Alston & Bird Consumer Finance Blog

Insurance

Don’t Miss the Small Stuff Lenders: New Mexico Issues Regulatory Guidance for Completing the “Freedom to Choose” Insurance Company Form

By

A&B Abstract:

Under New Mexico’s Insurance Code, it has been a long-standing requirement that lenders may not condition a loan of money on the procurement of insurance from any particular insurer, agent, solicitor, or broker.  The lender is required to inform the buyer of their rights “regarding the placement of insurance on a form prescribed by the superintendent” and the borrower must “signify that he has been so informed.”  The form of the required “Freedom to Choose” is provided by regulation to the Insurance Code as follows:

FREEDOM TO CHOOSE INSURANCE COMPANY AND INSURANCE PROFESSIONAL

The undersigned person hereby acknowledges that I have been informed by (individual’s name) on behalf of (name of lender) that, although I may be required by the seller or lender to purchase insurance to cover the property that is being used as security for the loan, I may purchase that insurance from the insurance company or agent of my choice, and cannot be required by the seller or lender, as a condition of the sale or loan, to purchase or renew any policy of insurance covering the property through any particular insurance company, agent, solicitor, or broker. I hereby acknowledge receipt of a true copy of this notice on the _____day of_____________, _____.

__________________________________

(Signature of Purchaser or Borrower)

The New Mexico Financial Institutions Division (FID) issued regulatory guidance (the “Guidance”) this month as some lenders have not been completing the form correctly.  The Guidance clarifies that the “Freedom to Choose” notice requires the name of the individual providing the notice, and the FID finds the practice of providing only the company name in the blank reserved for the individual’s name as a violation of the Insurance Code.

 Takeaway:

Lenders take note as this is an easy violation to avoid.  To that end, now is a good time to review your New Mexico policies, procedures and QC reviews to ensure compliance with this requirement.  Please don’t hesitate to reach out with any questions on when the form is required and how to ensure it is completed correctly.  While the FID’s Guidance does not speak to penalties, it is worth noting that the Superintendent of the New Mexico Regulation and Licensing Department has authority to impose monetary penalties for violations of this provision, including a fine not to exceed $500 per violation. The statute also authorizes administrative penalties and civil actions.

CFPB’s Message to Mortgage Servicers: Make Sure You Comply with RESPA’s Force-Placed Insurance Requirements

By ,

A&B Abstract:

In Case You Missed It:  At the recent Federal Housing Finance Agency’s Symposium on Property Insurance, CFPB Director Rohit Chopra spoke about force-placed insurance and conveyed the following message: “The CFPB will be carefully monitoring mortgage market participants, especially mortgage servicers to ensure they are meeting all of their obligations to consumers under the law.”

The CFPB’s servicing rules set forth in RESPA’s Regulation X specifically regulate force-placed insurance. For purposes of those requirements, the term “force-placed insurance” means hazard insurance obtained by a servicer on behalf of the owner or assignee of a mortgage loan that insures the property securing such loan. In turn, “hazard insurance” means insurance on the property securing a residential mortgage loan that protects the property against loss caused by fire, wind, flood, earthquake, falling objects, freezing, and other similar hazards for which the owner or assignee of such loan requires assistance. However, force-placed insurance excludes, for example, hazard insurance required by the Flood Disaster Protection Act of 1973, or hazard insurance obtained by a borrower but renewed by a company in accordance with normal escrow procedures.

Given the Bureau’s announcement, now is a good time to confirm that your company has adequate controls in place to ensure compliance with all of the technical requirements of RESPA’s force-placed insurance provisions.  Set forth below are some of the many questions to consider:

Escrowed Borrowers:

  • When a borrower maintains an escrow account and is more than 30 days past due, does the company ensure that force-placed insurance is only purchased if the company is unable to disburse funds from the borrower’s escrow account?
    • A company will be considered “unable to disburse funds” when the company has a reasonable basis to believe that (i) the borrower’s hazard insurance has been canceled (or was not renewed) for reasons other than nonpayment of premium charges; or (ii) the borrower’s property is vacant.
    • However, a company will not be “unable to disburse funds” only because the escrow account does not contain sufficient funds to pay the hazards insurance charges.

Required Notices:

  • Does the company ensure that the initial, reminder, and renewal notices required for force-placed insurance strictly conform to the timing, content, format, and delivery requirements of Regulation X?

