Alston & Bird Consumer Finance Blog


CFPB’s Proposed Insufficient Fund Fee Rule – Narrow in Scope with Potential for Greater Impact

What Happened?

On January 24, 2024, the Consumer Financial Protection Bureau (CFPB or Bureau) issued a proposed rule that would prohibit covered financial institutions from imposing a nonsufficient funds (NSF) fee when consumers initiate transactions that are instantaneously or near instantaneously declined (the Proposed Rule). According to the CFPB, such fees are not based on the transaction amount or processing cost and take unreasonable advantage of a consumer’s lack of understanding of the material risk, costs or conditions of the product or service. In the Preamble to the Proposed Rule, the CFPB recognizes that “currently covered financial institutions rarely charge NSF fees on covered transactions” and, thus, the “CFPB is proposing this rule primarily as a preventive measure.” With that said, the Proposed Rule is significant in that the Bureau also clarifies its approach to assessing abusive practices.

Why is it Important?


In January 2022, the CFPB launched an initiative to reduce certain fees charged by banks and other companies under its jurisdiction, by issuing a Request for Information (Fee RFI) seeking public comment regarding fees that are not “subject to competitive processes that ensure fair pricing.” The CFPB continues to focus on these so-called “junk fees,” which the Bureau described in its Fee RFI, in part, as “fees that far exceed the marginal cost of the service they purport to cover, implying that companies are not just shifting costs to consumers, but rather, taking advantage of a captive relationship with the consumers to drive excess profits.” The Bureau’s attention is now on NSF fees.

The Proposed Rule

The Proposed Rule may be narrow in scope, but much broader in potential impact. It would prohibit a “financial institution” from charging an NSF fee to a consumer who attempts to withdraw, debit, pay, or transfer funds from their “account” that is declined instantaneously or near instantaneously by the “financial institution.” For purposes of the Proposed Rule, the term “account” and “financial institution” are defined consistent with Regulation E. Thus, a financial institution includes a bank, savings association, credit union, or any other person that directly or indirectly holds an account belonging to a consumer, or that issues an access device and agrees with a consumer to provide electronic fund transfer services. An account is defined equally broad to include: (i) checking, savings, or other consumer asset account held by a financial institution (directly or indirectly), including certain club accounts, established primarily for personal, family or household purposes, and (ii) a prepaid account. An account would not include, among others, escrow accounts for real estate taxes or insurance or an occasional or incidental credit balance in a credit plan. It is also worth noting that, according to the CFPB, checks and ACH transactions are not covered by the rule unless they evolve in a way to be cleared instantaneously.

While the scope of the Proposed Rule is narrow, the Bureau’s interpretation of abusiveness as articulated in the Proposed Rule is not. By way of background, Section 1031 of the Consumer Financial Protection Act (CFPA) prohibits unfair, deceptive, or abusive acts or practices (UDAAPs) under Federal law in connection with any transaction with a consumer for a consumer financial product or service, or the offering of a consumer financial product or service. The Proposed Rule finds that charging an NSF fee in instantaneously or near instantaneously declined transactions violates the “lack of understanding” prong of the abusiveness standard. Under the CFPB’s Policy Statement on Abusive Acts or Practices, the “lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service” concerns gaps in understanding affecting consumer decision making.

The Proposed Rule attempts to fine tune the “lack of understanding” analysis by distinguishing prior comments the Bureau made in its 2020 Payday Lending Rule, by clarifying that:

  • “[L]ack of understanding under the abusiveness standard of UDAAP is not synonymous with reasonable avoidability under the unfairness standard.”
  • Magnitude and risk of harm are distinct and should have no bearing on a “lack of understanding” analysis.
  • A consumer’s lack of understanding should not be characterized as general or specific as such framework is unhelpful in determining whether consumers understand the material risks, costs or conditions of a financial product or service.

Under the Proposed Rule, the Bureau has preliminarily determined that the charging of such fee is abusive under Section 1031(d) of the CFPA as it would take “unreasonable advantage of consumers’ lack [of] understanding of the material risks, costs, or conditions associated with their deposit accounts” and that “covered financial institutions that charge NSF fees on covered transactions would be benefiting from negative consumer outcomes that result from…a consumer’s lack of understanding.”

