an overview of the cfpb enforcement guide · an overview of the cfpb enforcement guide ari karen...
TRANSCRIPT
AN OVERVIEW OF THE CFPB
ENFORCEMENT GUIDE
Ari Karen | Offit Kurman
917-312-2294 | 301-575-0340
Examination Principles
• CFPB will focus on an institution’s ability to detect,
prevent, correct practices that present significant risk of
legal violation.
• CFPB will use same procedures to examine all entities
offering similar products but will recognize differences
based on size and complexity of institution
• Nonbank Supervision Risk Analytics and Monitoring
team will determine what non-depository institutions
pose greatest risk to consumers
• Depository institutions ongoing monitoring of
supervisory and public information
2© 2012 Offit Kurman, PA. All Rights Reserved.
Examination Principles
• Non-depository institutions will be examined based on
asset size, business volume, extent of state oversight,
and overall risk to public.
• CFPB will coordinate with state entities to maximize
coverage
• Generally will be notified in advance
• Target reviews generally arise from a particular situation
that has come to CFPB’s attention
• Horizontal reviews come from particular products or
practices identified at other institutions
3© 2012 Offit Kurman, PA. All Rights Reserved.
Examination Principles
• Evidence of tax law on-compliance to be
referred to IRS
• Evidence of misrepresentation of financial data
can referred to DOJ for criminal enforcement
• ECOA violations referred to DOJ
• Will refer borrower fraud to DOJ
4© 2012 Offit Kurman, PA. All Rights Reserved.
Examinations
• For most examinations there will be an initial scope summary
and risk assessment prepared, prior contact with entity and
providing information in response to inquiries.
• Within 60 days on-site examination
• After examination there will be rating assigned from 1-5 (5
being worst)
• Rating determined by determination of present compliance
with financial laws; management commitment to compliance;
management’s ability to take steps to assure compliance;
adequacy of internal systems, procedures, controls and audit
activities.
5© 2012 Offit Kurman, PA. All Rights Reserved.
General Compliance Principles
• Sound compliance management system
integrated into all operations
• Compliance should be part of day-to-day
considerations of management and employees
• Entity is expected to be able to self-identify
issues and initiate corrective action
• This applies to third-party relationships
6© 2012 Offit Kurman, PA. All Rights Reserved.
General Compliance Principles
• CFPB expects every regulated entity to have effective
compliance management that will include self-review, self-
testing, self-initiated corrective action.
• Compliance must be significantly managed. This can be
managed firm-wide or through outside consultant.
• Nature and extent of compliance will take account of size and
complexity of operations, but there must be specific
compliance plans, practices, procedures and on-going
coordinated oversight in place.
• Not enough to simply have documents in place. Need
ongoing attention by management.
7© 2012 Offit Kurman, PA. All Rights Reserved.
Expectations for Management
• Demonstrates expectation for compliance throughout
entity and to third-party providers
• Adopted clear policies and procedures
• Appointed an appropriately qualified chief compliance
officer. Depending on size and complexity, full time
compliance officer may not be required but there must
be sufficient management concern for compliance and
dedicated personnel/consultants sufficient to carry out all
compliance responsibilities.
8© 2012 Offit Kurman, PA. All Rights Reserved.
Expectations for Management
• Established compliance functions to set and
evaluate policies, procedures, standards for entity.
• Allocate sufficient resources to the compliance
function commensurate with size and complexity of
operations
• Address consumer compliance issues and risks
• Require audit coverage of compliance matters and
review results of periodic compliance audits
9© 2012 Offit Kurman, PA. All Rights Reserved.
Expectations for Management
• Provide for recurring reports of compliance
risks, issues, and resolutions.
• Compliance program must include policies
and procedures; training; monitoring; and
corrective action plans.
10© 2012 Offit Kurman, PA. All Rights Reserved.
Unfair Acts or Practices
• Act is covered as UAP if it
– Causes or is likely to cause substantial injury to consumers, meaning there is significant risk of concrete harm either resulting from small widespread harm or minimally applicable large harm.
– Injury is not reasonably avoidable by consumers, meaning that the practice interferes with or hinders decision-making
– The injury is not outweighed by countervailing public benefit of the practice.
11© 2012 Offit Kurman, PA. All Rights Reserved.
Deceptive Acts or Practices
• A representation, omission, act, or practice
misleads or is likely to mislead consumers,
including but not limited to price claims; bait and
switch; offering unavailable product; omitting
material conditions; failing to provide promised
services.
• The representation, etc., is to be considered
from the reasonable consumer’s perspective.
Even if a significant minority are mislead its
sufficient to be DAP.
12© 2012 Offit Kurman, PA. All Rights Reserved.
Deceptive Acts or Practices
• Must be material – meaning that it is likely to
affect a consumer’s behavior/decision-making
• Certain categories of information, including cost,
availability, benefits and restrictions. Express
claims about a financial product – considered
material.
• Knowingly false statements are considered
material
13© 2012 Offit Kurman, PA. All Rights Reserved.
