Alston & Bird Consumer Finance Blog

Consumer Financial Protection Bureau (CFPB)

CFPB Expands its Reach with Final Rule Establishing Nonbank Registry of Public Settlements, Consent Orders and Enforcement Actions

By ,

What Happened?

On June 3, 2024, the Consumer Financial Protection Bureau (CFPB or Bureau) issued its Registry of Nonbank Covered Persons Subject to Certain Agency and Court Orders Final Rule (the Final Rule), a 486-page rule imposing new obligations on nonbank entities that offer or provide a consumer financial product or service. At a high level, the Final Rule contains three primary requirements.

First, the Final Rule requires certain nonbank entities (Covered Nonbanks) to register with the CFPB’s new nonbank registry (NBR) and provide information about the nonbank and certain public Federal, State, or local written orders imposing obligations on the nonbank based on violations of certain consumer protection laws.

Second, for those Covered Nonbanks subject to the Bureau’s supervisory authority under section 1024(a) of the Consumer Financial Protection Act of 2010 (CFPA), the Final Rule will require such supervised registered entities to annually identify the executive(s) responsible for and knowledgeable of the nonbank’s efforts to comply with the orders identified in the NBR and submit an annual written statement and attestation.

Third, the Final Rule describes the registration information that the Bureau may make public.

The Final Rule takes effect on September 16, 2024 (the Effective Date) but establishes different implementation dates for different categories of Covered Nonbanks. Covered Nonbanks will be required comply with the Final Rule by as early as October 16, 2024.

Why Does it Matter?

The Final Rule represents yet another novel interpretation by the Bureau of its authority under the Dodd-Frank Act. As stated by the Bureau, “the registry will accomplish a number of goals, with a particular focus on monitoring for risks to consumers related to repeat offenders of consumer protection law.” As set forth below, the scope and requirements of the Final Rule are broad and complex, and failing to comply with these new requirements can perpetuate a “repeat offender” label.

The Final Rule Applies to Covered Nonbanks

With certain exceptions, the Final Rule will apply to covered persons as defined in the CFPA, including persons that engage in offering or providing a consumer financial product or service, as defined in the CFPA. Under the CFPA, a “covered person” is (A) any person that engages in offering or providing a consumer financial product or service; and (B) any affiliate of such person if such affiliate acts as a service provider to such person. Among others, consumer financial products and services generally include the following, to the extent they are offered or provided for use by consumers primarily for personal, family, or household purposes:

  • Extending credit and servicing loans;
  • Extending or brokering certain leases of personal or real property;
  • Providing real estate settlement services;
  • Engaging in deposit-taking activities, transmitting or exchanging funds, or otherwise acting as a custodian of funds;
  • Selling, providing, or issuing stored value or payment instruments;
  • Providing check cashing, check collection, or check guaranty services;
  • Providing payments or other financial data processing products or services to a consumer by any technological means;
  • Providing financial advisory services;
  • Collecting, analyzing, maintaining, or providing consumer report information or certain other account information; and
  • Collecting debt related to any consumer financial product or service.

The Final Rule does not apply to:

  • An insured depository institution or insured credit union (e.g., an FDIC-insured bank);
  • A person who is a covered person solely due to being a “related person,” as provided in the Dodd-Frank Act (e.g., controlling shareholders, consultants, and independent contractors, if the person is a covered person only because the person is a “related person” and not a covered person for another reason);
  • A State, including federally recognized Indian tribes;
  • A natural person;
  • Certain motor vehicle dealers;
  • A person that qualifies as a covered person under the Dodd-Frank Act only because of conduct excluded from the CFPB’s rulemaking authority, such as certain activities related to charitable contributions.

All other covered persons are covered by the Final Rule and are considered “Covered Nonbanks” for purposes of the Final Rule.

Orders Covered by the Final Rule

The Final Rule applies to “Covered Orders.” A Covered Order is a final public order issued by an agency or court (whether or not issued by settlement or consent) that:

  • Identifies a Covered Nonbank by name as a party subject to the order;
  • Was issued at least in part in any action or proceeding brough by any Federal Agency, State Agency, or Local Agency;
  • Contains public provisions that impose obligations on the Covered Nonbank to take certain actions or to refrain from taking certain actions;
  • Imposes such obligations on the Covered Nonbank “based on” an alleged violation of a “Covered Law”; and
  • Has an effective date on or later than January 1, 2017.

A “Covered Law” means one of the following laws, to the extent that the violation of law found or alleged “arises out of conduct in connection with the offering or provision of a consumer financial product or service”:

  • A Federal consumer financial law;
  • Any other law as to which the Bureau may exercise enforcement authority;
  • The prohibition on UDAPs under section 5 of the FTC Act or rules or orders issued thereunder;
  • A State law prohibiting UDAPs/UDAAPs as identified in Appendix A to the Final Rule;
  • A State law amending or otherwise succeeding a law identified in Appendix A to the Final Rule, to the extent the law is materially similar to its predecessor; or
  • A rule or order issued by a State agency for the purpose of implementing a State law referenced in the two preceding bullet points.

According to the Bureau, “an obligation is ‘based’ on alleged violation where the order identifies the covered law in question, asserts or otherwise indicates that the covered nonbank has violated it, and imposes the obligation on the covered nonbank at least in part as a result of the alleged violation, even where the order contains provisions clearly stating that the entity does not concede or admit liability.” While the Bureau clarifies the meaning of “based on,” the Bureau declines to provide clarity “for determining the circumstances under which violations of covered laws arise out of conduct ‘in connection with the offering or provision of a consumer financial product or service.’”

