April 2025 Newsletters

Adverse Action Notices & Guarantors

Our Compliance Hub Hotline often gets asked about adverse action notices when an application involves both an applicant and a guarantor. Does the bank need to send notice to both the applicant and the guarantor? Is the bank allowed to send a notice to the guarantor even when it may not be required?

If an individual is acting as a guarantor, a surety, or in a like capacity on a commercial loan, an adverse action notice is typically not required. In looking at the regulatory basis for this reasoning – the FCRA definition of adverse action is based on ECOA’s definition of adverse action, and ECOA’s definition does not apply to guarantors, as outlined below:

“…An application may involve a guarantor or co-signer. Some industry commenters asked whether a guarantor or co-signer should receive an adverse action notice. These commenters also asked whether the guarantor’s or cosigner’s credit score should be disclosed to the applicant, where the creditor uses the guarantor’s or co-signer’s credit score in taking adverse action. Under section 701(d)(6) of the ECOA and § 202.2(c) of Regulation B, only an applicant can experience adverse action. Further, a guarantor or co-signer is not deemed an applicant under § 202.2(e). Sections 603(k)(1)(A) and 603(k)(1)(B)(2) of the FCRA provide that adverse action has the same meaning for purposes of the FCRA as is provided in the ECOA and Regulation B in the context of a credit application. Therefore, a guarantor or co-signer would not receive an adverse action notice under the ECOA or the FCRA.

The credit applicant would, however, receive an adverse action notice, even if the adverse action decision is made solely based on information in the guarantor’s or cosigner’s consumer report. Section 1100F of the Dodd-Frank Act does not address whether, in this circumstance, the adverse action notice received by an applicant under the FCRA should include a guarantor or co-signer’s credit score. The Board does not believe, however, that Congress intended for an individual to receive another individual’s credit score. Section 609(f)(2) of the FCRA associates a credit score with a particular individual. The Board accordingly believes that a guarantor or co-signer’s credit score should not be disclosed to an applicant in an adverse action notice….” 76 Fed. Reg. 41590, 41597

As such, in these cases, the bank is not required to send an adverse action notice. However, if the bank decides to send an AAN to the guarantor nevertheless, then that decision would be pursuant to the bank’s own risk-based determination; with that said, it is worth noting that this could potentially cause unnecessary confusion, especially in business lending contexts where personal guarantees are relatively common, but not necessarily evaluative of personal creditworthiness – or, said differently, this could imply that the guarantor was considered the primary applicant if not sufficiently explained.

Moreover, when sending an adverse action notice – regardless to whom – the bank will want to ensure clear communication in line with the expectations of § 1002.9 (i.e. specific and accurate reasons for denial, etc.), similar in concept to adverse action notices being provided to co-applicants – and in the vein of privacy and customer relations concerns – the guarantor’s information should not be included on the applicant’s notice (or, said differently, each person should receive only their own information on their own adverse action notice).

Lastly – ever mindful of potential UDAAP/UDAP and / or fair lending risks – if the bank does decide to send adverse action notices to guarantors, then it should be sure to send such notices to all guarantors similarly situated.Ā As always, if you have any other questions or concerns, feel free to reach out to us on the Compliance Hub Hotline.

Flood Insurance and ā€œNo Valueā€ Buildings

Is flood insurance required on a building that has practically no value? If so, how much? We often get this question on the Compliance Hub Hotline, so we want to take the time to dive into it a little deeper today.


The federal flood rules generally require a bank to ensure any “buildings” (that is, any structures that meet the definition of a building) securing the loan that are located within a Special Flood Hazard Area (SFHA) are covered by flood insurance – even those with little or no value – unless some other exemption applies (such as the so-called “detached structure” exemption), or if that specific building has been otherwise ā€œcarved outā€ of the security agreement (for reference on this option, and this risks it presents, please see: ā€œApplicability 2ā€ in the  Loans in Areas Having Special Flood Hazards; Interagency Questions and Answers Regarding Flood Insurance, .pdf pg. 156).Ā 


As far as the amount of insurance in these cases – coverage must generally be at least the lesser of the loan amount or the maximum limit of coverage for the type of property pursuant to NFIP. 12 CFR 208.25(c)(1). The amount of coverage available under NFIP is the lesser of the maximum limit for the type of property (see NFIP Manual, Table 4 at .pdf pgs. 69-71 and Table 24 at .pdf pg. 104) or the insurable value (and again, in these scenarios, the insurable value will likely be far below the maximum amount of insurance available under NFIP).


