Alston & Bird Consumer Finance Blog

Mortgage Servicing

Iowa Adopts Mortgage Servicer Prudential Standards

What Happened?

Effective July 1, Iowa House File 2392 (the “Iowa Law”) enacts mortgage servicer prudential standards (codified in Chapter 535B of the Iowa Code) that largely follow those promoted by the Conference of State Bank Supervisors (“CSBS”).

As we have previously reported, the CSBS adopted model “State Regulatory Prudential Standards for Nonbank Mortgage Servicers” (the “CSBS Standards”) in 2021.  The CSBS Standards address financial condition and corporate governance requirements for certain mortgage servicers.

Why Is It Important?

Following the CSBS Standards, the Iowa Law’s requirements apply to a “covered institution.”  A “covered institution” services or subservices at least 2,000 residential mortgage loans (excluding whole loans owned and loans being interim serviced prior to sale) as of the most recent calendar year end as reported on the NMLS mortgage call report.  For entities within a holding company or an affiliated group of companies, the Iowa Law’s requirements apply at the covered institution level.

Financial Condition:

The Iowa Law requires a covered institution to meet specified financial condition standards. First, a covered institution must maintain capital and liquidity as set forth in new Section 535B.24.  Second, a covered institution must maintain written policies and procedures necessary to implement that section’s capital, operating liquidity, servicing liquidity requirements.

Third, a covered institution must maintain sufficient allowable assets for operating liquidity, in addition to amounts required for servicing liquidity.  Fourth, a covered institution must develop, establish, and implement written plans, policies and procedures, utilizing sustainable documented methodologies to maintain operating liquidity.  Finally, a covered institution must have a sound written cash management plan and a sound written business operating plan (commensurate with the entity’s complexity) that ensures normal business operations.

The financial condition standards do not apply to servicers that solely own or conduct servicing on reverse annuity mortgage loans, or to a covered institution’s  reverse annuity mortgage loan portfolio.

Corporate Governance:

The Iowa Law also requires a covered institution to comply with enumerated corporate governance requirements. First, a covered institution must establish and maintain a board of directors (or equivalent body).  The board’s responsibilities include: (a) establishing a written corporate governance framework that includes appropriate internal controls to monitor and assessing compliance with the corporate governance framework; (b)  monitoring and ensuring that the covered institution complies with the corporate governance framework and with the Iowa Law’s requirements; and (c) ensuring that the covered institution establishes and maintains a risk management program that identifies, measures, monitors, and controls risk commensurate with the covered institution’s size and complexity.

Second, new Section 535B.25 enumerates criteria for a covered institution’s risk management program (to include addressing the potential that a borrower or counterparty fails to perform on an obligation). Third, the Iowa Law requires a covered institution to undergo an annual external audit (including an evaluation of the entity’s internal control structure, a review of the entity’s annual financial statements of the company, and a computation of the entity’s tangible net worth).

Fourth, the Iowa law requires a covered institution to conduct an annual risk management assessment that concludes with a formal report to the board of directors. The risk management assessment must include findings and action taken to address each issue. Additionally, a covered institution must maintain ongoing documentation of risk management activities and include the documentation in its risk management assessment.

What Do I Need to Do?

Mortgage servicers subject to the Iowa Law should review the new standards and ensure that their business practices are compliant.  We will continue to monitor other states for adoption of their own versions of the CSBS Standards.

FHA and VA Announce New Loss Mitigation Options

What Happened?

Both the FHA and VA have established new loss mitigation options to provide payment reduction to delinquent borrowers.  On February 21, 2024, the Federal Housing Administration (“FHA”) within the U.S. Department of Housing and Urban Development (“HUD”) issued a new mortgagee letter (ML 2024-02) which, among other things, establishes the Payment Supplement loss mitigation option for all FHA-insured Title II Single-Family forward mortgage loans (the “Payment Supplement”) and also extends FHA’s COVID-19 Recovery Options through April 30, 2025. The provisions of ML 2024-02 may be implemented starting May 1, 2024 but must be implemented no later than January 1, 2025. The Payment Supplement will bring a borrower’s mortgage current and temporarily reduce their monthly mortgage payment without requiring a modification.

