the Official Interpretations of those subsections to 25 closed-end mortgage loans. The amendments became effective on publication.

What this all means

When the District Court vacated the portion of the 2020 final rule that increased the reporting threshold for closed-end mortgage loans from 25 to 100 such loans in either of the preceding two calendar years, it put those portions of the regulation and official interpretations back to their 2015 final rule wording, as if they were not changed by the 2020 final rule.

In the Bureau’s Blog article described just above, the Bureau acknowledged that the court’s ruling could HMDA filing requirements for applications and loans dated in 2020 (from July 1), 2021, and 2022, for financial institutions that made at least 25 but fewer than 100 closed-end mortgage loans in the two previous calendar years. It went on to say that it doesn’t intend to initiate enforcement actions or cite HMDA violations for failures to report closed-end mortgage loan data collected in 2020 through 2022 for institutions subject to Bureau enforcement or supervisory jurisdiction.

There have been no similar statements of intent not to initiate enforcement actions or cite HMDA violations from the Federal Reserve Board, FDIC, OCC, or NCUA. It would seem that those regulators will have to issue a similar statement because it is next to impossible for many bankers to go back over their applications and loans to find the data to back-file because they weren’t collecting HMDA data during that period.

Let’s assume that the other regulators issue such a statement. What does your bank need to do if it originated 25 or more closed-end mortgage loans in both 2021 and 2022 but hasn’t had to file since 2015?

1. If your bank never obtained a Legal Entity Identifier (LEI) or let its LEI lapse, jump on the task of getting one (or renewing or replacing the old one). You need it to create the unique loan numbers that have to be assigned to each entry on the HMDA LAR.

2. Make sure the bank has the right application forms to collect HMDA data

3. Quickly get lenders and loan assistants spun up on any changes in loan interview scripts and the necessity for checking that HMDA data are being collected with applications

4. Remember that each HMDA-related loan application received after December 31, 2022, will need to include HMDA data added as it gets processed and originated, denied, or withdrawn.

5. For loans already in the pipeline on January 1, 2023, check to see what HMDA data are missing, and take steps to obtain it.

Some industry trade groups have asked the CFPB and prudential regulators to formally declare a one-year amnesty on enforcement for small-volume lenders impacted by the court’s ruling. As of this writing, many such lenders are uncertain they can adapt their procedures by January 1, 2023, and we haven’t heard more from the Bureau or the prudential regulators.

Minutiae matter

By Andy Zavoina

Welcome to 2023. As I pen this month’s article one of my inbox emails is from Apple News and it is about 2023 horoscopes and what is in the stars for me. It is time to look forward, which may require looking back. I remember sitting at my compliance desk at 6:30 p.m., after having been there since 6:30 a.m., that a new year should come with a fresh start, a clean slate, a new beginning. All those audits I had not gotten to should be erased and I should be able to start with a fresh calendar. After all, I made it another year. But that is not how life works. It is not like a sporting event and the last game is over, start your game plan for the next one. Well – you do have to prepare for the future and that is what this article is about. But there was no “last game” and what was not finished still needs to get done. It is like the saying says, this is not a sprint, it is a marathon. That is when I consider coming in at 6 a.m. tomorrow to get an earlier start.

One thing to always consider as you begin planning your year is what are the major events you are aware of?

• Are we a HMDA reporter or now will be and what ramifications does that bring? If applicable, are we ready for the March 1 filing deadline this year? Do we have only the final quarter’s LAR entries to scrub or more, and how long will that take?

• The Regulation B small business data gathering rule will be coming out this first quarter. The CFPB has said it will, and in fact has promised it will be to both Congress and a court. But the final rule is not here yet and I will worry directly about that when we have the new rule. It will be a lot of preparation work. I am aware of that, and it is in the back of my mind as I start planning major events for 2023. But my focus now is what do I need to get done and on my “completed list” before that new requirement begins taking my time and attention.

• When is my next compliance exam? That is a compliance officers’ direct responsibility. What has been done to prepare for it and depending on when that is expected, more importantly, what has not been done? Start making that list if your exam is eminent. What other exams do you contribute to – Bank Secrecy, Safety and Soundness which may include Reg O, any fair lending or mortgage origination and servicing requirements? When we had a separate mortgage loan origination department, HUD and the VA. separately examined it You may have similar issues. And while we follow regulatory requirements typically to ensure consumer protections are in place, the fact is that exams are where our success or failure is often judged and scored. In preparation for those, we may have internally and externally completed audits done. When are these on the calendar and what preparation is needed for them?

Let’s look at the future, and to do that we have to reflect on the past. Let’s eliminate some of the small things, the minutiae. These are minimal tasks that need to be sorted and ensure there are no issues with compliance. It’s the little things sometimes that surprise you and bite you on the backside. So, let’s strive to eliminate as many of those as we can.

Now that signage requirements are addressed, let’s ensure “annual” tasks have been completed.

Reg BB (CRA), Content and availability of Public File Reg H § 228.43 – Your Public Files must be updated and current as of April 1 of each year. Many banks update this continuously, but it’s good to check. You want to ensure you have all written comments from the public from the current year plus each of the two prior calendar years. These are comments relating to the bank’s efforts in meeting community credit needs (your SBA loans may play a key role here) as well as any responses to comments. You also want a copy of the last public section of the CRA Performance Evaluation. That actually is to be placed here within 30 days of receipt. Ensure you are keeping up with branch locations and especially ATMs as those may fluctuate. The regulation has more on the content of this file. It may be best to review it with an audit workpaper to use as a checklist to avoid missing any required items.

CRA Notice and Recordkeeping § 228.42, 228.44, 1003.5 – CRA data, which can include small business and small farm as well as home mortgages are gathered based on specific reporting requirements for the Loan Application Registers (LAR). CRA and HMDA information, if applicable, must be submitted by March 1, for the prior calendar year. If you are a reporter of either LAR, you should start verifying the data integrity now to avoid stressing the process at the end of February. HMDA mortgage data should be compiled quarterly so this should not be a huge issue, but a thorough scrubbing as the new year starts and submission preparation readies is always warranted.

Pertaining to this, national banks should ensure they have reviewed and updated as needed the CRA, FHA and ECOA notices in accordance with the Aug. 5, 2021, OCC Bulletin 2021-35. This bulletin provided updated content for the appropriate names and addresses for notices required by the Community Reinvestment Act and Equal Credit Opportunity Act, and for posters under the Fair Housing Act. National banks were required to make the appropriate changes to their notices and posters within 90 days of the issuance which then had a mandatory compliance date of Nov. 3, 2021.

Reg C – HMDA Notice and Recordkeeping § 1003.4, 1003.5 – HMDA data are gathered as home mortgage loans are applied for and are compiled quarterly if your bank is a HMDA reporter. There are specific and detailed reporting requirements for the Loan Application Register (LAR) itself. The LAR must be submitted by March 1, for the prior calendar year. If you are a reporter, you should start verifying the data integrity now and this is of vital importance if you have a large volume of records to report.

Reg E § 1005.8– If your consumer customer has an account to or from which an electronic fund transfer can be made, an error resolution disclosure is required. There is a short version that you may have included with each periodic statement. If you’ve used this, you are done with this one. But if you send the longer version that is sent annually, it is time to review it for accuracy and ensure it has been sent or is scheduled to be. Electronic disclosures under E-SIGN are allowed here.

This is also a good time to review §1005.7(c) (additional electronic fund transfer services) and determine if any new services have been added and if they were disclosed as required. Think Person-to-Person transfers like Zelle, Venmo or Square.

Reg G – Annual MLO Registration § 1007.102 – Mortgage Loan Originators must go to the online Registry and renew their registration. This is done between November 1 and December 31. If this hasn’t been completed, don’t push it to the back burner and lose track during the holidays and then have to join a year-end rush to complete this task. This is also a good time to plan with management and Human Resources any MLO bonus plans. Reg Z Section 1026.36(d)(1)(iv)(B)(1) allows a 10 percent aggregate compensation limitation on total compensation which includes year-end bonuses.

Regulation O, Annual Resolution §§ 215.4, 215.8 – In order to comply with the lending restrictions and requirements of 215.4, you must be able to identify the “insiders.” Insider means an executive officer, director, or principal shareholder, and includes any related interest of such a person. Your insiders are defined in Reg O by title unless the Board has passed a resolution excluding certain persons. You are encouraged to check your list of who is an insider, verify that against your existing loans, and ensure there is a notification method to keep this list updated throughout the year.

Reg P § 1016.5 –There are exceptions allowing banks which meet certain conditions to forgo sending annual privacy notices to customers. The exception is generally based on two questions; does your bank share nonpublic personal information in any way that requires an opt-in under Reg P, and have you changed your policies and practices for sharing nonpublic personal information from the policies and procedures you routinely provide to new customers? Not every bank will qualify for the exception, however. John Burnett wrote about the privacy notice conundrum in the July 2017 Legal Briefs. That article has more details on this.

When your customer’s account was initially opened, you had to accurately describe your privacy policies and practices in a clear and conspicuous manner. If you don’t qualify for the exception described above, you must repeat that disclosure annually as well. Ensure that your practices have not changed and that the form you are sending accurately describes your practices.

For Reg P and the Privacy rules, annually means at least once in any period of 12 consecutive months during which that relationship exists. You may define the 12-consecutive-month period, but you must apply it to the customer on a consistent basis, so this is not necessarily a December or January issue, but it could be. And each customer does not have their own “annual date.” If a consumer opens a new account with you in February, you provide the initial privacy notice then. That is year one. You can provide the annual privacy notice for year two at any time, up until December 31 of the second year.

It is important to note that unlike most other regulatory requirements, Reg P doesn’t require E-SIGN compliance for your web-based disclosures. You can use e-disclosures on your bank web site when the customer uses the web site to access financial products and services electronically and agrees to receive notices at the web site, and you post your current privacy notice continuously in a clear and conspicuous manner on the web site. So, the demonstrable consent requirements and others in E-SIGN’s 15 USC Sect. 7001(c) do not apply, but there must still be acceptance to receive them on the web. Alternatively, if the customer has requested that you refrain from sending any information regarding the customer relationship and your current privacy notice remains available to the customer upon request this method is acceptable.