The Bureau summarily dismissed that such risks could be mitigated, as disclosure would be too costly, too unfeasible, and unlikely to eliminate the risk. Rather, “[d]rawing on its experience and expertise regarding consumer behavior, the CFPB believes that if a transaction entails material risks or costs and consumers derive minimum or no benefit from the transaction, it is generally reasonable to conclude that consumers who nonetheless went ahead with the transaction did not understand the material risks, costs or the conditions to those risks or costs.”

In other words, the CFPB appears to believe that no consumer would initiate a transaction knowing that they have insufficient funds and that a fee could be charged if their transaction is declined, despite the fact that (1) the vast majority of consumers have readily available access to their bank account balances, (2) such fees are generally disclosed to consumers, and (3) consumers contractually agree to pay such fees.

What Do You Need to Do?

While the Proposed Rule has limited application, the Bureau’s interpretation of the abusiveness standard could have far broader implications, as the Bureau could deem as abusive any fee which it determines provides little to no consumer benefit. For example, it is unclear what would stop the Bureau from prohibiting other fees as abusive, based on a determination that such fees provide little to no consumer benefit and that financial institutions are “benefiting from negative consumer outcomes that result from…a consumer’s lack of understanding,” given that the Bureau’s rationale appears to give little regard to consumer disclosures or contract law.

Therefore, given the potential downstream implications of the CFPB’s broad interpretation of abusiveness, companies subject to the CFPB’s jurisdiction should carefully review the Proposed Rule and consider submitting a comment letter, even if the Proposed Rule itself would not directly apply to the company. The Proposed Rule’s comment period expires on March 25, 2024.


CFPB Issues FCRA Advisory Opinions Addressing Background Screenings and Credit File Sharing Practices

What Happened?

On January 11, 2024, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) issued two separate advisory opinions interpreting consumer reporting agencies’ (“CRAs”) obligations under the Fair Credit Reporting Act (“FCRA”). First, the Bureau issued an advisory opinion on background check reports, which highlights that such reports must be complete, accurate, and free of information that is duplicative, outdated, expunged, sealed, or otherwise legally restricted from public access (the “Background Screening Opinion”). The Bureau’s second advisory opinion addresses file disclosure obligations under the FCRA, and “highlights that people are entitled to receive all information contained in their consumer file at the time they request it, along with the source or sources of the information contained within, including both the original and any intermediary or vendor source” (the “File Disclosure Opinion”).  The Bureau issued the advisory opinions to “ensure that the consumer reporting system produces accurate and reliable information and does not keep people from accessing their personal data.”

Why Is It Important?

The Background Screening Opinion

Section 607(b) of the FCRA requires that CRAs “follow reasonable procedures to assure maximum possible accuracy of the information concerning the individual about whom the report relates.” The Background Screening Opinion asserts that “[i]n many instances, background screening reports contain inaccurate information about consumers,” such as information about the wrong consumer, information that is duplicative, or that omits existing disposition information. The Bureau also found that some background screening reports “include arrests, convictions, or other court records that should not be included because they have been expunged or sealed or otherwise legally restricted from public access.”

Accordingly, the CFPB issued the Background Screening Opinion to “underscore obligations that the FCRA imposes when background screening reports are provided and used.” Specifically, the opinion affirms that CRAs must comply with their FCRA obligation to “follow reasonable procedures to assure maximum possible accuracy” under section 607(b). Specifically, the Background Screening Opinion provides that:

  • A CRA that reports public record information does not comply with section 607(b) if the CRA does not have reasonable procedures in place to ensure that the CRA:
    • does not report duplicative information or information that has been expunged, sealed, or otherwise legally restricted from public access in a manner that would prevent the user from obtaining it directly from the government entities that maintain the records, and
    • includes any existing disposition information if it reports arrests, criminal charges, eviction proceedings, or other court filings.
  • When CRAs include adverse information in consumer reports, the occurrence of the adverse event starts the running of the reporting period for adverse items under FCRA 605(a)(5), which is not restarted or reopened by the occurrence of subsequent events.
  • A non-conviction disposition (i.e., a dismissal or a similar disposition of criminal charges such as dropped charges or an acquittal) of a criminal charge cannot be reported beyond the 7-year period that begins to run at the time of the charge.