Charges and Fees:

  • Does the company ensure that no premium charge or fee related to force-placed insurance will be assessed to the borrower unless the company has met the waiting periods following the initial and reminder notices to the borrower that the borrower has failed to comply with the mortgage loan contract’s requirements to maintain hazard insurance, and sufficient time has elapsed?
  • Are the company’s fees and charges bona fide and reasonable? Fees and charges should:
    • Be for services actually performed;
    • Bear a reasonable relationship to the cost of providing the service(s); and
    • Not be prohibited by applicable law.
  • Does the company have an adequate basis to assess any premium charge or fee related to force-placed insurance, meaning that the company has a reasonable basis to believe that the borrower has failed to comply with the mortgage loan contract’s requirement to maintain hazard insurance because the borrower’s coverage is expiring, has expired or is insufficient?
  • Does the company have appropriate controls in place to ensure that the company will not assess any premium charge or fee related to force-place insurance to the borrower if the company receives evidence that the borrower has maintained continuous hazard insurance coverage that complies with the fee requirements of the loan contract prior to the expiration of the waiting periods (at least 45 days have elapsed since the company delivered the initial notice and at least 15 days have elapsed since the company delivered the reminder notice)?
  • Will the company accept any of the following as evidence of continuous hazard insurance coverage:
    • A copy of the borrower’s hazard insurance policy declarations page;
    • The borrower’s insurance certificate;
    • The borrower’s insurance policy; or
    • Another similar form of written confirmation?
  • Does the company recognize that the borrower will be considered to have maintained continuous coverage despite a late payment when applicable law or the borrower’s policy contemplates a grace period for the payment of the hazard insurance premium and a premium payment is made within that period and accepted by the insurance company with no lapse in coverage?
  • Within 15 days of receiving evidence (from any source) demonstrating that the borrower has maintained hazard insurance coverage that complies with the hazard insurance requirements in the loan contract, does the company:
    • Cancel any force-placed insurance that the company has purchased to insure the borrower’s property; and
    • Refund to the borrower all force-placed insurance premium charges and related fees paid by such borrower for any period of overlapping insurance coverage and remove from the borrower’s account all force-placed insurance charges and related fees that the company assessed to the borrower for such period?

And let’s not forget that companies must continue to comply with the above requirements if the company is a debt collector under the Fair Debt Collection Practices Act (“FDCPA”) with respect to a borrower and that borrower has exercised a “cease communication” right under the FDCPA.  Of course, failure to comply with the Regulation X requirements could also result in violations of UDAAP and FDCPA provisions.

Takeaway:

Given that the CFPB is telegraphing its upcoming review of servicers’ force-placed insurance practices, now is a good time for companies to ensure that their compliance management programs are robust enough to ensure compliance with all the technical requirements of RESPA’s force-placed insurance requirements. Alston & Bird’s Consumer Financial Services team is happy to assist with such a review.

Trends in Enforcement and Recommendations on Protecting Financial Institutions

By , ,

In his 2022 speech “Reining in Repeat Offenders” at the Distinguished Lecture on Regulation at the University of Pennsylvania Law School, the director of the Consumer Financial Protection Bureau (CFPB) stated that “[a]chieving general deterrence is an important goal for the CFPB” and “the role of individual liability cannot be discounted.” To that end, the CFPB recently proposed an enforcement order registry that would, among other things, require certain larger participant nonbanks subject to the CFPB’s supervisory authority to designate a senior executive who is responsible for and knowledgeable of the nonbank’s efforts to comply with the orders identified in the registry to attest regarding compliance with covered orders and submit an annual written statement attesting to the steps taken to oversee the activities subject to the applicable order for the preceding calendar year and whether the executive knows of any violations of, or other instances of noncompliance with, the covered order.

It is not surprising that one of the major questions that has arisen about financial institution (FI) insurance coverage is the extent of coverage for regulatory enforcement actions. Other questions arise in interpreting the scope of FI insurance coverage for terms such as a pending and prior claim, the performance of professional services, invasion of privacy (and whether data breaches are covered), and fraud. These terms can be particularly important in the heavily regulated financial services industry. Accordingly, financial institutions need to understand FI coverage options and the negotiable terms.

Are regulatory enforcement actions included in coverage terms?

Responding to inquiries from agencies such as the CFPB, Securities Exchange Commission (SEC), Department of Justice, attorneys general, and federal and state banking agencies can be disruptive and expensive. As a threshold matter it is important to understand the extent of insurance coverage, including the kind of inquiry that is covered. The first step is to make sure you understand which regulators are covered when there is an inquiry or enforcement action. Ideally, financial institutions would have coverage for claims from any federal or state agency.

Is there coverage for costs incurred in responding to informal inquiries?

For example, there may be coverage for an informal document request and employee interview by a government agency. Many policies now offer some coverage of a formal government agency civil investigative demand (CID) or subpoena to a financial institution, and it is important to understand the specific scenarios in which such a CID or subpoena is covered.

When facing an ongoing government investigation, is it subject to the excess policy’s “pending and prior claim” exclusion? 

In a recent case, the policy language provided that the excess policy did not apply to “any amounts incurred by the Insureds on account of any claim or other matter based upon, arising out of or attributable to any demand, suit or other proceeding pending or order, decree, judgment or adjudication entered against any Insured on or prior to July 31, 2011.” The court ruled that the parties had agreed to exclude from the excess policy coverage any claim as defined in the language of the primary policy.