It is also noteworthy, that the CFPB declined to narrow the definition of Covered Orders to those involving consumer harm. As a result, even orders of a clerical, technical, or administrative nature could be in scope.

Initial Registration Requirements

During each implementation submission period (discussed below), for all Covered Orders that (1) have an effective date from January 1, 2017, through the start of the Covered Nonbank’s submission period, and (2) for Covered Orders issued prior to September 16, 2024, remains effective as of September 16, 2024, each Covered Nonbank that is identified as a party to such Covered Order must register with the NBR and provide the following information, in the format provided by the Bureau (such filing instructions have not yet been released) within 90 days from the applicable implementation date or after the effective date of the applicable Covered Order:

  • A fully executed, accurate and complete copy of the Covered Order (except nonpublic portions may be omitted);
  • The name of the agency(ies) and court(s) that issued or obtained the Covered Order, as applicable;
  • The effective date of the Covered Order;
  • The expiration date of the Covered Order, if any;
  • All Covered Laws found to have been violation, or for orders issued upon the parties’ consent, alleged to have been violated;
  • Any docket, case, tracking, or similar identifying number(s) assigned to the Covered Order by the applicable agency(ies) or court(s); and
  • The name and title of the attesting executive with respect to the Covered Order, if the registered entity is a supervised registered entity.

Annual Supervisory Reports for Supervised Registered Entities

Supervised Registered Entity

The annual reporting requirements apply to an “supervised registered entity” defined to mean a registered entity that is subject to supervision and examination by the Bureau. The definition includes:

  • An entity that qualifies as a larger market participant for consumer financial products or services, as defined in the CFPA;
  • An entity subject to an order by the Bureau exercising supervisory authority over certain nonbanks based on a risk determination in accordance with the CFPA; and
  • An affiliate of an insured depository institution and insured credit unions with more than $10 billion in total assets.

The definition excludes:

  • A service provider that is subject to Bureau examination and supervision solely in its capacity as a service provider and that is not otherwise subject to Bureau supervision and examination;
  • A motor vehicle dealer that is predominantly engaged in the sale and servicing of motor vehicles, the leasing and servicing of motor vehicles, or both, with limited exception;
  • Persons with less than $5 million in annual receipts resulting from offering or providing all consumer financial products or services;
  • A person that qualifies as a covered person based solely on conduct that is the subject of, and that is not otherwise exempted from, an exclusion from the Bureau’s supervisory authority under the CFPA; and
  • An affiliate of an insured depository institutions and insured credit unions with less than $10 billion in total assets.

Designation of Attesting Executive

A supervised registered entity subject to a Covered Order is required to annually designate one attesting executive for each Covered Order and all submissions related to that order who is “its highest-ranking duly-appointed senior executive officer (or, if the supervised registered entity does not have any duly appointed officers, the highest-ranking individual charged with managerial or oversight responsibility for the supervised registered entity) whose assigned duties include ensuring the supervised registered entity’s compliance with Federal consumer financial law, who has knowledge of the entity’s systems and procedures for ensuing compliance with the covered order, and who has control over the entity’s efforts to comply with the covered order.”

While the Bureau expects that under most circumstances the supervised registered entity would designate one single individual as its attesting executive for all of the Covered Orders to which it is subject, the Final Rule does not include such a requirement as the Bureau recognizes that there may be situations where there is no one executive with the requisite knowledge for all Covered Orders.

The entity must authorize the attesting executive to perform the duties of an attesting executive on behalf of the supervised registered entity with respect the Covered Order, including providing prompt access to all documents and information related to the supervised registered entity’s compliance with all applicable Covered Orders to make the required annual statement, as described below.

Annual Statement

The Annual Statement requirement applies prospectively to Covered Orders with an effective date after the Nonbank Registry Implementation Date. The Bureau states that it will treat the written statement submitted by the supervised registered entity as confidential supervisory information but does intend to publish the name and title of the attesting executive as it believes that publication of the executive’s name “will provide an incentive to pay more attention to covered orders.”

On or before March 31st of each calendar year, the supervised registered entity must submit to the NBR a written statement for each Covered Order signed by the attesting executive. Such statement must include:

  • A general description of the steps that the attesting individual has undertaken to review and oversee the supervised registered entity’s activities applicable to the Covered Order for the preceding calendar year; and
  • Attest whether to the attesting executive’s knowledge, the supervised registered entity during the preceding calendar year identified any violations or instances of noncompliance with any public provisions of the Covered Order.

The Bureau does not establish any minimum procedures or steps the attesting executive must take in order to review and oversee the entity’s activities. With that said, the Bureau declined “to impose a reasonableness, good faith or other standards regarding the steps that the attesting executive has undertaken to review and oversee the supervised registered entity’s activities subject to the applicable covered order.” The Bureau also declined to impose materiality requirements as to the types of violations that must be declared – even minor ones are important to the Bureau.

Recordkeeping

Supervised registered entities are required to maintain documents and other records to provide reasonable support for its written statement for 5 years after its submission is required.

Optional One-Time Registration of NMLS-Published Covered Orders

In lieu of requiring compliance with the registration and annual reporting requirements, a Covered Nonbank that is identified by name with respect to an NMLS-published Covered Order may elect to comply with a one-time registration option. The CFPB will specify what information the Covered Nonbank must provide to the NBR for purposes of identifying the NMLS-published Covered Order and for coordinating with the NMLS. Upon supplying this information, the Covered Nonbank will have no further reporting obligations with respect to that Covered Order. A Covered Nonbank may avail itself of this one-time registration for all or some of its NMLS-published orders, which are those orders published on the NMLS Consumer Access website. However, “no covered order issued or obtained at least in part by the Bureau shall be an NMLS-published covered order.” Thus, if the applicable Covered Order was issued either by a court or the Bureau itself, or brought at least in part by the Bureau, this optional one-time registration is not available to such order. That is because the Bureau is requiring such orders to be included in the NBR so that the CFPB can monitor and enforce its own orders as well as obtaining the annual written statement regarding CFPB orders.