Accordingly, the Background Screening Opinion provides that CRAs “thus must ensure that they do not report adverse information beyond the reporting period” in section 605(a)(5) of the FCRA “and must at all times have reasonable procedures in place to prevent reporting of information that is duplicative or legally restricted from public access and to ensure that any existing disposition information is included if court filings are reported.”

The File Disclosure Opinion

Under the FCRA, CRAs are generally required to disclose to consumers all information in their file upon request. Specifically, section 609(a) of the FCRA provides that, upon request, a CRA must clearly and accurately disclose to the consumer “[a]ll information in the consumer’s file at the time of the request,” including the sources of the information. A “file” is defined as “all of the information on that consumer that is recorded and retained by a [CRA], regardless of how the information is stored.”

The File Disclosure Opinion clarifies that an individual requesting their files:

  • Only needs to make a request for their report and provide proper identification – they do not need to use specific language or industry jargon to be provided their complete file.
  • Must be provided their complete file with clear and accurate information that is presented in a way an average person could understand.
  • Must be provided the information in a format that will assist them in identifying inaccuracies, exercising their rights to dispute any incomplete or inaccurate information, and understanding when they are being impacted by adverse information.
  • Must be provided with the sources of the information in their file, including both the original and any intermediary or vendor source or sources.

What Do You Need to Do?

These advisory opinions follow President Biden’s October, 2023 Executive Order on the Safe, Secure and Trustworthy Development and Use of Artificial Intelligence (the “EO”).  Among other obligations, the EO encourages the CFPB to consider using its authority to use appropriate technologies including AI tools to ensure compliance with FCRA to address discrimination against protected groups.  These advisory opinions serve as a reminder of the importance of ensuring compliance with the FCRA, and that the use of data can lead to discriminatory outcomes under Federal law.

CFPB Touts 2023 Greatest Hits and Casts a Line for Enforcement Hires

What Happened?

Earlier this week, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) released a blog post touting its 2023 successes in safeguarding “household financial stability” through the levying of fines and filing of lawsuits. The Bureau highlighted seven enforcement cases:

  • Protecting Servicemembers from Illegal High-Interest Loans and False Advertising: In February 2023, the CFPB ordered an auto title loan lender and several affiliated entities to pay a total of $15 million in penalties and consumer redress to resolve allegations that the entities violated the Military Lending Act. That same month, the CFPB permanently banned a California-based mortgage lender from the mortgage lending industry and imposed a $1 million penalty on the lender for repeatedly violating a 2015 consent order by, among other things, allegedly continuing to send advertisements to military families that led recipients to believe the company was affiliated with the U.S. government.
  • Taking Action for Illegally Charging Junk Fees, Withholding Credit Card Rewards, and Operating Fake Bank Accounts: In July 2023, the CFPB ordered a national bank to pay a more than $190 million in penalties and consumer redress to resolve allegations that the bank double dipped on insufficient funds fees imposed on customers, withheld reward bonuses promised to credit card customers, and misappropriated sensitive personal information to open accounts without customer knowledge or authorization. The Office of the Comptroller of the Currency (“OCC”) also found that the bank’s double-dipping on insufficient funds fees was illegal and ordered the bank to pay $60 million in penalties.
  • Intentional Illegal Discrimination Against Armenian Americans: In November 2023, the CFPB ordered a national bank to pay $25.9 million in fines and consumer redress for allegedly “intentionally and illegally discriminating against credit card applicants the bank identified as Armenian American.” 
  • Taking Action to Stop Loan Churning: In August 2023, the CFPB sued a high-cost installment loan lender and several of its wholly owned, state-licensed subsidiaries, for allegedly violating the Consumer Financial Protection Act by “illegally churning loans to harvest hundreds of millions in loan costs and fees.”
  • Illegal Rental Background Check and Credit Reporting Practices: In October 2023, the CFPB and the Federal Trade Commission (“FTC”) sued a rental screening subsidiary of a national consumer credit reporting agency for allegedly violating the Fair Credit Reporting Act by failing to take steps to ensure the rental background checks that landlords use to decide who gets housing were accurate and withholding from renters the names of third parties that were providing the inaccurate information. The resulting court order required the company to pay $15 million in penalties and make significant improvements to how it reports evictions. Separately, the CFPB ordered the national consumer reporting agency to pay $8 million in consumer redress and penalties for failing to timely place or remove security freezes and locks on consumer credit reports and for falsely telling certain consumers that their requests were processed.
  • Stopping unlawful junk advance fees for credit repair services: In August 2023, the CFPB entered into a settlement with a credit repair service conglomerate that imposed a $2.7 billion judgment and banned the companies from telemarketing credit repair services for 10 years.