And, on April 10, 2024 , the U.S. Department of Veterans Affairs (“VA”) announced the release of its much-anticipated Veterans Affairs Servicing Purchase (“VASP”) program, which is a new, last-resort tool in the VA’s suite of home retention options for eligible veterans, active-duty servicemembers, and surviving spouses with VA-guaranteed home loans who are experiencing severe financial hardship. The VASP program will take effect beginning on May 31, 2024.

Why Does it Matter?

FHA’s Payment Supplement

ML 2024-02 establishes the Payment Supplement as a new loss mitigation option to be added to FHA’s current loss mitigation waterfall. Specifically, if a servicer is unable to achieve the target payment reduction under FHA’s current COVID-19 Recovery Modification option, the mortgage must review the borrower for the Payment Supplement. The Payment Supplement is a loss mitigation option that utilizes Partial Claim funds to bring a delinquent mortgage current and couples it with the subsequent provision of a Monthly Principal Reduction (“MoPR”) that is applied toward the borrower’s principal due each month for a period of 36 months to provide payment relief without having to permanently modify the borrower’s mortgage loan. The maximum MoPR is the lesser of a 25 percent principal and interest reduction for 36 months, or the principal portion of the monthly mortgage payment as of the date the Payment Supplement period begins.

The Payment Supplement will temporarily reduce an eligible borrower’s monthly mortgage payment for a period of three years, without requiring modification of the borrower’s mortgage loan. At the end of the three-year period, the borrower will be responsible for resuming payment of the full monthly principal and interest amount. A borrower is not eligible for a new Payment Supplement until 36 months after the date the borrower previously executed Payment Supplement documents.

To be eligible for the Payment Supplement, servicers must ensure that:

  • that at least three or more full monthly payments are due and unpaid;
  • the mortgage is a fixed rate mortgage;
  • sufficient Partial Claim funds are available to bring the mortgage current and to fund the MoPR;
  • the borrower meets the requirements for loss mitigation during bankruptcy proceedings set forth in Section III.A.2.i.viii of FHA Single-Family Handbook 4000.1;
  • the principal portion of the borrower’s first monthly mortgage payment after the mortgage is brought current will be greater than or equal to a “Minimum MoPR” which must be equal to or greater than 5 percent of the principal and interest portion of the borrower’s monthly mortgage payment, and may not be less than $20.00 per month, as of the date the Payment Supplement period begins;
  • the MoPR does not exceed the lesser of a 25% principal and interest reduction for three years or the principal portion of the monthly mortgage payment as of the date the Payment Supplement period begins; and
  • the borrower indicates they have the ability to make their portion of the monthly mortgage payment after the MoPR is applied (servicers are not required to obtain income documentation from the borrower).

Servicers are responsible for making monthly disbursements of the MoPR from a Payment Supplement Account, which is a separate, non-interest bearing, insured custodial account that holds the balance of the funds paid by FHA for the purpose of implementing the Payment Supplement, and which must segregated from funds associated with the FHA-insured mortgage, including escrow funds, and any funds held in accounts restricted by agreements with Ginnie Mae. Neither the servicer nor the borrower has any discretion in how the Payment Supplement funds are used or applied.

Borrowers will be required to execute a non-interest-bearing Note, Subordinate Mortgage, and a Payment Supplement Agreement, which is a rider to and is incorporated by reference into the Payment Supplement promissory Note, given in favor of HUD, to secure the Partial Claim funds utilized and the amount of the MoPR applied toward the borrower’s principal during the 36-month period. The Note and Subordinate Mortgage do not require repayment until maturity of the mortgage, sale or transfer of the property, payoff of the mortgage, or termination of FHA insurance on the mortgage.

After the Payment Supplement is finalized, servicers must send borrowers written disclosures annually and 60-90 days before the expiration of the Payment Supplement period. ML 2024-02 also sets forth servicers’ obligations if a borrower defaults during the Payment Supplement period.

Contemporaneous with the publication of ML 2024-02, HUD published the following model documents necessary to complete a Payment Supplement: (1) Payment Supplement Promissory Note and Security Instrument, (2) Payment Supplement Agreement Rider, (3) Annual Payment Supplement Disclosure, and (4) Final Payment Supplement Disclosure. However, servicers will need to ensure these model documents comply with applicable state law.