Termination of Registration Requirements

Covered Orders are subject to ongoing registration requirements until it is deemed to expire under the Final Rule, or all relevant provisions are fully terminated by an agency or court or under its own terms on a date expressly provided for in the Covered Order.

The Final Rule provides that a Covered Order that does not expressly provide for a termination date and is not otherwise terminated earlier is deemed to expire 10 years after its effective date. Alternatively, if a Covered Order provides for a termination date that is longer than 10 years, the Covered Order is not deemed to have terminated until the longer period provided for in the order.

The Final Rule requires that Covered Nonbanks notify the Bureau within 90 days from the date any Covered Order is modified, terminated, or abrogated.

If a Covered Order expires, is terminated, or is otherwise modified such that it is no longer a Covered Order, then the Covered Nonbank is relieved of ongoing registration and written statement obligations with respect to such order after the Covered Nonbank files a final notice with the Bureau. That is not to say, however, that the Covered Order would be removed from the CFPB’s registry. Subject to the Bureau’s discretion, the CFPB may maintain information on Covered Orders and the Covered Nonbanks subject to them on the NBR indefinitely.

Publication and Correction of Submissions to the NBR

Publication of NBR Information

The Final Rule provides that the CFPB may publish certain information about registered Covered Nonbanks and Covered Orders on its website. However, the written statement will be treated as confidential supervisory information. In addition, at its discretion, the CFPB may also publish aggregations or summary reports using the information submitted to the CFPB’s NBR.

Corrections of Submissions

If any information submitted to the NBR was inaccurate when submitted and remains inaccurate, a Covered Nonbank must file a corrected report in the form and manner specified by the Bureau within 30 days after the date on which the Covered Nonbank becomes aware or has reason to know of the inaccuracy. In addition, the Bureau may at any time and in its discretion direct a Covered Nonbank to correct errors or other non-compliant submissions to the NBR.

Implementation Submission Periods and Ongoing Registration

Implementation Submission Periods

The Final Rule provides for phased implementation dates that vary depending on the type of Covered Nonbank. As reflected in the below table, the Final Rule provides the following 90-day registration window for each category of Covered Nonbank to register all Covered Orders with effective dates from January 1, 2017, until the start of that implementation submission period:

Covered Nonbank Type

Registration Submission Period*

Registration Deadline*

Larger Participant CFPB-Supervised Covered Nonbanks

Covered Nonbanks that are larger participants of a market for consumer financial products or services described under 12 U.S.C. 5514(a)(1)(B) as defined by one or more rules issued by the Bureau

 October 16, 2024 through January 14, 2025 January 14, 2025
Other CFPB-Supervised Covered Nonbanks

Covered Nonbanks described under any other provision of 12 U.S.C. 5514(a)(1)

 January 14, 2025 through April 14, 2025 April 14, 2025
All other Covered Nonbanks April 14, 2025 through July 14, 2025

July 14, 2025

* The Final Rule requires any dates that fall on a Saturday, Sunday, or Federal holiday be converted to the next day that is not a Saturday, Sunday, or Federal holiday. The Bureau has adjusted the above implementation submission period dates accordingly.

As noted above, during each of the above Registration Submission Periods, the Covered Nonbank must register all Covered Orders that: (1) have an effective date from January 1, 2017, through the start of the Covered Nonbank’s Registration Submission Period, and (2) for Covered Orders issued prior to September 16, 2024, the Covered Order remains effective as of September 16, 2024.

By way of example, assume an Other CFPB-Supervised Covered Nonbank has the following orders (that otherwise meet the definition of a Covered Order): (1) an order that took effect on January 1, 2016, and that expires on January 1, 2026, (2) an order that took effect on January 1, 2017, and that expires on October 30, 2025, and (3) an order that becomes effective on January 1, 2025, and that expires on January 1, 2031. During the applicable Registration Submission Period (noted above), the Other CFPB-Supervised Covered Nonbank:

  • Would not register the first order (effective January 1, 2016) because it took effect before January 1, 2017.
  • Must register the second order (effective January 1, 2017) because it took effect on or after January 1, 2017 (and prior to the start of the applicable submission period) and remained in effect as of September 16, 2024.
  • Must register the third order (effective January 1, 2025) because it took effect on or after September 16, 2024, and prior to the start of the applicable submission period.

Ongoing Registration

After the start of a Covered Nonbank’s implementation submission period, a Covered Nonbank must begin complying with the Final Rule’s ongoing registration timing requirements to register new Covered Orders and to submit changes or updates related to previously registered Covered Orders. Generally, a Covered Nonbank must return to the NBR and make a registration submission within the identified 90-day window for each of the following events:

  • Any updates or changes to the nonbank’s identifying information or administrative information, within 90 days after the date of that change.
  • Any amendments to previously registered Covered Orders, including changes to submitted order information, within 90 days after the date the amendments are made.
  • Any new Covered Orders applicable to the Covered Nonbank (with effective dates on or after the start of the applicable implementation period), within 90 days after the effective date of the new Covered Order.
  • A revised filing if there is any termination or expiration (as discussed above) of a previously registered Covered Order, within 90 days after the effective date of that termination or expiration.