Fair Credit Reporting Act – FACTA Red Flags Report – Section VI (b) (12 CFR 334.90) of the Guidelines (contained in Appendix J) require a report at least annually on your Red Flags Program. This can be reported to either the Board, an appropriate committee of the Board, or a designated employee at the senior management level.
This report should contain information related to your bank’s program, including the effectiveness of the policies and procedures you have addressing the risk of identity theft in connection with the opening of covered accounts and with respect to existing covered accounts, as well as service provider arrangements, specifics surrounding and significant incidents involving identity theft plus management’s response to these and any recommendations for material changes to the bank’s program. Times change, customers’ habits change, and importantly criminals change, and each may require tweaks to the bank’s program.

Reg V, Fair Credit Reporting Act – Affiliate Marketing Opt-Out § 1022.27(c) – Affiliate marketing rules in Reg V place disclosure restrictions and opt out requirements on you. Each opt-out renewal must be effective for a period of at least five years. If this procedure is one your bank is using, you must know if there are there any expiration dates for the opt-outs and have these consumers been given an opportunity to renew their opt-out?

RESPA Reg X, Annual Escrow Statements § 1024.17 – For each escrow account you have, you must provide the borrower(s) an annual escrow account statement. This statement must be done within 30 days of the completion of the escrow account computation year. This need not be based on a calendar year. You must also provide them with the previous year’s projection or the initial escrow account statement, so they can review any differences. If your analysis indicates there is a surplus, then within 30 days from the date of the analysis you must refund it to the borrower if the amount is greater than or equal to $50. If the surplus is less than that amount, the refund can be paid to the borrower, or credited against next year’s escrow payments.

Reg Z Thresholds and Updates § 1026.3(b) – These changes are effective January 1, 2023. You should ensure they are available to staff or correctly hard coded in your systems. The exemption for Reg Z disclosures will increase from $61,000 to $66,400, meaning consumer loans over that amount (less real or personal property expected to be used as the consumer’s principal dwelling or a private education loan) will be exempt.

BSA Annual Certifications – Your bank is permitted to rely on another financial institution to perform some or all the elements of your CIP under certain conditions. The other financial institution must certify annually to your bank that it has implemented its AML program. Also, banks must report all blockings to OFAC within ten days of the event and annually by September 30, concerning those assets blocked.

Information Security Program part of GLBA – Your bank must report to the board or an appropriate committee at least annually. The report should describe the overall status of the information security program and the bank’s compliance with regulatory guidelines. The reports should discuss material matters related to the program, addressing issues such as: risk assessment; risk management and control decisions; service provider arrangements; results of testing; security breaches or violations and management’s responses; and recommendations for changes in the information security program.

Security, Annual Report to the Board of Directors § 208.61 – The Bank Protection Act requires that your bank’s Security Officer report at least annually to the board of directors on the effectiveness of the security program. The substance of the report must be reflected in the minutes of the meeting. The regulations don’t specify if the report must be in writing, who must deliver it, or what information should be in the report. It is recommended that your report span three years and include last year’s historical data, this year’s current data and projections for the next year.

Similar to the Compliance Officer reporting to the board, this may include a personal presentation, or it may not. I recommend that it is because this is an opportunity to express what is being done to control security events from the recent past as well as foreseeable events and why these are important issues. These facts can assist Security in getting the budget and assets necessary for the coming year. There is no prescribed period during which the report must be made other than “annually,” and this may be based off the timing of the prior report, give or take a month. Annual presentations such as this are better done when the directors can focus more on the message so try to avoid quarter ends, and especially the fourth quarter. This is not a “how-to” on the annual security report, but you can find more on the topic, free, on the BankersOnline Tools by searching on “annual security program.”

Training – An actual requirement for training to be conducted annually is rare, but annual training has become the industry standard and may even be stated in your policies. There are six areas that require training (this doesn’t mean you don’t need other training, just that these regulations have stated requirements).

• BSA (31 CFR §1020.210(b)(4), and 12 CFR §208.63(c)(4) Provide training for appropriate personnel.
• Bank Protection Act (12 CFR §21.3(a)(3) and §208.61(c)(1)(iii)) Provide initial & periodic training
• Reg CC (12 CFR §229.19(f) Provide each employee who performs duties subject to the requirements of this subpart with a statement of the procedures applicable to that employee)
• Customer Information Security found at III(C)(2) (Pursuant to the Interagency Guidelines for Safeguarding Customer Information), training is required. Many banks allow for turnover and train as needed, imposing their own requirements on frequency.)
• FCRA Red Flag (12 CFR 222.90(e)(3)) Train staff, as necessary, to effectively implement the Program;)
• Overdraft protection programs your bank offers. Employees must be able to explain the programs’ features, costs, and terms, and to explain other available overdraft products offered by your institution and how to qualify for them. This is one of the “best practices” listed in the Joint Guidance on Overdraft Protection Programs issued by the OCC, Fed, FDIC and NCUA in February 2005 (70 FR 9127, 2/24/2005), and reinforced by the FDIC in its FIL 81-2010 in November 2010.

MISCELLANEOUS – Some miscellaneous items you may address internally in policies and procedures include preparation for IRS year-end reporting, vendor due diligence requirements including insurance issues and renewals, documenting ORE appraisals and sales attempts, risk management reviews, following records retention requirements and destruction of expired records, and a designation by the bank’s board of the next year’s holidays. And finally, has there been a review of those staffers who have not yet taken vacation or “away time” to the five consecutive business days per the Oklahoma Administrative Code 85:10-5-3 “Minimum control elements for bank internal control program”?

Joint owners’ signatures on new joint accounts

By John S. Burnett

We on the OBA Compliance Team were reminded in recent weeks of the problems that can arise when a bank has opened a joint account without obtaining all of the joint owners’ signatures on the account signature card or other deposit contract. It’s our sense that banks aren’t allowing this to happen as often now as it did years ago. But a quick review of the subject may help keep it at “top of mind” when opening joint accounts.

First, a bank account agreement, whether it’s on the signature card itself or in a separate document, is a legal contract between the bank and the owner(s) of the bank account. When there are two or more owners, the agreement is also a contract between or among the joint owners. In most cases, each joint owner agrees that each owner has a right to all of the funds in the account, and, for most banks, each owner agrees to be responsible for any overdraft balance, regardless of which owner causes it.

But in order to have the right to the funds in the account or to be responsible for an overdraft in the account or have the right to request information on or statements of the account, each person has to formalize their participation in the agreement by signing the signature card. Furthermore, to be FDIC insured as a joint account, each owner must have signed, or there must be other evidence of the intent that the account be jointly owned.

Banks should have a tight policy and procedure for managing the opening of a joint account when an owner isn’t present. Assuming they have the ability, they could obtain electronic signatures for account agreements from owners absent from the account opening. If that is not possible, they should consider including in the deposit contract, atter consulting legal counsel, a provision that, if a person identified as a joint owner has not signed the signature card within ___ days after the opening of the account, the account’s ownership will change to eliminate that person’s interest in the account. They should also do a proactive (effective) job of following up with the customer who failed to sign in the days after the account was opened.

December 2022 OBA Legal Briefs

  • Insider Abuses

Insider Abuses

By Andy Zavoina

Bert Lance.

Many, or most of you will not know that name, but all of you know Regulation O. Briefly, this reg was implemented to prevent bank directors, executive officers, and principal shareholders from benefiting from favorable credit terms and treatment in a bank. This group we refer to as “insiders” is not to be treated to better terms than similarly qualified “civilians” we can refer to as the public. Lance and Reg O are a cause and an effect of an insider abusing their authority and position.

Before we discuss the details of Reg O, we need to set the stage on events attributed to the development of Reg O. Bert Lance was the central figure on that stage. He considered himself a country banker from Georgia. His claim to fame was that he went to Washington as President Jimmy Carter’s budget director at the Office of Management and Budget (OMB). Carter took office in 1977. As one of Carter’s closest advisers for almost two decades, he was approved for his political appointment with ease, but not without some criticism. William Proxmire, chairman of the Senate Banking Committee, opposed Lance’s nomination, saying, “He has had none — zero, zip, zilch, not one year, not one week, not one day” of experience at managing a federal budget then estimated at $400 billion.

Perhaps this was demonstrated in Lance’s financial condition at the time. Lance was a banker and his bank had $5 million in loans to Carter’s family business. Carter was known as a peanut farmer when he became president. As to financial condition, Lance had a net worth of almost $3 million but with that he carried more than $5 million in debt. Lance lived well as he owned three large homes in Georgia and rented a house in Georgetown as he worked in Washington, DC. His annual interest payments on the various loans amounted to $370,000. To cover this debt service, he had his public service salary as budget director of $57,500. It did not take long for the speculation and criticisms to start of Lance’s performance, but was this legitimate criticism, or politics? Federal investigators questioned his appointment process and eventually the Senate Governmental Affairs Committee questioned Lance over allegations that he had misused bank funds, obtained loans at favorable rates, and used a company plane to fly to University of Georgia football games, all abusing his position in the bank and living a lifestyle beyond his means.

Several senators called for his resignation, and under increasing pressure Lance did resign less than nine months after taking his position at the OMB. This was the first major internal scandal of the Carter presidency. One could still question if this was deserved or political, but it got worse.

Lance was arraigned on twelve federal charges that could have sent him to prison for 95 years for conspiracy, fraud, and assorted violations of banking laws. This was pre-Reg O and insider abuses were considered as contributing factors to the violations. Lance and three other conspirators were charged with illegally obtaining 383 loans for themselves, their families, and associates from 41 banks stretching from Atlanta to New York and Chicago and from there to Luxembourg and Hong Kong.

The 1979 indictment alleged Lance and three others showed a “reckless disregard for the safety of the banks” that extended credit to them when there was “no reasonable expectation of repayment.” The indictment alleged that Lance repeatedly used a “false and misleading” personal financial statement to obtain loans, including one for $3.4 million from the First National Bank of Chicago. That same financial statement, dated Jan 7, 1977, was the one submitted to the Senate Governmental Affairs Committee for  his confirmation to head the OMB.