For purposes of identifying the insurable value of a particular building type, the Interagency Q&As offer this guidance:
“The insurable value of the building may generally be the same as 100 percent Replacement Cost Value (RCV), which is the cost to replace the building with the same kind of material and construction without deduction for depreciation. In calculating the amount of insurance to require, the lender and borrower (either by themselves or in consultation with the flood insurance provider or other appropriate professional) may choose from a variety of approaches or methods to establish the insurable value. They may use an appraisal based on a cost-value (not market-value) approach, a construction-cost calculation, the insurable value used on a hazard insurance policy (recognizing that the insurable value for flood insurance purposes may differ from the coverage provided by the hazard insurance and that adjustments may be necessary), the replacement cost value listed on the flood insurance policy declarations page, or any other reasonable approach, so long as it can be supported.” Amount 2, .pdf pg. 198.


Unfortunately, the guidance related to this undertaking is relatively limited, though ultimately, there is a fair amount of flexibility here and it may generally come down to the bank’s historic practices and risk-based decision making (looking at their own policies, procedures, and the facts specific to the case in question.)
The NFIP Manual discusses this further (to a degree, that is) on.pdf pgs. 93-94, though essentially refers to ‘common industry practices’ (i.e., the same as the Q&A referenced above). The borrower’s insurance provider may be able to provide a quote that includes an acceptable valuation of the insurable structure(s). Further, the bank’s procedures and any third-party guidelines may include requirements relating to the permissible methods for these types of valuations.


As always, we recommend consistent treatment of similarly situated customers to mitigate fair lending and UDAAP/UDAP risks.Ā If you have any other questions or concerns, feel free to reach out to us on the Compliance Hub Hotline.

The Proof is in the Paperwork: Documenting Adverse Action Reasoning

Since being implemented by Regulation B, the Equal Credit Opportunity Act (ā€œECOAā€) has required banks to provide applicants with notice of the bank’s credit decision in response to a credit application. Although the notice requirements differ for commercial applicants, ECOA outlines that, if a bank is denying an application for credit, then, regardless of if the request is consumer or commercial purpose in nature, the bank is required to have specific reasons supporting the denial, and these reasons should not be based in any of ECOA’s ā€œprohibited basesā€. While many of us may be familiar with the requirement to provide notice under Regulation B,Ā  in recent years, there has been guidance issued by the Consumer Financial Protection Bureau (ā€œCFPBā€) underscoring the importance of, not only issuing these required notices, but also maintaining sufficient documentation to establish that the bank is fulfilling their obligations in offering specific and accurate reasons for the denial of a credit request.


As the spotlight surrounding banks’ adverse action requirements continues to be a point of comment for examiners, it is critical that banks ensure that they have sufficient documentation to evidence their compliance with the requirements of the rule.
The CFPB’s circular, Consumer Financial Protection Circular 2023-03: Adverse action notification requirements and the proper use of the CFPB’s sample forms provided in Regulation B, (the ā€œCircularā€), addresses the specificity requirements in support of a denial or adverse action. The Circular suggests that, since it is unlawful for a bank to not provide a statement of specific reasons for the action taken, a bank would not be in compliance with ECOA’s requirements if they are utilizing reasons that are ā€œoverly broad, vague, or otherwise fail to inform the applicant of the specific and principal reason(s) for an adverse action.ā€ As such, while banks are free to utilize any reasoning for a denial or adverse action occurring, so long as this reasoning would not seem to stem from any of the prohibited bases under Regulation B, of course, banks must ensure that their reasoning is documented with sufficient specificity to meet the expectations under the rule and be able to demonstrate such to examiners.