Given that the Payment Supplement only provides temporary relief, it is likely that borrowers will experience “payment shock” at the end of the Payment Supplement period. HUD has indicated that it is aware of this risk and intends to assess this issue on an ongoing basis as borrowers begin to reach the end of their Payment Supplement period to help inform future updates to FHA loss mitigation.

VA’s VASP Program

Effective May 31, 2024, VASP will be added as the final home retention option on the VA Home Retention Waterfall where the VA may elect to purchase a loan from the servicer under an expediated basis after the servicer evaluates the loans and certain criteria are met.  Unlike a traditional VA Purchase, a trial payment period may also be required before VA purchases the loan.

Importantly, a borrower cannot elect to use the VASP program. Rather, servicers must follow the VA’s home retention waterfall to determine the most appropriate home retention option. If the waterfall leads to VASP, then the servicer must determine if certain qualifying loan criteria are met, including:

  • the loan is between 3 to 60-months delinquent on the date the servicer submits to VALERI either the VASP TPP event or VASP with No TPP event;
  • the property is owner-occupied;
  • none of the obligors are in active bankruptcy at the time of the applicable VASP event;
  • the reason for default has been resolved and the borrower has indicated they can resume scheduled payments;
  • the loan is in first-lien position and is not otherwise encumbered by any liens or judgments that would jeopardize VA’s first-lien position;
  • the borrower has made at least six monthly payments on the loan since origination;
  • the borrower is the property’s current legal owner of record; and
  • the borrower and all other obligors agree to the terms of the VASP modification.

After determining that a loan qualifies for VASP, the servicer must determine the appropriate terms that may be offered to the borrower. Until further notice, all VASP loans will be modified at a fixed rate of 2.5% interest, with either a 360-month term or, if this does not realize at least a 20% reduction in the principal and interest payment, a 480-month term. Borrowers who cannot afford to resume monthly payments at the 480-month term are to be evaluated for and offered any appropriate alternatives to foreclosure. A three-payment trial payment plan will be required if (i) the loans is 24 months or more delinquent, or (ii) the principal and interest portion of the monthly payment is not reduced by at least 20%. Borrowers who fail three trial payment plans during a single default episode are no longer eligible for VASP.

Once VA has certified the VASP payment, servicers have 60 days to complete a standard transfer to VA’s contractor, after which the servicer must report the transfer event in VALERI.

Importantly, servicers that fail to properly evaluate the loan in accordance with VA’s requirements may be subject to enforcement action and/or refusal by VA to either temporarily or permanently guarantee or insure any loans made by such servicer and may bar such servicer from servicing or acquiring guaranteed loans. The risk of enforcement is exacerbated by the VASP program’s technical requirements, which may cause operational challenges for servicers.

What Do I Need to Do?

FHA’s Payment Supplement and VA’s VASP programs both have relatively short implementation timelines but will likely require substantial effort to operationalize given their technical requirements.  Therefore, servicers of FHA-insured and/or VA-guaranteed mortgage loans should begin reviewing the requirements of both programs now, as applicable, and ensure that they make any necessary updates to policies, procedures, systems, training, and other controls to ensure compliance with these programs once they take effect. Alston & Bird’s Consumer Financial Services team is well-versed in these programs and is happy to assist with such a review.

Fannie Mae Issues Guidance in Response to New York Foreclosure Abuse Prevention Act

What Happened?

On March 13, 2024, Fannie Mae issued Servicing Guide Announcement (SVC-2024-02) (the “Announcement”), which announced, among other things, updates to Fannie Mae’s Loan Modification Agreement (Form 3179), with additional instructions in response to the New York Foreclosure Abuse Prevention Act (“FAPA”). Specifically, for all Loan Modification Agreements (Form 3179) sent to a borrower for signature on or after July 1, 2024, servicers are required to amend the modification agreement to insert the following as new paragraphs 5(e) and (f) for a mortgage loan secured by a property in New York:

(e) Borrower promises to pay the debt evidenced by the Note and Security Instrument.  Further, Borrower acknowledges and agrees that any election by Lender to accelerate the debt evidenced by the Note and Security Instrument and the requirement by Lender of immediate payment in full thereunder is revoked upon the first payment made under the Agreement; and, the Note and Security Instrument, as amended by the Agreement, are returned to installment status and the obligations under the Note and Security Instrument remain fully effective as if no acceleration had occurred.