The CFPB touted that in 2023 it secured over $3.5 billion in total fines and compensation from financial services “lawbreakers” in 2023.  The CFPB largely attributed these cases to the creation of a “team of technologists” working on emerging technologies to “enforce the law when emerging technologies harm consumers.”

Why is this Important?

The CFPB filed 29 enforcement actions in 2023 but selected the seven highlighted above, possibly signaling that junk fees, fair lending, servicemember protections, and credit reporting, among others, remain on the Bureau’s radar. We do not expect the CFPB to issue any sort of accounting covering enforcement cases which it dropped in 2023.

Interestingly, the CFPB also used this post to recruit new “cross-disciplinary” employees (both attorneys and non-attorneys) for its Office of Enforcement and reiterated that the Bureau is “significantly expanding [its] enforcement capacity in 2024 to build on [its] achievements so far.” The roles are located in the Bureau’s Washington, D.C. headquarters and its regional offices in Atlanta, Chicago, New York and San Francisco.  The last of the associated employment information virtual sessions occurred on January 30, 2024.  Strangely, the CFPB only released this blog post the day before the last of these three sessions and it is not known how that late notice may impact application numbers.

What Do You Need to Do?

Given that the CFPB is telegraphing those issues that are top of mind for the Bureau as well as its emphasis on ramping up enforcement in 2024, now is a good time for companies to review their compliance management programs and make any necessary enhancements to policies, procedures, processes, and systems to ensure compliance with all applicable consumer financial laws and regulations. In particular, institutions should revisit their compliance monitoring programs to determine whether any updates are needed to minimize enforcement risk.

CFPB Amicus Brief in FDCPA Case Signals Its Stance on Liability for False Statements

A&B Abstract:

On January 2, the Consumer Finance Protection Bureau (“CFPB” or “Bureau”) filed an amicus brief in Carrasquillo v. CICA Collection Agency, Inc. in support of Plaintiff-Appellant Carrasquillo. The brief challenges the District Court’s interpretation of the Fair Debt Collection Practices Act (“FDCPA”) in relation to a debt collector’s intent when making potentially incorrect statements.


Section 1692e of the Fair Debt Collection Practices Act (“FDCPA”) provides that “[a] debt collector may not use any false, deceptive, or misleading representation or means in connection with the collection of any debt.”  The statute creates a private right of action for consumers to sue debt collectors who break the law by lying or providing wrong information while collecting a debt.

The Carrasquillo Case:

The Carrasquillo case originated in September 2019, when the Plaintiff-Appellant initiated bankruptcy proceedings.  Defendant CICA Collection Agency had been engaged to collect an alleged debt from the Plaintiff-Appellant.  In October 2020 (during the pendency of the bankruptcy proceedings), CICA mailed a letter stating that such debt was “due and payable,” and that the Plaintiff-Appellant could be sued if the debt was not paid.  The letter did not acknowledge the pending bankruptcy proceeding.

In October 2021, the Plaintiff-Appellant sued the Defendant in the District Court for the District of Puerto Rico, alleging that the letter violated the FDCPA, for, among other grounds, making a false statement (given the operation of the automatic stay under 11 U.S.C. § 362).

CICA filed a Motion to Dismiss, arguing that it did not know Carrasquillo filed for bankruptcy because it had not received notice of the bankruptcy proceeding.  Therefore, CICA argued, it did not intentionally make a false statement, and should not be subject to liability.  The District Court granted CICA’s Motion to Dismiss, agreeing that the FDCPA did not intend to punish unintentional false statements.  The Plaintiff-Appellant appealed to the First Circuit.

The Amicus Brief:

In its brief, the CFPB argued that Section 1692e’s prohibition against the use of “any false, deceptive, or misleading representation” extends to the provision of wrong information. Thus, the FDCPA allows a consumer to sue a debt collector for providing wrong information that the collector should have known was wrong – such as, the CFPB argues, CICA’s claim that it could sue to collect debt from a consumer who had filed for bankruptcy.


