August 2023 Newsletters

RESPA Section 8: Back in the News

According to the CFPB (Consumer Financial Protection Bureau), the Real Estate Settlement Procedures Act (RESPA) helps reduce closing costs for homebuyers and increases competition in the marketplace by prohibiting mortgage loan originators from offering referral incentives and kickbacks to other companies in exchange for referring homebuyers. Accordingly, the CFPB just recently issued its first RESPA Section 8 public enforcement actions since 2017.

The CFPB issued a consent order against a mortgage company for providing illegal incentives to real estate brokers and agents in exchange for mortgage loan referrals, and a consent order against a real estate brokerage firm for accepting those illegal kickbacks from the mortgage company in exchange for referrals. The CFPB ordered the mortgage company to cease their illegal activities and pay a $1.75 million penalty to CFPB. The CFPB likewise ordered the real estate brokerage firm to cease illegal activities and pay a $200,000 penalty to the CFPB.

It’s important to note that the activity that violated RESPA Section 8 falls into what might be considered obvious violations and were not the sophisticated, clandestine schemes we often think about when contemplating the complex world of RESPA Section 8. On the hotline we regularly analyze situations that aren’t specifically covered by regulation, and help members navigate the gray areas, but the regulation is fairly clear on certain scenarios – and it’s these scenarios that were mainly the subjects of the enforcement actions. For example, the violations involved exchanging obvious things of value for referrals, such as the mortgage company providing real estate agents and brokers with cash, paid subscription services, and catered parties in exchange for referring prospective homebuyers to the mortgage company.

Further, the mortgage company entered into marketing services agreements with numerous real estate brokerages where the mortgage company made monthly payments in exchange for the brokerages’ marketing services. However, the mortgage company used these marketing services agreements as a way to pay for mortgage referrals, rather than compensate the brokerages for marketing services they actually performed. In fact, the CFPB found that the real estate brokerages often failed to perform many of the marketing tasks required under the agreement.

Really, if there’s a lesson to be learned from these enforcement actions, it’s that blatantly violating the regulation is still the problem it’s always been. While RESPA Section 8 may not receive the attention it did in the past, these recent enforcement orders make it clear that this is still an area of concern for the CFPB and that obvious violators will be pursued.

Considering the CFPB’s recent actions along with the October 2020 Frequently Asked Questions guidance and the Advisory Opinion on Mortgage Shopping Platforms, issued back in February 2023, RESPA Section 8 is still on the CFPB’s radar. Always feel free to reach out to us on the hotline, should you have any questions about activity and how it complies with the regulatory requirements of RESPA Section 8. Additionally we have cheat sheets, summaries, workflows, and webinars, and more to help with RESPA Section 8 concerns.

The most important pillar of BSA

As we all know, the Bank Secrecy Act (BSA) is kind of a big deal. It is a good idea to review some of the major parts of the regulation on occasion just to make sure we are still pointed in the right direction. Sometimes, without us really noticing, changes in our bank can cause shifts in our program. Turnover in personnel, changes in Board philosophy and the like can create ripples throughout the bank. Fortunately, the regulators sorted the BSA into five convenient pillars.

The first pillar of BSA is a system of internal controls. This is referring to our policies, procedures and processes that guide the program through the maze of compliance. Our risk assessment and culture are included in the internal controls. The risk assessment should drive the program and the banks culture will drive the risk assessment. This pillar is often noted as the most important.

The second pillar is independent testing. We need to be sure that our program is complete and thorough. In order to achieve this, we will need to have someone take a look at the program to provide an assessment. Above all, this person needs to be independent of the process and possess enough BSA knowledge to be qualified to perform the review. We can’t have the head teller that completes all of the CTRs for the bank verifying that the CTR process is complete and thorough. I have also heard that this is the most important pillar.

The third pillar is having a Compliance Officer. We need to have a qualified individual to execute the Board’s plan for BSA compliance. We need to make sure that the Compliance Officer is qualified to complete this task. They will also need to have the authority to run the program. The Board shouldn’t just pick the guy who isn’t in the room and can’t say “no”. Personally, I think this is the most important pillar.

The fourth pillar is training. BSA training should occur annually and, ideally, be tailored to the tasks that the personnel are responsible for in the bank. Commercial lenders should be trained on customer identification and beneficial ownership. While it won’t hurt them to train on CTRs, despite their calls to the contrary, it’s probably not essential. This pillar is known to be the most important.

The fifth pillar is due diligence, this pillar is fairly new and currently in a state of flux. Originally, Beneficial Ownership was a big part of this pillar. As a follower of Compliance Alliance, you are probably aware that FinCEN is currently in the process of changing how Beneficial Ownership is handled, with two of three final rules already published and a third final rule anxiously anticipated at some point in the future. However, there is more to this pillar than just beneficial ownership. The bank needs to understand the nature and purpose of the customer relationship and conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. FinCEN has a FAQ on this – the most important pillar of BSA.

Lending Limits and Purchased Loans

The Office of the Comptroller of the Currency (OCC) recently issued OCC Bulletin 2023-27 providing guidance on legal lending limits that apply to purchased loans. As the OCC notes, purchasing loans is a well-established banking practice that serve the needs of not only the buying and selling institutions, but also the public at large. As the number of brokers and non-bank lenders have increased, so have the number of loans available for financial institutions to purchase.

