Alston & Bird Consumer Finance Blog

Consumer Financial Protection Bureau (CFPB)

CFPB Releases Long-Awaited Proposal to Amend Regulation X Loss Mitigation Rules

What Happened?

On July 10, 2024, the Consumer Financial Protection Bureau (CFPB or Bureau) proposed a rule to amend provisions of its Mortgage Servicing Rules to significantly revamp requirements relating to borrowers experiencing payment difficulties (the Proposed Rule).  The Proposed Rule includes a number of key changes to the servicing requirements in Regulation X (12 C.F.R. Part 1024), including limited English Proficiency requirements. While many of the key concepts were anticipated by the industry, the proposed provisions go much further than expected.

The Bureau is accepting comments on the Proposed Rule through September 9, 2024.

Why Does it Matter?

In June 2023, the Bureau signaled its intent to engage in rulemaking to streamline certain requirements and processes in the Mortgage Servicing Rules to significantly revamp requirements relating to borrowers experiencing payment difficulties (the Proposed Rule). The Proposed Rule would represent the first major changes to the Mortgage Servicing Rules since 2016 (although the Bureau has made targeted updates in the interim – such as the 2018 changes relating to periodic statements). We describe the key provisions below.

Loss Mitigation Procedures

Under the Proposed Rule, the CFPB would remove most of the existing application-based loss mitigation framework from § 1024.41, including the existing provisions regarding loss mitigation application reviews and notices; complete application evaluations and notices); “anti-evasion” facially-complete applications, and exceptions for short-term loss mitigation options and COVID-19-related options; notices of complete application; and the associated commentary.

The CFPB proposes to replace the existing loss mitigation framework with a new hand raise framework based on foreclosure procedural safeguards, as follows:

  • Loss Mitigation Review Cycle: Under the Proposed Rule, the foreclosure procedure safeguards begin once a “loss mitigation review cycle begins.”
    • A Loss Mitigation Review Cycle would be defined as a continuous period of time beginning when the borrower makes a request for loss mitigation assistance, provided the request is made more than 37 days before a foreclosure sale and ending when the loan is brought current or when the foreclosure process procedural safeguards (as discussed in Loss Mitigation Procedures) are met. A loss mitigation review cycle continues while a borrower is in a temporary or trial modification and the loan has not yet been brought current.
    • A Request for Loss Mitigation Assistance would include any oral or written communication occurring through any usual and customary channel for mortgage servicing communications whereby a borrower asked a service for mortgage review, including a borrower expresses an interest in pursuing a loss mitigation option. There are a few things to note in this definition. The definition is to be interpreted broadly to include (i) a borrower who expresses an interest in pursuing a loss mitigation option, (ii) a borrower who indicates that they have experienced a hardship and asks the servicer for assistance with making payments, retaining their home, or avoiding foreclosure, or (iii) in response to a servicer’s unsolicited offer of a “loss mitigation option” (as that term is currently defined in Regulation X), a borrower expresses an interest in pursuing either the loss mitigation option offered or any other loss mitigation option. According to the Proposed Rule’s preamble, “a servicer should presume that a borrower who experiences a delinquency has made a request for loss mitigation assistance when they contact the servicer unless they clearly express some other intention.” The proposal clarifies that certain informal types of communications (such as social media messaging or handwritten notes on payment coupons) would not constitute a request for loss mitigation assistance but fails to provide servicers flexibility to designate where borrowers can make such requests.
  • Foreclosure Procedural Safeguards: Under the Proposed Rule, once a “loss mitigation review cycle” begins, a servicer would be prohibited from beginning or advancing the foreclosure process until one of the following procedural safeguards is met:
    • The servicer has reviewed the borrower for all available “loss mitigation options,” a defined term under existing Regulation X, and no available loss mitigation options remain, the servicer has sent the borrower all required notices required, and the borrower has not requested any appeal within the applicable time period or, if applicable, all of the borrower’s appeals have been denied; or
    • The borrower has not communicated with the servicer for at least 90 days despite the servicer having regularly taken steps to communicate with the borrower regarding their loss mitigation review and, if applicable, the servicer’s loss mitigation determination.

Importantly, the Proposed Rule would no longer require a borrower to submit a complete loss mitigation application in order to enjoy foreclosure protections. Rather, borrowers would receive the proposed foreclosure protections as soon as they request loss mitigation assistance.

  • Prohibition on Advancing Foreclosure: Currently, servicers are prohibited from making the first notice or filing required by applicable law for any judicial or non-judicial foreclosure process under certain circumstances, as well as from moving for foreclosure judgment or order of sale or conducting a foreclosure sale under other circumstances. However, currently, servicers may still proceed with other interim foreclosure actions, such as mediation or arbitration.

Under the Proposed Rule, if a borrower requests loss mitigation assistance more than 37 days before a foreclosure sale, a servicer would be prohibited from initiating or advancing foreclosure (which would also include sale scheduling or completion) unless one of the above foreclosure procedural safeguards are met. The CFPB notes that, under the proposed rule, advancing the foreclosure process would include any judicial or non-judicial actions that advance the foreclosure process and were not yet completed prior to the borrower’s request for a loss mitigation option. Such actions might include, for example, certain filings, such as those related to mediation, arbitration, or reinstatement that take place prior to final order or sale; certain affidavits, motions, and responses that advance the foreclosure process; or recordings or public notices that occur before a final foreclosure judgment or sale. Notably, the CFPB is not proposing to require servicers to dismiss pending foreclosures; however, a servicer may be required to make necessary filings to pause the foreclosure proceedings until the safeguards are met.

  • Sequential Loss Mitigation Review: Under the Proposed Rule’s loss mitigation framework, a servicer would no longer be required to collect a complete loss mitigation application for all available options prior to making a determination about whether to deny or to offer a loss mitigation option to a borrower. Accordingly, a servicer would be permitted, but not required to, review a borrower for loss mitigation options sequentially rather than simultaneously. Notably, the CFPB clarifies in the preamble to the Proposed Rule, that “[i]nvestor guidelines, including what are commonly referred to as waterfalls, will continue to determine whether any loss mitigation option is available and whether the borrower qualifies for a given option.”
  • Fee Prohibition: The CFPB is proposing to replace the temporary COVID-19 procedural safeguards in § 1024.41 with a proposed requirement that during a loss mitigation review cycle, no fees beyond the amounts scheduled or calculated as if the borrower made all contractual payments on time and in full under the terms of the mortgage contract shall accrue on the borrower’s account.

The CFPB states that the proposed fee protection “would be broad, and would restrict the accrual of interest, penalties, and fees during the loss mitigation review cycle.” The Bureau also acknowledges that “this broad prohibition may result in servicers making payments to third party companies for delinquency-related services that servicers may not be able to recoup[.]” However, the CFPB states that it has preliminarily “determine[d] that borrowers who have made a request for loss mitigation assistance should not continue accruing fees that make it harder for them to resolve the delinquency and avoid foreclosure” and “that fee protections may create incentives for servicers under the proposed new framework to efficiently process a borrower’s request for loss mitigation assistance and evaluate them for loss mitigation solutions quickly and accurately.” That said, given that the loss mitigation review framework could go on almost indefinitely, as noted below, it is hard to see how such efficiencies or incentives would be realized.

  • Duplicative Requests: Currently, a servicer is required to comply with the requirements of Regulation X for a borrower’s loss mitigation application, unless the servicer has previously complied with the requirements of that section for a complete loss mitigation application submitted by the borrower and the borrower has been delinquent at all times since submitting the prior complete application.

Significantly, the Proposed Rule would require that servicers comply with the requirements of proposed § 1024.41 for a borrower’s request for loss mitigation assistance during the same loss mitigation review cycle unless one of the procedural safeguards is met. Notably, the Proposed Rule would not appear to prohibit a borrower from re-requesting loss mitigation assistance indefinitely (and, thus, beginning a new loss mitigation review cycle with new foreclosure procedural safeguards), unless otherwise provided by investor guidelines.

