CFSA Compliance School, Part II: Implementing an Effective Compliance Management System

CFSA Compliance School, Part II: Implementing an Effective Compliance Management System Michelle Hemerley Managing Director FIS Enterprise Governance, Risk & Compliance (EGRC) SoluBon February 2014

Overview Consumer Financial Protection Bureau (CFPB) supervision CFPB Hot Topics Compliance Management System Unfair, Deceptive or Abusive Acts or Practices Fair and Responsible Lending Fair Debt Collection Practices Act Vendor Management 2

CFPB Who does the CFPB supervise? Large banks, thrifts, and credit unions >$10 billion in assets Nonbank financial institutions Regardless of size Mortgage companies Payday lenders Private education lenders Larger participants Debt Collectors Consumer reporting agencies/specialty consumer reporting agencies Prepaid cards Debt relief services Money transmitters & check cashers 3

CFPB CFPB Implements and Enforces the Following Consumer Financial Laws: Alternative Mortgage Transaction Parity Act Consumer Leasing Act Electronic Fund Transfer Act (except sec. 920) Equal Credit Opportunity Act Fair Credit Reporting Act (except sec. 615(e), 628) Fair Debt Collection Practices Act Federal Deposit Insurance Act (sec. 43, b-f) Gramm-Leach Bliley Act (sec. 502-509, except sec.505 as it applies to 501(b)) Home Mortgage Disclosure Act Home Ownership and Equity Protection Act Home Owner s Protection Act Interstate Land Sales Full Disclosure Act Omnibus Appropriations Act, sec. 626 Real Estate Settlement Procedures Act S.A.F.E. Mortgage Licensing Act Truth in Lending Act Truth in Savings Act 4

CFPB Setting a new tone consumer focus Raising the bar for consumer protection includes third parties Consumer complaint hotline New Rules Ability to Repay consider 8 primary pieces of information Mortgage Servicing Regulation Z and RESPA Escrow Requirements for High-priced mortgage loans Remittance Rules 5

Compliance Management System (CMS) Board Reporting and Oversight Compliance Program Policies and Procedures Training Monitoring and Corrective Action Consumer Complaint Response Compliance Audit 6

Basics of UDAP History of UDAP The Federal Trade Commission Act (FTC Act) has prohibited unfair and deceptive practices since 1938 The FTC Deception Policy Statement (1984) laid out the elements of deception Nearly every state has UDAP law (mini-ftc Acts) Addition of 2nd A under the Dodd Frank Wall Street Reform and Consumer Protection Act ( Dodd Frank ) 7

UDAAP Coverage Applies to all products and services, offered directly or indirectly The prohibitions apply to every stage and activity: Solicitation Advertising & Marketing Underwriting & Pricing Billing, Servicing & Collections Termination of Customer Relationship 8

UDAAP Regulatory Penalties For any violation of a law, rule, or final order or condition imposed in writing by the Bureau, a civil penalty of: Up to $5,000 for each day during which the violation or failure to pay continues For any institution that recklessly engages in a violation of a Federal consumer financial law, a civil penalty of: Up to $25,000 for each day during which the violation continues. For knowingly violating a Federal consumer financial law, a civil penalty of: Up to $1,000,000 for each day during which the violation continues 9

UDAAP Linkage Consumer Protection Laws Violations of consumer protection laws (e.g. TISA & TILA) also may be UDAAPs The violation must independently meet the test for deception or unfairness However, even if there is compliance with consumer protection laws, UDAAPs can still occur Example A payday lender s advertisement may contain all the required TILA disclosures, but limitations or restrictions that are obscured or inadequately disclosed may be unfair, deceptive, or abusive. 10

UDAAP An act or practice is Unfair if three elements exist: Causes or is likely to cause substantial consumer injury Injury could not reasonably be avoided by consumer Injury is not outweighed by benefits to consumer Examples: Failing to release the title after a consumer makes the final payment Unauthorized billing charging consumer without consumer s permission or knowledge 11