To illustrate the issues prompting increased regulation, Lance’s financial statement failed to reflect a $14,000 loan that the National City Bank of Rome, Ga., had made to Lance’s wife. After he became budget director, the grand jury said, Lance got the Rome bank to transfer the loan from his wife’s name to Lancelot, which was a partnership actually consisting of Lance and his wife.

In one of his many legal cases, Lance was acquitted on nine of twelve charges and the remaining three were eventually dropped. Lance had also been charged with twenty-one other felonies, including misapplication of bank funds as president of the National Bank of Georgia (NBG) and the First National Bank of Calhoun, falsification of personal financial statements and making false entries on NBG records. The indictment indicated that Lance and two others used their positions in a few small Georgia banks to acquire the stock of still other banks by lending each other money without adequate collateral and, in some cases, no collateral at all.

It came out that in 1974 and 1975, Lance “caused Calhoun First National Bank” to make a total of $79,530 in unsecured loans to his son, David Lance, who was then a twenty-year-old student. On May 27, 1976, Lance got a $150,000 loan from the Chemical Bank of New York, putting up 14,811 shares of stock as collateral. However, that stock was already pledged as part of the collateral of another loan Lance had, this one for $2.6 million from the Manufacturers Hanover Trust Co. of New York.

As a side note, several years later, Lance was still in trouble and under investigation by a federal grand jury and the Securities and Exchange Commission after being charged with “unsafe and unsound” banking practices and misappropriation of funds. In this case he was fined $50,000 and barred from banking by the Office of the Comptroller of the Currency.

With the abundance of accusations and cases, such poor banking practices achieved a national spotlight. Sounds like the reason for the birth of a regulation, right?

Reg O is somewhat of a standard to follow. The case examples below are from consent orders from the Office of the Comptroller of the Currency (OCC) which has an “Insiders Activities” section in its Comptroller’s Handbook. This section includes various discussions of risk but also refers to the Federal Reserve’s Reg O as requirements which must be followed. The Handbook states, “Various state and federal laws and regulations govern insider activities. Unlike the broad standards of fiduciary duties, these laws and regulations are specific about how insiders are to conduct themselves. Since the statutory and regulatory restrictions on insider transactions do not apply uniformly to all insiders, the board and management must become familiar with each restriction and must pay careful attention to the scope and requirements of each.” This may well be stated by other regulatory agencies as it would be good advice for all banks other than national banks.

Reg O established reporting requirements for bank insiders which were included in previous financial laws. The Financial Institutions Regulatory and Interest Rate Control Act of 1978 contributed significantly to the first iteration of Reg O which was originally established in 1980. It later incorporated the Depository Institutions Act of 1982 and has been revised many times since.

Reg O set forth a new set of rules to stop the preferred treatment that Bert Lance and others took advantage of. Abuses such as was described above can threaten the safety and soundness of a bank in large or small ways, but a threat is a threat. This article will recap pertinent sections of Reg O requirements but is not an in-depth review. I will not address recordkeeping, executive officer requirements or risk management issues.

Reg O applies to insiders, which includes executive officers, directors, and principal shareholders and the related interests of these individuals of the bank and its affiliates. Reg O further defines executive officer as any person who participates or has the authority to participate in major policy making functions, regardless of title or compensation, though it specifically lists the chairman of the board, the president, every vice president, the cashier, the secretary, and the treasurer as executive officers, unless excluded through bylaws or by a resolution of the board of directors and in practice the individual does not participate in major policy making functions. Most banks’ boards of directors define the insiders in their Reg O policy. Those listed should meet the test of a “person who participates or has the authority to participate” in the major policymaking activities and the bank needs to ensure someone who meets this test is in fact listed.

Related interests of the insider include any company controlled by the insider. For Reg O, this results from directly or indirectly owning, controlling, or having the power to vote 25 percent or more of any class of voting securities of a company. It also includes controlling the election of a majority of the directors of a company or having the power to exercise a controlling influence over the management or policies of a company. There is a presumption of control for any director or officer of a company who directly or indirectly owns, controls, or has the power to vote more than 10 percent of any class of voting securities of that company, or for any person who directly or indirectly owns, controls, or has the power to vote more than 10 percent of any class of voting securities if no other person owns a greater percentage.

The bank needs to be able to track loans to insiders and the related interest of those insiders. Recordkeeping requires this but the accuracy is the burden of the bank, knowing the insiders and having them understand and identify their related interests.

This information is also useful when the bank is employing any of these related interests. While not directly related to Reg O, as you will read below if there are issues with paying an insider’s “side business” for work not completed, that is a safety and soundness issue as well as a violation of ethics requirements the bank should have. The related interest list can be used in the vendors due diligence process to identify the players. In a small town and transparent bank environment the bank will know who they are dealing with. It is not a violation to employ them, but the purpose here is not only to avoid a problem, but to avoid any appearance of a problem or preferential treatment.

There are limits placed on the loans to insiders both on an individual and an aggregate basis. The lending limit to an individual, including their related interests, is 15 percent of the bank’s unimpaired capital and surplus for loans that are not fully secured, and an additional 10 percent for loans that are fully secured by readily marketable collateral. Loans fully secured by obligations of the U.S. government or agencies, or loans secured by deposits held at the bank are not counted toward the limit. On an aggregate basis, loans to insiders are limited to the equivalent of the bank’s unimpaired capital and surplus, or up to two times unimpaired capital and surplus for banks with less than $100 million in deposits, as long as a signed resolution by the bank’s board justifies the higher limit. The higher limit for smaller banks is also conditioned on the bank meeting applicable capital requirements and having a satisfactory CAMELS rating from the bank’s most recent examination.

Reg O includes general prohibitions based on terms and creditworthiness. Loans made to insiders must be on substantially the same terms, such as interest rates and collateral, as loans made to non-insiders, with the same underwriting standards applied at origination. This is not to say if the bank made one other loan under similar terms, it could use that as justification to provide a credit product with otherwise more favorable terms to its directors. The comparisons must be real and authentic. In addition, the loan must not involve more than the normal risk of repayment or present other unfavorable features. Any loan to an insider of an amount more than $25,000 or 5 percent of unimpaired capital and surplus, whichever is higher, must be preapproved by a majority vote of the board of directors, and the insider must abstain from the approval process. Prior approval is required when an extension of credit, regardless of the amount, results in aggregate debt to the individual and their related interests exceeding $500,000.

An extension of credit includes making or renewal of a loan, a line of credit, or extending credit in any manner. Overdrafts are included in Reg O. Overdrafts of $5,000 or less are not considered extensions of credit when made pursuant to a written, preauthorized, interest-bearing extension of credit plan, or a written, preauthorized transfer of funds from another account.

Banks are prohibited from paying overdrafts to executive officers and directors. The prohibition on overdrafts does not apply to the payment of inadvertent overdrafts if the aggregate amount of overdrafts on an account does not exceed $1,000, the account is not overdrawn for more than five business days, and the executive officer or director is charged the same fee as any other customer. The prohibition on the payment of overdrafts does not apply to principal shareholders who are not also an executive officer or director, or to the related interests of insiders.

Reg O is designed to add controls to loan related issues even though it includes a lot of recordkeeping, and the focus is on preferential treatment of those in control of the bank. Deposit rates to employees and insiders is not a Reg O issue but could be preferential treatment issue. I will draw your attention to 12 U.S.C. Sec. 376 which says, no member bank shall pay to any director, officer, attorney, or employee a greater rate of interest on the deposits of such director, officer, attorney, or employee than that paid to other depositors on similar deposits with such member bank.” Note this rule applies to member banks. Nonmember banks may consider it a good practice, but not a regulatory requirement.

The following cases are real and are public information by virtue of regulatory enforcement orders. In some cases, the reader may make assumptions to fill in gaps not otherwise in the enforcement orders. Nonetheless as is commonly stated in a consent order, these were done by the subject who, “without admitting or denying any wrongdoing, desires to consent to the issuance of this Consent Order…”

James Ratcliff

Considering the abuses that lead to Reg O and its intended protections for bank deposits, the first case to exemplify why these protections need to be adhered to, monitored, and enforced is one in which the OCC took against James Ratcliff.

Ratcliff was an Executive Vice President and Vice Chairman at an Oklahoma bank which had $285 million in assets as of December 2020. The bank has since been acquired.  Ratcliff was an Executive Vice President from 2000 to 2020. He held the position of Vice-Chairman of the Board of Directors from 2016 until mid-2020, when he became Chairman of the Board. He then served as Chairman until November 2020. He was most certainly an insider and empowered by virtue of his position to direct the bank and its activities on a daily basis.

The enforcement order (AA-ENF-2022-32) says Ratcliff, “caused the Bank to engage and pay numerous entities owned by Respondent as third-party vendors. Respondent participated in setting the financial arrangements between the Bank and the entities he owned.” These are issues that involve self dealing and while these may not violate any lending issues, the practices should certainly be scrutinized by the bank under its ethics policy. This does not mean that may not be done, but if they are transparency should prevail. Again, there should be no impropriety and no appearance of any impropriety.

In this case, Ratcliff (and presumably the bank itself) failed to ensure that the services that were to be provided were in fact done. In fact, in these instances there are often no contracts to compare the work or services to be completed to, yet there were payments made and therefore this long seasoned employee, officer, insider was receiving payment directly or indirectly with no evidence of work performed.

Also cited in the enforcement order was the fact that Ratcliff failed to ensure employee compensation was commensurate with that person’s responsibilities and actual work performed for the bank. But mostly that he also directed bank employees and contractors to perform work for his non-bank entities at the expense of the bank. Here again, it can be difficult to challenge a senior officer in the bank, yet there are times for the good of the bank that a challenge is required.

On to the issue of lending, Ratcliff approved and/or made multiple unsafe or unsound loans that were “liberally underwritten” and included inaccurate credit memorandums which then contained insufficient financial statement and cash flow analysis. Ratcliff himself participated in the practice of helping borrowers create new corporate entities and transferred existing debt to these new entities without any positive change in that borrower’s ability to repay. Similar to the prohibited practice of flipping loans, here the intent was to disguise who the debt was owed to, and it may have been a tactic to avoid debt service requirements.

