Mortgage Banking Update - May 25, 2023
In This Issue:
- CFPB Issues Small Business Lending Rule Compliance Guide
- CFPB Defends Constitutionality of Its Funding in SCOTUS Brief
- This Week’s Podcast Episode: A Close Look at the Impact of Antitrust Laws on the Consumer Financial Services Industry
- CFPB Takes Aim at Sniping Zombie Mortgage Loans
- NYDFS Releases Industry Guidance Letter on Assessment of the Character and Fitness of Directors, Senior Officers, and Managers
- Kansas Passes an Act Requiring Mortgage Companies, Supervised Lenders, and Money Transmitters to Create Information Security Standards Consistent with GLBA’s Consumer Information Safeguard Rule
- Did You Know?
- Looking Ahead
The Consumer Financial Protection Bureau (CFPB) published a Small Entity Compliance Guide (Guide) covering the amendments to the Equal Credit Opportunity Act (ECOA) and Regulation B, which implement requirements of Section 1071 of Dodd-Frank. These amendments require that financial institutions compile and report certain data regarding certain business credit applications, as explained in our blog. The Guide includes a detailed summary of the final rule’s requirements and examples that explain how the requirements should be applied to typical facts. The Guide includes discussions of key definitions, reportable data points, guidance on collecting data, creation of an employee firewall, and treatment of data once it’s been compiled.
Some of the explanations are meant to assist financial institutions in understanding the scope of the rule. The Guide includes some examples that are not found in the final rule or Commentary. For example, the Guide demonstrates how to determine whether a financial institution meets the threshold to be a “covered financial institution.”
Example. “In 2025, Lender receives 110 covered applications from small businesses and originates 98 covered originations. In 2026, Lender receives 120 covered applications from small businesses and originates 102 covered originations. Lender is not a covered financial institution for 2027 because it did not originate at least 100 covered originations in 2025.”
Additionally, the Guide reiterates a few of the same explanations and clarifications found in the final rule pertaining to the reporting of specific data points. For example, both the Commentary within the final rule and the Guide provide information for complying with the requirement to report an “action taken date.”
“For applications that result in an origination, a covered financial institution generally reports the closing or account opening date. If the disbursement of funds takes place on a date later than the closing or account opening date, the covered financial institution may, alternatively, use the date of initial disbursement. A covered financial institution should generally be consistent in its approach to reporting by, for example, establishing procedures for how to report this date in different scenarios, products, or divisions.”
In both the final rule and the Guide, the Bureau thoroughly discusses the employee firewall requirement and outlines examples of activities that would constitute being involved in making a credit determination, which would subject the employee to the firewall. For example, the following activities, among other things, constitute making a determination and would prohibit the employee from accessing certain demographic information obtained from small business applicants pursuant to the final rule: Recommending that another decision maker approve or deny a specific reportable application, provide a specific reason for denying a reportable application, require a guarantor or collateral in order to approve a reportable application, approve a credit amount or credit limit for a covered credit transaction, set one or more other terms for a covered credit transaction, make a counteroffer regarding a reportable application, or set a specific term for such a counteroffer.
In the final pages, the Guide discusses recommendations for determining a financial institution’s compliance date tier. The compliance date tier for a financial institution is based on the number of covered originations made in 2022 and 2023. The Bureau makes a few suggestions for estimating the number of cover transactions made, if the exact number cannot be determined. These suggestions include:
- During the period from October 1 through December 31, 2023, asking every applicant of an approved covered credit transaction, prior to the closing, to self-report whether it had gross annual revenue for its preceding fiscal year of $5 million or less. The financial institution may annualize the number of covered credit transactions it originated for small businesses from October 1 through December 31, 2023 by quadrupling the originations for this period, and apply the annualized number of originations to both calendar years 2022 and 2023.
- Assuming that every covered credit transaction it originates for business customers in calendar years 2022 and 2023 is to a small business.
The CFPB has filed its brief with the U.S. Supreme Court seeking reversal of the Fifth Circuit panel decision in Community Financial Services Association of America Ltd. v. CFPB. In that decision, the panel held the CFPB’s funding mechanism violates the Appropriations Clause of the U.S. Constitution and, as a remedy for the constitutional violation, vacated the CFPB’s payday lending rule (Payday Rule).