Loss Mitigation Determination Notices

  • Coverage of Determination Notices Expanded: Currently, Regulation X requires that loss mitigation determination notices state, in relevant part, which loss mitigation options, if any, the servicer will offer to the borrower on behalf of the owner or assignee of the mortgage, the specific reason or reasons a borrower’s complete loss mitigation application is denied for any trial or permanent loan modification option available to the borrower and, if applicable, that the borrower has the right to appeal the denial of any loan modification option as well as the amount of time the borrower has to file such an appeal and any requirements for making an appeal.

The Proposed Rule would expand § 1024.41’s loss mitigation determination notice provisions to require that servicers provide determination notices for all types of loss mitigation offers and denials, including forbearances, deferrals, and partial claims.  In other words, servicers would be required to include in determination notices the specific reason or reasons a borrower’s loss mitigation request is denied for any loss mitigation option (not just loan modification options) available to the borrower as well as information regarding the borrower’s appeal rights (which would extend to all loss mitigation denials).

  • Expanded Information on Determination Notices: Under the Proposed Rule, in addition to disclosing the amount of time the borrower has to accept or reject an offer, the borrower’s right to appeal the loss mitigation determination, and the specific reason or reasons for that loss mitigation determination, a servicer’s determination notice would be required to include the following additional information:
    • Information about key borrower-provided inputs that served as the basis for the loss mitigation determination;
    • A telephone number, mailing address, and website address, where the borrower can access a list of non-borrower provided inputs used by the servicer in making the loss mitigation determination;
    • Information that would enable a borrower to access a list of all loss mitigation options that may be available from the investor; and
    • Information about all other loss mitigation options that may remain available, previously offered options that the borrower did not accept, and whether any offered option will remain available if the borrower requests review for additional options prior to accepting or rejecting the offer.

The expanded information requirements, as proposed, raise a number of unanswered questions.

For example, it is unclear what would constitute a “key” borrower-provided input. The preamble to the Proposed Rule suggests that any borrower-provided input that served as the basis for the servicer’s determination would arguably be covered. Similarly, it is unclear what is the scope of non-borrower provided inputs servicers must permit borrowers to access. For example, it is unclear whether servicers would be required to list that, among other things, the property is secured by a first-lien mortgage loan, the property is owner-occupied, and/or the borrower’s loan meets specified delinquency requirements (if applicable).

Further, the expanded notice requirements are likely to create significant operational challenges for servicers. For example, servicers will likely need to track not only the loss mitigation options generally made available by the owner or assignee of each loan they service, but also the loss mitigation options previously offered to each borrower, the options each borrower did not accept, and whether any previously offered option will remain available if a borrower requests review for additional options prior to accepting or rejecting the offer. These operational complexities are compounded by the fact that investors and agencies routinely update their loss mitigation guidelines.

  • Denial Due to Missing Documents or Information Not in Borrower’s Control: In addition to relocating the current requirements relating to when a servicer may deny a loss mitigation application due solely to missing information not in the borrower’s or servicer’s control, the Proposed Rule would also amend the requirements to align with other proposed changes.

First, the Proposed Rule would prohibit servicers from denying a request for loss mitigation assistance due solely to missing information not in the borrower’s or servicer’s control unless the servicer has “regularly taken steps” to obtain the missing information and has been unable to obtain the information for at least 90 days. The CFPB indicated that it “expects that regularly taking steps would minimally include repeated attempted contact through the 90-day period with the relevant third party from whom the servicer needs to obtain the information.” The intent is to “ensure that servicers are making efforts to obtain needed information before denying a loss mitigation application due to missing information.”  While the Bureau proposes to replace the term “reasonable diligence” with “regularly taking steps,” the CFPB “does not intend to reduce or to lessen a servicer’s current obligation to obtain missing documents or information not in the borrower’s control.”

Second, the Proposed Rule would require servicers to provide a notice to borrowers if they deny such a request for loss mitigation assistance. The notice would retain certain information currently required, including requiring a statement that the servicer will complete its evaluation of the borrower for all available loss mitigation options promptly upon receiving the missing third-party information, but also would provide borrowers with additional information, including informing the borrower that the servicer will complete its evaluation of the request for loss mitigation assistance if the servicer receives the referenced missing documents or information within 14 days of providing the missing information determination notice to the borrower.

Third, the Proposed Rule would require servicers to provide borrowers with detailed information, which includes, among other things, a list of all other loss mitigation options that are still available to the borrower and a statement describing the next steps the borrower must take to be reviewed for those loss mitigation options, or a statement that the servicer has reviewed the borrower for all available loss mitigation options and none remain.

  • Unsolicited Loss Mitigation Offers: The Proposed Rule would require that a servicer provide the borrower with a notice when it offers a loss mitigation option based solely on information that the servicer already has instead of new borrower-provided information. The notice would be required to include the amount of time the borrower has to accept or reject the offer of loss mitigation and information notifying the borrower, among other things, of all other loss mitigation options that may remain available to the borrower and investor information.

Notably, the Proposed Rule would not revise the definition of “loss mitigation option,” which includes, among other things, refinancings. Moreover, the requirement to provide notice for unsolicited loss mitigation offers would not be limited to delinquent borrowers. As a result, it is unclear whether a lender/servicer that makes an unsolicited refinancing offer based solely on information that the lender/servicer already has (such as for a streamline refinancing) would be subject to the proposed notice requirement.

Loss Mitigation Error Resolution and Appeals

The CFPB proposes two significant changes to the notice of error provisions:

  • Covered Errors Expanded: The CFPB proposes to clarify that a failure to make an accurate loss mitigation determination on a borrower’s mortgage loan is a covered error, subject to the procedural requirements of § 1024.35.  According to the Bureau, this is merely clarifying its longstanding position, although courts have thought differently.
  • Notice of Appeal Also Covered Error: The Bureau is proposing that a notice of appeal could also be subject to the error resolution procedural requirements and vice versa.  More specifically, when an appeal meets the error resolution procedural requirements of § 1024.35, the proposed rule would require servicers to treat it as a notice of error and comply with the procedural requirements.  Similarly, if a borrower submits a notice of error under § 1024.35 relating to a loss mitigation determination, the notice of error would also constitute an appeal under Regulation X if the borrower submits the notice of error within 14 days after the servicer provides its loss mitigation determination.  When a notice of error is also an appeal, the Proposed Rule would require a servicer to complete the notice of error response requirements in § 1024.35 prior to making a determination about the borrower’s appeal.  So, a servicer would need to comply with the 30-day time period for a notice of appeal even in those instances where the notice of error provisions provides a longer response time.

Early Intervention

In addition to removing language relating to the COVID-19 pandemic, the Proposed Rule would make the following changes to the early intervention requirements in existing § 1024.39:

  • Written Early Intervention Notice Requirements: Under the Proposed Rule, servicers would be required to include the following additional information in the written early intervention notice:
    • The name of the owner or assignee of the borrower’s loan along with a statement providing a brief description of each type of loss mitigation option that is generally available from the investor of the borrower’s loan;
    • A website address and telephone number where the borrower can access a list of all loss mitigation options that may be available from the owner or assignee of the borrower’s loan; and
    • If applicable, a statement informing the borrower how to make a request for loss mitigation assistance.
  • Alternative Early Intervention Requirements for Performing Borrowers in Forbearance: The Proposed Rule would partially exempt servicers from the live contact and written early intervention notice requirements while a borrower is performing pursuant to the terms of a forbearance.
  • Terms of a Forbearance: The Proposed Rule would require that, at least 30 days, but no more than 45 days, before the scheduled end of the forbearance, the servicer establish, or make good faith efforts to establish, live contact with the borrower. During this contact, the servicer would be required to inform the borrower of the date the borrower’s current forbearance is scheduled to end and of the availability of loss mitigation options, if appropriate. In addition, the Proposed Rule would require that the servicer to provide a written notice, that discloses the date the borrower’s current forbearance is scheduled to end as well as the information required by the proposed written early intervention notice, at least 30 days, but no more than 45 days, before the scheduled end of the forbearance. The Proposed Rule also would require that, when a forbearance ends for any reason, a servicer must resume compliance with the early intervention and live contact requirements on the next payment due date following the forbearance end date.