The CFPB’s primary contention is that intent is not a factor in determining liability under the law.  The Bureau supports this by emphasizing that elsewhere in the FDCPA, Congress described as an example of a violation “communicating or threatening to communicate to any person credit information which is known or which should be known to be false.” (Emphasis added.) Section 1692e indicates that these examples are provided “[w]ithout limiting the general application of the foregoing [statement]…” Accordingly, the Bureau argues, debt collectors cannot “stick their heads in the sand and claim ignorance” to avoid liability from incorrect statements – regardless of whether such statements were intentional.

Compliance Procedures:

In its brief, the CFPB also argues that debt collectors must show that they have procedures in place designed to prevent unintentional mistakes (such as that that the Defendant claims occurred in the Carrasquillo matter). Section 1692k of the FDCPA protects a debt collector from liability if the violation “resulted from a bona fide error notwithstanding the maintenance of procedures reasonably adapted to avoid any such error.” (Emphasis added.)  By the terms of that provision, the Bureau argues, “it is not enough for a debt collector to merely show that its conduct was unintentional to avoid liability; rather, it must also show that the violation was the result of a ‘bona fide error’ and that the collector maintained ‘procedures reasonably adapted to avoid’ that error.”


If the appellate court rules for the Plaintiff-Appellant, favoring the CFPB’s argument, debt collectors will need to revisit their compliance procedures to ensure they do not accidentally make false statements to consumers.

The CFPB’s brief also highlights its ideal enforcement position regarding the FDCPA, which would include a zero-tolerance policy for debt collectors making false statements (barring a bona fide error which the debt collector would have the obligation to prove).

Complying with the “Consider” Requirement Under the Revised Qualified Mortgage Rules

A&B Abstract:

Purchasers of residential mortgage loans who are conducting audits of residential mortgages that they buy in the secondary market are struggling to determine what documentation satisfies the “consider” requirement of the revised qualified mortgage (QM) standards that became mandatory on October 1, 2022. In fact, originators of residential mortgage loans are not in agreement regarding what particular written policies and procedures they must promulgate and maintain and the documentation that they should include in the loan files. We set forth what we believe are the policies and procedures and the documentation that creditors must maintain and provide to their counterparties to comply with the consider requirement.

The Revised QM Rules

As a threshold matter, on December 10, 2020, Kathy Kraninger, who was the director of the Consumer Financial Protection Bureau (CFPB), issued the revised QM rules that replaced Appendix Q and the strict 43% debt-to-income ratio (DTI) underwriting threshold with a priced-based QM loan definition. The revised QM rules also terminated the QM Patch, under which certain loans eligible for purchase by Fannie Mae and Freddie Mac do not have to be underwritten to Appendix Q or satisfy the capped 43% DTI requirement. Compliance with the new rules became mandatory on October 1, 2022.

Under the revised rules, for first-lien transactions, a loan receives a conclusive presumption that the consumer had the ability to repay (and hence receives the safe harbor presumption of QM compliance) if the annual percentage rate does not exceed the average prime offer rate (APOR) for a comparable transaction by 1.5 percentage points or more as of the date the interest rate is set. A first-lien loan receives a “rebuttable presumption” that the consumer had the ability to repay if the APR exceeds the APOR for a comparable transaction by 1.5 percentage points or more but by less than 2.25 percentage points. The revised QM rules provide for higher thresholds for loans with smaller loan amounts, for subordinate-lien transactions, and for certain manufactured housing loans.

To qualify for QM status, the loan must continue to meet the statutory requirements regarding the 3% points and fees limits, and it must not contain negative amortization, a balloon payment (except in the existing limited circumstances), or a term exceeding 30 years.

Consider and Verify Consumer Income and Assets

In lieu of underwriting to Appendix Q, the revised rule requires that the creditor consider the consumer’s current or reasonably expected income or assets other than the value of the dwelling (including any real property attached to the dwelling) that secures the loan, debt obligations, alimony, child support, and DTI ratio or residual income. The final rule also requires the creditor to verify the consumer’s current or reasonably expected income or assets other than the value of the dwelling (including any real property attached to the dwelling) that secures the loan and the consumer’s current debt obligations, alimony, and child support.

