Compliance Insights - Nov / Dec 2019

Compliance Insights - Nov / Dec 2019

OCC Fines Financial Institution $30 Million for OREO Violations

On October 11, 2019, the Office of the Comptroller of the Currency (OCC) assessed a $30 million civil money penalty against a large, multinational bank under a consent order for violations related to the holding period of other real estate owned (OREO). The OCC found that the bank engaged in repeated violations of the statutory holding period for OREO and failed to meet its commitment to implement corrective actions, resulting in additional violations.

OREO refers to bank-owned real estate acquired in satisfaction of previously contracted debts, such as foreclosed properties. OREO properties are largely non-earning assets that can incur significant holding costs, such as property taxes, insurance, utilities, maintenance, and repairs. Given their tendency to diminish in value, holding OREO in large quantities or for an extended period can present financial and other risks to institutions. According to the OCC Comptroller’s Handbook, the variety of risks to financial institutions from holding OREO include price risk, and potential liquidity, operational, compliance, environmental and reputation risks. Given these risks, there are restrictions on how long financial institutions can hold OREO. For instance, a national bank must dispose of OREO at the earliest time that prudent judgment dictates, but the holding period must be no longer than five years unless the OCC grants an extension. 

The consent order alleges that the institution engaged in over 200 violations of the statutory holding period for OREO between April 2017 and August 2019. The OCC noted that these violations resulted from deficient processes and controls for managing OREO holding periods. The financial institution had conducted a review of its OREO processes and portfolio in 2015, which identified numerous violations. As a result, it committed to developing and implementing policies, procedures and processes to effectively identify and monitor the holding period for OREO assets. However, as of April 2017, the OCC found that the bank’s internal controls governing OREO remained decentralised, ineffective, and inadequate. Additionally, the OCC noted that the bank continued to submit untimely requests to extend OREO holding periods and subsequently failed to meet further commitments to address the root causes of OREO violations.

The consent order reinforces the importance of implementing effective risk management practises and compliance controls. Regulators expect financial institutions to maintain appropriate policies and procedures related to the acquisition, holding, and disposition of OREO assets. Policies and procedures should be consistent with applicable laws and regulations, financial reporting requirements, and risk management principles outlined in supervisory guidance issued by the federal banking agencies. Additionally, financial institutions should have adequate processes and controls in place to execute OREO policies and procedures. Processes should be consistent with established policies and procedures and include accurate record-keeping, monitoring, reporting, and controls testing or periodic reviews.

Draft Guidance on Digital Identity Programmes

In October 2019, the Financial Action Task Force (FATF) published draft guidance for public consultation on digital identity (digital ID) programmes to address emerging identification, security and transparency issues tied to the increasing digitisation of financial transactions. The draft guidance is intended to assist governments, financial institutions, and other regulated entities by clarifying how digital IDs can be used for Know Your Customer (KYC) programmes. The guidance encourages countries to focus on leveraging digital ID programmes to strengthen and support compliance with FATF recommendation 10, which relates to the verification and identification of customers at onboarding and during ongoing due diligence. 

In the guidance, the FATF focuses on end-to-end digital ID programmes, defined as systems to assert and prove a person’s official identity. It also addresses the ways technology, such as distributed ledgers, digital credentials and biometrics, can be used to enable such programmes. The FATF describes, in detail, the key components of digital ID programmes, which include: 1) identity proofing and enrollment, 2) authentication and identity lifecycle management, and 3) portability and interoperability mechanisms. 

Additionally, the guidance explains how to apply a risk-based approach to using digital IDs for customer identification and verification, providing several country-specific case studies and assurance frameworks to help entities determine whether digital IDs are independent, reliable and, ultimately, appropriate for use in customer due diligence (CDD) programmes. 

Since this is draft guidance for public consultation, the FATF requested, via its website, input from private sector stakeholders, in particular banks, virtual asset service providers and other regulated entities. The FATF specifically requested industry commentary on the following topics but also encouraged feedback on other aspects of the draft guidance:

  • The types of money laundering and terrorist financing risks that could arise out of the use of digital ID systems for CDD.
  • The role of digital ID systems in ongoing due diligence and transaction monitoring.
  • How digital ID programmes support financial inclusion.
  • Whether digital ID programmes present challenges to compliance with FATF record-keeping requirements.

The FATF accepted feedback from industry stakeholders until November 29, 2019.

Although the legal and regulatory obligations associated with these emerging technologies are still evolving, the FATF guidance demonstrates progress towards enabling responsible innovation in the form of reliable digital ID systems within the global financial services industry.

CFPB Releases Supervisory Highlights Outlining Recent Examination Findings

In September 2019, the Consumer Financial Protection Bureau (CFPB or Bureau) released its summer 2019 Supervisory Highlights report. The CFPB’s Supervisory Highlights is a periodic publication containing key findings from recent examinations and is intended to limit risks to consumers and help regulated institutions comply with federal consumer financial law. The latest report which is the nineteenth edition, can be accessed on the CFPB’s website along with all the previous editions.