Given the narrow time frame (15 days) within which servicers must establish, or make good faith efforts to establish, live contact with a borrower before the scheduled end of the borrower’s forbearance, this proposed requirement may create operational challenges for servicers.

Language Access

Currently, Regulation X does not contain requirements concerning serving limited English proficient borrowers. In its proposal, the Bureau strongly states that it “expects mortgage servicers to assist borrowers with limited English proficiency.”  To that end, and without clear statutory authority and without providing proposed regulation text, the CFPB proposes the following:

  • Specified Written Communications Required in Spanish: Servicers would be required to accurately (which term is not defined) translate into Spanish the specified written communications, meaning the early intervention notices (but not the website listing loss mitigation options that the CFPB is proposing) and notices whose forbearances will soon end, as well as written notices concerning loss mitigation. A servicer would be required to provide the Spanish and English versions to all borrowers.
  • Translations of Certain Written and Oral Communications in Five Additional Languages: Upon borrower request, servicers would be required to provide accurate translations of the specified written communication in one of the servicer-selected languages. Additionally, upon borrower request, the servicer would be required to make available and establish a connection with interpretative services before or within a reasonable time of establishing connection with the borrower during the specified oral communications to the extent that the borrower’s requested language is one selected by the servicer under the Proposed Rule. The specified oral communications would be the live contact and continuity of contact requirements. The servicer would be required to select five of the most frequently used languages from languages spoken by a significant majority of their non-Spanish speaking borrowers with limited English proficiency.
  • In-language Statements: Servicers would also be required to provide five brief statements accurately translated into the five languages selected by the servicer in the English version of the specified written communications. These statements would identify the availability of translation and interpretative services for the specified written and oral communications in the five languages and how borrowers can request such services.
  • Solicitation through Servicing: Under the Proposed Rule, if a borrower received marketing for their mortgage loan before origination in a language other than English, and the servicer knows or should have known of that marketing, the servicer would be required to make available translations or interpretations for that language even if it is not one of the servicer-selected languages.
  • Accurate translations: Failure to provide accurate translations or interpretations would result in a violation of the proposed requirement and the underling requirement.

Other Servicing Issues

In addition to the principal changes outlined above, the CFPB is seeking comments on a number of other topics that impact borrowers and servicers’ practices, to include credit reporting, zombie mortgages, and successors in interest.

  • Credit Reporting: The CFPB notes in its proposal that credit reporting issues arise with borrowers undergoing loss mitigation, specifically with respect to the accuracy and consistency of the information that servicers furnish. Specifically, the CFPB calls out the examples of:
    • after a borrower and servicer have agreed to a loss mitigation option, and the borrower is performing under the terms of that option, the servicer furnishing information to a credit reporting agency indicating that the borrower is delinquent based on the loan terms in place prior to the loss mitigation option; and
    • a servicer inconsistently using, or failing to use, appropriate industry guidance when reporting tradeline data for borrowers affected by a natural disaster, especially with respect to reporting optional data or reporting data without appropriate context.

In light of these issues, the Bureau is requesting public comment about how it could ensure that servicers furnish accurate and consistent credit reporting information for borrowers in connection.  Specifically, the CFPB is soliciting comment on:

    • What servicer practices may result in the furnishing of inaccurate or inconsistent information about mortgages undergoing loss mitigation review?
    • What protocols or practices do servicers currently use to ensure that mortgages are reported accurately and consistently? Are there specific protocols or practices for ensuring that loans in forbearance, or affected by natural disasters, are reported accurately and consistently?
    • Would it be helpful to have a special code to flag all mortgages undergoing loss mitigation review in tradeline data?
    • What steps should the CFPB take to ensure that servicers furnish accurate and consistent tradeline data?
  • Zombie Mortgages: Over the past year, the CFPB has become increasingly vocal about the issues that “zombie” (i.e., dormant, subordinate-lien) mortgage debt may pose to consumers, opining that certain protections under TILA, RESPA, and the Mortgage Servicing Rules apply to the collection of such debt. To guide further action, the Bureau is requesting public comment on the prevalence of zombie mortgages, whether such mortgages are likely to cause consumer harm in the future, and what action the CFPB could take to protect borrowers.
  • Successors in Interest: The Bureau’s major amendments to the Mortgage Servicing Rules in 2016 included the addition of provisions relating to successors in interest (using the framework established by the Garn-St. Germain Depository Institutions Act of 1982). The CFPB notes in the introduction to the Proposed Rule that it continues to receive feedback on challenges these provisions pose – whether by restricting the ability of successors in interest to take advantage of the protections, or by unintentionally excluding certain categories of consumers from the definition of a successor in interest.  Accordingly, the Bureau is requesting comment, data, and information on the prevalence of issues relating to successors in interest, as well as comment on what additional actions it could take to better protect potential, confirmed, and prospective successors in interest.

Similarly, as part of the Proposed Rule the CFPB is considering updates to its commentary to Regulation X, particularly as it relates to a request for loss mitigation assistance received from a potential successor in interest prior to confirming that individual’s identity and ownership interest in the property, and to the application of the Proposed Rule’s foreclosure procedural safeguards.

Impact on “Small Servicers”

Important to note is that the requirements of the Proposed Rule would not apply to a “small servicer,” meaning an entity that:

  • Services (together with any affiliates) 5,000 or fewer mortgage loans, for all of which the servicer (or an affiliate) is the creditor or assignee;
  • Is a Housing Finance Agency (as defined in 24 C.F.F. § 266.5); or
  • Is a non-profit entity (i.e., a 501(c)(3)) that services 5,000 or fewer mortgage loans on behalf of associated non-profit entities, for all of which the servicer or associated entity is the creditor.

What Do I Need to Do?

Given that this represents the first widespread changes to the Mortgage Servicing Rules in eight years, the Proposed Rule could result in significant changes to industry practices – requiring investment of time and other resources as servicers consider the move toward implementing new requirements.  At the Proposed Rule stage – when the opportunity for public comment remains open – servicers should carefully review the Bureau’s proposal to consider how it would impact servicing practices, and whether they can offer public comment or data that would be beneficial to guiding the CFPB as it moves forward in implementing amendments to Regulation X.  Servicers should consider submitting a comment letter to ensure that the Bureau receives any necessary feedback on the Proposed Rule and its invitations for data and other information.


CFPB and Other Federal Agencies Finally Adopt AVM Rule

What Happened?

On June 20, 2024, a group of federal regulators published a rule addressing for the use of automated valuation models (AVMs) in mortgage origination and secondary market transactions.

The rule adoption – by the Consumer Financial Protection Bureau, Office of Comptroller of the Currency (OCC), Board of Governors of the Federal Reserve System (Board), Federal Deposit Insurance Corporation (FDIC) and Federal Housing Finance Agency (collectively, the Agencies) – comes more than 13 years after the enactment of the Dodd-Frank Act.  Section 1473 of the Dodd-Frank Act mandated the promulgation of a rule to implement quality control standards for the use of automated valuation models (AVMs) by mortgage originators and secondary market issuers in valuing the collateral worth of a mortgage secured by a consumer’s principal dwelling – even one made for business, commercial, agricultural, or organizational purposes.  The rule will take effect the first day of a calendar quarter following the 12 months after publication in the Federal Register – or, with an anticipated effective date of July 1, 2025.

Section 1473(q) of the Dodd-Frank Act amended the Financial Institutions Reform, Recovery and Enforcement Act (FIRREA), addressing the use of AVMs to estimate the collateral value of a mortgage for mortgage lending purposes in new section 12 U.S.C. § 3354.  The statute sets forth the framework for developing quality control standards to which AVMs must adhere and directs the Agencies to promulgate regulations implementing the standards.

What AVMs does the Rule Cover?