The bank extended loans to entities owned in whole or in part by Ratcliff. In this process he failed to disclose his ownership interest in any of these entities to the bank or the board. During loan approval processes he also did not recuse himself from approvals of these loans. Was the bank at fault? If Ratcliff failed to disclose his ownership interest the bank had no idea that his recusal was required. From a compliance perspective I would at this point want to know when the insiders were last trained or reminded of their responsibilities. While ignorance of the law is no excuse for a violation, it may serve as a defense. Compliance should note to itself that periodically formal or informal training is conducted even if it serves only as a reminder to insiders as to their responsibilities. Similarly, staff in the bank need to be reminded that they have an obligation to the bank, and not the insiders, to notify others in management if they happen to be aware of any violation such as these.

In this case Ratcliff was deemed to have, “engaged in violations of law, regulation, or order, recklessly engaged in unsafe or unsound practices, and breached his fiduciary duty to the Bank; which violations, practices, or breaches were part of a pattern of misconduct, caused or were likely to cause more than a minimal loss to the Bank; and demonstrated willful or continuing disregard for the safety and soundness of the Bank. loans.”

As a result of this consent order, Ratcliff was essentially banned from banking. Among other prohibitions, he may not participate in any manner in the conduct of an insured bank’s affairs, solicit, procure, transfer, attempt to transfer, vote, or attempt to vote any proxy, consent, or authorization with respect to any voting rights or vote for a director, or serve or act as an “institution-affiliated party.” That is part of the standard order used in such cases.

What is more, and imposes individual liabilities for his actions, is the civil money penalty Ratcliff has to pay off $100,000. The amount of money the bank may have lost paying third party vendors for services not provided is not known. Any losses due to questionable loans when Ratcliff had borrowers create a new entity to takeover the debt of a different borrower but essentially with the same beneficial owner is not known. Any problems with loans to Ratcliff’s own companies in which he failed to disclose his ownership is not known. And the costs the bank incurred auditing all of its records for many, many years trying to unravel all of these violations, is not known. Even though the bank in question was acquired between the events above and this consent order in August 2022, the order stipulates Ratcliff, “shall not cause, participate in, or authorize the Bank (or any subsidiary or affiliate of the Bank) to incur, directly or indirectly, any expense relative to the negotiation and issuance of this Order except as permitted by 12 C.F.R. § 7.2014 and Part 359.” Those sections define the limited circumstances under which a bank may indemnify an employee or offer a golden parachute. With the acquisition of the bank in the interim between the acts and the order, any possibility of that happening would seem unlikely.

Contrast some of Ratcliff’s activities to those of Bert Lance and others and we see similar breakdowns. The abuse of authority both against the bank and the bank’s employees hurts the bank and the banking industry. We may believe what is often referred to as “the good old boys’ network” is a thing of the past. But 1977 is really not that long ago when compared to abuses that were allowed to happen.

Tony Fritz

Was Ratcliff alone in this enforcement action? No. It would seem that there was another in his bank that in many ways facilitated the wrongdoing whether knowingly, inadvertently, or through acts of negligence. Tony Fritz is the former Chief Lending Officer and Director at Ratcliff’s bank.

In his Consent Order (AA-ENF-2022-34) it is noted that Fritz worked for the bank as a credit analyst from 2014 to 2015 and was promoted, and from 2015 through December 2019 he was both a Chief Lending Officer and a director. In his position, Fritz was expected to uphold certain standards, which was not done. He failed to ensure that credit administration and risk management practices and controls were effective and commensurate with the risk and complexity of the loan portfolio. Fritz also failed to develop a system to ensure ongoing monitoring of complex commercial credits and to ensure the bank kept adequate loan documentation. And he failed to formalize loan review and approval processes and failed to properly document lending decisions. From these comments in the consent order, it appears many loans, including those in Ratcliff’s portfolio or under his direct supervision were “rubber stamped” for approval and were not questioned if deficiencies were noted, or should have been noted.

In fact, the consent order goes on to say, Fritz, “failed to provide credible challenge to members of senior management who maintained loan portfolios and failed to maintain adequate oversight over their portfolios. And it goes on to say, Fritz, “approved and/or originated multiple unsafe or unsound loans that were liberally underwritten and included inaccurate credit memorandums containing insufficient financial statement and cash flow analysis. (Fritz) originated loans to cover customers’ overdrafts and overdraft fees. (Fritz) extended additional loans to borrowers who were not credit-worthy, sometimes through creating new entities, in order to make payments on such borrowers’ non-performing loans.” Here again, a process of rubber stamping does not offer the checks and balances that are required, nor the controls to all but ensure compliance with banking regulations and requirements.

What Fritz did, or more correctly did not do was a dereliction of duty. It was considered an unsafe or unsound banking practice and breached his fiduciary duty to the bank. It stated that this misconduct caused more than a minimal loss to the bank. Fritz was personally assessed a civil money penalty but his was less than Ratcliff’s, at $10,000. He also has additional prohibitions placed upon him essentially banning him from banking. Before he could accept a position of responsibility in a bank, he would be required to provide that bank’s president or chief executive officer with a copy of the consent order describing the above.

Orlando Romero

On this topic of insider activities and Reg O, I want to mention a third case which is from the Federal Reserve (Docket No. 22-002-B-1) against Orlando Romero. This is an order involving ethics more than traditional insiders’ activities. In this case the banker was not fined but was banned from banking because of his misconduct which violated internal bank policies and constituted violations of law or regulation and were considered unsafe or unsound practices and breaches of fiduciary duty.

This case is special in several ways. Firstly, when I have discussed this with many bankers, most have not heard of such an enforcement before, and many do not see it as a fundamental problem. It is something that many have heard of or done to some extent.

Romero was a client service specialist in a Global Technology area of his large bank. He had received a job offer letter from a competing institution. That letter provided him with some specific terms of employment one of which was his salary. I would assume it offered him an increase, but that would not seem to be enough for Romero. He altered the letter and increased the starting salary above that which was actually offered.

Romero added $28,000 to his current salary and presented that to his current bank in hopes for a raise and he would then remain at his current bank. That amount is significant to me. In this case his bank met that amount and Romero’s annual salary was increased. This is where many bankers would proclaim a “win” for the employee. Questions bankers may ask include, “if the bank thought he was worth that amount when a competitor offered it to him, why wasn’t he worth that before?” In fact, he was not offered that amount by a competitor. There would seem to be a fine line between ethically asking for a raise and fraudulently stating that a competitor has valued your work at more than your current employer. Regardless, some bankers take the position that Romero’s bank had a decision to make regardless of where an offer came from: “Was he worth that much considering his job duties, his performance, and the costs associated with bringing in a new employee to fill that position?” If the bank paid him the increase, then its answer was that he was worth it.

But in the end, somehow the bank discovered the scheme. Romero resigned from his bank two and a half years after receiving his increased salary. That would amount to $70,000 in “additional” income. The order did not state if the resignation was triggered by this knowledge, or it was learned afterward. As noted above what he did was deemed to be in violation of several policies, laws and or regulations. Before he could work at another bank there were certain requirements he would have to meet. This includes providing the Managing Director/Senior Vice President or equivalent level in the reporting line of the institution with notice and a copy of the Fed’s cease and desist order against him and fully familiarize himself with the policies and procedures of the institution that pertain to his duties and responsibilities, including, but not limited to, the employee Code of Conduct, and provide written notice to the Board of Governors, along with a written certification of his compliance with each provision required in his order. It may not be a permanent, but it would take a lot to meet this, in my opinion.

At the end of the day, I hope you will ensure that management, the board, and all bank staff are both informed or reminded of their responsibilities and duties under applicable laws, regulations, and policies. As we close 2022 and enjoy the holiday season, ethics is a good topic to revisit as gifts may be offered to staff and prohibitions should apply.

November 2022 OBA Legal Briefs

  • HMDA Changes Un-Changing?
  • Defunding the CFPB
  • New “Junk Fees”

HMDA Changes Un-changing?

By Andy Zavoina

As a part of your Compliance Management Program, you should meet periodically with senior management and/or the board of directors and keep them informed of changes that are or may be coming down at you. This is especially the case as we approach budget talks. You absolutely do not want to submit your compliance budget only to advise senior management a month after it is approved that you already need an increase for 2023 because of a new requirement you had not factored in. And that is just one of the topics you should be briefing them about.

You may be thinking, “Well, Andy, we don’t think the Reg B small business data gathering will be completely in place and certainly not for the whole year, so what “new” requirement are you talking about?” In a nutshell, the Home Mortgage Disclosure Act (HMDA). Many HMDA reporters received benefit of a threshold change for reporting a HMDA Loan Application Register. The floor amount was raised in 2020 and the threshold for reporting was increased from 25 to 100 closed-end loans. More details on that in a minute, but the Consumer Financial Protection Bureau’s (CFPB) methodology for justifying this change was challenged in court and the CFPB “lost” meaning the Court is declaring the change to be invalid. Those banks taking advantage of the increased threshold may find themselves scrambling to complete HMDA LARs again.

Now some details for a better understanding. The case was between the National Community Reinvestment Coalition and the CFPB in the U.S. District Court for the District of Columbia. It was a federal judge who moved to vacate the HMDA changes by the CFPB to lower the reporting requirements by increasing the closed-end loan threshold.

HMDA rules require a lender to review two preceding years of mortgage loan activity to determine if reporting requirements apply. There is one threshold for closed-end loans and another for open-end. In 2015 the closed-end threshold for required reporting was 25 or more and the open-end threshold was 100 or more. Additional qualifications such as asset size and location are not addressed here but would still apply.

In 2020 the CFPB opted to reduce the reporting burden by increasing the threshold of reportable closed-end loans from 25 to 100. In theory this reduces the smaller, low volume reporters and still retained the bulk of the active HMDA reporters. In May 2020, the CFPB estimated there are about 4,860 financial institutions required to report their closed-end mortgage loans and applications under HMDA. These were banks and credit unions and together in 2018 they accounted for 6.3 million closed-end loans. The CFPB further noted that the total number of institutions that were engaged in closed-end mortgage lending in 2018, regardless of whether they met all HMDA reporting criteria, was about 11,600, and the total number of closed-end mortgage originations in 2018 was about 7.2 million. In other words, under the current 25 closed-end loan threshold, about 41.9 percent of all mortgage lenders are required to report HMDA data, and they account for about 87.8 percent of all closed-end mortgage originations in the country. Further, 3,250 of these insured depository institutions and insured credit unions were already partially exempt for closed-end mortgage loans under the Economic Growth, Regulatory Relief, and Consumer Protection Act (EGRRCPA), and thus were not required to report a subset of the data points currently required by Reg C for these transactions. So, the percentage of loans and lenders receiving the benefits of the exemption was small. The CFPB estimated that when the closed-end threshold would increase to 100 under this final rule, the total number of financial institutions required to report closed-end mortgage loans would drop to about 3,160, a decrease of about 1,700 financial institutions.