In its brief, the CFPB makes the following principal arguments:
- The Appropriations Clause states that “[n]o Money shall be drawn from the Treasury, but in Consequence of Appropriations made by Law.” The Founders included the Clause to confirm that federal officials could not spend public funds unless and until Congress enacted a statute authorizing such spending. The historical and modern meaning of a congressional “appropriation” is “simply a law making a particular source of funding available for particular uses.” The provision in the Constitution preceding the Appropriations Clause that expressly limits the duration of army appropriations to two years demonstrates that the Founders knew how to limit Congress’s appropriations authority when they wished to do so and confirms that the Constitution otherwise leaves it to Congress to determine the specificity, duration, and source of appropriations that it makes by law.
- The natural reading of the Constitution’s text is reinforced by longstanding practice. Since the Founding, appropriations statutes have often given the Executive Branch broad discretion to spend funds up to a specified amount (i.e., “lump-sum appropriations” or appropriations “in gross”); provided federal entities and activities with standing appropriations (i.e., spending that does not require annual appropriations) that remain in place unless and until Congress repeals them; and funded agencies through fees, assessments, investments, and other similar sources. Congress has frequently used such funding mechanisms for financial regulatory agencies, including the OCC, FDIC, and Federal Reserve Board.
- The Supreme Court has decided only one case involving a claim that a statute violated the Appropriations Clause. In the 1937 case, the plaintiffs challenged a law that imposed a tax on the processing of coconut oil and provided that the tax proceeds should be held as a separate fund and paid to the Treasury of the Philippines. The court deemed the plaintiffs’ challenge premature because none of the funds had been transferred to the Philippines but the Court concluded that the plaintiffs’ Appropriation’s Clause challenge was “without merit” because the Clause “means simply that no money can be paid out of the Treasury unless it has been appropriated by an act of Congress.” Except for the Fifth Circuit, no court has ever held that an Act of Congress violated the Appropriations Clause. (The CFPB did not note that because the Court deemed the plaintiffs’ Appropriations Clause challenge premature, its statement regarding the Clause’s meaning is dicta.)
- The CFPB’s “standing, capped, lump-sum appropriation” is consistent with the constitutional text, history, and precedent. 12 U.S.C. Section 5497 provides for the CFPB to receive a capped amount of funding each year from the Federal Reserve System’s earnings, specifies that the funds shall be “immediately available,” “remain available until expended,” and be used to pay the CFPB’s expenses “in carrying out its duties and responsibilities.” By prescribing the amount, duration, source, and purpose of the CFPB’s funding, Section 5497 satisfies the classic elements of an appropriation. It also falls comfortably within Congress’s historical practice because (1) the CFPB’s discretion to spend its capped funding is not different from the discretion Congress has long given agencies through routine lump-sum appropriations, and (2) the duration and source of the CFPB’s funding is consistent with the standing authority that Congress has often given agencies since the Founding to spend funds derived from sources such as fees, assessments, and investments (and the CFPB’s funding source, the combined earnings of the Federal Reserve System, is the same as the Federal Reserve Board’s funding source.)
- Although the Fifth Circuit labeled the CFPB’s funding mechanism “unprecedented,” it is consistent with Congress’s longstanding practice of authorizing agencies to spend money indefinitely from sources other than annual appropriations statutes. Respondents have offered no evidence that the Founders intended the Appropriations Clause to limit Congress’s power to pass laws that provide funding to agencies and the standing, capped appropriation mechanism designated by Congress to fund the CFPB does not threaten “the separation of purse and sword” (assuming the Founders used the word “sword” as a metaphor for the Executive Branch.)
- Section 5497 is not materially different from the statutes that provide funding to other financial regulators (whose constitutionality respondents appear to concede) for the following reasons:
- Congress did not give the CFPB “nearly unfettered discretion over its funding” as asserted by respondents. It imposed an annual cap of $597.6 million adjusted for inflation, and the only discretion the CFPB has is to request less than the capped amount. In contrast, Congress has not imposed a dollar cap on the OCC or Federal Reserve Board which can determine the amount of assessments they collect.
- The capped amount is not “illusory” or “astronomical” as asserted by respondents. In fiscal year 2022, the CFPB’s funding cap was approximately $734 million and the CFPB requested and received $641.5 million. The OCC’s, FDIC’s, and Federal Reserve Board’s operating expenses significantly exceed the CFPB’s cap and the CFPB’s cap is well below the budgets of various other agencies that receive funding in part through the collection of fees.
- The feature of the CFPB’s funding that allows it to “remain available until expended” is commonplace. For example, the OCC is allowed to keep its unspent funds for investment and use in the OCC’s ongoing activities.