An AVM is any computerized model used by mortgage originators and secondary market issuers to determine the value of a consumer’s principal dwelling collateralizing a mortgage.  The rule’s quality control standards apply only to AVMs used in connection with making credit decisions or covered securitization determinations regarding a mortgage.  For example, the standards apply when determining a new value before originating, modifying terminating a mortgage, or making other changes to a mortgage including a decision whether to extend new or additional credit or change the credit limit on a home equity line of credit (including reductions or suspensions), or placing a loan in a securitization pool.  The rule treats assumptions as credit events.  By contrast, the rule does not cover other uses such as monitoring collateral in mortgage-backed securitizations after they have already been issued or validating an already completed valuation.

Why Is It Important?

The rule requires institutions that engage in covered credit decisions or securitization determinations – whether themselves, or through or in cooperation with a third party affiliate – to adopt policies, practices, procedures and control systems to ensure that the use of AVMs adheres to quality control standards.

“Control systems” are the functions (such as internal or external audits, risk review, quality control and quality assurance) and information systems that are used to measure performance, make decisions about risk, and assess the effectiveness of processes and personnel, including with respect to compliance with statutes and regulators.

In keeping with FIRREA, the rule’s quality control standards are designed to:

  • Ensure a high level of confidence in the estimates produced by the AVMs;
  • Protect against the manipulation of data;
  • Seek to avoid conflicts of interest;
  • Require random sample testing and reviews; and
  • Comply with applicable nondiscrimination laws.

In the rule, the Agencies take the standards one step further than the Dodd-Frank Act mandate, by requiring AVM quality control standards to comply with applicable nondiscrimination laws.  Exercising their statutory authority to account for other appropriate quality control factors, the Agencies’ inclusion of this fifth factor addresses concerns about the potential for AVMs to produce property estimates that reflect discriminatory bias.  In doing so, the Agencies have acted consistent with the Biden administration’s focus on appraisal bias, as exhibited in the PAVE initiative.

In adopting the rule, the Agencies remind institutions that the Equal Credit Opportunity Act and Regulation B, as well as the Fair Housing Act, apply to appraisals and AVMS.  Further, “institutions have a preexisting obligation to comply with all Federal laws including Federal nondiscrimination laws.” To that end, this fifth factor creates an independent obligation for institutions to establish policies, procedures, and control systems to ensure compliance with nondiscrimination laws.

The rule does not include specific requirements on how institutions are to structure their policies and procedures.  The Agencies intend this nonprescriptive approach to provide institutions the flexibility to set quality controls for AVMs as appropriate, based on the size of the institution and the risk and complexity of the transactions for which AVMs will be used.

Rule Applicability

Key to understanding the rule’s impact is an evaluation of what persons and loans are within its scope.

  • Mortgage Originators, Brokers, and Servicers: For purposes of the rule, the term “mortgage originator” has the same definition as under the Truth in Lending Act: any person who, for direct or indirect compensation or gain, or in the expectation of direct or indirect compensation or gain, takes a mortgage application, assists a consumer in obtaining or applying to obtain a mortgage, or offers or negotiates terms of a mortgage secured by a consumer’s principal dwelling, even if the mortgage is primarily for business, commercial agricultural or organizational purposes.  That definition includes a mortgage broker; however, the rule does not apply to mortgage brokers if they do not engage in making covered credit decisions or securitization determinations.  The rule generally does not cover mortgage servicers, unless they are engaged in covered origination activity (for example, in connection with an assumption or a refinancing).  A mortgage originator does not include an individual who engages in “modifying, replacing and subordinating principal or existing mortgages where borrowers are behind in their payments, in default or have a reasonable likelihood of being in default of falling behind.”
  • Secondary Market Issuers: The rule applies to secondary market participants, including the GSEs or “any other party that creates, structures or organizes a mortgage-backed securities transaction,” which includes coverage of entities that are responsible for determining the collateral worth of a mortgage when issuing mortgage-backed securities. This encompasses secondary market participants in the securitization process that make these types of determinations, as opposed to verifying or monitoring such determinations.
  • Loan Applicability: The rule applies when a mortgage is secured by a consumer’s principal dwelling even if the mortgage is primarily for business, agricultural, or organizational purposes.  For purposes of the rule, a “dwelling” means a residential structure that contains one to four units, regardless of whether the structure is attached to real property.
Use of AVMs by Appraisers Not Subject to the Rule

The rule excludes from its scope a certified or licensed appraiser using AVMs in the development of an appraisal.  In creating this exclusion, the Agencies recognize that to comply with the Uniform Standards of Professional Appraisal Practice, appraisers must make valuation conclusions that are supportable independently and do not rely on the results produced by AVMs. Moreover, the rule excludes reviews of completed determinations from the scope of the rule: “if an AVM is being used solely to review the completed determination, the AVM is not covered by the [r]ule regardless of when the AVM is used after that determination.”

Additionally, the Agencies’ existing guidance regarding AVMs remains applicable separately from the rule.  For example, the OCC, Board, FDIC, and NCUA have issued guidance about prudent appraisal and evaluation programs in Appendix B to the Interagency Appraisal and Evaluation Guidelines.

What To Do Now?

Largely as proposed, the rule requires regulated mortgage originators and secondary market issuers to take appropriate steps and adopt policies, practices, procedures, and control systems to ensure that the use of AVMs in valuing real estate collateral securing mortgage loans adhere to the specified quality control standards, including compliance with nondiscrimination laws to avoid potential valuation bias. The rule requires institutions to create their own policies and procedures to ensure the credibility and integrity of valuation determinations produced by AVMs.

While AVM developers and vendors are not covered by the rule, covered institutions will need to work with their AVM developers and vendors to ensure compliance with its obligations.  It is likely that third party AVM testing entities will emerge to assist with these obligations. Vendor management oversight will be important.  Institutions will need to start thinking through their existing policies, practices,  procedures, and control systems now to identify what changes are necessary to ensure compliance on or before the rule’s effective date.

CFPB Expands its Reach with Final Rule Establishing Nonbank Registry of Public Settlements, Consent Orders and Enforcement Actions

What Happened?

On June 3, 2024, the Consumer Financial Protection Bureau (CFPB or Bureau) issued its Registry of Nonbank Covered Persons Subject to Certain Agency and Court Orders Final Rule (the Final Rule), a 486-page rule imposing new obligations on nonbank entities that offer or provide a consumer financial product or service. At a high level, the Final Rule contains three primary requirements.

First, the Final Rule requires certain nonbank entities (Covered Nonbanks) to register with the CFPB’s new nonbank registry (NBR) and provide information about the nonbank and certain public Federal, State, or local written orders imposing obligations on the nonbank based on violations of certain consumer protection laws.

Second, for those Covered Nonbanks subject to the Bureau’s supervisory authority under section 1024(a) of the Consumer Financial Protection Act of 2010 (CFPA), the Final Rule will require such supervised registered entities to annually identify the executive(s) responsible for and knowledgeable of the nonbank’s efforts to comply with the orders identified in the NBR and submit an annual written statement and attestation.

Third, the Final Rule describes the registration information that the Bureau may make public.

The Final Rule takes effect on September 16, 2024 (the Effective Date) but establishes different implementation dates for different categories of Covered Nonbanks. Covered Nonbanks will be required comply with the Final Rule by as early as October 16, 2024.

Why Does it Matter?

The Final Rule represents yet another novel interpretation by the Bureau of its authority under the Dodd-Frank Act. As stated by the Bureau, “the registry will accomplish a number of goals, with a particular focus on monitoring for risks to consumers related to repeat offenders of consumer protection law.” As set forth below, the scope and requirements of the Final Rule are broad and complex, and failing to comply with these new requirements can perpetuate a “repeat offender” label.