Unless an exception applies, all loans and extensions of credit made by banks are subject to the legal lending limit indicated in 12 CFR § 32.3, which provides limitations on the total amount of loans and extensions of credit to any one borrower. The lending limit regulation speaks to the following type of loans that are exceptions to the general lending limit: 1) those arising from the discount of commercial or business paper, 2) bankers’ acceptances, 3) secured by U.S. obligations, 4) guaranteed by a Federal agency, 5) guaranteed by State or political subdivision, 6) secured by segregated deposit accounts, 7) loans to financial institutions with the approval of the appropriate Federal banking agency, 8) loans to the Student Loan Marketing Association, 9) loans to industrial development authorities, 10) loans to leasing companies, 11) credit exposures arising from transactions financing certain government securities, and 12) intraday credit exposures. These exceptions are described in more detail in 12 CFR § 32.3(c).

Whether a loan that a bank purchases is attributable to the seller under the legal lending limit regulations depends on the facts and circumstances for each specific instance. Therefore, banks would generally consider greater information than for in-house originations to make their determinations about applicability.

Aggregate exposures attributable to a single seller must be within the bank’s legal lending limit. Loans are attributable to a seller under if the bank has direct or indirect recourse to the seller. Direct or indirect recourse can be explicit or implied. Explicit recourse is generally provided under contractual or some other type of written agreement between the bank and the seller. Examples of explicit recourse would include a requirement or contractual obligation to substitute or repurchase defaulted loans or refill a reserve account, even if no substitutions, repurchases, or replenishments of the reserve account have occurred to date.

Implied recourse is established through the bank’s dealing with a seller even if the written agreement does not contain explicit recourse. Examples of implied recourse would include when the seller has routinely substituted or repurchased loans or refilled or replenished a reserve account even when the contract does not require those actions.

If the bank does not have explicit or implied recourse to the seller, the purchased loans would generally be attributable under the legal lending limit regulation to only the named borrowers on the loans, unless the direct benefit or common enterprise tests are met or other provisions under the legal lending limit regulation would attribute them to another party.

As always, feel free to reach out to us on the hotline if you have any questions about legal lending limits, this recently published OCC Bulletin, or any of the exceptions that apply.

TRACED Act Changes to TCPA

At the end of 2019 Congress passed the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act) which made changes to the Telephone Consumer Protection Act (TCPA) and associated regulations. A portion of the TRACED Act went into effect March 29, 2021, and the remainder went into effect July 20, 2023.

Effective March 2021

Revised 47 CFR § 64.1200(a)(1)(iv) to state that a person will not be liable for violating the prohibition against placing calls to a wireless number if a) the wireless number has been ported from wireline service, b) the call made is a voice call, c) the call was not knowingly made to a wireless number, d) the call was made within 15 days of the number being ported from wireline to wireless service, and [newly added] e) the call was exempted by the newly added § 64.1200(a)(9), discussed further below.

47 CFR § 64.1200(a)(9) generally exempted calls made by a) a package delivery company to notify a consumer about a delivery, b) an inmate collect call service provider following an unsuccessful collect call, c) a financial institution, or d) healthcare providers, hospitals, emergency care centers, medical physician or service offices, poison control centers, and other healthcare professionals. These are generally exempted provided that the call is not charged to the called person or counted against the called person’s plan limits on minutes or texts. The term “call” includes a text message, including a short message service (SMS) call.

Calls made by any financial institution are exempted under § 64.1200(a)(9) provided that the following conditions are met: 1) calls must be sent only to telephone number provided by the customer, 2) calls must state the name and contact information of the financial institution, 3) calls are strictly limited to those for the following purposes: transactions and events that suggest a risk of fraud or identity theft; possible breaches of the security of customers’ personal information; steps consumers can take to prevent or remedy harm caused by data security breaches; and actions needed to arrange for receipt of pending money transfers, 4) calls must not include any telemarketing, cross-marketing, solicitation, debt collection, or advertising content, 5) calls must generally be one minute or less in length for voice calls or 160 characters or less in length for text messages, 6) may initiate no more than three calls per event over a three-day period for an affected account, 7) must offer in each message an easy means to opt out, and 8 )must honor opt-out requests immediately.

Effective July 2023

Revised 47 CFR § 64.1200(a)(3)(ii),(iii),(iv) to indicate that for calls not made for a commercial purpose ((a)(3)(ii)), made for a commercial purpose but does not include advertising ((a)(3)(iii)), or made on behalf of a tax exempt organization ((a)(3)(iv)), the caller make no more than three calls within any consecutive 30-day period to the residential line and honor the called party’s request to opt out of future calls.

Revised 47 CFR § 64.1200(a)(3)(v) that for calls delivering health care messages ((a)(3)(v)) the caller makes no more than one call per day to each patient’s residential line, up to a maximum of three calls combined per week to each patient’s residential line and honors the called party’s request to opt out of future calls.