The Summer 2019 Supervisory Highlights report describes several noteworthy examination findings of which financial institutions should be aware. A summary of the specific concerns identified by the CFPB is provided below:

  • Automobile Loan Originations: The CFPB continues to focus on auto loan originations, as well as unfair, deceptive, or abusive acts or practises (UDAAP), and the sale of guaranteed asset protection (GAP) insurance. GAP insurance is a product designed to cover the difference between the amount a consumer owes on an auto loan and the amount received from an insurer in the event a vehicle is stolen, damaged, or totaled. The CFPB noted in the latest edition that certain lenders sold GAP insurance knowing the consumers would not benefit from the product based on the loan-to-value (LTV) ratio. The Bureau found that selling GAP insurance under such circumstances is an abusive practise because lenders took unreasonable advantage of consumers who lacked an understanding of a material aspect of the product.
  • Credit Card Account Management: During its examinations of credit card originations and servicing, the CFPB identified key findings related to non-compliance with the Truth in Lending Act (Regulation Z) and potential violations of UDAAP requirements. One finding included failing to clearly and conspicuously provide disclosures required by Regulation Z in online credit card advertisements. Although required disclosures were available via a hyperlink, the CFPB found that it was not sufficiently labeled and noted that additional website navigation was required after consumers activated the hyperlink. With respect to credit card servicing, the CFPB identified servicers that offset consumer credit card debt against deposited funds without the consumer affirmatively granting a security interest in those funds in the manner required by Regulation Z. Regarding UDAAP, the CFPB found instances in which one or more credit card issuers utilised deceptive threats of repossession or foreclosure in credit card collections despite such actions not being the policy or practise of the issuer. The CFPB also identified deceptive marketing practises that involved secured credit card issuers misleading consumers by orally representing that secured cards would upgrade to unsecured cards if the account was maintained in good standing.
  • Debt Collection: When examining for compliance with the Fair Debt Collection Practises Act (FDCPA), the CFPB identified instances of debt collectors falsely representing to consumers the amount and legal status of their debt and assessing interest charges not authorised by the underlying contracts. These collectors were required to conduct full accountings of these overcharges and provide remediation to affected consumers.
  • Furnishing of Consumer Reporting Information: The CFPB continues to conduct reviews of furnishers of consumer reporting information to ensure compliance with the Fair Credit Reporting Act (FCRA). The latest edition of Supervisory Highlights identifies various types of FCRA violations related to these responsibilities. The findings include not only failing to complete dispute investigations but also not doing so in a timely manner, and neglecting to report corrected information to all nationwide consumer reporting agencies after completing a dispute investigation. The CFPB also demonstrated its continuing oversight related to furnishers of deposit account information to specialty consumer reporting agencies. In one circumstance, it identified a furnisher that failed to provide updates on hundreds of accounts that had been paid or settled in full. Another furnisher of deposit account information failed to notify a specialty consumer reporting agency that the consumer had disputed the accuracy of the information. In addition, the CFPB identified certain institutions that had not established adequate policies and procedures regarding the accuracy of the information furnished to specialty consumer reporting agencies, as required by the CFPB’s Regulation V.
  • Reverse Mortgage Loans: The CFPB also identified exceptions related to the accuracy of the annual percentage rate (APR) and total annual loan cost (TALC) disclosures in reverse mortgage transactions, including how such figures were being calculated and disclosed. Although reverse mortgages are not widely offered, institutions that do provide them should closely review the recent edition of Supervisory Highlights to understand the specific issues that led to the violations.

The recent edition of Supervisory Highlights serves as additional evidence of the CFPB’s continued focus on specific regulatory requirements. Financial institutions should evaluate existing policies, procedures and practises, considering these noted examination findings and take proactive steps to correct any instances of non-compliance as well as perform consumer remediation as warranted. 

Supreme Court Agrees to Hear Case on Constitutionality of CFPB Structure

On October 18, 2019, the U.S. Supreme Court agreed to hear the case of Seila Law v. CFPB to decide whether the Bureau’s single director leadership structure and its “for cause” removal provision are constitutional. In addition to this question, the court ordered the parties to draft briefs and argue whether the “for cause” removal provision can be severed from the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) if the CFPB’s leadership structure is found unconstitutional.

The CFPB was created by the U.S. Congress in 2010 as part of the Dodd-Frank Act to enforce federal consumer protection laws related to financial products and services. The CFPB has broad power and authority to prescribe rules, issue subpoenas, investigate cases, and file lawsuits in federal court. Funding for the CFPB does not follow congressional appropriations but is allocated by the Federal Reserve System, which must provide an amount that the CFPB director deems as “reasonably necessary” to fulfill the Bureau’s responsibilities. In creating the CFPB, the Dodd–Frank Act provided for a single director, appointed by the president and confirmed by the U.S. Senate to serve for a five-year term or longer if the U.S. Senate has not confirmed a replacement. Significantly, the director can only be removed by the president “for cause,” specifically defined within the Dodd–Frank Act as “inefficiency, neglect of duty, or malfeasance in office”.