(f) Borrower further agrees to execute or cause to be executed by counsel, if applicable, a stipulation (to be filed with the court in the foreclosure action), that the Lender’s election to accelerate the debt evidenced by the Note and Security Instrument and requirement of immediate payment in full thereunder is revoked upon the first payment made under the Agreement and the debt evidenced by the Note and Security Instrument is deaccelerated at that time pursuant to New York General Obligations Law § 17-105, or other applicable law.

Fannie Mae encourages servicers to implement these changes immediately but requires that servicers do so for all modification agreements sent to the borrower for signature on and after July 1, 2024. Freddie Mac does not yet appear to have issued similar guidance.

Why Is It Important?

As we previously discussed in a prior blog post, FAPA reversed judicial precedent that permitted a lender, after default, to unilaterally undo the acceleration of a mortgage and stop the running of the statute of limitations in a foreclosure action through voluntary dismissal, discontinuance of foreclosure actions, or de-acceleration letters. For more than a year following FAPA’s enactment, the mortgage industry has grappled with how to address certain of the risks created by FAPA, including whether certain language could be adopted and incorporated into servicers’ loss mitigation documents to mitigate FAPA risk.

Fannie Mae’s Announcement is significant because it represents the first piece of guidance from a federal agency or government-sponsored enterprise (i.e., Fannie Mae or Freddie Mac) that provides some clarity as to what language may be appropriate to mitigate certain of the risks engendered by the New York FAPA.

What Do I Need to Do?

Servicers of Fannie Mae-backed mortgage loans (secured by property in New York) should evaluate their loss mitigation processes and make appropriate updates to ensure compliance with the Announcement.  Servicers should also continue to monitor for additional guidance or caselaw as this issue remains in flux.

CFPB and FTC Amicus Brief Signals Stance on “Pay-to-Pay” Fees under FDCPA

What Happened?

On February 27, the Consumer Finance Protection Bureau (CFPB) and the Federal Trade Commission (FTC) filed an amicus brief in the 11th Circuit case Glover and Booze v. Ocwen Loan Servicing, LLC arguing that certain convenience fees charged by mortgage servicer debt collectors are prohibited by the Fair Debt Collection Practices Act (FDCPA).  This brief comes on the heels of an amicus brief Alston & Bird LLP filed on behalf of the Mortgage Bankers Association (MBA).  In its brief, the MBA urged the 11th Circuit to uphold the legality of the fees at issue.

While litigation surrounding convenience fees has spiked in recent years, there is no consensus on whether convenience fees violate the FDCPA.  Federal courts split on the issue, as there is little guidance at the circuit court level, and the issue before the 11th Circuit is one of first impression.  Consequently, the 11th Circuit’s ruling could significantly impact what fees a debt collector is permitted to charge, both within that circuit and nationwide.

Why is it Important?

Convenience fees or what the agencies refer to as “pay-to-pay” fees are the fees charged by servicers to borrowers for the use of expedited payment methods like paying online or over the phone.  Borrowers have free alternative payment methods available (e.g., mailing a check) but choose to pay for the convenience of a faster payment method.

Section 1692f(1) of the FDCPA provides that a “debt collector may not use unfair or unconscionable means to collect or attempt to collect any debt,” including the “collection of any amount (including any interest, fee, charge, or expense incidental to the principal obligation) unless such amount is expressly authorized by the agreement creating the debt or permitted by law.”  The CFPB and FTC argues that Section 1692f(1)’s prohibition extends to the collection of pay-to-pay fees by debt collectors unless such fees are expressly authorized by the agreement creating the debt or affirmatively authorized by law.

First, the agencies contend that pay-to-pay fees fit squarely with the provision’s prohibition on collecting “any amount” in connection with a debt and that charging this fee constitutes a “collection” under the FDCPA.  Specifically, the agencies attempt to counter Ocwen’s argument that the fees in question are not “amounts” covered by Section 1692f(1) because the provision is limited to amounts “incidental to” the underlying debt. They argue that fees need not be “incidental to” the debt in order to fall within the scope of Section 1692f(1). In making this point, the agencies claim the term “including” as used is the provision’s parenthetical suggests that the list of examples is not an exhaustive list of all the “amounts” covered by the provision.  Further, the agencies attempt to counter Ocwen’s argument that a “collection” under the FDCPA refers only to the demand for payment of an amount owed (i.e., a debt). They argue that Ocwen’s understanding of “collects” is contrary to the plain meaning of the word; rather, the scope of Section 1692f(1) is much broader and encompasses collection of any amount , not just those which are owed.

