September is a good time to survey the regulatory landscape and prepare for the perennial “back to work” mentality that takes hold in Washington in sultry August’s wake. Time is of the essence, in fact, given the potential for upcoming rulemaking and enforcement actions to drive up compliance costs across the mortgage industry.
Last year the Federal Reserve Board found the annual cost of compliance to be $4.5 billion for America’s small banks. As might be expected, the Fed report also said that the larger the bank, the larger the compliance bill.
Industrywide, the compliance horizon for bank and non-bank lenders, ser- vicers, settlement service providers and other third-party service providers is being shaped by several developments.
Enforcement actions are increasing
Although federal regulatory agencies have continued to bring the majority of recent settlement agreements, state at- torneys general (AGs) and state regula- tory agencies are not far behind. State AGs and federal agencies are also issuing joint settlements.
Not surprisingly, the Consumer Fi- nancial Protection Bureau (CFPB) is the most active federal agency, having han- dled 70 enforcement actions in 2015. Among the states with the most en- forcement actions are Florida, Massa- chusetts and New York.
The statutes most cited in such cases have been the Federal Trade Commission Act, Consumer Financial Protection Act, Fair Housing Act and Equal Credit Opportunity Act (ECOA), demonstrating a continued focus on fair lending.
Mortgages continue to be the biggest target. In fact, the CFPB’s 2015 annual report to Congress on its fair lending ac- tivities included two notable priorities: n mortgage lending, including a con- tinuing focus on Home Mortgage Disclosure Act (HMDA) data integrity and fair lending risks related to redlining, underwriting and pricing; and other product areas including small business lending, focusing on risks in underwriting, pricing and redlining (with particular attention to the credit process; existing data-collection processes; and the nature, extent and management of fair lending risk).
Financial institutions by now are also aligning compliance efforts with the Of- fice of the Comptroller of the Currency’s (OCC’s) post-financial crisis priorities. The OCC’s approach to supervision con- siders consumer protection to be essen- tial to safety and soundness, Comptroller Thomas Curry said in a speech to a con- sumer group. “A bank can’t be safe and sound if it mistreats or abuses its customers,” he said. “In an industry where reputation means everything, a financial institution that engages in shoddy prac- tices will soon find its best customers running for the doors—and law enforce- ment running in.”
CFPB examinations are on the rise
Mortgage-related examinations by the CFPB were up 70 percent in 2015 com- pared with the prior year, according to an analysis by Inside Mortgage Finance, which noted that non-banks have been having an even more active degree of scrutiny from the bureau than financial institutions. The data was provided by the CFPB per a Freedom of Information Act request.
Non-bank originators saw a huge 85.7 percent increase in exam activity year over year, versus banks, which ex- perienced a rise of 42.9 percent. Non- bank servicers fared even worse, with their exam activity up by a whopping 180 percent from 2014 to 2015, while banks had a jump of only 57.1 percent.
Heightened regulatory scrutiny and bank examinations by all regulatory agen- cies will continue, with even greater at- tention on the role a bank’s board of di- rectors plays in overseeing compliance. Increasingly, examiners are monitoring to ensure that boards are fully involved in both the establishment and oversight of an organization’s compliance programs.
Regulators propose changes to consumer compliance ratings
The Federal Financial Institutions Examination Council (FFIEC) is proposing to revise the Uniform Interagency Consumer Compliance Rating System to align more closely with agencies’ current practice. Standards for evaluating institutions would include three categories of assessment factors:
- board and management oversight;
- compliance program; and
- violations of law and consumer harm.
The FFIEC has been gathering industry input on the changes, which reflect the evolution of consumer compliance supervision since the current standards were adopted in 1980. Its recent announcement noted that when the current system was adopted, examinations focused more on transaction testing for regulatory compliance rather than evaluating the adequacy of an institution’s compliance management system (CMS) to ensure adherence to regulatory requirements and prevent consumer harm. The changes to the rating system are designed to more fully align it with the risk-based approach to consumer compliance examinations that the FFIEC agencies have adopted over the intervening years.
The Consumer Compliance Rating System uses a scale of 1 to 5, with 1 representing the highest rating (and lowest degree of supervisory concern) and 5 representing the lowest rating, most critically deficient level of performance (and thus highest degree of supervisory concern). The grades enable regulators to focus their attention on those institutions with the greatest like- lihood of violating consumer protection laws and regulations.
Importantly, the new system will likely reward proactive compliance and encourage those with inadequate compliance systems to improve. Notably, the FFIEC qualified that, “The proposed revisions were not developed with the intention of setting new or higher supervisory expectations for fi- nancial institutions; their adoption will represent no additional regulatory burden.”
That said, we encourage you to review the proposed (or by now, adopted) revi- sions carefully, because it is not too early to begin preparing for the new rating system.
CFPB responds to industry concerns on Know Before You Owe
In late April, the CFPB acknowledged implementation issues regarding the Truth in Lending Act (TILA)–Real Estate Settlement Procedures Act (RESPA) In- tegrated Disclosure rule (TRID) and out- lined an expedited path to issuing a formal notice of proposed rulemaking (NPRM) to clarify those issues, which it did in July.
Although the changes are welcomed, the bureau did not address a major in- dustry concern: the secondary market. Lenders were looking for guidance on how to correct errors—a problem that can delay loan sales—and a release from liability for technical violations.
The proposed revisions “will clarify parts of our mortgage disclosure rule to make for a smoother implementation process,” CFPB Director Richard Cordray said, asking for additional industry com- ment by Oct. 18, prior to issuing final regulations.
Third-party oversight reminder
The CFPB and other financial services industry regulators have made perfectly clear their concern about third-party service providers, and their intent to hold institutions responsible for their vendors’ conduct. The CFPB has also shown its intent to hold third-party service providers directly responsible, and liable, for their conduct.
A number of recent enforcement actions and administrative consent orders clearly reflect this, as well as the bu- reau’s aggressive approach to unfair, deceptive or abusive acts or practices (UDAAP) violations. Lenders must ensure that their service providers take the proper steps to avoid contributing to prohibited conduct.
The elephant in the room
In its report to Congress, the CFPB dis- cussed its final rule amending Regulation C (which implements HMDA) and its progress in developing rules on the col- lection of small business lending data to implement Section 1071 of the Dodd- Frank Wall Street Reform and Consumer Protection Act, which amended the ECOA to require financial institutions to collect and maintain certain data in connection with credit applications made by women- or minority-owned businesses and small businesses.
New HMDA data-collection require- ments have been issued, including 48 data points (most of which are new or modified), although the final scope and details are still subject to possible change and interpretation. What is clear is that the extent and breadth of additional data-collection fields required are sig- nificant, imposing added challenges on banks and other financial institutions.
Be proactive
Knowing what’s coming is a big part of preparing for—and mitigating—addi- tional compliance costs, as the regula- tory landscape continues to shift. Being proactive is key, because time-consum- ing efforts are often required, in terms of strategy, operational planning, train- ing, implementation and testing. Ulti- mately, building in the agility to con- tinue adapting to changing (or in the case of TRID, revisited) requirements will stand any mortgage business in best stead.