UAP/DAP
• Consumer complaints will be critical in
identifying practices
• Institution should itself monitor websites such as
ripoffreport.com; complaints.com; BBB; FTC;
state agencies; and other popular consumer
complaint channel.
• A transaction can be a UAP/DAP even if
technically compliant. E.g., advertisement
complies w/TILA but other inaccurate statements
14© 2012 Offit Kurman, PA. All Rights Reserved.
UAP/DAP
• Examination objectives: assess entity’s risk
management systems; identify practices that
materially increase chances of DAP/UAP
• To determine whether entity engages in
challenged practices
• To determine appropriate enforcement actions
• Be aware of horizontal reviews in this situation
15© 2012 Offit Kurman, PA. All Rights Reserved.
UAP/DAP
• Entity must have thorough process for intake and review
of consumer complaint and a process to address third-
party complaints
• Entity has established policies and controls to address
employee and related third-party conduct including
training, performance reviews, audits, discipline policies
and records, appropriate contracts, appropriate
compensation and monitoring.
• Internal controls must be documented
16© 2012 Offit Kurman, PA. All Rights Reserved.
UAP/DAP Transactional
Testing
• Entity underwrites a product based on ability to repay
• Profitability of product depends on penalties or back-end
rather than up-front fees
• Features are combined and difficult to understand
• A product targeted to specific group without appropriate
tailoring of marketing, disclosures or other materials
designed to ensure understanding by consumers
• Penalties upon termination of relationship
• Fees for access to information or account access
17© 2012 Offit Kurman, PA. All Rights Reserved.
ECOA Examination
• Relies in large part on Interagency Fair Lending
Examination principles (IFLEP) from August of
2009
• Remember 2009 was before LO comp rule and
before people started saying that fixed pricing
was necessary to fair lending compliance
18© 2012 Offit Kurman, PA. All Rights Reserved.
ECOA “Special Attention”
• Creditor establishes most branches in
predominantly non-minority areas but does most
business in minority areas
• Advertisements targeted to certain groups with
different products
• Underwriting or pricing guidelines contain
unusual criteria that could create disparate
impact (e.g., zip codes)
19© 2012 Offit Kurman, PA. All Rights Reserved.
ECOA “Special Attention”
• Policies and procedures that are vague with respect to pricing,
underwriting, referrals to alternative channels, classifying applicants,
recommendations on products to consumers.
• Exceptions to underwriting, pricing, product recommendation
permitted and/or subjective and/or widespread and/or broad
discretion.
• Does creditor rely on third parties for part of credit operations.
• Does any employee receive incentives depending on
terms/conditions of credit product sold or price of such product.
• CFPB desires to use statistical analysis whenever appropriate to
scope of fair lending exam.
20© 2012 Offit Kurman, PA. All Rights Reserved.
HMDA
• Examines the institution’s ability to collect and report accurate data concerning applications, originations, purchases, refinances, home improvement loans, home purchase loans for calendar year.
• Are there assigned adequate individuals for overseeing HMDA reporting and are all relevant employees including LO’s properly trained.
• Are data collections procedures followed throughout entity at all branches
• Is there adequate separation of duties concerning data entry, review, oversight and approval.
• Document retention for 3 years HMDA data and 5 years HMDA disclosures
• Different rules for depository/non-depository institutions
21© 2012 Offit Kurman, PA. All Rights Reserved.
TILA
• Determine adequacy of internal controls including analysis of
organizational charts, process flowcharts, policies and
procedures, loan documentation and disclosures,
checklists/worksheets, computer programs
• Significant deficiencies are reported to management
• Record retention practices are compliant
• Verify accuracy of TILA disclosures and determine proper
disclosures given to proper customers in timely manner.
• When testing APR calculations they will test on a
transactional basis
22© 2012 Offit Kurman, PA. All Rights Reserved.
TILA
• Testing to determine whether LO compensated
based on terms of the loan
• No specifics provided on how they are going to
test this
• Also incorporates steering prohibition and
requirements of the 3 loan beauty pageant
• Not that it does not exclude creditor from the
analysis in accordance with Regulation Z
23© 2012 Offit Kurman, PA. All Rights Reserved.
TILA
• Valuation independence – determine no attempt
at undue influence into valuation
• Determine valuation does not materially
misrepresent value of dwelling. No statement as
to how this will be audited.
• No conflicts of interest with appraiser
• Confirm customary and reasonable
compensation
24© 2012 Offit Kurman, PA. All Rights Reserved.
RESPA
• Review GFE/HUD1/Servicing transfer
disclosures affiliated business disclosures for
compliance with Reg X
• If electronic disclosures ensure compliance with
ESIGN
• Review policies and operating procedures and
confirm through discussion with
compliance/management
25© 2012 Offit Kurman, PA. All Rights Reserved.