Enforcement / Penalties for Noncompliance with Final Rule

General Enforcement

The Bureau declined to establish special rules or remedies for violation of the Final Rule. With that said, the Preamble to the Final Rule clearly states that the Final Rule is a Federal consumer financial law under the CFPA and that “[v]iolation of the [F]inal [R]ule would be an independent violation of Federal consumer financial law subject to enforcement as provided in the CFPA, and applicable remedies under law, including potential civil money penalties.”

Additional Enforcement Considerations for Supervised Registered Entities

With respect to supervised registered entities, the Final Rule clarifies that the obligation to designate an attesting executive or to submit a written statement when required to do so, belongs to the supervised registered entity, and not to any particular individual. Accordingly, the Bureau states that “[i]f a supervised registered entity failed to designate an attesting executive or to submit a written statement when required to do so, the supervised registered entity – not a particular individual – would potentially be subject to an enforcement action.”

Notwithstanding the foregoing, the Bureau stated its expectation that the requirement to designate a single attesting executive for a Covered Order will prompt the executive to focus greater attention on ensuring compliance, which in turn will increase the likelihood of compliance. The Bureau also indicated that it intends to use the information submitted under § 1092.204 to facilitate its efforts to assess compliance with any Covered Orders that may be enforced by the Bureau, and to make determinations regarding any potential Bureau supervisory or enforcement actions related to the Covered Order or any other identified risks to consumers. For example, “where information obtained under proposed 1092.204 indicates that a high-ranking executive has knowledge of (or has recklessly disregarded) violations of legal obligations falling within the scope of the Bureau’s jurisdiction, and has authority to control the violative conduct, the Bureau may use that information in assessing whether an enforcement action should be brought not only against the nonbank covered person, but also against the individual executive.” However, the Final Rule itself does not impose any legal obligation on the attesting executive to ensure compliance with any Covered Order.

Finally, with respect to the attestation required to be submitted as part of the annual written statement, the Bureau notes that Final Rule “does not purport to interpret provisions of criminal law . . . or to identify particular circumstances under which an attesting executive would become criminally liable for false statements,” however the Bureau indicates that it “expects attesting executives to submit truthful statements under the Final Rule and believes that the existence of other laws like 18 USC 1001 provides incentives in that regard.” Notably, however, 18 USC 1001 makes it a crime to make any false statements in any matter within the jurisdiction of the executive, legislative, or judicial branch of the U.S. government. Therefore, the Bureau appears to suggest that making a false attestation under the Final Rule may also constitute a crime under 18 USC 1001 or other applicable law.

What Do I Need to Do?

The Final Rule is complicated – some might say unnecessarily so – with lots of opportunities for missteps. Between the Final Rule and the Bureau’s recent apparent strategy to issue consent orders with indefinite terms, companies will need to be extra vigilant to avoid the scarlet letter designation of a repeat offender.  Now is the time to double down on compliance. This also holds true for Covered Nonbanks that are not subject to CFPB supervision as the Final Rule also coincides with the CFPB’s increased use of its so-called “dormant authority,” which empowers the Bureau to designate nonbanks for supervision based on certain risks to consumers. Covered Nonbanks that are designated for CFPB supervision must also comply with the additional reporting and attestation requirements applicable to supervised registered entities.

While the Final Rule does not establish any minimum procedures nor otherwise specify the steps an entity must take to comply with the Final Rule, failure to implement steps in accordance with the CFPB’s expectations will not be viewed positively by the Bureau. As a result, now is the time for nonbanks to work with counsel to understand and implement the Final Rule, as applicable, into their compliance management systems once the filing instructions are released.

 

CFPB Seeks Permanent Enforcement – Will this Further its Repeat Offender Agenda?

By

What Happened?

On May 31, 2024, the Consumer Financial Protection Bureau (CFPB) sued student loan servicer Pennsylvania Higher Education Assistance Agency (PHEAA) for illegally collecting on student loans that have been discharged in bankruptcy and sending false information about consumers to credit reporting companies, in violation of the Consumer Financial Protection Act (CFPA) and the Fair Credit Reporting Act. As a result of PHEAA’s alleged practices, borrowers are forced to either pay debt they do not owe or risk being hit with negative information on their credit reports and default due to the purported non-payment. The CFPB’s lawsuit asks the court to order PHEAA to stop its illegal conduct, provide redress to borrowers it has harmed, and pay a civil penalty.

Notably, this lawsuit follows a prior complaint and proposed stipulated judgments filed by the CFPB against PHEAA and National Collegiate Student Loan Trusts (the Trusts) just 25 days earlier. The stipulated judgments filed by the CFPB on May 6, 2024, if approved (briefing to continue until at least June 28, 2024), would require the PHEAA and the Trusts to pay more than $5 million for student loan servicing failures, including failing to provide accurate information to borrowers and incorrectly denying forbearance requests. In addition to certain affirmative obligations, the Trusts are prohibited from directly or indirectly violating sections 1031 (prohibiting unfair, deceptive, abusive acts and practices) and 1036 (prohibiting violating a federal consumer financial law) of the CFPA with respect to certain borrower requests.

Why Is It Important?

The proposed stipulated judgments conspicuously lack one important feature – they do not provide for a termination date. While certain administrative provisions contain time limits (such as 5-year notification and recordkeeping requirements), the stipulated judgments effectively act as a permanent injunction against PHEAA and the Trusts. In other words, if, at any point in the future, PHEAA were to violate the Consumer Financial Protection Act, then PHEAA would be liable for violating the stipulated judgment – and, subsequently, at risk of being branded a “repeat offender” by the CFPB. Conveniently, just last week, the CFPB finalized a rule to establish a registry to detect and deter corporate offenders that have broken consumer laws and are subject to federal, state, or local government or court orders.

What Do I Need to Do?