Next, focusing on the FDCPA’s exception for fees “permitted by law,” the agencies contend that a fee is not permitted by law if it is authorized by a valid contract (that implicitly authorizes the fee as a matter of state common law). The agencies suggest if such fees could be authorized by any valid agreement, the first category of collectable fees defined by Section 1692(f)(1)—those “expressly authorized by the agreement creating the debt”—would be superfluous. Lastly, the Agencies argue neither the Electronic Funds Transfer Act nor the Truth in Lending Act – the two federal laws Ocwen relies on in its argument – affirmatively authorizes pay-to-pay fees.

What Do You Need to Do?

Stay tuned. The 11th Circuit has jurisdiction over federal cases originating in Alabama, Florida, and Georgia. Its ruling is likely to have a significant impact on whether debt collectors may charge convenience fees to borrowers in those states, and it could be cited as persuasive precedent in courts nationwide.

Ginnie Mae Imposes Cybersecurity Incident Notification Obligation

What Happened?

On March 4, 2024, Ginnie Mae issued All Participant Memorandum (APM) 24-02 to impose a new cybersecurity incident notification requirement. Ginnie Mae has also amended its Mortgage-Backed Securities Guide to reflect this new requirement.

Effective immediately, all Issuers, including subservicers, of Ginnie Mae Mortgage-Backed Securities (Issuers) are required to notify Ginnie Mae within 48 hours of detection that a “Significant Cybersecurity Incident” may have occurred.

Issuers must provide email notification to Ginnie Mae with the following information:

  • the date/time of the incident,
  • a summary of in the incident based on what is known at the time of notification, and
  • designated point(s) of contact who will be responsible for coordinating any follow-up activities on behalf of the notifying party.

For purposes of this reporting obligation, a “Significant Cybersecurity Incident” is “an event that actually or potentially jeopardizes, without lawful authority, the confidentiality, integrity of information or an information system; or constitutes a violation of imminent threat of violation of security policies, security procedures, or acceptable use policies or has the potential to directly or indirectly impact the issuer’s ability to meet its obligations under the terms of the Guaranty Agreement.”

Once Ginnie Mae receives notification, it may contact the designated point of contact to obtain further information and establish the appropriate level of engagement needed, depending on the scope and nature of the incident.

Ginnie Mae also previewed that it is reviewing its information security requirements with the intent of further refining its information security, business continuity and reporting requirements.

Why Is It Important?

Under the Ginnie Mae Guarantee Agreement, Issuers are required to furnish reports or information as requested by Ginnie Mae.  Any failure of the Issuer to comply with the terms of the Guaranty Agreement constitutes an event of default if it has not been corrected to Ginnie Mae’s satisfaction within 30 days.  Moreover, Ginnie Mae reserves the right to declare immediate default if an Issuer receives three or more notices for failure to comply with the Guarantee Agreement.  It is worth noting that an immediate default also occurs if certain acts or conditions occur, including the “submission of false reports, statements or data or any act of dishonestly or breach of fiduciary duty to Ginnie Mae related to the MBS program.”

Ginnie Mae’s notification requirement adds to the list of data breach notification obligations with which mortgage servicers must comply. For example, according to the Federal Trade Commission, all states, the District of Columbia, Puerto Rico, and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information. In addition, depending on the types of information involved in the breach, there may be other laws or regulations that apply. For example, with respect to mortgage servicing, both Fannie Mae and Freddie Mac impose notification obligations similar to that of Ginnie Mae.

What Do I Need to Do?

If you are an Issuer and facing a cybersecurity incident, please take note of this reporting obligation. For Issuers who have not yet faced a cybersecurity incident, now is the time to ensure you are prepared as your company could become the next victim of a cybersecurity incident given the rise in cybersecurity attacks against financial services companies.

As regulated entities, mortgage companies must ensure compliance with all the applicable reporting obligations, and the list is growing.  Our Cybersecurity & Risk Management Team can assist.