Revised 47 CFR § 64.1200(b)(2) that for all artificial or prerecorded voice telephone messages made to residential telephone subscribers (including the exemptions listed above in (a)(3)(ii)-(v)) that during or after the message, state clearly the telephone number of such business which must permit any individual to make a do-not-call request during regular business hours. The telephone number provided may not be a 900 number or other for which charges exceed local or long-distance charges.

Revised 47 CFR § 64.1200(b)(3) that for all artificial or prerecorded voice telephone messages made pursuant to an exemption under (a)(3)(ii)-(v) or includes an advertisement and is delivered to a residential telephone line that an automated, interactive voice- and/or key press-activated opt-out mechanism for the called person to make a do-not-call request be provided.

Revised 47 CFR § 64.1200(d) such that no person may make a call for telemarketing purposes (or artificial or prerecorded-voice telephone call pursuant to an exemption under (a)(3)(ii)-(v)) to a residential telephone subscriber unless the caller has instituted procedures for an internal do-not-call list.  The specific procedures in (d)(1) – (d)(6) were also revised to state that anyone making a call for telemarketing purposes (or artificial or prerecorded-voice telephone calls pursuant to an exemption under (a)(3)(ii)-(v)):

  • Must have a written policy for maintaining a do-not-call list. – Revised 47 CFR § 64.1200(d)(1)
  • Must be informed and trained in the existence and use of the do-not-call list. – Revised 47 CFR § 64.1200(d)(2)
  • Upon receiving a request not to receive calls, must place the subscriber’s name and telephone number on the do-not-call list at the time the request is made. Must also honor a subscriber’s request within a reasonable time, not to exceed 30 days. The consumer’s request may not be shared without the consumer’s prior express permission. – Revised 47 CFR § 64.1200(d)(3)
  • Must provide the called party with the name of the caller, the name of the person on whose behalf the call is being made, and a telephone number (not a 900 number or similar) or address at which the caller may be contacted. – Revised 47 CFR § 64.1200(d)(4)
  • Requests shall only apply to those on whose behalf the call is made, and not their affiliates, unless the consumer reasonably would expect them to be included considering who the caller is and (for telemarketing calls) what is being advertised. – Revised 47 CFR § 64.1200(d)(5)
  • Must maintain a record of a consumer’s request not to receive further calls. A do-not-call request must be honored for 5 years from the time the request is made. – Revised 47 CFR § 64.1200(d)(6)

As always, if you have any questions about the changes to the TCPA, feel free to reach out to us on the Hotline.

FIL-37-2023: Reporting Uninsured Deposits

Last week, the Federal Deposit Insurance Corporation (FDIC) issued financial institution letter FIL-37-2023 about the correct way to report estimated uninsured deposits in compliance with the Call Report (Consolidated Reports of Condition and Income) instructions. The FDIC noted that this FIL does not impact institutions with less than $1 billion in total assets that do not report estimated uninsured deposits.

The FDIC observed that some insured depository institutions are incorrectly reducing the amount of uninsured deposits reported because the uninsured deposits are collateralized by pledged assets. In the view of the FDIC, this is an incorrect way of reporting because the existence of collateral has no bearing on the portion of a deposit that is covered by federal deposit insurance. Deposit insurance and collateral are separate things. This FIL advises that if an institution has deposit accounts with balances in excess of the federal deposit insurance limit that it has collateralized by pledging assets, such as deposits of the U.S. Government and of states and political subdivisions, the institution should make a reasonable estimate of the portion of these deposits that is uninsured.

The FDIC also observed that some institutions are incorrectly reducing the amount reported on Schedule RC-O (Other Data for Deposit Insurance Assessments) by excluding intercompany deposit balances of subsidiaries. The General Instructions for the Call Report state that all deposits of subsidiaries (other than a subsidiary that is accounted for under the equity method of accounting instead of consolidating) that are consolidated and, therefore, eliminated from reported deposits on the balance sheet, must be reported in Schedule RC-O, items 1 through 3, Memorandum item 1, and, if applicable, Memorandum item 2, estimated amount of uninsured deposits.

As each financial institution is responsible for the accuracy of their own Call Report data and for filing amendments as necessary to ensure Call Report accuracy, the FDIC has instructed institutions that reducing the amount of reported uninsured deposits to reflect collateralization by pledged assets or by excluding intercompany deposit balances of subsidiaries, causes these reports to be inaccurate. As such, uninsured deposit data should be amended to Call Reports already filed, with the appropriate changes being made and the new data submitted to the Central Data Repository using the same process as the original filing. Insured Depository institutions can submit up to three years of Call Report revisions, or more if appropriate.

The Call Report forms and instructions can be accessed from the FDIC Call Reports webpage. These forms and instructions are also available for printing and downloading from the Federal Financial Institutions Examination Council’s (FFIEC’s) Reporting Forms webpage for each version of the Call Report.

Feel free to reach out to us on the hotline with any questions about this financial institution letter, or any questions you might have about the Call Report in general. Whether it’s Community-Reinvestment-Act-related or just a standard line of questioning, it’s not always easy to sift through the Call Report instructions and determine how transactions should be reported. Compliance Alliance is here to help.