The plaintiffs were referred to as the National Community Reinvestment Coalition (“NCRC”), but actually also included Montana Fair Housing (“MFH”), Texas Low Income Housing Information Service (“TxLIHIS”), Empire Justice Center (“EJC”), and the Association for Neighborhood & Housing Development (“ANHD”)—and the City of Toledo, Ohio. They said that HMDA data have been invaluable in “uncovering and addressing redlining, fair lending violations, and other inequitable lending practices” over the decades and the CFPB did not dispute that claim. It was noted that open-end loans were reported after a 2015 HMDA change to the rule, but eventually that, “22 percent of depository institutions” that had previously been required to report HMDA data, were exempted and this resulted in a significant loss of data in certain census tracts.

The burden on low volume lenders to file HMDA reports did not justify the costs to complete that task, the CFPB heard and accepted as evidenced by changes in 2020. The CFPB increased the threshold from 25 to 100 closed-end loans in April of that year and it required the collection of HMDA data through June 30, for institutions that would no longer be subject to HMDA requirements for closed-end loans. These institutions no longer had to collect data starting July 1, 2020, and the reporting of any closed-end loan data collected in 2020 was optional for them.

The plaintiffs stated that each of them “use HMDA data in their research, education, and advocacy to promote access to credit, and thus to housing opportunities” in minority and rural communities. Not having the data from these low-volume lenders leaves holes and unanswered questions and could allow these lenders to violate fair lending laws because the controls are no longer in place to police them.”

The District Court ruled in favor of the plaintiffs and  invalidated the closed-end loan exemption expansions but let stand the of 200 open-end lines threshold. Remember reporting of those lines had been optional until these changes began. The court vacated and remanded the closed-end mortgage loan reporting threshold to the CFPB.

Now there are two questions we do not have the answers to, but banks must begin to prepare for in any case. What action will the CFPB take, and when will it take it? The CFPB could take the case to a higher court and seek to justify the changes it made, or it could reverse the closed-end loan reporting threshold back to the 25 closed-end loan limit. It is reasonable to assume that they will let the record stand for 2021 and 2022 and could enforce the new – old – limit effective for 2023. That is to me a logical plan but the CFPB’s intention has not yet been made public as of this writing. If that is the option they will select, those estimated 1,700 banks that fell out of reporting and any others who controlled their application counts with product restrictions need to consider training, systems and controls to get back up to speed with these new – old – rules. If this is less than two months away, HMDA reporters who were exempt deserve time to evaluate and react to their needs. If your bank may fall into this category, you must make some determinations and meet with senior management to advise them of your situation and action plan if one is needed.

Defunding the CFPB

By Andy Zavoina

Another legal case the CFPB is involved in may bring additional changes to the “keeper of the consumer protection regs.” In mid-October 2022, a three-judge panel of the United States Court of Appeals for the Fifth Circuit ruled on a pending case, Community Financial Services of America vs Consumer Financial Protection Bureau.

In this case, Community Financial sued the Bureau in 2018 on behalf of payday lenders and other small lending businesses. They wanted to set aside the 2017 Payday Lending Rule which affected personal loans with short term or balloon-payment structures, typically including payday, vehicle title loans and many high-cost installment credit products.

Community Financial alleged that the CFPB exceeded its statutory authority, and it further attacked the CFPB claiming that the rulemaking authority violated the Constitution’s separation of powers. Remember, the CFPB is set up to request its funding each year from the Federal Reserve. The amount is determined by the CFPB’s Director, and the Federal Reserve must approve the request so long as it does not exceed 12 percent of the Federal Reserve’s total operating expenses. Unlike other federal government agencies, the CFPB determines its own needs, and it automatically gets that funding from the Federal Reserve – bypassing Congressional appropriation steps. This limits Congressional control and makes the agency’s structure unconstitutional in the Court’s view.

This multi-pronged attack was not new. In Seila Law, LLC v. Consumer Financial Protection Bureau, the Supreme Court ruled that the CFPBs  structure of being a single director agency who was only removable by the President “for cause” violated the separation of powers requirements. The Court found that provision to be severable, and simply invalidated the “for cause” requirement in the Dodd-Frank Act meaning the President could replace the CFPB director at will. The Court did not invalidate actions taken by the CFPB. This new case with Community Financial differs in that the Fifth Circuit leaves the funding mechanism and the CFPBs actions connected.

In this case the Court ruled that the CFPB’s funding structure violates the Constitution’s Appropriations Clause and separation of powers. Because the funding used by the CFPB to create the Payday Lending Rule was drawn through the unconstitutional funding structure, the Court ordered the Rule vacated. In this case the Court stated that the “Bureau’s perpetual insulation from Congress’s appropriations power, including the express exemption from congressional review of its funding, renders the Bureau no longer dependent and, as a result, no longer accountable to Congress and, ultimately, to the people.” The three-judge panel noted that this constitutional problem is even more of a problem given the CFPB’s authority. The panel then quoted the Supreme Court in the Seila Law case as the CFPB “acts as a mini legislature, prosecutor, and court, responsible for creating substantive rules for a wide swath of industries, prosecuting violations, and levying knee-buckling penalties against private citizens.”

The debate goes on as to funding because not all agencies are covered by the Congress’s appropriations power. The FDIC as an example assesses fees to stakeholders in the industry. The CFPB does not. It gets funding as noted, from the Federal Reserve from funds that would normally be remitted to the Treasury Department. Treasury is itself appropriated under federal law. So, in a roundabout way the CFPB’s funding comes at the expense of the Treasury Department and therefore Congress is forced to appropriate more to Treasury than it otherwise would.

The Fifth Circuit panel then connected the dots. The Court explained that the remedy is based on “the distinction between the Bureau’s power to take the challenged action and the funding that would enable the exercise of that power.” Because Congress “plainly (and properly)” authorized the CFPB to promulgate the Payday Lending Rule, it is not per se invalid. Instead, Community Financial has to show that the unconstitutional funding provision of the law “inflicted harm.” The Court said that showing that was easy, because the CFPB used the unconstitutional funding to promulgate the Payday Lending Rule. The Court therefore held the Plaintiffs were entitled to “a rewinding of the [the Bureau’s] action.” The Court rendered judgment for Community Financial, vacating the Payday Lending Rule “as the product of the Bureau’s unconstitutional funding scheme.”

So, what does all this mean? As Yogi Berra said, “it’s never over till it’s over.” The CFPB is expected to request an “en banc” hearing where all the judges of the Fifth Circuit Court of Appeals will hear the case instead of the three-judge panel. If that is not successful, it could then go to the Supreme Court.

In this case the Payday Lending Rule was defeated, but remember the court did not say the law itself was not valid, just the way it got there. Still, that opens the door to other challenges. Community Financial’s case, if it becomes final, would only be binding on federal district courts in in Texas, Louisiana, and Mississippi. But the door is open and less than one week after this ruling by the Fifth Circuit we have seen a challenge on an Illinois case, the CFPB v. TransUnion, in which the CFPB alleges that TransUnion violated a prior consent order with the CFPB entered into in 2017, citing the Community Financial case. There is also now a Utah case, CFPB v. Progrexion Marketing, Inc., in which the CFPB alleges that the methods used by the defendants to market credit repair services violated the Telemarketing Sales Rule and the Consumer Financial Protection Act. Again, attributes of the Community Financial case are being used here. And there is a third case in the Ninth Circuit, the CFPB v Nationwide Biweekly Administration again following a similar argument. In this case a California district court imposed a $7.9 million civil penalty against Nationwide for allegedly misleading marketing practices but did not award the nearly $74 million in restitution sought by the CFPB. The CFPB is still pursuing that remedy in the court system.

As to the pending TransUnion case, the CFPB filed an immediate response saying the Fifth Circuit ruling was “neither controlling nor correct” and “mistaken.” The CFPB maintains the court cited no case law holding that Congress violates the appropriations clause or separation of powers when it authorizes spending by statute, that the funding through the Federal Reserve contains checks and balances via audits, reports and appearances it makes to Congress among other arguments.

There is no projecting how long this Community Financial case or those new cases with similar arguments will take to become final. One ruling may quickly resolve all the satellite cases coming from it and it is doubtful that everything the CFPB has done will be invalidated with one decision, but management does need to be apprised of the case and understand this is not a final word and that business cannot revert to a pre-CFPB era based on the Fifth Circuit ruling.

New “Junk Fees”

By Andy Zavoina

I had a frantic message on Slack the morning of October 26, 2022, from one of my bosses. President Biden was on national television talking about banks charging “junk fees” which is a new and derogatory term in many cases for fees consumers agreed to pay, but which are now, to use a phrase, “politically incorrect” to charge. These are unjust or unearned fees which take advantage of a consumer. It makes me wonder sometimes how many fees are justified and really good to a consumer. If a bank charges a fee for paying someone into an overdraft, rather than charging a fee and returning the check to another entity which might then charge a fee for the returned check, add a late fee and then refuse to accept any personal checks from that person again for the next six months, that first bank fee does not sound too bad. But hey, remove all these “junk fees” and the consumer will be happier and at no cost, right? It is like a toll-free telephone line, “don’t cost nobody nothing.” Well, except the bank paying for the toll-free calls that are not free at all.

I do take offense when it is said that if a bank charges “surprise overdraft fees … they may be breaking the law.” Firstly, what law prohibits the imposition of this agreed upon fee? Is it that subjectively someone decided that fee is “unfair” and hey again, “unfair” is in a law so it must be illegal. The Unfair, Deceptive or Abusive Acts or Practices (UDAAP) law is becoming the catch-all law many were afraid it could be. Classifying a fee as unfair just seems politically correct for a number of reasons – mostly because the majority does not like to pay them.