UDAAP Violations Examples of Unfair Consumer receives convenience checks for use on credit card accounts and then, when the checks are presented for payment, lender performs credit checks, reduces the consumers lines of credit prior to notifying the consumer, and dishonors the checks Consumers are subject to returned check fees for convenience checks presented for payment before receiving notice that the line of credit had been reduced Lender increases the APR on consumers who were not delinquent on payments without any notification 12

UDAAP An act or practice is Deceptive if three elements exist: The representation, omission, or practice misleads or will likely mislead the consumer The Act or practice is likely to be deceptive for a reasonable consumer The representation, omission, act or practice is material (likely to affect a consumer s decision regarding a product or service, e.g., information about costs, benefits, or restrictions on the use or availability of a product or service) Examples: Payday Lender omits fees from advertising for a product Payday Lender makes misleading claims about the benefits of a service 13

Deception 3.5% FIXED PAYMENT 30 YEARS Lenders make you wait They Demand to interview you They intimidate you They Humiliate you And All of That is While They Decide If They Even Want to Do Business With You We Turn the Tables on Them Now, You re In Charge Just Fill Out Simple Forms and They Will Have to Compete For Your business http://www.30yearfinance.com/apply.htm We have hundreds of loan programs, including: Purchase Loans Refinance Debt Consolidation No Income Verification 14

Recent UDAAP Violations Capital One Pay $140 million back to 2 million customers Pay $60 million Civil Money Penalties Call Center Vendors used deceptive tactics to sell credit cards with add on products such as credit monitoring and ID theft protection Customers were: Misinformed about cost: Led to believe that they would be enrolling in a free product rather than making a purchase Enrolled without their consent: Some call center vendors processed the add-on product purchases without the consumer s consent. 15

Recent UDAAP Violations American Express Refund $85 million to consumers Pay $27.5 million in civil money penalties Used a credit scoring system that treated charge card applicants differently on the basis of age Failed to report the existence of certain customer disputes to credit bureaus, violating the Fair Credit Reporting Act Misled consumers about debt collection Discover Very similar to Capital One add on products Refund approximately $200 million to more than 3.5 million consumers Pay $14 million in civil money penalties 16

Abusive Acts or Practices Dodd-Frank Act adds another A for Abusive to UDAP Abusive is an act or practice that: Materially interferes with ability of consumer to understand a term or condition of consumer financial product or service; OR Takes unreasonable advantage of: Lack of understanding of consumer of the material risks, costs or conditions of product or service; Inability of consumer to properly select or use product or service; OR Reasonable reliance by consumer on provider to act in the interests of the consumer 17

Recent UDAAP Violation - Abusive American Debt Settlement Solutions Misled consumers by falsely promising them it would begin to settle their debts within three to six months when, in reality, services rarely materialized; Enrolled consumers despite knowing that their income level made it highly unlikely that they could complete the debt-relief programs; Collected upfront enrollment fees from consumers who ADSS knew could not afford the monthly payments required by these debt-relief programs, causing the consumers to spend their last savings on fees for services from which they ultimately would not benefit; and Failed to settle these consumers debts within the promised time, forcing many consumers to drop out of the program and forfeit their enrollment fees without having received any debt-relief services. 18

Recent UDAAP Violations Collecting or assessing a debt and/or any additional amounts in connection with a debt (including interest, fees, and charges) not expressly authorized by the agreement creating the debt or permitted by law Failing to post payments timely or properly or to credit a consumer s account with payments that the consumer submitted on time and then charging late fees to that consumer Taking possession of property without the legal right to do so Revealing the consumer s debt, without the consumer s consent, to the consumer s employer and/or co-workers 19

Recent UDAAP Violations Falsely representing the character, amount, or legal status of the debt Misrepresenting that a debt collection communication is from an attorney Misrepresenting that a communication is from a government source or that the source of the communication is affiliated with the government Misrepresenting whether information about a payment or nonpayment would be furnished to a credit reporting agency 20