The Final Rule Applies to Covered Nonbanks

With certain exceptions, the Final Rule will apply to covered persons as defined in the CFPA, including persons that engage in offering or providing a consumer financial product or service, as defined in the CFPA. Under the CFPA, a “covered person” is (A) any person that engages in offering or providing a consumer financial product or service; and (B) any affiliate of such person if such affiliate acts as a service provider to such person. Among others, consumer financial products and services generally include the following, to the extent they are offered or provided for use by consumers primarily for personal, family, or household purposes:

  • Extending credit and servicing loans;
  • Extending or brokering certain leases of personal or real property;
  • Providing real estate settlement services;
  • Engaging in deposit-taking activities, transmitting or exchanging funds, or otherwise acting as a custodian of funds;
  • Selling, providing, or issuing stored value or payment instruments;
  • Providing check cashing, check collection, or check guaranty services;
  • Providing payments or other financial data processing products or services to a consumer by any technological means;
  • Providing financial advisory services;
  • Collecting, analyzing, maintaining, or providing consumer report information or certain other account information; and
  • Collecting debt related to any consumer financial product or service.

The Final Rule does not apply to:

  • An insured depository institution or insured credit union (e.g., an FDIC-insured bank);
  • A person who is a covered person solely due to being a “related person,” as provided in the Dodd-Frank Act (e.g., controlling shareholders, consultants, and independent contractors, if the person is a covered person only because the person is a “related person” and not a covered person for another reason);
  • A State, including federally recognized Indian tribes;
  • A natural person;
  • Certain motor vehicle dealers;
  • A person that qualifies as a covered person under the Dodd-Frank Act only because of conduct excluded from the CFPB’s rulemaking authority, such as certain activities related to charitable contributions.

All other covered persons are covered by the Final Rule and are considered “Covered Nonbanks” for purposes of the Final Rule.

Orders Covered by the Final Rule

The Final Rule applies to “Covered Orders.” A Covered Order is a final public order issued by an agency or court (whether or not issued by settlement or consent) that:

  • Identifies a Covered Nonbank by name as a party subject to the order;
  • Was issued at least in part in any action or proceeding brough by any Federal Agency, State Agency, or Local Agency;
  • Contains public provisions that impose obligations on the Covered Nonbank to take certain actions or to refrain from taking certain actions;
  • Imposes such obligations on the Covered Nonbank “based on” an alleged violation of a “Covered Law”; and
  • Has an effective date on or later than January 1, 2017.

A “Covered Law” means one of the following laws, to the extent that the violation of law found or alleged “arises out of conduct in connection with the offering or provision of a consumer financial product or service”:

  • A Federal consumer financial law;
  • Any other law as to which the Bureau may exercise enforcement authority;
  • The prohibition on UDAPs under section 5 of the FTC Act or rules or orders issued thereunder;
  • A State law prohibiting UDAPs/UDAAPs as identified in Appendix A to the Final Rule;
  • A State law amending or otherwise succeeding a law identified in Appendix A to the Final Rule, to the extent the law is materially similar to its predecessor; or
  • A rule or order issued by a State agency for the purpose of implementing a State law referenced in the two preceding bullet points.

According to the Bureau, “an obligation is ‘based’ on alleged violation where the order identifies the covered law in question, asserts or otherwise indicates that the covered nonbank has violated it, and imposes the obligation on the covered nonbank at least in part as a result of the alleged violation, even where the order contains provisions clearly stating that the entity does not concede or admit liability.” While the Bureau clarifies the meaning of “based on,” the Bureau declines to provide clarity “for determining the circumstances under which violations of covered laws arise out of conduct ‘in connection with the offering or provision of a consumer financial product or service.’”

It is also noteworthy, that the CFPB declined to narrow the definition of Covered Orders to those involving consumer harm. As a result, even orders of a clerical, technical, or administrative nature could be in scope.

Initial Registration Requirements

During each implementation submission period (discussed below), for all Covered Orders that (1) have an effective date from January 1, 2017, through the start of the Covered Nonbank’s submission period, and (2) for Covered Orders issued prior to September 16, 2024, remains effective as of September 16, 2024, each Covered Nonbank that is identified as a party to such Covered Order must register with the NBR and provide the following information, in the format provided by the Bureau (such filing instructions have not yet been released) within 90 days from the applicable implementation date or after the effective date of the applicable Covered Order:

  • A fully executed, accurate and complete copy of the Covered Order (except nonpublic portions may be omitted);
  • The name of the agency(ies) and court(s) that issued or obtained the Covered Order, as applicable;
  • The effective date of the Covered Order;
  • The expiration date of the Covered Order, if any;
  • All Covered Laws found to have been violation, or for orders issued upon the parties’ consent, alleged to have been violated;
  • Any docket, case, tracking, or similar identifying number(s) assigned to the Covered Order by the applicable agency(ies) or court(s); and
  • The name and title of the attesting executive with respect to the Covered Order, if the registered entity is a supervised registered entity.

Annual Supervisory Reports for Supervised Registered Entities

Supervised Registered Entity

The annual reporting requirements apply to an “supervised registered entity” defined to mean a registered entity that is subject to supervision and examination by the Bureau. The definition includes:

  • An entity that qualifies as a larger market participant for consumer financial products or services, as defined in the CFPA;
  • An entity subject to an order by the Bureau exercising supervisory authority over certain nonbanks based on a risk determination in accordance with the CFPA; and
  • An affiliate of an insured depository institution and insured credit unions with more than $10 billion in total assets.

The definition excludes:

  • A service provider that is subject to Bureau examination and supervision solely in its capacity as a service provider and that is not otherwise subject to Bureau supervision and examination;
  • A motor vehicle dealer that is predominantly engaged in the sale and servicing of motor vehicles, the leasing and servicing of motor vehicles, or both, with limited exception;
  • Persons with less than $5 million in annual receipts resulting from offering or providing all consumer financial products or services;
  • A person that qualifies as a covered person based solely on conduct that is the subject of, and that is not otherwise exempted from, an exclusion from the Bureau’s supervisory authority under the CFPA; and
  • An affiliate of an insured depository institutions and insured credit unions with less than $10 billion in total assets.

Designation of Attesting Executive

A supervised registered entity subject to a Covered Order is required to annually designate one attesting executive for each Covered Order and all submissions related to that order who is “its highest-ranking duly-appointed senior executive officer (or, if the supervised registered entity does not have any duly appointed officers, the highest-ranking individual charged with managerial or oversight responsibility for the supervised registered entity) whose assigned duties include ensuring the supervised registered entity’s compliance with Federal consumer financial law, who has knowledge of the entity’s systems and procedures for ensuing compliance with the covered order, and who has control over the entity’s efforts to comply with the covered order.”

While the Bureau expects that under most circumstances the supervised registered entity would designate one single individual as its attesting executive for all of the Covered Orders to which it is subject, the Final Rule does not include such a requirement as the Bureau recognizes that there may be situations where there is no one executive with the requisite knowledge for all Covered Orders.

The entity must authorize the attesting executive to perform the duties of an attesting executive on behalf of the supervised registered entity with respect the Covered Order, including providing prompt access to all documents and information related to the supervised registered entity’s compliance with all applicable Covered Orders to make the required annual statement, as described below.

Annual Statement

The Annual Statement requirement applies prospectively to Covered Orders with an effective date after the Nonbank Registry Implementation Date. The Bureau states that it will treat the written statement submitted by the supervised registered entity as confidential supervisory information but does intend to publish the name and title of the attesting executive as it believes that publication of the executive’s name “will provide an incentive to pay more attention to covered orders.”

On or before March 31st of each calendar year, the supervised registered entity must submit to the NBR a written statement for each Covered Order signed by the attesting executive. Such statement must include:

  • A general description of the steps that the attesting individual has undertaken to review and oversee the supervised registered entity’s activities applicable to the Covered Order for the preceding calendar year; and
  • Attest whether to the attesting executive’s knowledge, the supervised registered entity during the preceding calendar year identified any violations or instances of noncompliance with any public provisions of the Covered Order.

The Bureau does not establish any minimum procedures or steps the attesting executive must take in order to review and oversee the entity’s activities. With that said, the Bureau declined “to impose a reasonableness, good faith or other standards regarding the steps that the attesting executive has undertaken to review and oversee the supervised registered entity’s activities subject to the applicable covered order.” The Bureau also declined to impose materiality requirements as to the types of violations that must be declared – even minor ones are important to the Bureau.