Here is my analogy. A person with tritanomaly has a hard time telling the difference between blue and green, and between yellow and red. Should yellow and red be deemed junk colors? Should yellow cabs be outlawed because they do not appear yellow to everyone? Should the government revise the colors at traffic lights because they can cause confusion to some color-blind people? Well, no. But if there were more people with this color blindness and they had a hard time with the order of stop lights red, yellow, and green vertically, top to bottom, or horizontally, left to right, banning these colors might be “politically correct” and they would be used less when colors matter. There one could cite the Americans with Disabilities Act more than UDAAP, but it is subjective nonetheless.

It is important that many agencies of the U.S. government are headed up by political appointees who are there to serve the president. That is their job, in addition to serving the people of the United States. In this national broadcast President Biden appeared at the White House with CFPB Director Rohit Chopra, the FTC Director and others proclaiming his administration was taking action to eliminate all “junk fees.” These include fees for deposited checks that are returned unpaid, surprise banking overdraft fees, and other non-bank fees like hidden hotel booking fees and termination charges to stop people from changing cable plans. President Biden said that this was about  making fees for depositing a check that bounces and overdraft fees for transactions that are authorized into a positive balance but later settle into a negative balance “illegal” and he wants to save consumers over $1 billion each year. The CFPB is developing rules and guidance that will reduce credit card late fees that cost credit card holders $24 billon each year. And his administration has “encouraged” banks to reduce the fees they charge consumers across-the-board and that the CFPB is developing rules that will require banks to go further in addressing additional types of junk fees.

The CFPB then provided guidance on two new fees often charged by banks that it classifies as “junk fees,” which is certainly a derogatory sounding fee label regardless of the fact that the fees have been around a very long time, and both disclosed to and accepted by consumers. In fact, the consumer opts in. The guidance document is Circular 2022-06, “Unanticipated overdraft fee assessment practices.” The circular even points this out in the Analysis section subtitled, “Violations of the Consumer Financial Protection Act,” as it states, “consumers generally cannot reasonably be expected to understand and thereby conduct their transactions to account for the delay between authorization and settlement—a delay that is generally not of the consumers’ own making but is the product of payment systems. Nor can consumers control the methods by which the financial institution will settle other transactions—both transactions that precede and that follow the current one—in terms of the balance calculation and ordering processes that the financial institution uses, or the methods by which prior deposits will be taken into account for overdraft fee purposes.” This is augmented by footnote 23, which states, “While financial institutions must obtain a consumer’s ‘opt-in’ before the consumer can be charged overdraft fees on one-time debit card and ATM transactions, 12 CFR 1005.17(b), this does not mean that the consumer intended to make use of those services in these transactions where the consumer believed they had sufficient funds to pay for the transaction without overdrawing their account.”

In a nutshell, the justification says a consumer agreed to it, but that was before they knew they would be responsible for their own actions and have to pay for it. I can understand that consumers have a difficult time with payment priority of items. Bankers do as well. When a check is written it is presented through payment channels and it may have had sufficient funds when it was written, but the cash withdrawal at an ATM reduced the balance and now that check will not pay. Disclosures a bank gives would have a hard time making sense of all the different channels that can add and subtract from a consumer’s balance. But at the end of the day, if I rely not on what the computer says I have available but rather on my account register, if I started with $100 and wrote a check for $80, I know I should not take $60 from the ATM regardless of what the computer says I have available.

The Circular does make it clear that UDAAP is the enforcement action of choice. It asks one question: “Can the assessment of overdraft fees constitute an unfair act or practice under the Consumer Financial Protection Act(CFPA), even if the entity complies with the Truth in Lending Act (TILA) and Regulation Z, and the Electronic Fund Transfer Act (EFTA) and Regulation E?” and answers this with 13 pages of explanation.

The short answer is Yes, and that is because it is a UDAAP violation to charge such fees because “overdraft fees assessed by financial institutions on transactions that a consumer would not reasonably anticipate are likely unfair.” At the risk of sounding redundant, would an account register help the consumer understand they can not spend more than has gone into the account? Is relying on what a computer says the balance is what we used to call “playing the float,” and is not writing a check for funds not on deposit still “theft by check”? In my state it is a Class C or Class B Misdemeanor. But nowadays a consumer has more ways to access funds and it is a UDAAP violation of law by a bank.

One key concern in the circular are accounts that “authorize positive, settle negative” (APSN). That is, an unanticipated overdraft is charged because the consumer would not reasonably anticipate a fee because there were sufficient funds when an authorization was made.

The Circular differentiates between an overdraft which is a negative balance created when the bank pays an item for which there was not enough money to pay the item presented, and non-sufficient funds where the bank incurs no credit risk when it returns a transaction unpaid for insufficient funds. The overdraft is a loan which involves credit risk and banks charge fees for paying these items. The fee is typically a flat amount and is not based on the amount of the overdraft.

Two areas of concern are:

A fee banks have not seen targeted by the CFPB before—one imposed on a depositor when a bank charges back a check that has “bounced” (that is, it was returned unpaid) by the paying bank, and

“Surprise” fees, including overdraft fees charged when a consumer had enough money in their account to cover a debit charge at the time the bank authorized it.

In the first case (addressed in Compliance Bulletin 2022-06, issued the same day as Circular 2022-06), when the consumer deposits a check into their account, they assume these are good funds. We would believe this is less of a problem today as more payments are made electronically through Zelle, Venmo and the like. But while checks have declined in volume, they have not been eliminated. People are not accustomed to the potential bouncing and reversal of a check that they deposited whether a Reg CC hold notice was provided or not. These are not typically bad customers unless they played a role in the deception and no matter how meticulous they are at keeping a check register, they truly could not prevent the reversal and declining balance that would result from a deposited item coming back. The bank, however, dedicated staff time, decisioning, and technical resources to this process, so a fee for compensation is both disclosed and charged. Your bank accepted the deposit and never participated in the decision to pay or return the item. That was the paying bank’s decision.

According to the CFPB, while charging these fees across the board potentially violates existing law – UDAAP, banks may opt to have a targeted fee policy that charges depositor fees only in situations where a depositor could have avoided the fee. One such situations is when that depositor repeatedly accepts checks from the same originator who has paid them with checks which have bounced before. It would appear this process, while deserving of a fee, would be even more cumbersome and labor intensive to research and present to a depositor.

The second area of concern (covered in Circular 2022-06) are the surprise overdraft fees. The CFPB believes that these overdraft fees occur when a bank account balance reflects that a customer has sufficient funds to complete a debit card purchase at the time of the transaction, but the consumer is subsequently charged an overdraft fee because additional payments/withdrawals arrived possibly through a variety of channels which cause the balance to now be insufficient to cover that debit card withdrawal. The CFPB’s discussion here references the practice of using APSN (referenced above) to assess overdraft fees.

The CFPB asserts that a recent consent order entered into by the CFPB related to APSN overdrafts is applicable industrywide. It noted actions and discussions on these types of fees going back to 2010 by the CFPB, the Federal Reserve and the FDIC. It notes the FDIC cautioned banks on this in 2010 when it issued its Final Overdraft Payment Supervisory Guidance. In 2015, and the CFPB issued public guidance explaining how banks acted unfairly and deceptively when they charged certain overdraft fees. And in 2016, the Federal Reserve publicly discussed issues with unfair fees related to transactions that authorize positive and settle negative. They mentioned it again in 2018 in an issue of the Consumer Compliance Supervision Bulletin, describing it in terms of UDAP and Section 5 of the FTC Act. Then, in June 2019, the FDIC issued its Consumer Compliance Supervisory Highlights and raised risks regarding certain use of the available balance method. And finally in September 2022, the CFPB found that a financial institution had engaged in unfair and abusive conduct when it charged APSN fees and that is the case which is applicable to the industry. This was, of course, the Bureau’s action against Regions Bank where the bank was ordered to reimburse $141 million to customers, pay a civil money penalty of $50 million, and forgo charging any Authorized-Positive Overdraft Fees going forward.

The CFPB opined that, under the circumstances described, these “unanticipated” overdraft fees likely violate the Consumer Financial Protection Act(UDAAP) as they “are likely to impose substantial injury on consumers that they cannot reasonably avoid and that is not outweighed by countervailing benefits to consumers or competition.”

This is an area Compliance is involved in but needs to work with Operations and management to determine the extent of the circumstances in your bank described here. How often does it happen? What are the fees imposed and paid and the losses incurred? What are the risks of facing a regulatory enforcement action as a result? From there budget considerations can be made after a plan of action has been determined along with a policy change, if necessary.

October 2022 OBA Legal Briefs

  • Concerns about overdrafts and fees grow (Part 2)
  • 2022 OK legislative changes
  • A Reg O FAQ

Concerns about overdrafts and fees grow — Part 2

By John S. Burnett

In Part 1 of this article, I began a review of the FDIC’s August 18, 2022, “Supervisory Guidance on Multiple Re-Presentment NSF Fees,” issued with FIL-40-2022 (https://www.fdic.gov/news/financial-institution-letters/2022/fil22040.html). I ended Part 1 of that review with a comment summarizing what the Guidance had suggested in the section on Consumer Compliance Risk.

Part 2 of this article starts with a restatement of that closing comment, with some added thoughts.

Comment: Thus far, the Guidance has suggested that banks need to ensure that their disclosures reflect what actually happens in the case of multiple re-presentments for a single transaction, and that something may need to be done about better notifying customers when an item is returned and an NSF is assessed and/or banks may want to consider setting some limit on how many times re-presentments of items derived from the same transaction will trigger another NSF fee.

On the first point — agreement between disclosures and practice —that can be approached from different directions. If a bank is charging an NSF fee for multiple presentments derived from the same transaction, the bank can formulate the right words to relate those facts to its consumer customers. On the other hand, if the bank isn’t disclosing that multiple re-presentments will trigger multiple NSF fees, it may determine a way to detect multiple re-presentments and not charge for more than one. Another possible option could be to stop charging NSF fees altogether so as not to mention them at all in disclosures. Could this be what 16 of the 20 banks included in the CFPB’s report on the top 20 banks by overdraft-related income decided to do?