The court also ruled that an ongoing SEC investigation, even though it was not being covered by any insurance policy, was a claim as defined under the primary policy and thus was subject to the pending and prior claim exclusion of the excess policy. This case emphasizes the importance of understanding the definitions of a claim within the relevant policies.

What are some considerations for losses arising out of the performance of professional services? 

Many FI policies have exclusions for loss arising out of the performance of professional services, which distinguish claims covered by a company’s errors and omissions (E&O) insurance. It is important to understand the effect of these exclusions, which are illustrated in recent court decisions.

In one recent case, a court held that a bank’s policy’s professional services exclusion precluded coverage for all insureds, not just those delivering the services. The exclusion in the case provided that there was no liability for claims “made against any Insured alleging, arising out of, based upon, or attributable to the Organization’s or any Insured’s performance of or failure to perform professional services for others….” The court held that the phrase “any Insured” made the insurer’s obligations jointly held, which prohibited recovery from any insured.

However, the policy at issue in this case did not have a severability provision. The court’s opinion suggests that a professional services exclusion in a policy with a severability provision would preclude coverage only for those who actually performed the professional services.

Another consideration is the broad language that was used in the clause in this case—it uses words like “arising out of,” “based upon,” or “attributable to” the professional services provided. Companies should ensure that the clause serves its purpose and does not preclude too much coverage.

Another issue involving professional services exclusions, particularly for banks, are fee cases. Overdraft fees, as well as a lot of other fees, including junk fees, have been a focus of regulators. One court has considered the question of insurance coverage for a bank’s obligation to repay overdraft fees. In this case, a bank customer filed suit against the bank, seeking relief from “unfair and unconscionable assessment and collection of excessive overdraft fees.” The bank filed suit against its insurer for refusing to pay defense costs in the lawsuit.

The policy at issue had a duty-to-defend clause covering claims “for a Wrongful Act committed by an Insured or any person for whose acts the Insured is legally liable while performing Professional Services, including failure to perform Professional Services.” However, the policy also had an exclusion “for Loss on account of any Claim … arising from … any fees or charges.” The court affirmed the denial of the companies’ entitlement to payment for defense costs, ruling that the fees exclusion absolved the carrier of an obligation to pay such costs. Cases like these reinforce the importance of understanding defense costs coverage for these kinds of overdraft fee cases.

How does an exclusion for invasion of privacy impact cyber breaches?

It is not uncommon for policies to have clauses that exclude claims based on invasion of privacy. Recent cases underscore the importance of understanding whether such clauses exclude coverage for claims in cyber breaches.

A court recently held that the Los Angeles Lakers were not entitled to insurance coverage for allegations that the team violated the Telephone Consumer Protection Act (TCPA). The court ruled that “because a [TCPA] claim is inherently an invasion of privacy claim, [the insurer] correctly concluded that the underlying [TCPA] claims fell under the Policy’s broad exclusionary clause.”

This decision could affect coverage of cyber-liability claims involving cybersecurity and data privacy, which are becoming increasingly common and which often touch on invasion of privacy issues. Companies should understand their exclusionary clauses on this score.

What is “final” for purposes of an insurance policy’s fraud exclusion?

Many FI insurance policies exclude coverage if the insured is found to have engaged in fraud. Often, the exclusion is only triggered after a “final” judicial determination that the excluded conduct has occurred. The issue of what a “final” determination is can affect the coverage for a claim.

Financial institutions should look for fraud exclusions in their FI policies to determine whether such exclusions refer to a “final, non-appealable adjudication” or a “final judgment.” In a New York state case, after a former CEO was sentenced for the commission of various fraud crimes, he filed an appeal of his convictions. While the appeal was still pending, however, his insurer asked to be relieved of its obligation to defend the plaintiff because the fraud exclusion in its policy was triggered upon a final judgment against its insured.

The former CEO filed suit against his insurer, but the appellate court affirmed the trial court’s ruling that the insurer was no longer obligated to pay his defense. The court held that the imposition of the criminal sentence was a “final judgment,” which appropriately triggered the fraud exclusion in the policy. The court explained that even if an appeal is successful, the finality of the sentence is not changed.

This case shows how important it is to understand the contours of a policy’s fraud exclusion.

Defense Costs: Duty to Defend v. Duty to Indemnify

Finally, a company needs to consider whether it wants to have primary control over the defense of a covered claim or wants the insurer to have primary control. An advantage of having the insurer control the defense—a “duty to defend” policy—is that the coverage requirements can be a bit more broad in many states. The main advantage of the company having primary control of the defense in a so-called “duty to indemnify” policy is that the company gets wider latitude in choosing lawyers that they trust and know to have the appropriate experience to handle the matter. Under either of these arrangements, the carrier would pay covered defense costs.

Conclusion

As trends in enforcement shift, it is increasingly important to understand liability coverage. Financial institutions should consider reaching out to experienced insurance brokers and attorneys to assist them in reviewing and analyzing the terms and features of their policies in the evolving enforcement climate.