Supervised registered entities are required to maintain documents and other records to provide reasonable support for its written statement for 5 years after its submission is required.

Optional One-Time Registration of NMLS-Published Covered Orders

In lieu of requiring compliance with the registration and annual reporting requirements, a Covered Nonbank that is identified by name with respect to an NMLS-published Covered Order may elect to comply with a one-time registration option. The CFPB will specify what information the Covered Nonbank must provide to the NBR for purposes of identifying the NMLS-published Covered Order and for coordinating with the NMLS. Upon supplying this information, the Covered Nonbank will have no further reporting obligations with respect to that Covered Order. A Covered Nonbank may avail itself of this one-time registration for all or some of its NMLS-published orders, which are those orders published on the NMLS Consumer Access website. However, “no covered order issued or obtained at least in part by the Bureau shall be an NMLS-published covered order.” Thus, if the applicable Covered Order was issued either by a court or the Bureau itself, or brought at least in part by the Bureau, this optional one-time registration is not available to such order. That is because the Bureau is requiring such orders to be included in the NBR so that the CFPB can monitor and enforce its own orders as well as obtaining the annual written statement regarding CFPB orders.

Termination of Registration Requirements

Covered Orders are subject to ongoing registration requirements until it is deemed to expire under the Final Rule, or all relevant provisions are fully terminated by an agency or court or under its own terms on a date expressly provided for in the Covered Order.

The Final Rule provides that a Covered Order that does not expressly provide for a termination date and is not otherwise terminated earlier is deemed to expire 10 years after its effective date. Alternatively, if a Covered Order provides for a termination date that is longer than 10 years, the Covered Order is not deemed to have terminated until the longer period provided for in the order.

The Final Rule requires that Covered Nonbanks notify the Bureau within 90 days from the date any Covered Order is modified, terminated, or abrogated.

If a Covered Order expires, is terminated, or is otherwise modified such that it is no longer a Covered Order, then the Covered Nonbank is relieved of ongoing registration and written statement obligations with respect to such order after the Covered Nonbank files a final notice with the Bureau. That is not to say, however, that the Covered Order would be removed from the CFPB’s registry. Subject to the Bureau’s discretion, the CFPB may maintain information on Covered Orders and the Covered Nonbanks subject to them on the NBR indefinitely.

Publication and Correction of Submissions to the NBR

Publication of NBR Information

The Final Rule provides that the CFPB may publish certain information about registered Covered Nonbanks and Covered Orders on its website. However, the written statement will be treated as confidential supervisory information. In addition, at its discretion, the CFPB may also publish aggregations or summary reports using the information submitted to the CFPB’s NBR.

Corrections of Submissions

If any information submitted to the NBR was inaccurate when submitted and remains inaccurate, a Covered Nonbank must file a corrected report in the form and manner specified by the Bureau within 30 days after the date on which the Covered Nonbank becomes aware or has reason to know of the inaccuracy. In addition, the Bureau may at any time and in its discretion direct a Covered Nonbank to correct errors or other non-compliant submissions to the NBR.

Implementation Submission Periods and Ongoing Registration

Implementation Submission Periods

The Final Rule provides for phased implementation dates that vary depending on the type of Covered Nonbank. As reflected in the below table, the Final Rule provides the following 90-day registration window for each category of Covered Nonbank to register all Covered Orders with effective dates from January 1, 2017, until the start of that implementation submission period:

Covered Nonbank Type

Registration Submission Period*

Registration Deadline*

Larger Participant CFPB-Supervised Covered Nonbanks

Covered Nonbanks that are larger participants of a market for consumer financial products or services described under 12 U.S.C. 5514(a)(1)(B) as defined by one or more rules issued by the Bureau

October 16, 2024 through January 14, 2025 January 14, 2025
Other CFPB-Supervised Covered Nonbanks

Covered Nonbanks described under any other provision of 12 U.S.C. 5514(a)(1)

January 14, 2025 through April 14, 2025 April 14, 2025
All other Covered Nonbanks April 14, 2025 through July 14, 2025

July 14, 2025

* The Final Rule requires any dates that fall on a Saturday, Sunday, or Federal holiday be converted to the next day that is not a Saturday, Sunday, or Federal holiday. The Bureau has adjusted the above implementation submission period dates accordingly.

As noted above, during each of the above Registration Submission Periods, the Covered Nonbank must register all Covered Orders that: (1) have an effective date from January 1, 2017, through the start of the Covered Nonbank’s Registration Submission Period, and (2) for Covered Orders issued prior to September 16, 2024, the Covered Order remains effective as of September 16, 2024.

By way of example, assume an Other CFPB-Supervised Covered Nonbank has the following orders (that otherwise meet the definition of a Covered Order): (1) an order that took effect on January 1, 2016, and that expires on January 1, 2026, (2) an order that took effect on January 1, 2017, and that expires on October 30, 2025, and (3) an order that becomes effective on January 1, 2025, and that expires on January 1, 2031. During the applicable Registration Submission Period (noted above), the Other CFPB-Supervised Covered Nonbank:

  • Would not register the first order (effective January 1, 2016) because it took effect before January 1, 2017.
  • Must register the second order (effective January 1, 2017) because it took effect on or after January 1, 2017 (and prior to the start of the applicable submission period) and remained in effect as of September 16, 2024.
  • Must register the third order (effective January 1, 2025) because it took effect on or after September 16, 2024, and prior to the start of the applicable submission period.

Ongoing Registration

After the start of a Covered Nonbank’s implementation submission period, a Covered Nonbank must begin complying with the Final Rule’s ongoing registration timing requirements to register new Covered Orders and to submit changes or updates related to previously registered Covered Orders. Generally, a Covered Nonbank must return to the NBR and make a registration submission within the identified 90-day window for each of the following events:

  • Any updates or changes to the nonbank’s identifying information or administrative information, within 90 days after the date of that change.
  • Any amendments to previously registered Covered Orders, including changes to submitted order information, within 90 days after the date the amendments are made.
  • Any new Covered Orders applicable to the Covered Nonbank (with effective dates on or after the start of the applicable implementation period), within 90 days after the effective date of the new Covered Order.
  • A revised filing if there is any termination or expiration (as discussed above) of a previously registered Covered Order, within 90 days after the effective date of that termination or expiration.

Enforcement / Penalties for Noncompliance with Final Rule

General Enforcement

The Bureau declined to establish special rules or remedies for violation of the Final Rule. With that said, the Preamble to the Final Rule clearly states that the Final Rule is a Federal consumer financial law under the CFPA and that “[v]iolation of the [F]inal [R]ule would be an independent violation of Federal consumer financial law subject to enforcement as provided in the CFPA, and applicable remedies under law, including potential civil money penalties.”

Additional Enforcement Considerations for Supervised Registered Entities

With respect to supervised registered entities, the Final Rule clarifies that the obligation to designate an attesting executive or to submit a written statement when required to do so, belongs to the supervised registered entity, and not to any particular individual. Accordingly, the Bureau states that “[i]f a supervised registered entity failed to designate an attesting executive or to submit a written statement when required to do so, the supervised registered entity – not a particular individual – would potentially be subject to an enforcement action.”

Notwithstanding the foregoing, the Bureau stated its expectation that the requirement to designate a single attesting executive for a Covered Order will prompt the executive to focus greater attention on ensuring compliance, which in turn will increase the likelihood of compliance. The Bureau also indicated that it intends to use the information submitted under § 1092.204 to facilitate its efforts to assess compliance with any Covered Orders that may be enforced by the Bureau, and to make determinations regarding any potential Bureau supervisory or enforcement actions related to the Covered Order or any other identified risks to consumers. For example, “where information obtained under proposed 1092.204 indicates that a high-ranking executive has knowledge of (or has recklessly disregarded) violations of legal obligations falling within the scope of the Bureau’s jurisdiction, and has authority to control the violative conduct, the Bureau may use that information in assessing whether an enforcement action should be brought not only against the nonbank covered person, but also against the individual executive.” However, the Final Rule itself does not impose any legal obligation on the attesting executive to ensure compliance with any Covered Order.