RESPA
• Must have policies and procedures to provide revised
GFE’s and to cure violations in a timely manner (30
days)
• Must have policies and procedures to cure technical or
inadvertent error in HUD-1 within 30 days
• Interviews with lending personnel to determine source of
referrals, nature of any services provided by referring
sources, the identity of settlement service providers used
by entity.
• Interviews as to timing of GFE and how fee information
is determined
26© 2012 Offit Kurman, PA. All Rights Reserved.
RESPA
• Assess overall knowledge and understanding of
mortgage lending personnel
• Review sample of loan files to determine
whether GFE was completed as required
• Using same sample review to determine that
HUD 1 was properly completed
• Determine whether management is aware of
prohibitions on payment of unearned fees or
receipt of referral monies
27© 2012 Offit Kurman, PA. All Rights Reserved.
RESPA
• Review financial records to ascertain existence
of unearned fees or kickbacks for referral of
service.
• If referral to affiliated service provider confirm
that ABA disclosure statement was provided
Horizontal and/or targeted reviews likely based
on another institution’s records.
28© 2012 Offit Kurman, PA. All Rights Reserved.
HPA
• Determine whether adequate internal controls exist
• Review of internal audit compliance and whether significant issues were reported by management
• Review sample transactions for compliance
• Review sample written requests for cancellation of PMI to ensure proper handling
• Review non high risk cancelled if 78% LTV or lower
• Review sample of loans at midpoint of amortization that are current to confirm whether PMI cancelled
• Review high risk loans with 77 LTV or lower to determine whether cancelled
• Review to determine that all unearned premiums returned w/in 45 days
29© 2012 Offit Kurman, PA. All Rights Reserved.
Privacy Laws (GLB)
• Through discussions and available information
identify sharing practices with affiliates and
nonaffiliated third parties
• Delivery of required notices and opt-outs
• Review of information sharing agreements
• Internal controls to ensure compliance, and
review of servicing arrangements and marketing
arrangements
30© 2012 Offit Kurman, PA. All Rights Reserved.
Privacy Laws
• Compliance is focused with respect to
compliance with notices and intentional
treatment of information as opposed to focusing
on theft of information
• Examines nature and extent of non-public
information obtained from other parties and
whether such information is subject to proper
information sharing agreements
31© 2012 Offit Kurman, PA. All Rights Reserved.
Risk Assessment
• Nature and structure of products – looking to
determine whether consumers will have difficulty
understanding and/or could easily be misled
• Consumers to whom products are offered –
looking to determine whether targeting
particularly vulnerable section of population
• Marketing methods and sales – examines
incentives underlying compensation to
determine whether encourages high cost
products regardless of consumer’s situation
32© 2012 Offit Kurman, PA. All Rights Reserved.
Risk Assessment Marketing
methods/Sales organization
• Examines incentives underlying compensation
to determine whether encourages high cost
products regardless of consumer’s situation
• Manner in which performance and/or
compensation is established
• Discretion to set pricing and lack of responsibility
for performance
• Marketing materials unclear or confusing
33© 2012 Offit Kurman, PA. All Rights Reserved.
Risk Assessment Marketing
methods/Sales organization
• Advertising includes teaser rates or omits
material information
• Complex products offered to customers not likely
to benefit
• Product marketing in a manner that may be
discriminatory
• Advertising uses media outlets targeting
particular groups
34© 2012 Offit Kurman, PA. All Rights Reserved.
Risk Management
• Ongoing customer relationship management
indicates lack of connection to customer service
• Compensation impacted by use of discretion to
modify and/or adjust prices
• Vendors not based on quality of customer
service
• Insufficient numbers of customer service staff
and/or systems
• Complaint management
35© 2012 Offit Kurman, PA. All Rights Reserved.
Risk Assessment Compliance
Challenges
• Extensive decentralized retail network
• Multiple un-integrated information systems
concerning origination of loans
• Use of internet and mass media
• Solicitation through active cross selling,
telemarketing, third-party direct marketing
36© 2012 Offit Kurman, PA. All Rights Reserved.
Risk Assessment
Management
• Adoption of comprehensive policies, practices, procedures
• Commitment to compliance
• Regular and meaningful reports regarding compliance issues
• Management identifies and responds in timely manner to risks
• Allocates sufficient resources to compliance, including
monitoring
• Compliance staff are independent and have sufficient
authority and access
• Unit or individual performance expectations involve
compliance concerns and authority exists to require
compliance
37© 2012 Offit Kurman, PA. All Rights Reserved.
Risk Assessment Management
• Compliance and risk management properly
tailored to organization
• Regular testing and monitoring, including self
assessment
• Proper and timely corrective action of identified
compliance problems
• Compliance staff are involved in structuring of
incentives for those interacting with employees
38© 2012 Offit Kurman, PA. All Rights Reserved.
Risk Management Training
• Appropriate training to all staff including those in
all aspects of operations
• Training is timely, repeated as necessary
• Requires all staff to take responsibility for
compliance
• Policies and procedures support training
39© 2012 Offit Kurman, PA. All Rights Reserved.