- The fact that agencies such as the Federal Reserve Board, OCC and FDIC are funded through fees and assessments while the CFPB is funded through transfers from the Federal Reserve Board is a distinction with no constitutional relevance. (The Fifth Circuit described this arrangement as “a double insulation from Congress’s purse strings.”) This is because:
- The Federal Reserve Board receives its funding from the combined earnings of the Federal Reserve System and respondents do not dispute that Congress satisfied the Appropriations Clause when it authorized the Board to spend a portion of the System’s earnings on the Board’s operations. It follows that Congress also made a valid appropriation when it authorized the CFPB—an independent bureau established in the Federal Reserve System—to spend a portion of the same earnings on its operations.
- The double-insulation theory is incorrect because the Federal Reserve Board exercises no power over how much money the CFPB receives but simply transfers the amount requested by the CFPB up to the statutory cap. The Board’s ministerial role does not insulate the CFPB from congressional control and Congress can modify the CFPB’s funding at any time by statute.
- The argument made by respondents is wrong that agencies that rely on their own fees and assessments are constrained because they must consider the risk of losing funding if regulated entities “exit their regulatory sphere.” The argument is based on the incorrect premise that the Federal Reserve Board is funded by assessments on private parties when, in fact, the Board is funded by assessments on Federal Reserve Banks. The Federal Reserve Banks are statutorily mandated components of the Federal Reserve System that cannot “exit the regulatory sphere” if they thought the assessments were too high. As a practical matter, the financial institutions insured by the FDIC also could not exit unless they were willing to forgo FDIC deposit insurance. Even if private parties could “exit the regulatory sphere” because of dissatisfaction with agency assessments, the resulting “accountability” has no relevance under the Appropriations Clause which is concerned with preserving Congress’s control over spending and not with agencies’ accountability to private parties. There is nothing in the Clause’s text or history to suggest that the constitutionality of an agency’s funding mechanism turns on whether it is sufficiently constrained by market forces.
- There is no basis in the Appropriations Clause for respondents’ attempt to distinguish the CFPB from other agencies funded outside of annual spending bills based on the scope of the CFPB’s authority. The Founders made the same appropriations principles applicable to all government entities and nothing in the constitution’s text or history supports distinctions based on the size or nature of an agency’s portfolio. Also, respondents’ assertion is wrong that the authority of other agencies with similar funding mechanisms is not comparable to the CFPB’s authority. The Federal Reserve exercises authority that has global consequence and the Federal Reserve Board, OCC, and FDIC exercise “significant policymaking and enforcement authority over key segments of the financial industry.” (The CFPB notes that pursuant to Dodd-Frank, it inherited most of its authorities from agencies with similar funding mechanisms.)
- Even if the CFPB’s funding mechanism is constitutionally flawed, pursuant to Dodd-Frank’s severability clause, the Fifth Circuit should have conducted a severability analysis of Section 5497 to determine which of its provisions causes the constitutional violation. The Fifth Circuit focused on the fact that the CFPB’s funding “remain[s] available until expended.” It also emphasized that Section 5497 provides for the CFPB’s funds to be held in an account controlled by the CFPB rather than in a Treasury account and does not allow the CFPB’s funding to be reviewed by the House or Senate Appropriations Committees. A decision that declared some or all of these provisions unconstitutional while finding that the remainder of Section 5497 complies with the Appropriations Clause would not provide a basis for vacating the Rule because respondents have not suggested that the CFPB’s rulemaking costs during the years in question exceeded the funding available to the CFPB such that the CFPB would have been unable to complete the rulemaking unless it had been able to use unexpended funds from prior years. They also have not offered a reason to believe the CFPB’s rulemaking would have proceeded differently if the CFPB’s funds were held in Treasury accounts or if it were subject to Appropriation Committees’ oversight rather than the oversight of other congressional committees.
