For the first time in nearly a decade, the CFPB recently updated the Unfair, Deceptive, or Abusive Acts or Practices (UDAAPs) examination procedures. The updates mainly focused on two areas of the procedures: 1) the section discussing unfair acts or practices, and 2) the procedures contained in the second half of the manual for evaluating the bank’s policies, procedures and processes. These changes seem to align with the current administration’s focus on consumer protections and fair lending issues such as redlining, pricing and certain biases in computer models and algorithms.
The first area of change includes a new authority under UDAAP to address discriminatory conduct in connection with a non-credit products or services. We’re used to seeing regulators address discriminatory conduct regarding credit products or services under fair lending and ECOA, and this is an effort by the CFPB to address discrimination in the offering of non-credit products and services in a similar way. In the example provided by the CFPB in the updated manual, not allowing African-American consumers to open deposit accounts, or subjecting African-American consumers to different requirements to open deposit accounts, may be an unfair practice even in those instances when ECOA does not apply to the transaction.
Traditionally the exam manual stated that an unfair act or practice could be a UDAAP violation if it caused substantial injury to consumers that they could not reasonably avoid, where the injury is not outweighed by countervailing benefits to consumers or competition. The updated exam manual retains the same general standard, with the exception that consumers cannot reasonably avoid discrimination. This appears to create a standard for instances of discrimination being an act or practice that causes substantial injury where the injury is not outweighed by countervailing benefits to consumers or competition. Furthermore, although substantial injury is still the requirement for an unfair act or practice, the updated manual states that emotional impacts such as “dignitary harm” may contribute to substantial injury, despite not normally being considered substantial injury by itself.
The second area of change includes updates to the exam procedures to focus on preventing discriminatory conduct. As part of the document review, in addition to looking at things like training materials and consumer complaint files, the manual now includes the following: 1) a review of documentation regarding the use of models, algorithms, and decision-making processes, 2) information regarding customer demographics, and 3) any demographic research relating to advertising of consumer financial products or services.
As a part of reviewing a bank’s written policies and procedures, audit reports, management reports, examination reports, etc. for UDAAP concerns, the examiner will additionally determine: 1) whether the bank has a process to prevent discrimination in relation to all aspects of consumer financial products or services, including the evaluation of all policies, procedures and processes, and continued monitoring for discrimination after implementation, and 2) whether the bank’s compliance program includes an established process for periodic analysis and monitoring of all decision-making processes, and a process to take corrective action to address any potential UDAAP concerns related to their use.
Further when reviewing internal controls in addition to looking for potential UDAAP concerns, the updated procedures now include the following four considerations: 1) whether the bank has established policies and procedures to review, test, and monitor any decision-making processes it uses for discrimination, 2) whether the bank has established policies and procedures to mitigate discrimination arising from the use of its decision-making processes, 3) whether the bank’s policies, procedures and practices target or exclude consumers from products and services, or offer different terms and conditions, in a discriminatory manner, and 4) whether the bank has appropriate training to prevent discrimination.
The final significant changes come in the section on potential areas for transaction testing, where six new areas have been added: 1) the bank gives inferior terms to one customer demographic compared to others, 2) the bank offers more products or services to one customer demographic compared to others, 3) bank employees treat customers of certain demographics worse or provide extra assistance or exceptions to customers of certain demographics, 4) the bank engages in targeted advertising or marketing in a discriminatory way, 5) the bank uses decision-making processes in its eligibility determinations, underwriting, pricing, servicing or collections that result in discrimination, and 6) the bank fails to evaluate and make necessary adjustments and corrections to prevent discrimination.
As is evident by this overview of the updates, the changes for banks in drafting their policies, procedures and processes could be significant, so you’ll want to review relevant documentation to prepare for future examinations.