Institutions within the CFPB’s jurisdiction should be aware of the CFPB’s actions and present any applicable legal defenses as to why an indefinite contract may be deemed unenforceable in court. Further, institutions should enhance their compliance management systems to mitigate risk and ensure they do not end up on the CFPB’s repeat offender list.

FSOC Issues Report on Nonbank Mortgage Servicing Highlighting Strengths, Vulnerabilities and Recommendations

By

What Happened?

In May 2024, the Financial Stability Oversight Council (FSOC or Council) issued a Report on Nonbank Mortgage Servicing (the Report). The Report recognizes the strengths of nonbank mortgage companies (NMCs) and the important role they serve. However, the Council warns that the vulnerabilities of NMCs are more acute due, in part, to the mortgage market shift from banks to NMCs, the increasing federal government exposure to NMCs, financial strain of nonbank originators following the end of the refinance boom, and considerable liquidity risk from NMCs funding sources. The Council warns that it will continue to monitor such risks and take or recommend additional actions in accordance with its Analytic Framework (the 2023 Analytic Framework) and Nonbank Designation Guidance (the 2023 Nonbank Designation Guidance), which we discussed in a prior blog post. The Council also makes several recommendations, including asking Congress to establish a fund financed by the nonbank mortgage sector and administered by an existing federal agency to ensure there are no taxpayer-funded bailouts should a nonbank mortgage servicer fail.

Why Does it Matter?

Background

The Dodd-Frank Act empowers FSOC to designate a nonbank financial company subject to enhanced prudential standards and supervision by the Federal Reserve’s Board of Governors by a two-thirds vote of the Council. The Council is comprised of 10 voting members consisting of the U.S. prudential regulators, the Director of the Consumer Financial Protection Bureau (CFPB), the Director of the Federal Housing Finance Agency, the Chair of the Securities and Exchange Commission, the Chairman of the Commodity Futures Trading Commission, an independent member having insurance expertise, and five non-voting members with the Secretary of the Treasury serving as Chairperson of the Council.

This designation can be made upon the Council’s finding that:

  • Material financial distress at the nonbank financial company could pose a threat to the financial stability of the United States; or
  • The nature, scope, size, scale, concentration, interconnectedness, or mix of the activities of the nonbank financial company could pose a threat to the financial stability in the United States.

The Council’s 2023 Analytic Framework provides a non-exhaustive list of eight potential risk factors and the indicators that FSOC intends to monitor that include: (i) leverage, (ii) liquidity risks and maturity mismatches, (iii) interconnections, (iv) operational risk, (v) complexity of opacity, (vi) inadequate risk management, (vii) concentration, and (viii) destabilizing activities. Additionally, FSOC will assess the transmission of those risks by evaluating: (i) exposure, (ii) asset liquidation, (iii) critical function or service, and (iv) contagion. The 2023 Nonbank Designation Guidance, procedural in nature, defines a two-stage process the Council will use to make a firm-specific “nonbank financial company determination” pursuant to FSOC’s Analytic Framework. The Council also has the authority to make recommendations to regulators and Congress and engage in interagency coordination.

The 2024 Report on Nonbank Mortgage Servicing

At the outset, the Council recognizes that the NMC market share has increased significantly. Based on HMDA data, NMCs originate around two-thirds of mortgages in the United States and owned the servicing rights on 54 percent of mortgage balances in 2022 as compared to 2008 when NMCs originated only 39 percent of mortgages and owned the servicing rights on only four percent of mortgage balances. Moreover, in the 10-year period between 2014 and 2024, the share of Agency (i.e., Fannie Mae, Freddie Mac, and Ginnie Mae) servicing handled by NMCs increased from 35 percent 66 percent.

In 2023, NMCs serviced around $6 trillion for the Agencies and approximately 70 percent of the total Agency market.

FSOC recognizes that NMCs filled a void following the 2007-2009 crisis when banks exited the market due to several factors (such as the revised capital rules on banks, making MSRs less attractive, as well as perceived increased costs of default servicing resulting from the National Mortgage Settlement, the Independent Foreclosure Review, prosecutions under the False Claims Act, and private litigation.) According to FSOC, NMCs developed substantial operational capacity and embraced technology. The Council also recognizes NMCs’ strength in servicing historically underserved borrowers. In 2022, NMCs originated greater than 70 percent of mortgages extended to Black and Hispanic borrowers and more than 60 percent of low- and moderate-income borrowers.

While recognizing the strengths of NMCs, the Report also highlights several vulnerabilities. Of the eight risk factors identified in the 2023 Analytic Framework, FSOC focuses its concerns on the following four vulnerabilities:

  • Liquidity Risks & Maturity Mismatches: As provided in the 2023 Analytic Framework, a shortfall of sufficient liquidity to cover short-term needs, or reliance on short-term liabilities to finance longer-term assets, can lead to rollover or refinance risk. FSOC may measure this risk by looking at the ratios of short-term debt to unencumbered liquid assets and the amount of additional funding available to meet unexpected reductions in available short-term funds. FSOC reports “considerable” liquidity concerns from NMCs’ funding sources and servicing contracts. First, NMCs’ reliance on warehouse lines of credit can result in (i) margin calls, (ii) repricing or restructuring lines by raising interest rates, changing the types of acceptable collateral, or canceling lines, (iii) exercising cross default provisions, and (iv) the risk of multiple warehouse lenders enforcing covenants or imposing higher margin requirements at the same time. Second, NMCs face liquidity risk from margin calls on the hedges in place to protect interest rate movements while mortgages are on a warehouse line. Third, NMCs face liquidity risks from their lines of credit that are collateralized by mortgage servicing rights (MSRs), that can also result in margin calls. Finally, requirements to advance funds on behalf of the investor (particularly Ginnie Mae) or repurchase mortgages from securitization pools may result in liquidity strains.
  • Leverage: As provided in the 2023 Analytic Framework, leverage is assessed by levels of debt and other off-balance sheet obligations that may create instability in the face of sudden liquidity restraints, within a market or at a limited number of firms in a market. To assess leverage, the Council may look at quantitative metrics such as ratios of assets, risk-weighted assets, debts, derivatives liabilities or exposures, and off-balance sheet obligations to equity. The Report cites to data from Moody’s Ratings which requires an NMC to have a ratio of secured debt to gross tangible assets of less than 30 percent for its long-term debt rating to be investment grade. In the third quarter of 2023, 37% of NMCs met this standard and 35% of NMCs had ratios in excess of 60 percent which is considered a high credit risk. According to FSOC, equity funding by NMCs add to leverage vulnerability.
  • Operational Risk: As provided in the 2023 Analytic Framework, operational risk arises for the “impairment or failure of financial market infrastructures, processes or systems, including due to cybersecurity vulnerabilities.” The Report highlights that for NMCs operational risks include continuity of operations, threats from cyber events, third-party risk management, quality control, governance, compliance, and processes for servicing delinquent loans.
  • Interconnections: As provided in 2023 Analytic Framework, direct or indirect financial interconnections include exposures of creditors, counterparties, investors, and borrowers that can increase the potential negative effect measured by the extent of exposure to certain derivatives, potential requirement to post margin or collateral, and overall health of the balance sheet. Through warehouse lenders, other financing sources, servicing and subservicing relationships, NMCs are connected to each other. Because of such linkages, the Council is concerned that financial difficulties at one core lender could affect many NMCs.

Because of these NMC vulnerabilities, FSOC is concerned that NMCs could transmit the negative effects of such shocks to the mortgage market and broader financial system through the following channels discussed in the 2023 Analytic Framework:

  • Critical Functions and Services: As provided in 2023 Analytic Framework, a risk to financial stability can arise if there could be a disruption of critical functions or services that are relied upon by market participants for which there is no substitute. FSOC is concerned that if an NMC is under financial strain, it would not have the resources to carry out its core responsibilities, which could result in bankruptcy, borrower harm, operational harm, or servicing transfers mandated by state regulators.
  • Exposures: This refers to the level of direct and indirect exposure of creditors, investors, counterparties, and others to particular instruments or asset classes. Again, if an NMC faced financial strain that impacted the ability of the NMS to execute its functions, other counterparties could be harmed, including investors and credit guarantors. The Agencies could also experience high costs and credit losses and may have challenges in transferring servicing to a more stable servicer. The Report notes that “servicing assumption risk may be slightly less acute (though not less costly) for the enterprises, which have more preemptive tools available to them to assist a servicer in distress than Ginnie Mae does.”
  • Contagion and Asset Liquidation: While these are two separate risks, the Council grouped them together. As defined in the 2023 Analytic Framework, contagion is the potential for financial contagion arising from public perceptions of vulnerability and loss of confidence in widely held financial instruments. Asset liquidation is rapid asset liquidation and the snowball effect of a widespread asset selloff across sectors. The Council is concerned that because MSRs are a large share of NMCs’ assets, “changes in macroeconomic conditions or funder risk appetite” could depress MSR valuations resulting in rapid liquidation and have a material impact on NMC solvency and access to credit.

Because of the federal government’s financial support to Fannie Mae and Freddie Mac, and the direct responsibility for Ginnie Mae’s guarantee to bond investors, the federal government has an interest in addressing servicing risks. FSOC does not believe such risks, as identified above, are sufficiently addressed by the states or existing federal authority. First, “[n]o federal regulator has direct prudential authorities over nonbank mortgage servicers.” Second, the state regulators have prudential authority, however, only nine states (as of April 2024) have adopted prudential financial and corporate governance standards. To that end, the Council recommends:

  • State regulators adopt enhanced prudential requirements, further coordinate supervision of nonbank mortgage servicers, and require recovery and resolution planning for large nonbank mortgage servicers.
  • Federal and state regulators should continue to monitor the nonbank mortgage sector and develop tabletop exercises to prepare for the failure of nonbank mortgage servicers.
  • Congress should provide the Federal Housing Finance Agency and Ginnie Mae with additional authority to establish safety and soundness standards and directly examine nonbank mortgage servicer counterparties for compliance with such standards. Congress should also authorize Ginnie Mae and encourage state regulators to share information with each other and Council members.
  • Congress should consider legislation to provide more protections for borrowers to keep their homes.
  • Congress should consider providing Ginnie Mae with authority to expand its Pass-Through Assistance Program (PTAP) to include tax and insurance payments, foreclosure costs and or advances during periods of severe market stress.
  • Congress should through legislation establish a fund (financed by the nonbank mortgage servicing sector) to facilitate operational continuity of servicing for servicers in bankruptcy or failure to ensure the servicing obligations can be transferred, or the company is recapitalized or sold. The Council recommends that Congress provide “sufficient authority to an existing federal agency to implement and maintain the fund, assess appropriate fees, set criteria for making disbursements, and mitigate risks associated with the implementation of the fund.”

What Do I Need to Do?

Well, shortly after the Report was issued, CFPB Director Chopra issued a statement, indicating that: “The Report is silent on what, if any, tools the FSOC itself should use to address these risks. That must be the next phase of our work. In line with the 2023 Analytic Framework and Nonbank Designation Guidance, we should carefully consider whether any large nonbank mortgage companies meet the statutory threshold for enhanced supervision and regulation by the Federal Reserve Board.”