Let’s move on to the next topic in the Guidance.

Third-Party Risk: The FDIC’s Guidance also expresses the agency’s concerns about risks that can be presented by third-party arrangements with core processors and others who may play significant roles in processing payments, identifying and tracking re-presented items, and assessing NSF fees when items are returned for insufficient funds. If not properly managed, such third-party arrangements can present risks for client financial institutions.

The FDIC expects (as all the regulators do) that financial institutions maintain adequate oversight of third-party actions and appropriate quality control over the products and services provided through third-party arrangements. Institutions are responsible for identifying and controlling such risks to the same extent as if the institution itself were handling the activity.

More succinctly, banks are responsible for what the third parties do for (or to) the bank’s customers. In that regard, banks should review and understand the risks presented by their core processing system settings related to multiple NSF fees, as well as the capabilities of such systems, such as identifying and tracking re-presented items and maintaining data on such transactions.

Litigation Risk: Cases involving Bank of America and the Navy Federal Credit Union are evidence there is litigation risk involved in multiple NSF fee practices. Class action lawsuits may allege breach of contract and raise other claims because of a failure to adequately disclose re-presentment NSF fee practices in bank account disclosures. Some cases have already resulted in substantial settlements, including customer restitution and legal fees.

Risk mitigation

The FDIC encourages banks to review their practices and disclosures concerning charging NSF fees for re-presented transactions. The agency shared these risk-mitigation actions banks have taken to reduce the potential risk of consumer harm and avoid potential violations of law:

  • Eliminating NSF fees
  • Charging no more than one NSF fee for a transaction, regardless of whether there are re-presentments
  • Conducting a comprehensive review of policies, practices, and monitoring activities related to re-presentments and making appropriate changes and clarifications, including providing revised disclosures to all existing and new customers
  • Clearly and conspicuously disclosing the amount of NSF fees to customers and when and how such fees will be imposed, including:
    • Information on whether multiple fees may be assessed in connection with a single transaction when a merchant submits the same transaction multiple times for payment
    • The frequency with which such fees can be assessed\o The maximum number of fees that can be assessed in connection with a single transaction
  • Reviewing customer notification or alert practices related to NSF transactions and the timing of fees to ensure customers are provided with an ability to effectively avoid multiple fees for re-presented items, including restoring their account balance to a sufficient amount before subsequent NSF fees are assessed

If your bank finds issues …

If your bank reviews its NSF fee practices surrounding multiple re-presentments and finds issues, what does the FDIC expect the bank to do about it?

Doing nothing and waiting for the FDIC to demand action is not an option. The FDIC expects a bank with issues to self-initiate corrective action, to include restitution to affected consumers consistent with the approach described in the Guidance. Such banks should also:

  • Promptly correct NSF fee disclosures and account agreements for both existing and new customers, including providing revised disclosures and agreements to all customers
  • Consider whether additional risk mitigation practices are needed to reduce potential unfairness risks
  • Monitor ongoing activities and customer feedback to ensure full and lasting corrective action

The FDIC’s Supervisory Approach

The Guidance indicates the FDIC intends to take appropriate action to address consumer harm and violations of law. It will focus on identifying re-presentment-related issues and ensuring correction of deficiencies and remediation to harmed customers. They consider such issues serious.

They will recognize a bank’s proactive efforts to self-identify and correct violations. They generally will not cite UDAP violations that have been self-identified and fully corrected before the start of a consumer compliance exam. The FDIC will also consider a bank’s record keeping practices and any challenges a bank may have with retrieving, reviewing, and analyzing re-presentment data, on a case by case basis when evaluating the lookback time period used for customer remediation. But failing to provide restitution for harmed customers when information on re-presentments is reasonably available will not be considered full corrective action.

If examiners find violations of law that have not been self-identified and fully corrected before an exam, the FDIC will consider appropriate supervisory or enforcement actions, which could include civil money penalties and restitution.

In simpler terms, this is not a concern that FDIC-supervised institutions can ignore and hope it goes away.

Is your bank’s overdraft program ‘dynamic’?

The March 2022 edition of the FDIC’s Consumer Compliance Supervisory Highlights includes compliance exam observations concerning automated overdraft programs that have been converted from static to dynamic overdraft limits.

Static limits are usually set at account opening and seldom change. Institutions use limits ranging from $100 to over $1,000 that may vary by account type. Some banks assign the same limit to all customers. Those limits are usually communicated to customers at account opening, in subsequent disclosures (particularly when participating in an overdraft program is delayed for a period after account opening) or through some other method, such as online or mobile banking channels.

Dynamic limits, on the other hand, vary for each customer and may change periodically (daily, weekly, monthly, for example) as a customer’s usage or bank relationship changes. In some cases, a customer’s assigned overdraft limit might be $1,000 one day and reduced to zero within a few days.

Changes are often controlled by an algorithm (a set of system rules) that attempt to manage risk by weighing variables and customer behaviors. Variables involved often include account age, balance, overdraft history, deposit amounts and frequency and other customer relationships with the bank. Algorithms may be adjusted based on policy changes, competition, customer behavior, etc. And, based on examination observations, banks do not always communicate limit changes to their customers.

Failures to communicate: In 2021, the FDIC identified several banks that converted their programs from a static limit to a dynamic limit. Examiners had concerns with how some of the conversions were implemented and cited violations of section 5 of the Federal Trade Commission Act due for deceptive acts or practices. Those institutions failed to disclose enough information about the change to a dynamic limit. Some institutions did not communicate with their customers about the change at all. In many cases, banks failed to disclose some or all of these key changes:

  • Replacement of the fixed amount with an overdraft limit that may change and could change as frequently as daily
  • Use of a new overdraft limit that may be lower or higher, at times, than the fixed amount to which the customer had become accustomed
  • Suspension of the overdraft limit when it falls to zero and how such a change may result in transactions being returned unpaid to merchants/third parties due to insufficient funds.

Those omissions were considered material by the FDIC. They included necessary information customers needed to make informed decisions about how the new dynamic limit program operated. Customers were not able to understand how to avoid fees associated with an overdraft or fees for transactions declined for payment. The FDIC determined that changes without adequate disclosure resulted in consumer harm.

Mitigating risk: As with its guidance to banks concerning assessing NSF fees for multiple re-presentations derived from the same transaction, the FDIC included in the “observations” article on implementation of overdraft program dynamic limits a list of risk-mitigating activities banks can consider to reduce the risk involved in implementing such limits:

  • Providing clear and conspicuous information to existing customers so they have advance notice of how the change from a fixed overdraft limit to a dynamic limit will affect them. This is especially important when the bank previously disclosed the amount of the fixed overdraft limit to customers.
  • Disclosing changes to overdraft limits in real time to consumers, as these vary, with the opportunity for consumers to adjust their behavior
  • Reviewing and revising account opening disclosures or other communications used to inform new customers about the automated overdraft program to avoid engaging in deceptive practices
  • Explaining that the dynamic limit is established based on algorithms, or a set of rules, that weigh numerous variables and customer behaviors, how the limit may change (including the frequency of change), and how the limit may be suspended or reduced to zero when eligibility criteria are no longer met
  • Training customer service and complaint processing staff to explain the features and terms of the automated overdraft program’s dynamic features. This training should be provided to staff who work with new customers as well as those who work with existing customers.

2022 OK Legislative Changes

By Pauli D. Loeffler

Title 12 O.S. § 1190

Garnishment fee increase

A history of garnishment fees in Oklahoma: Going back as far as 1996, and perhaps even before, a garnishee holding the judgment debtor’s funds was only allowed to deduct a fee in the amount of § 10.00 from funds of the judgment debtor as payment for processing the garnishment. Keep in mind that the Oklahoma statutes require the federally insured depository garnishee to:

  • Maintain a garnishment and note the receipt of the garnishment summons
  • Mail or deliver the garnishment packet to the judgment debtor
  • Segregate funds of the judgment debtor on deposit at the time the garnishment summons is serve
  • Determine whether the judgment debtor leases a safe deposit box, and if so, seal the box from entry for 30 days (Banking Code § 1312)
  • Respond to the garnishment summons by filling out the Garnishee’s Affidavit/Answer and filing it with the court within 10 business days (days the court issuing the garnishment is open, not the days the bank is open for business
  • Provide a copy of the Affidavit/Answer to the creditor’s attorney or the creditor
  • Remit a check to the creditor

If the judgment debtor does not have an account or lease a safe deposit box, the garnishee must still comply with the last three bullets and request the $10.00 fee. Law firms whose practice is representing creditors usually are very good about remitting the fee, but some collection firms, creditor’s representing themselves, and attorneys that rarely did collections would ignore the garnishee’s request. The $10.00 fee is pretty paltry, and if the creditor didn’t send the fee upon request, it isn’t efficient to take action against the creditor.

Handling garnishments became even more time and labor intensive with the U.S. Treasury Fiscal Services Garnishment of Accounts Containing Federal Benefit Payments, 31 C.F.R., Part 212 (“the Federal Benefits Rule”} effective May 1, 2011. In addition to requirements of Oklahoma law, the Federal Benefits Rule came with new and more onerous requirements:

  • The bank had to determine whether it has an account holder as defined in § 212.3: “Account holder means a natural person against whom a garnishment order is issued and whose name appears in a financial institution’s records as the direct or beneficial owner of an account.” Accounts held by corporations, LLCs, partnerships, limited partnerships, etc., even if they, for some reason, were receiving federal benefits by direct deposits, are not subject to the Federal Benefits Rule. On the other hand, revocable trust accounts and sole proprietorship accounts receiving federal benefits ARE subject to the Federal Benefits Rule.
  • The bank had to determine whether a federal benefit payment was paid by direct deposit to an account of an account holder. If so, the bank was required to determine the amount of benefits directly deposited during the lookback period, and
  • Establish the amount of protected funds, and
  • Provide the Notice to account holder under § 212.7. Under the 2013 revision, If ALL funds ae protected, the notice is not required.

Bankers ask whether Oklahoma has a maximum fee amount that can be charged customers for garnishments. Oklahoma has no limit the bank can charge a customer for a garnishment. The low-end fee is generally $25 while some banks charge two or three times that much particularly for garnishments on commercial accounts. If the amount in the judgment debtor’s account exceeds the judgment, the bank can satisfy its fee, but this is rarely the case. The bank can take the account negative to grab the fee if and when the account receives a deposit.