On May 5, 2022 the OCC, FRB and FDIC issued an interagency notice of proposed rulemaking, seeking comments on their updates to the CRA regulations. This proposal is essentially the replacement to the OCC’s modernization rule, which was published in 2020 and rescinded in 2021. The industry has been anticipating the arrival of the interagency attempt at updating the CRA regulations, and it seems that day has arrived. The proposed rule tips the scales at 679 pages, which should make for light reading for compliance and non-compliance folks alike. The proposed rule contains about 200 pages of regulations, and nearly 500 pages of discussion about the proposed rule. Comments are due on or before August 5, 2022.
The Community Reinvestment Act, originally passed in the late 1970s, encourages banks to help meet the credit needs of the local communities in which they’re located, consistent with safe and sound practices. Because time marches on, the industry changes, and technology changes, the agencies feel that the CRA regulations should be updated in order to keep pace with the purpose of the CRA.
Some of the major stated objectives in updating the CRA regulations include 1) strengthening the achievement of the core purpose of the CRA, 2) adapting to technological changes such as mobile and online banking, 3) providing greater clarity and consistency, 4) tailoring data collection, reporting requirements, and performance standards, 5) creating a consistent approach between all three agencies.
To achieve the objectives stated in the proposed rule, the agencies have proposed a rule with the following major themes:
- Increase credit and investment in LMI areas.
a. The agencies are proposing evaluate performance of the activities conducted and the communities in which the banks operate so that CRA remains the effective tool it was designed to be. This proposal also emphasizes smaller loans and investments, which can be vitally important to meeting the needs of LMI areas.
- Modernizing to include internet and mobile banking.
a. The agencies are proposing to update CRA assessment areas to include activities associated with online and mobile banking, branchless banking, and hybrid models, to more accurately capture the areas and ways in which banking is done.
- Provide a clearer, more understandable CRA.
a. The agencies are proposing a metrics-based approach to evaluations, for greater clarity and to help with consistency. The rule would also seek to more clearly identify eligible CRA activities. This element alone should draw numerous comments, as this is one of most questioned aspect of the current CRA regulations.
- Customize data collection and evaluations specific to bank size and type.
a. The agencies are proposing to recognize differences in bank sizes and types, by providing those smaller banks the ability to continue to be evaluated under the existing CRA regulatory framework with the option to be evaluated under aspects of the new proposed framework.
It’s hard to say what the ultimate effects will be of the proposed CRA rule. We’ll have to wait and see how the agencies digest the inevitable comments on this significant proposal, and what shape the final rule takes. In the meantime, Compliance Alliance is working diligently to prepare a summary of this nearly 700-page rule to help you understand it. This summary will be available on our website as soon as it is available.
Financial institutions continually encounter customers whose first language is something other than English. Because of this, the more information and materials available in languages other than English, the better off customers will be. For a while now, the CFPB has encouraged financial institutions to provide information to access to products and services to people who are more comfortable using a language other than English. Institutions are not required to offer information and materials in languages other than English, but in appropriate situations, offering these materials would be advantageous to customers.
However, not all materials and all translations are created equally, and any information and materials that are translated need to be translated accurately. As to which documents to offer in other languages, banks should prioritize those communications that are most beneficial to customers, and for now the safest course of action is to stick to providing government-issued information and materials provided in languages other than English, rather than having institutions obtain translated documents from a non-governmental source, which could unnecessarily increase the bank’s liability.
To help financial institutions better support Spanish-speaking customers, the CFPB has recently made available Spanish translations of the following disclosures:
Regulation B, Appendix C, Model Forms C-1 through C-8, regarding adverse action notices, providing reasons credit was denied or counteroffered, as well as a notice of incompleteness, and the disclosure of right to request specific reasons for credit denial. (12 CFR § 1002.9(a), (b), and (c))
Regulation E, Model Forms 10(a) through 10(f), regarding information to consumers about fees and provisions or reloadable and payroll cards. (12 CFR §§ 1005.15(c) and 1005.18(b)(2), (3), (4), (6), and (7))
These disclosures above add to the growing list of disclosures already provided in Spanish by the CFPB, which include:
Regulation Z, Appendix H, Model Forms H-28(A) through H-28(J), which are sample Loan Estimates and Closing Disclosures. (12 CFR §§ 1026.37 and 1026.38)
Regulation Z, Booklet, “Consumer Handbook on Adjustable Rate Mortgages.” (12 CFR 1026.19(b)(1))
Regulation Z, Brochure, “What you should know about home equity lines of credit.” (12 § CFR 1026.40(e)).