Given that warning, NMCs should pay careful attention to the statutory threshold for enhanced supervision and work on mitigating their liquidity and other risks. The Report points out that the CSBS enhanced prudential standards are enforceable by the states that have adopted such standards “including through multistate examinations that include at least one state that has adopted the standards or through referrals to states that have adopted these standards.” Thus, servicers should anticipate more state or multistate probes concerning liquidity and corporate governance. And, while stating the obvious, now is the time to double down on managing operational risks, including but not limited to continuity of operations, threats from cyber events, third-party risk management, quality control, governance, compliance, and processes for servicing delinquent loans.

Appraisal Bias Settlement: Potential Roadmap

By ,

What Happened?

The lender and consumers reached a settlement in an appraisal bias case, Nathan Connolly and Shani Mott v. Shane Lanham, 20/20 Valuations, LLC, and loanDepot.com, LLC, filed in Maryland District Court, that gained the attention of the CFPB and DOJ. While some of the terms in the settlement are already industry standard, there appear to be some newer obligations that could be a template for other lenders to follow.

Why it Matters?

The settlement is important – both for what it does and what it doesn’t do. Unfortunately, the settlement does not address the question of whether a lender is responsible for the actions of an appraiser who is neither an employee nor an agent of the lender.

By way of background, in response to the Great Financial Crisis, the Dodd-Frank Act established new rules to ensure appraisal independence and address issues of inflated appraisals or overvaluation. More recently, however, partially due to changes in the market, consumers have lodged complaints of undervaluation, alleging that discrimination resulted in the appraisal coming in too low.

Given this increase in complaints and the Administration’s focus on racial equity, regulators have been grappling with how best to address and eliminate appraisal bias. Prior to the settlement, the CFPB and DOJ jointly made arguments in a statement of interest that would hold lenders liable for the actions of an appraiser who is neither an employee nor an agent of the lender.

In response, the MBA issued an amicus brief requesting that the Court recognize that there is no existing legal authority to hold a lender liable for the alleged actions of an independent appraiser. The resulting settlement is silent on this point.

The settlement does, however, impose several obligations on the lender and its and appraisal management companies (AMCs), providing insight into what the mortgage industry could do to combat appraisal bias.

In particular, the settlement requires mortgage loan applications be provided with information on how to raise concerns with a valuation sufficiently early in the valuation process so that issues or errors can be resolved before a final decision on the application is made, including:

  • The right to request a reconsideration of value (ROV) as soon as possible;
  • A description of the process to obtain an ROV (which may not create unreasonable barriers or discourage applicants from making ROV requests) and a description of the lender’s evaluation process;
  • If the ROV is denied or the value is unchanged, a written explanation of the lender’s evaluation of the submitted material;
  • The standards that trigger a second appraisal; and
  • The applicant’s right to file a complaint with the CFPB or HUD, as part of the ROV process.

Further, the settlement requires the lender to:

  • Conduct statistical analysis tracking appraisal outcomes by protected class and neighborhood demographics including whether the loan was denied, whether a second appraisal was ordered, and whether there was a change in the valuation as a result of the ROV process. Such analysis must track individual appraisers including appraisal outcomes, ROV requests, and bias complaints.
  • Not utilize appraisers who, according to the statistical analysis, received multiple complaints from minority applicants in minority neighborhoods alleging appraisal bias, or who have a pattern of undervaluing homes owned by minority applicants or homes in minority neighborhoods, or who have been found to have discriminated in an appraisal.
  • Clearly outline internal stakeholder roles and responsibilities for processing an ROV request.
  • Ensure that ROV requests of valuation bias or discrimination complaints across all relevant business channels are escalated to the appropriate channel for research or a response.
  • Adhere to ROV timelines for certain milestones.
  • Review appraiser response to ROV requests for completeness, accuracy, and indicia of bias and discrimination.
  • Establish standards for offering a second appraisal which at a minimum must include when the first appraisal has indicia of bias or discrimination is otherwise defective.
  • Ensure that the applicant’s interest rate will remain locked during the ROV process.
  • Ensure that ensure applicants are not charged for the cost of an ROV or second appraisal.
  • Include on its website educational information on how to understand an appraisal report and contact information for questions on the appraisal report.
  • Update its fair and responsible lending policy to explicitly prohibit discrimination in violation of state and federal fair lending laws on the basis of race, color, religion, sex, familial status, national origin, disability, marital status, or age.
  • Provide training annually and for new employees on discrimination in residential mortgage lending and appraisals, and on all policies related to the ROV process, appraisal reviews, and the use of value adjustments.
  • Not utilize appraisers who previously were found by a regulatory body or court of law to have discriminated in an appraisal.

Finally, the settlement requires that AMCs and appraisers doing business with the lender contractually agree to:

  • Represent that appraisers will receive fair lending training; and
  • Certify that appraisers have not been subject to any adverse finding related to appraisal bias or discrimination, or list or describe any findings.

What to do now?

Lenders should carefully review the settlement and compare it to existing policies and procedures. While the settlement is only binding on the parties to the agreement, others should take interest. Historically, lenders conduct fair lending statistical testing for underwriting, pricing, and redlining risk. It might be time to consider adding appraisal risk.

CFPB Issues Credit Card Penalty Fee Final Rule, Reduces Late Fees to $8

By ,

What Happened?

On March 5, 2024, the Consumer Financial Protection Bureau (“CFPB”) issued the Credit Card Penalty Fees Final Rule (“Final Rule”), which reduces the safe harbor for the maximum late fee that large credit card issuers may charge to $8. This rule is effective on May 14, 2024.

Why Is It Important?