- Even if the entire funding mechanism in Section 5497 is unconstitutional, the Fifth Circuit’s conclusion that agency action carried out using funds that were not validly appropriated conflicts with traditional remedial principles. Unlike a constitutional defect in the substantive statute authorizing agency action, an unconstitutional funding provision does not mean the agency action itself is invalid. The Fifth Circuit recognized that Congress authorized the CFPB to issue a payday lending rule and that the Payday Rule it issued complied with the statutory standards. Also, unlike the invalidation of a substantively unauthorized agency action, retrospective invalidation would not cure the relevant constitutional violation–i.e., it would not undo the CFPB’s rulemaking expenditures or “restore any funds to the federal fisc.” Applying the traditional remedial principle that requires courts to fashion remedies that do not unnecessarily infringe on competing interests and take account of the public interest and the balance of equities, the CFPB, at most, should be prevented from enforcing the Payday Rule against respondents or their members until Congress changes the CFPB’s funding. In addition, vacating the CFPB’s past actions would inflict significant disruption on the Nation’s economy and consumers, financial institutions, and others who have reasonably relied on the CFPB’s past actions. As an example, if the CFPB’s mortgage regulations were vacated, mortgage lenders would have to immediately modify their disclosures and borrowers could seek to rescind certain mortgage transactions that had relied on disclosure exceptions in the regulations.
Amicus briefs in support of the CFPB must be filed by May 15, 2023. CFSA must file its reply brief by July 3, 2023.
Our Consumer Finance Podcast has already devoted two episodes to this case. In January 2023, we released a two-part episode, “How the U.S. Supreme Court will decide the threat to the CFPB’s funding and structure,” in which our special guest was Adam J. White, a renowned expert on separation of powers and the Appropriations Clause. To listen to the episode, click here for Part I and click here for Part II. Earlier this month, we released a second episode, “CFSA v. CFPB moves to U.S. Supreme Court: a closer look at the constitutional challenge to the Consumer Financial Protection Bureau’s funding,” in which our special guest was GianCarlo Canaparo, Senior Legal Fellow in the Heritage Foundation’s Edwin Meese III Center for Legal and Judicial Studies. To listen to the second episode, click here.
The consumer financial services industry has become the target of increasing regulatory scrutiny under antitrust laws as well as class action antitrust litigation that challenges industry practices on the grounds that they undermine competition. We first provide an overview of the federal antitrust laws, discuss the Biden Administration’s focus on competition, and the wide remedies available under antitrust laws. We then look at how the current FTC, DOJ, and CFPB leadership are attempting to expand the use of antitrust laws through their enforcement authority and how the agencies’ antitrust focus informs private litigation. We also look at the special antitrust issues presented by fintech companies and the FTC’s efforts to use antitrust laws to challenge data aggregation and data use as anticompetitive practices. We conclude with a discussion of steps companies can take to reduce antitrust risk, including through internal policing and consultation with antitrust counsel in connection with the development of new products and services, the significance for the consumer financial services industry of the FTC’s expanded use of Section 5 to target anticompetitive practices, and the role of state antitrust laws.
Alan S. Kaplinsky, Senior Counsel in Ballard Spahr’s Consumer Financial Services Group, leads the conversation, joined by Edward D. Rogers, a partner in the firm’s Litigation Group, and Erin L. Fischer, an associate in the Litigation Group.
A transcript of the recording will be available soon.
The Consumer Financial Protection Bureau (CFPB) recently issued advisory guidance on the enforcement of time-barred mortgage loans. A time-barred mortgage loan is one where the statute of limitations has expired. The statute of limitations for mortgage loans are typically created by state law, and vary by jurisdiction. In some cases, they create an affirmative defense for the consumer that prohibits a debt collector from suing to collect the debt. In other cases, judicial foreclosure actions are also subject to a statute of limitations. The CFPB indicated that its opinion was issued in light of a series of actions by debt collectors attempting to foreclose on “silent second mortgages,” also known as “zombie mortgages,” that consumers thought were satisfied long ago and may now be unenforceable.
The CFPB attributes this trend to practices that occurred in the years leading up to the 2008 financial crisis, when to make home purchases affordable, some lenders coupled first mortgage loans with second mortgage loans. These “piggyback” mortgages often involved a primary mortgage for 80 percent of a property’s value, with a second mortgage for the remaining 20 percent. During the financial crisis, struggling borrowers paid their first mortgage loans, but failed to pay their second mortgage loans. According to the CFPB, many lenders did not pursue collection on the second mortgages during the financial crisis, due to declining home values, which meant that in a foreclosure no sale proceeds would remain after payment of the first mortgage. Instead, lenders sold their second mortgage loans for a fraction of their value. The CFPB alleges that, over a decade later, and without any intervening communication to borrowers, debt collectors are now demanding the second mortgage balance, interest, and fees and are threatening foreclosure on borrowers that do not pay.