However, for accounts subject to the Federal Benefits Rule, banks were wholly prohibited from collection of their fee other than from unprotected funds. The bank could not collect under the original 2011 § 212.6 (h), which prohibited the bank from charging or collecting a garnishment fee against a protected amount or collecting a garnishment fee after the date of account review. This was modified in 2013 to allow the bank to “charge or collect a garnishment fee up to five business days after the account review if funds other than a benefit payment are deposited to the account within this period, provided that the fee may not exceed the amount of the non-benefit deposited funds.”

Scatter-gun garnishments

In addition to the garnishment fee remaining the same amount for two decades, banks were receiving more and more garnishments where the judgment debtor never was a customer of the bank. I envisioned the creditor took an Oklahoma map and used a compass to draw a circle around the judgment debtor’s home or place of business and sent garnishments to all banks within a 50-mile radius. OBA and several reputable collection attorneys held discussions regarding a proposed amendment to 12 O.S. § 1171 to require the creditor to exhibit good faith with some factual basis to believe the debtor has or previously had a relationship with the garnishee such as an inquiry, loan or account with the bank from a credit report or checks from the judgment debtor drawn on the bank. The collection attorneys had no objection to increasing the fee and mailing a check with the garnishment summons but did not support language that the service without the check allowed the garnishee to delay attachment of the fund. Their concern was due to their practice of providing the court clerk with the affidavit, garnishment summons, etc., together with a stamped and a pre-addressed envelope for mailing to the garnishee after filing done by the court clerk. If the garnishee claimed the check was not provided, there was no way to determine whether the creditor didn’t include it, the court clerk mislaid it, or it was mislaid by the garnishee.

Amendment clarifying bank’s duties if the fee doesn’t accompany the garnishment

One question I could not confidently answer under the 2016 amendment was: “What does the bank do if the check is NOT provided with the garnishment summons? “My belief was that while it was possible that the bank might misplace the check after receiving the garnishment, the person logging the garnishment should note the details of the check in the log. Further, the creditor was responsible for making sure the check was in the envelope with the garnishment summons, and if the court clerk mislaid it, s/he was the agent for the attorney. While I believed that if the check wasn’t provided, the bank wasn’t required to freeze the judgment debtor’s funds, I cautioned our members that a court could construe the provision differently. The statute effective for garnishments issued on and after November 1, 2022, not only increases the fee to $35.00 but also removes the uncertainty:

2. A judgment creditor shall remit a fee of Thirty-five Dollars ($35.00) as reimbursement for costs incurred in answering a garnishment issued pursuant to subparagraph d of paragraph 2 of subsection B of Section 1171 of this title to garnishees which are federally insured depository institutions. Such fee shall be delivered to the garnishee with the garnishment summons, and the garnishee shall not be required to attach funds of the judgment debtor until such fee is received. Any fee paid to a garnishee pursuant to this paragraph shall be taxed and collected as costs.

This language also works well as far as the Garnishment of Federal Benefit Payments is concerned. No funds of an account holder will be frozen until the check is received. The account review, lookback period, and determination of protected amount will be triggered upon receipt of the check. Further, the mailing or delivery of the garnishment package to the judgment debtor can and probably should be delayed until the check is received. Garnishments are public record, so the judgment debtor may learn of the garnishment before the bank receives the check and freezes the account, but I would not advise the bank to notify the customer until the check is received. The time to file the garnishee’s answer, mail the answer to the creditor or creditor’s attorney, and remit the judgment debtor’s funds to the creditor will be determined by the date the check is received.

I have been in contact with the Administrative Office of the Courts (the AOC), which is responsible for promulgating the Official Garnishment Forms. The revised non-continuing Pre- and Post-Judgment Garnishment forms will clearly state below the signature line: (Pursuant to 12 O.S. § 1190 a judgment creditor must remit a Thirty-five Dollar ($35.00) fee for costs to any federally insured depository institution garnishee. Fee must be delivered with the garnishment summons. Garnishee is not required to attach the funds of the judgment debtor until such fee is received.)
The AOC is responsible for drafting legal forms for use under a number of Oklahoma statutes. and the categories of forms is accessible at this link: https://www.oscn.net/static/forms/AOCforms.asp. The Garnishment Forms required to be used under the various statutes are available at https://www.oscn.net/static/forms/aoc_forms/garnishment.asp and several are available in both Microsoft Word and PDF formats.

The first time I had the pleasure of working with the AOC was in 2011 in making changes to the forms with regard to the Garnishment of Federal Benefit Payments rule. The Federal Benefits Rule flew under the radar of the AOC because it wasn’t a change in state law, but it did require the revision of the garnishment summons and the garnishment Affidavit/Answer. On the other hand, when § 1190 was amended in 2016, the AOC had the revised forms ready to post on the website, removed the old forms on November 1, 2016, the date the amendment became effective, and removed the outdated forms.

Issues to expect

Based on past experience, banks should expect there will be some problems at first with the most recent changes. Banks should not expect garnishment summons issued on and after November 1, 2022, to contain the language on the AOC form. The majority of attorneys keep templates of the forms on their computers. With the 2011 revision to the AOC forms, a fair number of creditors’ attorneys were oblivious to the Federal Benefits Rule and didn’t revise their forms. When § 1190 became effective November 1, 2016, based on emails from OBA members, the OBA Compliance Team learned that some attorneys still hadn’t updated their forms more than five years later. I don’t expect it will be any different this time around. Note that when an outdated garnishment summons is used, the Garnishee’s Affidavit/Answer will likewise be an outdated form. That was an issue with regard to use of the Garnishee’s Affidavit/Answer for garnishments on and after the May 1, 2011, effective date of the Garnishment of Accounts Containing Federal Benefit Payments, so book marking the AOC webpage is a good idea not only for this reason but also when the garnishment packet doesn’t include the Claim for Exemption and Request for Hearing Form.

The majority of garnishments filed by pro se creditors (creditors representing themselves rather than through an attorney) also used the old forms for several months after the AOC issued revised forms in 2011 and again in 2016. Not all court clerks were aware of the changes, and court clerks tend to be a frugal bunch. Most clerks maintain packets of garnishment forms used by pro se creditors. Either to save money, time and labor, or to avoid killing trees, some clerks didn’t print the new forms until they ran out of the old ones. Court clerks are the primary forms source for pro se creditors. There is nothing to prohibit filing an outdated form. Clerks will file it if it is properly captioned, i.e.,  includes the names of the court, the plaintiff, the defendant, the case number, and the filing fee is paid.

Unlike the 2016 amendment to § 1190, the bank doesn’t need to do more than log the garnishment and note that the $35 did not accompany the garnishment Summons. I suggest contacting the creditor’s attorney or creditor and advise of the change to § 1190. If the bank receives the fee, I don’t believe that the creditor/creditor’s attorney needs to file a new or amended affidavit and garnishment summons.

Uniform Consumer Credit Code Amendments Effective November 1, 2022

Title 14A O.S. § 1-106

Effective November 1, 2022, § 1-106 Change in Dollar Amount Used in Certain Sections which includes late fees, $ 3-508A lender’s closing fee, § 3-511, and other sections is amended. The amendment removes § 3-508B loans from subsection (1) of this section. Subsection (2) provides the manner and index for adjustments to amounts under § 3-508B loans. Former Subsection (2) is renumbered as Subsection (3) and covers Sections under Subsection (1). Subsection (3) is renumbered as Subsection (4) and covers Sections under Subsection (2) i.e., § 3-508B. Subsection (4) is renumber Subsection (5), Subsection (5) is renumbered Subsection (6), and Subsection (6) is renumbered Subsection (7).

Title 14A O.S. § 3-508B

Sec. 3-508B provides an alternative method of imposing a finance charge to that provided for Sec. 3-508A loans. Late or deferral fees and convenience fees as well as convenience fees for electronic payments under § 3-508C are permitted, but other fees cannot be imposed. No insurance charges, application fees, documentation fees, processing fees, returned check fees, credit bureau fees, nor any other kind of fee is allowed. No credit insurance, even if it is voluntary, can be sold in connection with in § 3-508B loans. If a lender wants or needs to sell credit insurance or to impose other normal loan charges in connection with a loan, it will have to use § 3-508A instead. Existing loans made under § 3-508B cannot be refinanced as or consolidated with or into § 3-508A loans, nor vice versa. The statute as amended is available on the OBA’s Legal Links web page.

Oklahoma’s Telephone Solicitation Act of 2022 effective November 1, 2022

The June 2022 OBA Legal Briefs has in-depth information on this Act.

Reg O FAQ

By Pauli Loeffler

We often get asked what happens when a borrower becomes an insider or an executive officer of the bank? The Federal Reserve covers this in one of its FAQs:

Q2: When do the requirements of Regulation O apply to extensions of credit to a person that becomes an insider after the member bank made the extension of credit (transition loans)?

A2: Transition loans need not conform to the requirements of Regulation O until such extensions of credit are renewed, revised, or extended, at which time the extensions of credit would be treated as a new extension of credit and therefore subject to all of the requirements of Regulation O. However, transition loans must be counted toward the individual and aggregate lending limits of Regulation O as soon as the borrower becomes an insider.

This same treatment would apply to extensions of credit to a director or principal shareholder that later becomes an executive officer. Such extensions of credit need not conform to the provisions of Regulation O that apply only to executive officers until such extensions of credit are renewed, revised, or extended. However, the amount of any such extensions of credit count toward the quantitative limits for loans to executive officers in section 215.5 of Regulation O as soon as the director or principal shareholder becomes an executive officer.

Many lines of credit by a member bank to an insider must be approved by the bank’s board of directors every 14 months. Each such approval constitutes a new extension of credit. Accordingly, transition loans that are lines of credit generally must conform to the requirements of Regulation O within 14 months of the borrower becoming an insider.

Notwithstanding the general principles noted above, the treatment described here does not apply to extensions of credit made by a member bank in contemplation of the borrower becoming an insider or executive officer. Under such circumstances, the extension of credit should comply with all requirements of Regulation O at the time it is made.