Finally, with respect to the attestation required to be submitted as part of the annual written statement, the Bureau notes that Final Rule “does not purport to interpret provisions of criminal law . . . or to identify particular circumstances under which an attesting executive would become criminally liable for false statements,” however the Bureau indicates that it “expects attesting executives to submit truthful statements under the Final Rule and believes that the existence of other laws like 18 USC 1001 provides incentives in that regard.” Notably, however, 18 USC 1001 makes it a crime to make any false statements in any matter within the jurisdiction of the executive, legislative, or judicial branch of the U.S. government. Therefore, the Bureau appears to suggest that making a false attestation under the Final Rule may also constitute a crime under 18 USC 1001 or other applicable law.

What Do I Need to Do?

The Final Rule is complicated – some might say unnecessarily so – with lots of opportunities for missteps. Between the Final Rule and the Bureau’s recent apparent strategy to issue consent orders with indefinite terms, companies will need to be extra vigilant to avoid the scarlet letter designation of a repeat offender.  Now is the time to double down on compliance. This also holds true for Covered Nonbanks that are not subject to CFPB supervision as the Final Rule also coincides with the CFPB’s increased use of its so-called “dormant authority,” which empowers the Bureau to designate nonbanks for supervision based on certain risks to consumers. Covered Nonbanks that are designated for CFPB supervision must also comply with the additional reporting and attestation requirements applicable to supervised registered entities.

While the Final Rule does not establish any minimum procedures nor otherwise specify the steps an entity must take to comply with the Final Rule, failure to implement steps in accordance with the CFPB’s expectations will not be viewed positively by the Bureau. As a result, now is the time for nonbanks to work with counsel to understand and implement the Final Rule, as applicable, into their compliance management systems once the filing instructions are released.


CFPB Seeks Permanent Enforcement – Will this Further its Repeat Offender Agenda?

What Happened?

On May 31, 2024, the Consumer Financial Protection Bureau (CFPB) sued student loan servicer Pennsylvania Higher Education Assistance Agency (PHEAA) for illegally collecting on student loans that have been discharged in bankruptcy and sending false information about consumers to credit reporting companies, in violation of the Consumer Financial Protection Act (CFPA) and the Fair Credit Reporting Act. As a result of PHEAA’s alleged practices, borrowers are forced to either pay debt they do not owe or risk being hit with negative information on their credit reports and default due to the purported non-payment. The CFPB’s lawsuit asks the court to order PHEAA to stop its illegal conduct, provide redress to borrowers it has harmed, and pay a civil penalty.

Notably, this lawsuit follows a prior complaint and proposed stipulated judgments filed by the CFPB against PHEAA and National Collegiate Student Loan Trusts (the Trusts) just 25 days earlier. The stipulated judgments filed by the CFPB on May 6, 2024, if approved (briefing to continue until at least June 28, 2024), would require the PHEAA and the Trusts to pay more than $5 million for student loan servicing failures, including failing to provide accurate information to borrowers and incorrectly denying forbearance requests. In addition to certain affirmative obligations, the Trusts are prohibited from directly or indirectly violating sections 1031 (prohibiting unfair, deceptive, abusive acts and practices) and 1036 (prohibiting violating a federal consumer financial law) of the CFPA with respect to certain borrower requests.

Why Is It Important?

The proposed stipulated judgments conspicuously lack one important feature – they do not provide for a termination date. While certain administrative provisions contain time limits (such as 5-year notification and recordkeeping requirements), the stipulated judgments effectively act as a permanent injunction against PHEAA and the Trusts. In other words, if, at any point in the future, PHEAA were to violate the Consumer Financial Protection Act, then PHEAA would be liable for violating the stipulated judgment – and, subsequently, at risk of being branded a “repeat offender” by the CFPB. Conveniently, just last week, the CFPB finalized a rule to establish a registry to detect and deter corporate offenders that have broken consumer laws and are subject to federal, state, or local government or court orders.

What Do I Need to Do?

Institutions within the CFPB’s jurisdiction should be aware of the CFPB’s actions and present any applicable legal defenses as to why an indefinite contract may be deemed unenforceable in court. Further, institutions should enhance their compliance management systems to mitigate risk and ensure they do not end up on the CFPB’s repeat offender list.

FSOC Issues Report on Nonbank Mortgage Servicing Highlighting Strengths, Vulnerabilities and Recommendations

What Happened?

In May 2024, the Financial Stability Oversight Council (FSOC or Council) issued a Report on Nonbank Mortgage Servicing (the Report). The Report recognizes the strengths of nonbank mortgage companies (NMCs) and the important role they serve. However, the Council warns that the vulnerabilities of NMCs are more acute due, in part, to the mortgage market shift from banks to NMCs, the increasing federal government exposure to NMCs, financial strain of nonbank originators following the end of the refinance boom, and considerable liquidity risk from NMCs funding sources. The Council warns that it will continue to monitor such risks and take or recommend additional actions in accordance with its Analytic Framework (the 2023 Analytic Framework) and Nonbank Designation Guidance (the 2023 Nonbank Designation Guidance), which we discussed in a prior blog post. The Council also makes several recommendations, including asking Congress to establish a fund financed by the nonbank mortgage sector and administered by an existing federal agency to ensure there are no taxpayer-funded bailouts should a nonbank mortgage servicer fail.

Why Does it Matter?


The Dodd-Frank Act empowers FSOC to designate a nonbank financial company subject to enhanced prudential standards and supervision by the Federal Reserve’s Board of Governors by a two-thirds vote of the Council. The Council is comprised of 10 voting members consisting of the U.S. prudential regulators, the Director of the Consumer Financial Protection Bureau (CFPB), the Director of the Federal Housing Finance Agency, the Chair of the Securities and Exchange Commission, the Chairman of the Commodity Futures Trading Commission, an independent member having insurance expertise, and five non-voting members with the Secretary of the Treasury serving as Chairperson of the Council.

This designation can be made upon the Council’s finding that:

  • Material financial distress at the nonbank financial company could pose a threat to the financial stability of the United States; or
  • The nature, scope, size, scale, concentration, interconnectedness, or mix of the activities of the nonbank financial company could pose a threat to the financial stability in the United States.

The Council’s 2023 Analytic Framework provides a non-exhaustive list of eight potential risk factors and the indicators that FSOC intends to monitor that include: (i) leverage, (ii) liquidity risks and maturity mismatches, (iii) interconnections, (iv) operational risk, (v) complexity of opacity, (vi) inadequate risk management, (vii) concentration, and (viii) destabilizing activities. Additionally, FSOC will assess the transmission of those risks by evaluating: (i) exposure, (ii) asset liquidation, (iii) critical function or service, and (iv) contagion. The 2023 Nonbank Designation Guidance, procedural in nature, defines a two-stage process the Council will use to make a firm-specific “nonbank financial company determination” pursuant to FSOC’s Analytic Framework. The Council also has the authority to make recommendations to regulators and Congress and engage in interagency coordination.

The 2024 Report on Nonbank Mortgage Servicing

At the outset, the Council recognizes that the NMC market share has increased significantly. Based on HMDA data, NMCs originate around two-thirds of mortgages in the United States and owned the servicing rights on 54 percent of mortgage balances in 2022 as compared to 2008 when NMCs originated only 39 percent of mortgages and owned the servicing rights on only four percent of mortgage balances. Moreover, in the 10-year period between 2014 and 2024, the share of Agency (i.e., Fannie Mae, Freddie Mac, and Ginnie Mae) servicing handled by NMCs increased from 35 percent 66 percent.

In 2023, NMCs serviced around $6 trillion for the Agencies and approximately 70 percent of the total Agency market.

