Compliance Insights – August 2017

CFPB Issues Rule Limiting Mandatory Arbitration Clauses

In July 2017, the Consumer Financial Protection Bureau (CFPB) published a final rule that prohibits banks and other consumer financial institutions from including mandatory arbitration agreements in the contracts for consumer financial products that prevent consumers from engaging in group (or class action) lawsuits.

Arbitration agreements require disputes to be settled by third-party arbitrators rather than through the court system. Historically, such agreements were found in commercial contracts but they have become increasingly prevalent in consumer contracts, particularly related to consumer financial products and services, such as credit cards, deposit accounts and loans. Advocates for the use of arbitration contend that compared to the court system, arbitration is a simpler, quicker and less costly way for both parties to resolve disputes. The CFPB has found, however, that such clauses often block consumers from pursuing group remedies such as class action lawsuits. This may result in less monetary relief being made available to individual and groups of consumers, as well as a decreased likelihood that the underlying root cause(s) of any harm caused are righted by the financial institutions themselves. Arbitration clauses have been historically limited or prohibited for certain types of financial products or classes of customers; the CFPB’s action applies much more broadly.

In its new rule, the CFPB sets forth the following:

• The rule prohibits financial institutions from limiting a consumer’s ability to enter into class action lawsuits with respect to disputes related to consumer financial products or services (such as consumer loans, credit cards, deposit accounts, etc.).
• Financial institutions entering into new arbitration agreements will be required to provide consumers with certain disclosures regarding their rights to enter into a class action.
• The rule requires financial institutions to submit arbitration-related records to the CFPB, which will ultimately post the redacted data for public use. The records required to be produced include:
  • Certain documents relating to arbitration or court proceedings that are subject to arbitration agreements. Such documents include initial claims and counterclaims, the arbitration agreement, as well as any judgment or award.
  • Communications the institution receives from the arbitrator relating to a determination that the arbitration agreement does not conform to the arbitration administrator’s standards of due process or fairness, and any communications related to a dismissal or refusal to administer the arbitration for failure to pay required fees.

The rule, first proposed in May 2016 following many years of study and information gathering by the CFPB, has garnered much attention, and the CFPB received over 110,000 comments on the proposed rules. Finalization of the rule has been met with criticism from industry groups, other bank regulators and Congress. Once implemented in March 2018, it will represent a new challenge to financial institutions. They will be required to re-evaluate existing arbitration agreements, determine what revisions are necessary for new agreements and how to handle existing agreements. Further, and to the extent that a financial institution continues to utilize arbitration agreements, processes and procedures will need to be developed to enable the reporting of required data to the CFPB in accordance with the rule.

Go to top

OCC Cites Rising Compliance Risk Management as Supervisory Priority

In July 2017, the Office of the Comptroller of the Currency (OCC) issued its Semiannual Risk Perspective, which serves as guidance to its national bank examiners on industry trends and emerging issues requiring attention. The OCC concluded that key issues facing national banks have been relatively consistent, highlighting compliance, strategic, credit and operational risks as its top concerns overall. Notably, the OCC highlighted compliance risk management as an increasing risk.

The OCC addresses the following key compliance risk management-related risks facing national banks:

• National banks must continue to manage evolving money laundering and terrorist financing risks. Specifically, the OCC states that multiple institutions remain under enforcement actions related to the Bank Secrecy Act (BSA) and anti-money laundering (AML), putting pressure on management to develop and maintain the needed expertise and programs that implement and address applicable regulatory requirements. Emerging technologies, including payment technologies, continue to pose risks to banks as well (refer to the FinCEN Fines Foreign-Based Virtual Currency Exchange section below).
• National banks face implementation challenges associated with multiple new or amended regulations, including the Truth in Lending Act (TILA), the Real Estate Settlement Procedures Act (RESPA), the Military Lending Act (MLA), and the Home Mortgage Disclosure Act (HMDA). Banks must manage the operational and technological changes necessary to implement requirements, many of which involve third-party service providers. The OCC indicates that banks must do so while still attempting to achieve compliance with many recent regulations (including mortgage disclosures, as discussed in the CFPB Finalizes Amendments to TRID Rule, Proposes Further Changes section below).
• The OCC cites that consumer compliance risk management in some banks has not kept pace with the risks and complexity of the regulatory environment. National banks continue to face resource constraints to manage compliance with new and existing consumer protection requirements, while facing increased regulatory and public scrutiny of sales practices, product servicing and other consumer protection activities.
• Fair lending continues to be a high priority. The OCC cites increased risks where national banks engage third-party service providers in their lending activities; a reference to increased bank partnerships with non-bank marketplace lenders and other financial technology (fintech) providers.