The Circular further outlines that, while the use of the example denial reasons and the sample forms within Appendix A of Regulation B is appropriate in certain circumstances, banks should be mindful that the use of the example reasons will only satisfy these requirements if the reason selected actually addresses the principal reasons for the action being taken. As, although the sample forms offer a demonstrative list, this list is non-exclusive, and the Circular suggests that ā€œ[i]f the reasons listed on the forms are not the factors actually used,ā€ then the bank will not meet the requirement of the rule by simply selecting the closest ā€œidentifiableā€ reason listed in the Appendix. Instead, when the reason for the denial does not seem to be encompassed in any of the sample reasons within the Appendix, then the bank can fulfill this obligation by utilizing the “other” option on form to state the specific reason actually considered in making the denial. By using the ā€œother” option on the form when the reasoning for the denial is not one of the examples, a bank can ensure that they are documenting the actual reasoning applied in evaluating the application for both the applicant and any examiners down the line.

Finally, the Circular points out that, while this new guidance may provide additional context on regulators’ expectations for the specificity of the reasons offered, these obligations stem directly from the language of the Regulation. As Regulation B directly states that, providing that a bank’s reasoning that a denial was based on ā€œthe creditor’s internal standards or policies or that the applicant, joint applicant, or similar party failed to achieve a qualifying score on the creditor’s credit scoring systemā€, alone, are insufficient to fulfill these requirements. Thus, the Circular contends that, even if the reason for the denial is based in any of these internal guidelines, the aspect of the internal guidelines warranting the denial must be communicated and documented with specific detail to ensure that the basis behind the decision is evident to the applicant, as well as any examiners that may evaluate such down the line.

Ensuring that the bank has sufficient documentation to support the reasoning behind a denial is critical for a bank to not only be able to demonstrate compliance with ECOA’s requirements to examiners, but also to improving the credit status of that individual applicant. As such, banks will want to evaluate their current documentation processes for making a credit decision to ensure that these procedures are robust enough to satisfy these expectations.Ā  As always, if you have any other questions or concerns about adverse action notices, feel free to contact us on the Compliance Hub Hotline.

Resting Assured: Audit Season in Bloom, Part 2

As promised, we’re back this week with Part 2 of our spring audit season spotlight, turning our attention to several additional areas where banks should be watching for weeds. Ā The observations below continue our roundup of findings collected through Assurance Services’ recent engagements – each one a timely reminder to stay rooted in your procedures and review where things might need “pruning.ā€

Deposit Compliance: Getting the Details Right

Several core deposit compliance issues continue to surface. Under Regulation CC’s 12 CFR 229.13(g), the exception hold notices that must be provided to customers have specific content and timing requirements; though they can be nuanced in their application (depending on what type of notice is being provided specifically), this is an area where banks benefit from getting back to basics, referring to the regulatory language, and applying the rules consistently.

Similarly, mismatches between what’s disclosed (or advertised) online and what’s provided at account opening under the Truth in Savings Act (TISA) can result in compliance violations. Disclosures and advertisements regarding minimum balance requirements or tiered service charges must align with the bank’s actual product terms, regardless of the medium. Under Regulation DD, consistency between online marketing and account disclosures is essential.

Another area to monitor is Regulation E’s provisional credit. In most cases, unless the bank has completed its investigation into a customer-reported error within 10 business days of receiving notice of that error, it must credit the customer’s account within 10 business days of receiving notice of an error (barring one of the applicable exceptions). Delays beyond this 10-day timeframe, even for small-dollar claims, may cause a violation of § 1005.11(c).

ACH Stop Payments: Time Limits That Don’t Belong

A common misstep involves how systems handle stop payments on ACH transactions for consumer accounts. For example, core systems might be configured to apply a six-month expiration to all stop payments – but this explicitly conflicts with Nacha Operating Rules for consumers. According to Article Three, Subsection 3.7.1.4, stop payments on consumer ACH entries remain in effect until either the consumer revokes the order, or the relevant debit entry is returned. Essentially, this means stop payments for consumer ACH transactions must remain active indefinitely unless withdrawn. Applying a six-month expiration across the board could result in premature expiration (and potential consumer harm.)