Recent UDAAP Violations Misrepresenting to consumers that their debts would be waived or forgiven if they accepted a settlement offer, when the company does not, in fact, forgive or waive the debt Threatening any action that is not intended or the covered person or service provider does not have the authorization to pursue, including false threats of lawsuits, arrest, prosecution, or imprisonment for non-payment of a debt 21

Fair & Responsible Lending Fair Lending Equal Credit Opportunity Act (ECOA) it is illegal to discriminate against a loan applicant based on prohibited basis - race, sex, religion, national origin, marital status, age or the fact that all or part of the applicant s income is derived from public assistance The effects test - this principle can hold a creditor liable for credit discrimination without needing to prove discriminatory intent or even knowledge. If a practice that seems neutral on its face has a disproportionate, negative effect on borrowers that are protected under the ECOA then the practice is unlawful unless it meets a legitimate business need that can t be met by an alternative that has a less disparate impact. Three types of illegal discrimination on a prohibited basis: Overt discrimination Disparate treatment Disparate impact 22

Fair & Responsible Lending Overt discrimination Open discrimination on a prohibited basis. Can also occur when a lender expresses but does not act on a discriminatory preference. Examples: A lender offers a payday loan with a limit of $750 for applicants aged 21-30 and $1,000 for applicants over 30. A payday lender tells a customer We do not like to make loans to Native Americans 23

Fair & Responsible Lending Disparate Treatment When applicants or borrowers are treated differently on a prohibited basis and the difference in treatment cannot be explained by legitimate nondiscriminatory factors. Examples: A Male applicant applies for an installment loan. The lender finds adverse information in the credit report. The lender discusses the credit report with applicant and determines that the judgment was incorrect since it had been vacated. The applicant is granted the loan. A Female applicant applies for a similar auto loan with the same lender. Upon discovering adverse information in the credit report, the lender denies the loan on the basis of the adverse information without discussing it with the applicant. 24

Fair & Responsible Lending Disparate Impact When a neutral policy or practice that is applied to all applicants or borrowers disproportionately excludes or burdens certain persons on a prohibited basis. Examples: A loan policy that states that the lender will charge more to loan applicants that have part-time income. This could disproportionately adversely impact certain borrowers on a prohibited basis. 25

Fair & Responsible Lending Best practices Fair Lending Risk Assessment and Program Review policies and procedures Fair Lending review process third party, selfassessment or monitoring Underwriting consistency / exception tracking Watch out for add-ons Fair Lending Training 26

Fair Debt Overview Fair Debt Collection Practices Act (FDCPA): Enacted in 1977 in response to consumer group complaints that some debt collectors were harassing debtors to collect consumer debts Enforced by the Federal Trade Commission (FTC) and now the Consumer Financial Protection Bureau (CFPB) Purpose: Regulates contact and communication of debt collectors Sets minimum standards against abusive debt collection practices Requires consumer disclosures Regulates the conduct of debt collectors and private attorneys 27

Coverage Consumer Debt: applies only to collection of obligations incurred by consumers for personal, family, or household purposes Examples of Consumer Debt: Payday Loans Title Loans Personal Loans Insufficient Funds Credit Cards Exclusion: Commercial Transactions 28

Debt Collectors Person whose principal business is operating a debt collection agency Regularly collects debts Collects debts under a third party name Exclusions as a debt collector: Debts held as security for commercial credit Debts not in default at the time they are obtained Creditors collecting their own debts in their own name* 29

Communication with the Consumer Debt Collector may NOT contact a consumer: At any unreasonable time or place (i.e. before 8 am or after 9 pm) At any time or place which should be known to be inconvenient to the consumer At the consumer s place of employment Once the collector is aware that the consumer has an attorney representing them Unless: The consumer has provided prior permission to communicate Court order allows communication 30

Locating the Customer Locating the customer also known as skip-tracing limits conversations with others: Debt collector must identify himself or herself May not state that the consumer owes a debt In the case of a deceased consumer, may state that debt collector is trying to identify and locate the person who has authority to pay any outstanding bills from the descendant s estate (cannot state or imply such bills are delinquent) May ask ONLY about location information Place of residence and telephone number to contact Place of employment (not work telephone number or salary information) May only speak with other party one time, once the location is known Must obtain permission from consumer before speaking with a third party about the debt May not communicate via postcard 31