Compliance risks will continue to receive heightened supervisory focus by the OCC. Management should continue to assess the adequacy of the firm’s compliance resources at the same time as the effectiveness and efficiency of its programs in light of the OCC’s observations. Change management, emerging technologies and third-party risk management will be critical areas of focus for compliance in the foreseeable future. Constraints on resources – both in terms of budget as well as finding, developing and retaining top talent – will continue to further pressure compliance management programs. In this environment, institutions should ensure that key compliance risks are properly supported by management, and consideration is given to managing these various risks in an agile manner to meet regulatory expectations.

Go to top

FinCEN Fines Foreign-Based Virtual Currency Exchange

In July 2017, the Financial Crimes Enforcement Network (FinCEN) assessed a civil money penalty against a foreign-based virtual currency exchange and its alleged operator for violations of the BSA, charging both the exchange and its operator with multiple counts of money laundering and other related financial crimes. This is the first time FinCEN has taken action against a foreign-based money services business (MSB) and the second against a virtual currency exchange.

As a virtual currency exchange, the company operated as a money transmitter, exchanging convertible virtual currency (such as bitcoins) and fiat currency (currency that a government declares to be legal tender but is not backed by a physical commodity). The company also provided customers with an electronic mechanism to send and receive fiat currencies through its platform. The U.S. Department of Justice determined that the company allegedly facilitated transactions that resulted in the laundering of billions of dollars. The penalties assessed against the exchange and its operator amounted to over $110 million and $12 million, respectively.

While there are legitimate uses for virtual currency, it is susceptible to being used – and has actually been used – to facilitate crime, and cybercrime in particular, within online marketplaces. FinCEN’s 2013 guidance on the virtual currency exchanges and administrators defines the role of a money transmitter in the facilitation of convertible virtual currency transactions. Although the company subject to FinCEN’s latest action met the money transmitter definition as an administrator and exchanger of virtual currency by accepting and transmitting, as well as buying and selling virtual currency, it nonetheless failed to register as an MSB with FinCEN. Further, the company implemented a business model using third parties to avoid collecting information about its users and, through its conduct, FinCEN determined that it deliberately violated MSB registration requirements, intentionally failed to implement an AML program, and lacked internal controls to effectively monitor for potentially suspicious activity.

Lack of internal controls to detect and prevent money laundering, as well as minimal required information to establish an account made this company an appealing platform for criminals to exchange virtual currency electronically with fiat currency. As outlined in FinCEN’s action against the exchange, money transmitters, including virtual currency exchanges, serving users in the U.S. should be aware of regulatory requirements, including:

• Foreign-based MSBs conducting business with US customers are required to register with FinCEN.
• Foreign-based MSBs conducting business with US customers should develop AML programs comparable to MSBs domiciled in the US. Specifically:
  • These MSBs must develop and implement effective AML programs that monitor financial transactions to detect suspicious activity, conduct appropriate due diligence of customers, agents and counterparties, and report suspicious activity to FinCEN.
  • These MSBs must develop policies and procedures for conducting due diligence on its customers, and implement internal know your customer (KYC) controls that are commensurate with customer risk, geographical reach, and the risk posed by products and services used.

Parties involved with accepting, exchanging, or offering virtual currency must be aware of the AML-related implications of these activities, particularly where such activities meet definitions and thresholds related to money transmission. Such parties should ensure proper registration with relevant regulatory authorities, establish or strengthen current AML compliance programs, and cultivate comprehensive KYC programs to protect their institutions from the emerging threats related to virtual currencies.