Lending: Accuracy in Notices and Disclosures

Lending documentation should also be reviewed with care. Pre-repossession notices sometimes included the wrong collateral description or misstated the outstanding balance. These details not only confuse the borrower (a UDAAP/UDAP concern in and of itself) but can present significant legal and regulatory risk.

Banks were also observed using the Closing Disclosure (CD) form for all real estate-secured loans – even for those in which TRID does not apply. While perhaps well-intentioned, applying TRID disclosures outside of allowances in Reg Z can mislead borrowers and suggest protections that do not exist (or, potentially worse, create them as a matter of contract).

As audit season blossoms, there’s no better time to dig into the details. Whether you’re proactively tending to these areas or just beginning to see them ā€œsproutā€ up, Assurance Services is here to help you stay grounded – and ready – for whatever regulatory weather audit season brings your way.

 

Ten Years and Still Struggling with TRID

This coming October, it will have been 10 years since the Truth in Lending-Real Estate Settlement Procedures (TILA-RESPA) Integrated Disclosures rule (TRID) became effective. Ordinarily, ten years is sufficient time to get your bank trained and everything running like clockwork. That’s not the case with TRID. Most of the requirements are so technical that it is hard for community banks to get an A+ on their tests from examiners and auditors. Let’s discuss some of the most common errors found during reviews and audits.

In the rush to get the Loan Estimate (LE) issued within the 3 business days that the regulation requires, sometimes fees are unintentionally omitted. The regulation does not allow a bank to correct those errors on a reissued LE. Strong internal controls can help a bank ensure that all LE’s generated include all the tolerance-based fees that the Bank requires. These internal controls could be as simple as designing a 2nd review checklist of the LE and using that prior to delivery or setting up standard fees in the Loan Origination System (LOS), so the fees are listed automatically in every loan of a certain type. Both internal controls can stop inadvertent omissions and save the bank from costly errors.

Once an LE is issued and delivered, there can be changes that allow banks to reissue the LE, and the bank is required to document the reasons. Banks must have a valid changed circumstance to reissue an LE and reset the tolerance basis. Failure to document the changed circumstance will result in a violation. To comply with the requirements, banks must document the amount of the original estimated charge, the reason for the change, and how it affects the cost or what the new estimated charge is. It is also a best practice to document the date the bank found out about the changed circumstance, so that the reissued LE date can be verified to be within three business days of the change as required. There is not a model form for this, and banks can document it anyway that is best for them. Most LOS systems can generate a Change of Circumstance form. Use of this form will help to avoid documentation violations.

The Closing Disclosure (CD) is where most of the errors we see appear. The list could be a long one, but let’s talk about two common ones: (1) putting shoppable fees in the wrong sections of the CD and (2) electronic filing/recording fees. The most frequent error I see is putting fees for required services in the wrong section on the CD. On the CD, Section B is for services a borrower cannot shop for, like the appraisal, and the ones where the applicant shopped and chose someone on the bank’s Written List of Providers (WLP). The tolerance for these shoppable fees is set at 10% of the total fee amount listed on the LE. Section C is for services the applicant did shop for and did not choose a provider from the WLP. There is no tolerance for these fees. The next common error is electronic filing/recording fees. These fees are handled differently depending on who is charging the fee. Depending on who is assessing the fee, determines where it goes on the CD. If the government entity that records the document is charging the fee, it goes in Section E and is not part of the finance charge. If the bank is charging the fee, it goes in Section A and is included in the finance charge. If a third-party is charging the fee, for example a title company, it goes in B or C, depending on if the applicant shopped, and it is considered a finance charge.

Although this is not a long list of errors, these are the ones we see frequently, so it is important to be aware of them and mitigate the risk of errors when possible. One thing that you can do to ensure that you have all the technical requirements of the regulation correct is to review your LOS setup. Many times, errors occur because there is something incorrect in the setup, or the LOS is not being used correctly. In addition, both the LE and CD should be reviewed prior to delivery to the customer to ensure nothing has been missed. As always, for checklists, training, and cheat sheets, Compliance Alliance is here with solutions and offers a TRID Toolkit that can help.