In the advisory guidance, the CFPB states that it is illegal to sue or threaten to sue to collect on time-barred zombie mortgages. The CFPB states that debt collectors that nonetheless attempt to do so may be in violation of the Fair Debt Collection Practices Act (FDCPA) and Regulation F, warning that:
- The FDCPA and its implementing Regulation F prohibit a debt collector from suing or threatening to sue to collect time-barred debt, and
- The prohibition applies even if the debt collector does not know that the debt is time- barred.
Debt collectors should review the applicable statutes of limitations for jurisdictions in which they are collecting and confirm they know the age of their loans to reduce compliance risk. They should also be mindful that another issue identified by the CFPB was debt collectors’ failure to sufficiently communicate with borrowers. Debt collectors dealing with older loans where the statute of limitations has not run should consider attempting additional communications with borrowers before initiating foreclosure proceedings, to mitigate borrower surprise and to avoid increased attention from the CFPB.
NYDFS recently issued Proposed Guidance “to New York State-regulated banking organizations and regulated non-depository financial institutions to notify them of the Department’s expectation that they update their framework for the review and assessment of the character and fitness of their directors, senior officers, and managers, both upon onboarding and on an ongoing basis.”
The Proposed Guidance applies to “each member of a Covered Institution’s board of directors, board of trustees and/or board of managers, as applicable, and each senior officer of a Covered Institution (Designated Persons). The term ‘senior officer’ refers to every officer who participates or has authority to participate (other than in the capacity of a director) in major policy-making functions of a Covered Institution.” The link to the entire Proposed Guidance is here. There is a comment period running through June 30, 2023.
On April 24, the Governor of Kansas signed into law Kansas Senate Bill 44, which enacts the Financial Institutions Information Security Act (the Act). The Act requires credit services organizations, mortgage companies, supervised lenders, money transmitters, trust companies, and technology-enabled fiduciary financial institutions to comply with the requirements of the GLBA’s Safeguards Rule, as in effect on July 1, 2023. (16 C.F.R. § 314.1 et seq.). The only available exemption from the Act’s requirements is for entities that are directly regulated by a federal banking agency.
The Act requires covered entities in Kansas to create standards regarding the development, implementation, and maintenance of reasonable safeguards to protect the security, confidentiality, and integrity of customer information. For purposes of the Act, “customer information” is broadly defined as “any record containing nonpublic personal information about a customer of a covered entity, whether in paper, electronic or other form, that is handled or maintained by or on behalf of the covered entity or its affiliates.” However, the Act also requires that an entity’s customer information standards be consistent with, and made pursuant to, the GLBA’s Safeguard Rule.
The Safeguard Rule is a regulation stemming from the GLBA that requires non-banking financial institutions to develop, implement, and maintain a comprehensive security program to protect the information of their customers. The Safeguard Rule is currently implementing new requirements, set to become effective on June 9, 2023, which we previously covered in greater detail within the CyberAdviser blog, please see here and here. The Safeguard Rule lays out three main objectives for information security programs: (1) Insure the security and confidentiality of customer information; (2) Protect against any anticipated threats or hazards to the security or integrity of such information; and (3) Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.
As of June 9, those objectives will require applicable companies to, in part: (1) Designate a qualified individual to oversee their information security program; (2) Develop a written risk assessment; (3) Limit and monitor who can access customer information; (4) Encrypt information in transit and at rest; (6) Train security personnel; (7) Develop a written incident response plan; and (8) Implement multifactor authentication whenever anyone accesses customer information. However, the Safeguards Rule does not fully apply to financial institutions that fit within certain exceptions or have primary regulators other than the FTC. Those entities in particular should assess whether the Act may require them to comply with the Safeguard Rule. And, whereas covered entities subject to the FTC’s Safeguards Rule have been working for months if not years to comply, the Kansas Act will require compliance within a matter of months.
Additionally, the Act required covered entities to develop and organize their information security program “into one or more readily accessible parts,” and maintain that program in accordance with the books and record retention requirements of the covered entity. Lastly, the new act provides the Kansas Office of the State Bank Commissioner the discretionary ability to issue regulations to implement the Act.
Did You Know?
The NMLS Conference’s ombudsman meeting summary can be viewed here. The meeting covered a wide range of topics, including the proposed Mortgage Business-Specific Requirements. The next ombudsman meeting will be held virtually on September 6, 2023.
A Ballard Spahr Webinar | June 15, 2023, 12:00 PM – 1:00 PM ET
Subscribe to Ballard Spahr Mailing Lists
Copyright © 2023 by Ballard Spahr LLP.
(No claim to original U.S. government material.)
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.
This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.