Communication with Others May only speak with others as it relates to the location of the consumer, except with these exclusions: Any individual the consumer expressly provides permission to speak with concerning the debt Consumer s attorney Consumer reporting agency, if permitted by law The creditor The creditor s attorney Debt collector s attorney Any person via court order (includes guardian, executor, or administrator) Spouse Parents, if a minor 32

Consumer s Rights Written Notification The customer can send a written notice to the debt collector stating Refuses to pay debt Requests the debtor to stop communicating Debt collector must honor customers request, yet inform consumer Further debt collection efforts are being terminated The debt collector or creditor may be taking specific action according to state law and contractual obligation 33

Consumer s Rights Written Notification Obtain a validation of debt warning (i.e. The Mini-Miranda ) from the debt collector within 5 calendar days of initial communication: Amount of debt Name of the creditor A statement that, unless the consumer disputes the debt in writing within 30 days, the debt will be presumed to be valid A statement that if the consumer notifies the debt collector in writing within 30 days that the debt is in dispute, the collector will obtain verification of the debt for the consumer A statement that if the consumer requests within 30 days, the debt collector will mail to the consumer the name and address of the original creditor, if different from the current creditor If consumer disputes a debt in writing within 30 days, all collection activity must stop until the debt is verified 34

Consumer s Rights If consumer disputes a debt in writing within 30 days, all collection activity must stop until the debt is verified If a consumer owes multiple debts and makes any single payment, the debt collector must apply the debt in accordance with the consumer s direction. 35

Debt Collector Practices Debt collector may not harass, oppress, or abuse any person in connection with the collection of a debt: Use or threaten to use violence or other criminal means Use of obscene or profane language Publish a list of consumers who allegedly refuse to pay debts (some exceptions apply) Advertise for sale of any debt to coerce payment Cause a telephone to ring with intent to annoy Engage any person in telephone conversation repeatedly or continuously with intent to annoy, abuse, or harass Call without providing meaningful disclosure of the caller s identity 36

Debt Collector Practices Debt collector may not use any false, deceptive, or misleading representation or means in connection with the collection of any debt: Must not misrepresent that nonpayment will result in arrest, imprisonment, or any other unlawful action May not threaten to take action against property if there is no right to do so May not falsely represent that collector is a consumer reporting agency May not imply that consumer has committed a crime Must communicate only truthful credit information 37

Debt Collector Practices Debt collector may not use unfair or unconscionable means to collect or attempt to collect any debt: Collect any amount not permitted by law Accept a postdated check of more than 5 days without certain disclosures Contact a consumer by postcard Use any language or symbol, other than the debt collector s address, on an envelope when communicating with a consumer May use business name if the name does not indicate that it is a debt collection business Threaten to take legal action when it is not permitted or intended May not state that the collector is a representative of law enforcement or the government May not create a form that would mislead the customer into thinking another creditor is collecting the debt 38

Vendor Management New definition of VENDOR: Any third party that provides goods or services to the financial institution Financial institutions are increasingly relying on third party vendors to: Reduce costs Enhance revenues Increase product offerings Obtain access to specific expertise Common types of vendor relationships: Outsourcing of key functions Offering products Servicing loans Preparing disclosures Providing technology services 39

Vendor Management 40

Vendor Management Common pitfalls Vendor risk management program narrowly defines who is a vendor Vendor risk management program relies more on financial due diligence and contract structuring to mitigate risk, rather than relying equally on risk assessment and monitoring Vendor risk management program does not report key risk indicators or provide regular reports to the board for oversight 41

Vendor Management Self-Assessment Checklist Does the program define vendors properly? Does the program contain the four pillars? Is there a risk assessment of vendors and is it adequate? Is there adequate monitoring of vendors? Are there key risk indicators and board or executive reporting? 42

THANK YOU Michelle Hemerley Michelle.hemerley@fisglobal.com