Go to top

CFPB Finalizes Amendments to TRID Rule, Proposes Further Changes

In July 2017, the CFPB issued a final rule amending and clarifying certain mortgage disclosure requirements put forth by the 2015 TILA-RESPA Integrated Disclosure (TRID) rule. The original rule introduced new, consolidated disclosure forms required to be provided to consumers applying for and obtaining a mortgage loan. The long-awaited amendments recently finalized by the CFPB, some of which has been previously communicated through informal guidance (e.g., webinars, compliance guides, etc.), are the first formal updates to the 2015 rule and are intended to provide additional guidance, clarification, and technical corrections on a variety of topics with which the industry has been grappling. The final rule is effective in October 2018, although the CFPB notes that financial institutions may voluntarily comply with some or all of the updated provisions sooner.

Highlights of the final rule include:

• Tolerances for Total of Payments Disclosure. Creditors must disclose on the Closing Disclosure provided to the customer at/before Loan Closing the “total of payments” that a customer is scheduled to pay during the term of the loan. Previous to the implementation of TRID in 2015, the total of payments was calculated as the sum of the amount financed and the finance charges, and was affected by any finance charge tolerances. The 2015 rule changed the calculation to the sum of principal, interest, mortgage insurance, and loan costs, with no tolerances. Now, the CFPB’s amended rule would establish a tolerance for an understatement of total payments of 0.005% or $100. This would be the same tolerance set for the accuracy of the disclosed finance charge, making treatment of these figures consistent.
• Extension of Coverage to Include Cooperative Units. Under the amended rule, provision of the Loan Estimate and Closing Disclosure forms is required for all mortgage transactions secured by a cooperative unit. Cooperative units are a type of home ownership where a customer owns a part of a corporation that owns real estate, rather than owning the real estate itself, and is sometimes considered as personal property under state law. Previously, disclosures only had to be provided to customers in states that considered cooperatives as real property.
• Housing Assistance Lending. Regulation Z provides a partial exemption from TRID disclosure requirements for housing assistance loans (those that are low-cost, and/or non-interest bearing) that satisfy six criteria, including criteria related to which fees a consumer may or may not pay. The CFPB has revised two of the six criteria relating to loan costs in order to allow more loans to be exempt from TRID disclosure requirements: 1) transfer taxes may be payable by the consumer, and 2) recording fees and transfer taxes will be excluded from the one-percent cap on total costs payable by the consumer at consummation.
• Consumer Privacy and Information Sharing. The CFPB has clarified the circumstances under which the closing disclosures may be shared with third parties, such as a settlement agent or real estate agent, providing additional information on what information may be omitted when providing separate disclosures for consumer and seller information to third parties. The CFPB has provided three methods of modification to segregate consumer and seller information on the closing disclosures to provide flexibility to lenders in meeting any state privacy or contractual requirements.

Other changes are contained in the final rule that relate to technical corrections and clarifications regarding specific fields on the Loan Estimate and Closing Disclosure forms.

In addition to finalizing the aforementioned updates, the CFPB also issued a proposed rule to clarify when mortgage lenders may be able to use an initial or revised Closing Disclosure – rather than a loan estimate – to determine if an estimated closing cost was disclosed in good faith. Currently, if conditions for issuing a revised estimate in good faith are met, the creditor must provide revised costs to reset tolerances via initial or corrected closing disclosures no later than four business days prior to consummation. This situation has raised concerns by the industry, and as such the CFPB is seeking commentary on alternative practices. In particular, the CFPB is suggesting that the four-business day limit be removed, allowing creditors to correct costs in good faith via closing disclosures regardless of time to consummation.

It is important for mortgage lenders to review and understand how these changes, finalized and proposed, will impact existing practices and mortgage loan origination platforms. Mortgage lenders should assess the level of effort required to address such changes – including policies and procedures, employee training, and operational and technological changes – and begin planning accordingly. Further, lenders should evaluate whether earlier implementation of the requirements is feasible.

Click here to access all series