FSOC recognizes that NMCs filled a void following the 2007-2009 crisis when banks exited the market due to several factors (such as the revised capital rules on banks, making MSRs less attractive, as well as perceived increased costs of default servicing resulting from the National Mortgage Settlement, the Independent Foreclosure Review, prosecutions under the False Claims Act, and private litigation.) According to FSOC, NMCs developed substantial operational capacity and embraced technology. The Council also recognizes NMCs’ strength in servicing historically underserved borrowers. In 2022, NMCs originated greater than 70 percent of mortgages extended to Black and Hispanic borrowers and more than 60 percent of low- and moderate-income borrowers.

While recognizing the strengths of NMCs, the Report also highlights several vulnerabilities. Of the eight risk factors identified in the 2023 Analytic Framework, FSOC focuses its concerns on the following four vulnerabilities:

  • Liquidity Risks & Maturity Mismatches: As provided in the 2023 Analytic Framework, a shortfall of sufficient liquidity to cover short-term needs, or reliance on short-term liabilities to finance longer-term assets, can lead to rollover or refinance risk. FSOC may measure this risk by looking at the ratios of short-term debt to unencumbered liquid assets and the amount of additional funding available to meet unexpected reductions in available short-term funds. FSOC reports “considerable” liquidity concerns from NMCs’ funding sources and servicing contracts. First, NMCs’ reliance on warehouse lines of credit can result in (i) margin calls, (ii) repricing or restructuring lines by raising interest rates, changing the types of acceptable collateral, or canceling lines, (iii) exercising cross default provisions, and (iv) the risk of multiple warehouse lenders enforcing covenants or imposing higher margin requirements at the same time. Second, NMCs face liquidity risk from margin calls on the hedges in place to protect interest rate movements while mortgages are on a warehouse line. Third, NMCs face liquidity risks from their lines of credit that are collateralized by mortgage servicing rights (MSRs), that can also result in margin calls. Finally, requirements to advance funds on behalf of the investor (particularly Ginnie Mae) or repurchase mortgages from securitization pools may result in liquidity strains.
  • Leverage: As provided in the 2023 Analytic Framework, leverage is assessed by levels of debt and other off-balance sheet obligations that may create instability in the face of sudden liquidity restraints, within a market or at a limited number of firms in a market. To assess leverage, the Council may look at quantitative metrics such as ratios of assets, risk-weighted assets, debts, derivatives liabilities or exposures, and off-balance sheet obligations to equity. The Report cites to data from Moody’s Ratings which requires an NMC to have a ratio of secured debt to gross tangible assets of less than 30 percent for its long-term debt rating to be investment grade. In the third quarter of 2023, 37% of NMCs met this standard and 35% of NMCs had ratios in excess of 60 percent which is considered a high credit risk. According to FSOC, equity funding by NMCs add to leverage vulnerability.
  • Operational Risk: As provided in the 2023 Analytic Framework, operational risk arises for the “impairment or failure of financial market infrastructures, processes or systems, including due to cybersecurity vulnerabilities.” The Report highlights that for NMCs operational risks include continuity of operations, threats from cyber events, third-party risk management, quality control, governance, compliance, and processes for servicing delinquent loans.
  • Interconnections: As provided in 2023 Analytic Framework, direct or indirect financial interconnections include exposures of creditors, counterparties, investors, and borrowers that can increase the potential negative effect measured by the extent of exposure to certain derivatives, potential requirement to post margin or collateral, and overall health of the balance sheet. Through warehouse lenders, other financing sources, servicing and subservicing relationships, NMCs are connected to each other. Because of such linkages, the Council is concerned that financial difficulties at one core lender could affect many NMCs.

Because of these NMC vulnerabilities, FSOC is concerned that NMCs could transmit the negative effects of such shocks to the mortgage market and broader financial system through the following channels discussed in the 2023 Analytic Framework:

  • Critical Functions and Services: As provided in 2023 Analytic Framework, a risk to financial stability can arise if there could be a disruption of critical functions or services that are relied upon by market participants for which there is no substitute. FSOC is concerned that if an NMC is under financial strain, it would not have the resources to carry out its core responsibilities, which could result in bankruptcy, borrower harm, operational harm, or servicing transfers mandated by state regulators.
  • Exposures: This refers to the level of direct and indirect exposure of creditors, investors, counterparties, and others to particular instruments or asset classes. Again, if an NMC faced financial strain that impacted the ability of the NMS to execute its functions, other counterparties could be harmed, including investors and credit guarantors. The Agencies could also experience high costs and credit losses and may have challenges in transferring servicing to a more stable servicer. The Report notes that “servicing assumption risk may be slightly less acute (though not less costly) for the enterprises, which have more preemptive tools available to them to assist a servicer in distress than Ginnie Mae does.”
  • Contagion and Asset Liquidation: While these are two separate risks, the Council grouped them together. As defined in the 2023 Analytic Framework, contagion is the potential for financial contagion arising from public perceptions of vulnerability and loss of confidence in widely held financial instruments. Asset liquidation is rapid asset liquidation and the snowball effect of a widespread asset selloff across sectors. The Council is concerned that because MSRs are a large share of NMCs’ assets, “changes in macroeconomic conditions or funder risk appetite” could depress MSR valuations resulting in rapid liquidation and have a material impact on NMC solvency and access to credit.

Because of the federal government’s financial support to Fannie Mae and Freddie Mac, and the direct responsibility for Ginnie Mae’s guarantee to bond investors, the federal government has an interest in addressing servicing risks. FSOC does not believe such risks, as identified above, are sufficiently addressed by the states or existing federal authority. First, “[n]o federal regulator has direct prudential authorities over nonbank mortgage servicers.” Second, the state regulators have prudential authority, however, only nine states (as of April 2024) have adopted prudential financial and corporate governance standards. To that end, the Council recommends:

  • State regulators adopt enhanced prudential requirements, further coordinate supervision of nonbank mortgage servicers, and require recovery and resolution planning for large nonbank mortgage servicers.
  • Federal and state regulators should continue to monitor the nonbank mortgage sector and develop tabletop exercises to prepare for the failure of nonbank mortgage servicers.
  • Congress should provide the Federal Housing Finance Agency and Ginnie Mae with additional authority to establish safety and soundness standards and directly examine nonbank mortgage servicer counterparties for compliance with such standards. Congress should also authorize Ginnie Mae and encourage state regulators to share information with each other and Council members.
  • Congress should consider legislation to provide more protections for borrowers to keep their homes.
  • Congress should consider providing Ginnie Mae with authority to expand its Pass-Through Assistance Program (PTAP) to include tax and insurance payments, foreclosure costs and or advances during periods of severe market stress.
  • Congress should through legislation establish a fund (financed by the nonbank mortgage servicing sector) to facilitate operational continuity of servicing for servicers in bankruptcy or failure to ensure the servicing obligations can be transferred, or the company is recapitalized or sold. The Council recommends that Congress provide “sufficient authority to an existing federal agency to implement and maintain the fund, assess appropriate fees, set criteria for making disbursements, and mitigate risks associated with the implementation of the fund.”

What Do I Need to Do?

Well, shortly after the Report was issued, CFPB Director Chopra issued a statement, indicating that: “The Report is silent on what, if any, tools the FSOC itself should use to address these risks. That must be the next phase of our work. In line with the 2023 Analytic Framework and Nonbank Designation Guidance, we should carefully consider whether any large nonbank mortgage companies meet the statutory threshold for enhanced supervision and regulation by the Federal Reserve Board.”

Given that warning, NMCs should pay careful attention to the statutory threshold for enhanced supervision and work on mitigating their liquidity and other risks. The Report points out that the CSBS enhanced prudential standards are enforceable by the states that have adopted such standards “including through multistate examinations that include at least one state that has adopted the standards or through referrals to states that have adopted these standards.” Thus, servicers should anticipate more state or multistate probes concerning liquidity and corporate governance. And, while stating the obvious, now is the time to double down on managing operational risks, including but not limited to continuity of operations, threats from cyber events, third-party risk management, quality control, governance, compliance, and processes for servicing delinquent loans.