Background

The Credit Card Accountability Responsibility and Disclosure Act of 2009 provided that any penalty fee imposed on a consumer in connection to an omission or violation of a cardholder agreement under an open-end consumer credit plan must be “reasonable and proportional” to the omission and violation.[1] To implement this provision, Regulation Z provided that card issuers may not impose a fee for violating the terms of a credit card account under an open-end consumer credit plan (“Penalty Fee”) unless the issuer (1) undergoes a cost analysis and determines that the fee is reasonably proportional to the total costs incurred by the issuer for such violation, or (2) complies with the safe harbor provisions, which provide set amounts for Penalty Fees that card issuers may charge.[2]

Previously, the safe harbor for Penalty Fees were $30 for an initial violation and $41 for each subsequent violation of the same type that occurs during the same billing cycle or in one of the next six billing cycles. These thresholds were adjusted annually to reflect changes to the Consumer Price Index (“CPI”).[3]

Final Rule

Under the Final Rule, the safe harbor threshold for late fees is limited to $8 and the annual adjustments to reflect changes in the CPI no longer apply to the $8 threshold. This new threshold only applies to “Large Card Issuers,” which are card issuers that have one million or more open credit card accounts.

The new late fee safe harbor threshold does not apply to Smaller Card Issuers. To qualify as a “Smaller Card Issuer,” the issuer, together with its affiliates, must have fewer than one million “open credit card accounts” from January through December of the preceding year.[4] If an issuer has one million or more open credit card accounts at any point in the current calendar year, it loses its status as a Smaller Card Issuer.[5] If the card issuer chooses to use the Regulation Z safe harbor provisions, the late fee safe harbor threshold of $8 is applicable to the issuer starting the 60th day after it meets or exceeds the threshold.[6] It will not qualify as a Smaller Card Issuer again until it has fewer than one million open credit card accounts in an entire preceding calendar year.

For other violations, the safe harbor amounts, adjusted to reflect changes to the CPI, are now $32 for an initial violation and $43 for subsequent violations of the same type that occurs during the same billing cycle or in one of the next six billing cycles.[7] Large Card Issuers may charge Penalty Fees pursuant to these safe harbors for other violations of the terms or requirements of an account.[8]  Smaller Card Issuers may continue to charge fees, including late fees, under the current safe harbor provisions.

Alternatively, if not relying on the safe harbor provisions, a card issuer may impose penalties on consumers for violations of their credit card account if the issuer undergoes a cost analysis and determines that the fee is reasonably proportional to the total costs incurred by the issuer for such violation. However, the Final Rule provides that when determining penalty fees, card issuers may not include any collection costs incurred after an account is charged-off in accordance with loan loss provisions.[9]  These restrictions and challenges in demonstrating that the fee is reasonably proportional to the total costs incurred by the issuer for violations make it difficult for card issuers to deviate from the safe harbors.

The U.S. Chamber of Commerce (the “USCC”) indicated that it would sue “immediately” to prevent the Final Rule from going into effect, arguing that the Final Rule will result in fewer card offerings and limit access to affordable credit for many consumers.[10] On March 7, 2024, two days after the CFPB issued its Final Rule, the USCC filed a lawsuit in the Northern District of Texas seeking an injunction to stop the CFPB from implementing the Final Rule.[11] Most recently, in an order on March 18, 2024, the U.S. District Judge Mark Pittman expressed concern over the choice of venue and has ordered briefing regarding the choice to determine whether the case should be transferred to another venue.[12]

What Do I Need to Do?

Large Card Issuers should ensure that their policies, procedures, and controls are updated to ensure compliance with the Final Rule by May 14th, pending the outcome of any litigation against the CFPB challenging the Final Rule. Smaller Card Issuers should monitor the number of open accounts that they and their affiliates have to ensure that they still qualify as Smaller Card Issuers and that they are charging the correct late fee penalties depending on their status.

[1] 15 USC § 1665d(a).

[2] 12 CFR § 1026.52(b)(1).

[3] 12 CFR §1026.52(b)(1)(ii)(D).

[4] 12 CFR § 1026.52(b)(3). “Affiliate” means any company that controls, is controlled by, or is under common control with another company, as set forth in the Bank Holding Company Act of 1956 (12 U.S.C. §§ 1841 et seq.). Id. “Open credit card accounts” are credit card accounts under an open end (not home secured) consumer credit plan where either (1) the cardholder can obtain extensions of credit on the account or (2) there is an outstanding balance on the account that has not been charged off. 12 C.F.R. § 1026.52(b)(6). An account that has been suspended temporarily is considered an open credit card account. Id.

[5] 12 CFR § 1026.52(b)(3).

[6] Id.

[7] 12 CFR §1026.52(b)(1)(ii)(A), (B).

[8] 12 CFR §1026.52(b)(1)(ii).

[9] 12 CFR §1026.52(b)(1)(i), Comment 2.i

[10] U.S. Chamber of Commerce, U.S. Chamber Opposes New CFPB Credit Card Late Fees Rule That Limits Access to Affordable Consumer Credit (March 5, 2024), https://www.uschamber.com/finance/u-s-chamber-opposes-new-cfpb-credit-card-late-fees-rule-that-limits-access-to-affordable-consumer-credit.

[11] U.S. Chamber of Commerce, U.S. Chamber Files Lawsuit Against Consumer Financial Protection Bureau to Protect Credit Card Users (March 7, 2024), https://www.uschamber.com/finance/u-s-chamber-files-lawsuit-against-consumer-financial-protection-bureau-to-protect-credit-card-users.

[12] Order, Doc. 45 at 1, Mar. 18, 2024, No. 4:24-cv-00213-P, https://fingfx.thomsonreuters.com/gfx/legaldocs/dwvkeqowrvm/03192024cfpb_venue.pdf.