Regulation X, Special Information Booklet, “Your Home Loan Toolkit.” (12 CFR § 1024.6(a))
Regulation X, Appendix MS4, Model Clauses MS-4(A) through MS-4(D), informing delinquent mortgages borrowers about their options via the written early intervention notice. (12 CFR § 1024.39(d)(2))
Regulation F, Appendix B, Model Form B-1, a notice from debt collectors helping consumers identify and verify debts being collected. (12 CFR § 1006.34(b))
Regulation V, Appendix D, Model Forms for Firm Offers of Credit or Insurance, disclosing the duties of users making written firm offers of credit or insurance based on information contained in consumer files. (12 CFR § 1022.54)
Regulation V, Appendix K, Summary of Consumer Rights, explains certain major consumer rights under the FCRA, including the right to obtain a copy of a consumer report, the frequency and circumstances under which a consumer is entitled to receive a free consumer report, the right to dispute information in a consumer’s file, and the right to obtain a credit score. (FCRA § 605A(i)(5))
Regulation V, Appendix I, Summary of Consumer Identity Theft Rights, explains the rights consumers have under the FCRA when they seek to remedy the effects of fraud or identity theft, including the right to place a fraud alert and block certain information from appearing in a consumer report. (15 U.S.C. 1681g(d)(2))
Recently the Office of the Comptroller of the Currency (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) (collectively referred to as “the agencies”) published a final rule containing questions and answers related to flood insurance. Interagency Questions and Answers regarding flood insurance were first published in 1997, revised and rearranged in 2009, and revised again in 2011. The existing interagency Q&A had 82 questions and answers covering topics such as whether flood insurance is required in specific scenarios, how much flood insurance is required in these scenarios, and possible exceptions to the requirements.
The agencies published proposed revisions to the existing interagency Q&A in July 2020, and another in March 2021, neither of which received separate final rules. This newly published final rule combines the existing Q&A’s, the July 2020 proposed revisions, and the March 2021 revisions, for a new combined total of 144 questions and answers. In addition to combining the existing published material, this new final rule expands on both existing and previously proposed questions, making this new publication from the agencies a fairly robust addition to the existing guidance.
There has also been changes made to the layout of the questions and answers. Many of the topics covered are the same, but categories have been renamed (e.g., from “…requirements for residential condominiums” to “…requirements for residential condominiums and co-ops”). In addition to this, new categories have been added (e.g., related to private flood insurance), and previously addressed topics have been expanded into more multiple categories (e.g., from “Escrow” to “Escrow: General,” “Escrow: Small Lender Exception,” and “Escrow: Loan Exceptions”).
Private flood insurance, a new topic, has questions and answers divided into three categories: general compliance, mandatory acceptance of private flood insurance, and discretionary acceptance of private flood insurance.
While we do not have space here to detail all of the changes made by this final rule, an example of a change made to an existing question involves whether flood insurance is required for loans that are restructured or modified. The existing answer explained that if the loan amount increased or the terms of the loan were renewed or extended, that flood insurance was required. The new answer to this question is more detailed and explains, for example, that if a modification or restructuring involves recapitalizing into the loan’s outstanding balance and delinquent payments and the maturity date of the loan otherwise stays the same, then the regulation would not apply because the modification or restructuring would not increase, extend, or renew the terms of the loan.
In contrast to that, the new answer also explains that if the loan modification or restructuring changes terms of the loan such as by increasing the outstanding principal balance beyond what was contemplated as part of the loan under the contract with the borrower, or by extending the maturity date of the loan, the regulation would apply because the lender increased or extended the terms of the loan beyond what was originally contemplated to be part of the loan.
The above is but one example of the types of changes that has been made to the Interagency Q&A. Compliance Alliance will be publishing a summary of the final rule and changes to the interagency questions and answers, which will be published on our website as soon as it becomes available.