In particular, to comply with the consider requirement under the rule, the CFPB provides creditors the option to consider either the consumer’s monthly residual income or DTI. The CFPB imposes no bright-line DTI limits or residual income thresholds. As part of the consider requirement, a creditor must maintain policies and procedures for how it takes into account the underwriting factors enumerated above and retain documentation showing how it took these factors into account in its ability-to-repay determination.

The CFPB indicates that this documentation may include, for example, “an underwriter worksheet or a final automated underwriting system certification, in combination with the creditor’s applicable underwriting standards and any applicable exceptions described in its policies and procedures, that shows how these required factors were taken into account in the creditor’s ability-to-repay determination.”

CFPB Staff Commentary

Paragraph 43(e)(2)(v)(A) of the CFPB Staff Commentary to Regulation Z requires creditors to comply with the consider requirement of the new QM rule by doing the following:

a creditor must take into account current or reasonably expected income or assets other than the value of the dwelling (including any real property attached to the dwelling) that secures the loan, debt obligations, alimony, child support, and monthly debt-to-income ratio or residual income in its ability-to-repay determination. A creditor must maintain written policies and procedures for how it takes into account, pursuant to its underwriting standards, income or assets, debt obligations, alimony, child support, and monthly debt-to-income ratio or residual income in its ability-to-repay determination. A creditor must also retain documentation showing how it took into account income or assets, debt obligations, alimony, child support, and monthly debt-to-income ratio or residual income in its ability-to-repay determination, including how it applied its policies and procedures, in order to meet this requirement to consider and thereby meet the requirements for a qualified mortgage under § 1026.43(e)(2). This documentation may include, for example, an underwriter worksheet or a final automated underwriting system certification, in combination with the creditor’s applicable underwriting standards and any applicable exceptions described in its policies and procedures, that show how these required factors were taken into account in the creditor’s ability-to-repay determination [emphasis added].

The Secondary Market’s Review of Creditors’ Policies and Procedures and File Documentation

The revised rules suggest that, at a minimum, to ensure that the creditor has satisfied the “consider” requirement, a creditor must promulgate and maintain policies and procedures for how it takes into account the underwriting factors enumerated above as well as retain documentation showing how it took these factors into account in its ability-to-repay determination. Ideally, the creditor should make these written policies and procedures available to the creditor’s secondary market counterparties.

Further, and more importantly, the revised rules indicate that the individual loan files should contain a worksheet, Automated Underwriting Systems (AUS) certification, or some other written evidence documenting how the enumerated factors were taken into account in meeting the enhanced ability-to-repay standards. The underwriters should document their use of applicable exceptions to the creditor’s general policies and procedures in underwriting the loan.

Notwithstanding the foregoing, it is our understanding that compliance with these requirements has been uneven in the industry and that certain creditors have not promulgated the requisite written policies and procedures related to the consideration of income, assets, and debt. In addition, documentation (i.e., worksheets and AUS certifications) of these factors in individual loan files has been haphazard and inconsistent.

In March 2023, the Structured Finance Association convened an ATR/QM Scope of Review Task Force, comprising rating agencies, diligence firms, issuers, and law firms, to develop uniform best practice testing standards for performing due diligence on QM loans. Discussion topics included the documentation of the consider requirement of the revised QM rules.

In its early meetings, the participants in the task force confirmed that creditors have not uniformly developed written policies and procedures documenting the consider requirement. Participants have focused more on the creditor’s actual documentation of income, assets, and debt in individual loan files they believe would demonstrate substantive compliance with the underwriting requirements of the revised rules.

At this early juncture (compliance with the revised rule became mandatory in October 2022), it may be premature for secondary market purchasers of residential mortgage loans to cite their sellers or servicers for substantive noncompliance with the revised QM rules if these entities have not developed robust written policies and procedures that show how they consider income, assets, and debt.

It may be more fruitful for the secondary market to focus on the actual file documentation itself and determine whether the creditors have satisfied the consider requirement by properly underwriting the loans in accordance with the requisite elements and documenting the file with the appropriate worksheets and other written evidence.

The creditor’s failure to maintain the general policies and procedures does not necessarily render the subject loans non-QM if the loan files are adequately underwritten and amply documented. Compliance with the new QM rules and the documentation of the consider requirement is still at a rudimentary stage, and the secondary market will have to periodically revisit the way it audits mortgage loans.