The petitioner is a law firm that provides consumer debt resolution services to consumers. The CFPB initiated an investigation into whether the petitioner violated federal laws and demanded that it provide documents as part of the investigation. The petitioner refused and argued that the CFPB’s investigation is invalid on the grounds that its structure is unconstitutional, as the “for cause” removal provision infringes on the president’s constitutional responsibility to “take care that the laws be faithfully executed”.

There have been several challenges to the constitutionality of the CFPB’s leadership structure and “for cause” removal provision. Notably, the U.S. Court of Appeals for the District of Columbia Circuit held in PHH Corp. v. CFPB that the leadership structure is constitutional. Then-Judge Brett Kavanaugh wrote a dissenting opinion expressing that the “for cause” removal provision was unconstitutional but severable from the remainder of the Dodd–Frank Act. Neither party in PHH Corp. v. CFPB petitioned the Supreme Court to review the case.

CFPB Director Kathy Kraninger agrees that the “for cause” removal provision is unconstitutional but argues that the provision can be severed from the Dodd–Frank Act. If the Supreme Court rules that the “for cause” removal provision is unconstitutional but severable, it will likely require the CFPB to change its leadership structure. The outcome is less certain should the court rule that the “for cause” removal provision is not severable, which would call into question the CFPB’s enforcement authority and prior actions. Pending CFPB enforcement litigation may be delayed until the Supreme Court rules on this case, which will likely be in 2020.

Trump Administration Issues Executive Order on Regulatory Guidance

On October 9, 2019, the Trump administration issued two executive orders aimed at improving transparency and curbing regulatory overreach within the executive branch. The executive orders address the related issues of administrative agency guidance documents and administrative agency enforcement actions.

The need for transparency and restraint in the issuance and enforcement of regulatory guidance documents has been a recent focal point for the Trump administration and the federal banking agencies. The potential concerns related to guidance documents were initially raised in September 2018, when the federal banking agencies issued the Interagency Statement Clarifying the Role of Supervisory Guidance (Interagency Statement). This statement clarified that regulatory guidance does not have the force and effect of law and stated that examiners will not criticise financial institutions for violations of supervisory guidance.

The recent executive orders continue with this theme and initiate practical steps to ensure that the practises of administrative agencies comply with these expectations. The details of both orders are briefly described below:

  • Executive Order on Guidance: The executive order on guidance clarifies that it is the policy of the executive branch to require that agencies treat guidance documents as non-binding in law and in practise, take public input into account when developing guidance documents, and make guidance documents readily available to the public. To ensure the availability of guidance documents, the executive order requires that regulatory agencies establish a single, searchable, indexed database that contains, or links to, all guidance documents in effect from that agency. The website is also required to state that guidance documents lack the force and effect of law, except as authorised by law or incorporated into a contract. Agencies will have 120 days to establish this database from the date the Office of Management and Budget issues an implementing memorandum. Within this same timeframe, each agency is expected to review its guidance documents and rescind any documents that it determines should no longer be in effect.
    The executive order also requires that each agency issue or amend regulations setting forth its process and procedures for issuing guidance documents. Such regulations must address certain requirements specified in the executive order, including a requirement that certain significant guidance documents provide for public notice and comment. Notably, the executive order on guidance does not apply to independent agencies, which include the CFPB, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Federal Trade Commission, and the Office of the Comptroller of the Currency.
  • Executive Order on Enforcement and Adjudication: The executive order on enforcement and adjudication is similarly targeted at curbing the usage and impact of guidance documents but focuses specifically on enforcement. It requires that agency-initiated enforcement actions, adjudications, or determinations that have legal consequences be based on violations of law or regulation rather than noncompliance with a standard of conduct announced solely in a guidance document. Transparency is also a key element of the executive order as it requires that agency actions, adjudications and determinations apply standards of conduct that have been publicly communicated to avoid unfair surprise. In the executive order, unfair surprise is defined as “a lack of reasonable certainty or fair warning of what a legal standard administered by an agency requires.” In addition, if any decision in an agency adjudication, order or document asserts a new or expanded claim of jurisdiction, it must have been previously published in the Federal Register (or on the agency’s website guidance database) before the conduct occurred. A similar requirement exists with respect to documents arising out of litigation. At this point, there are different perspectives on whether the executive order on enforcement and adjudication applies to independent agencies, although the prevailing opinion appears to be that it does not.

The recent executive orders are an attempt by the Trump administration to implement its view on the role of government in the private sector. The extent to which financial institutions will benefit from the executive orders appears to be dependent on whether the agencies choose to voluntarily comply. To the extent they do, the additional clarity and transparency that result will hopefully alleviate much of the uncertainty that has been associated with regulatory oversight in the CFPB era. While financial institutions may be appreciative of the recent executive orders and the relative reprieve from stringent oversight, the potential for political change dictates the need for continued vigilance towards regulatory matters.