InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB guidance provides clarity to mortgage servicing transfers
On April 24, the CFPB outlined new guidance to help facilitate compliance with mortgage servicing rules when transferring mortgage servicing rights to a servicer or a sub-servicer. According to the CFPB, after significant changes were made to Regulation X (RESPA) that took effect in 2014, the Bureau found weaknesses in the management of mortgage transfers. The new guidance provides “a roadmap for servicers that will prevent consumer harm,” and notes that when transferring a loan, “servicers should have policies and procedures reasonably designed to transfer all of the information and documents in their possession or control relating to a transferred mortgage loan, such as, a unique identifier for each loan, the terms of the loan, current unpaid principal balance as of a specific date, information concerning any escrow, and copies of any loss mitigation applications submitted by a borrower and of any loss mitigation agreements agreed to with a borrower.” According to the Bureau’s press release, servicers should also consider: (i) developing a servicing transfer plan, including an escalation plan for potential problems; (ii) engaging in quality control work to validate data; (iii) determining servicing responsibilities for legacy accounts; (iv) conducting post-transfer reviews to determine the effectiveness of a transfer plan; (v) monitoring consumer complaints and loss mitigation performance metrics; and (vi) identifying defaulted loans, active foreclosures, bankruptcies, or any forbearance agreements entered into with a borrower, and including loss mitigation activity for each loan where applicable.
The Bureau recognizes that entities may face particular challenges as a result of the Covid-19 pandemic and states it intends to consider such challenges, including operational and time constraints related to the transfer, and will “be sensitive to good-faith efforts demonstrably designed to transfer the servicing without adverse impact to consumers.”
Credit card launderer settles FTC charges for $6.75 million
On April 22, the FTC filed a complaint against a Canadian company and its CEO (defendants) for allegedly participating in deceptive and unfair acts or practices in violation of the FTC Act and the Telemarketing Sales Rule (TSR) by, among other things, laundering credit card payments for two tech support scams that were sued by the FTC in 2014. The FTC alleges in its complaint that the defendants entered into contracts with payment processors to obtain merchant accounts to process credit card charges. While these contracts prohibited the defendants from submitting third-party sales through its merchant accounts, the FTC claims that the defendants used the accounts to process millions of dollars of consumer credit card charges on behalf of the two tech support operators and also processed charges for lead generators that directed consumers to the tech support scam. The FTC alleges that the defendants were aware of the unlawful conduct of at least one of the two operators and attempted to hide these charges from the payment processors.
Under the proposed settlement, the defendants neither admitted nor denied the allegations, except as specifically stated within the settlement, and (i) will pay $6.75 million in equitable monetary relief; (ii) are permanently enjoined from engaging in any further payment laundering or violations of the TSR; and (iii) will screen and monitor prospective high risk clients.
Multi-jurisdiction settlement reached with credit reporting agency over 2017 data breach
On April 17, the Massachusetts attorney general announced a settlement with a credit reporting agency (CRA) to resolve a state investigation into a 2017 data breach that reportedly compromised the personal information of nearly three million Massachusetts residents. According to the AG’s 2017 complaint (covered by InfoBytes here), the CRA ignored cybersecurity vulnerabilities for months before the breach occurred and failed to take measures to implement and maintain reasonable safeguards. Under the terms of the proposed settlement, pending final court approval, the CRA will pay Massachusetts $18.2 million and is required to take significant measures to strengthen its security practices to ensure compliance with Massachusetts law. These measures include (i) implementing a comprehensive information security program; (ii) minimizing the collection of sensitive personal information; (iii) managing and implementing specific technical safeguards and controls; (iv) providing consumer-related relief, such as credit monitoring services and security freezes; and (iv) allowing third-party assessments of its data safeguards.
Earlier, on April 14, the Indiana attorney general also announced that the CRA will pay the state $19.5 million to resolve allegations that it failed to protect Indiana residents whose personal information was exposed in the 2017 data breach. Under the terms of the final judgment and consent decree, in addition to paying $19.5 million in restitution, the CRA must take measures similar to those outlined in the Massachusetts settlement.
Massachusetts and Indiana were the only two states that chose not to participate in the 2017 multi-agency settlement that resolved federal and state investigations into the data breach and required the company to pay up to $700 million (covered by InfoBytes here).
Separately, on April 7, the City of Chicago announced a $1.5 million settlement to resolve allegations that the CRA’s failure to employ adequate data-security measures led to the breach.
5th Circuit affirms summary judgment in FCRA case
On April 22, the U.S. Court of Appeals for the Fifth Circuit affirmed a district court’s dismissal of an FCRA action, holding that the plaintiff failed to prove that his alleged injuries were the result of the defendants’ actions. According to the opinion, the plaintiff alleged that a financial institution wrongfully reported a payment delinquency on his retail credit card, which he claimed caused the subsequent denial of a loan application. Upon learning of the denial, the plaintiff disputed the late-payment notation with three credit reporting agencies (CRAs). Prior to the district court’s judgment, the plaintiff settled with the retailer, the financial institution, and one of the three CRAs. The remaining two defendant CRAs reinvestigated the delinquency with the financial institution, confirmed the information, and notified the plaintiff of the result of their investigation. The plaintiff argued that the CRAs “failed to conduct a reasonable investigation” because they never directly contacted the retailer about the disputed late payment. However, the district court held that that the CRAs’ reliance on the Automated Consumer Dispute Verification (ACDV) system to investigate the dispute and confirm the information was “generally acceptable.”
On appeal, the 5th Circuit agreed with the district court that the plaintiff “offered no reasonable factual basis” for why the CRAs “should have been on notice of a need to go beyond the ACDV system as to this dispute.” The appellate court further agreed that the plaintiff was unable to show that contacting the retailer would have changed the CRAs’ conclusions about the information they already possessed. Finally, the 5th Circuit held that the plaintiff had shown no evidence that the denial of his loan application was a direct result of the CRAs’ actions because, as the district court concluded, the loan application was denied because of a credit report from the CRA that had previously settled with the plaintiff and was no longer a party to the suit.
Massachusetts passes legislation providing for virtual notarization
On April 23, the Massachusetts legislature passed, and the governor signed, S. 2645, which authorizes virtual notarization. Specifically, S. 2645 allows a notary public to perform a notarial act utilizing electronic video conferencing in real time, and meets standards specified in the act for electronic notarizations.
Illinois issues executive order regarding evictions
On April 23, the Illinois governor issued an executive order prohibiting residential evictions, with certain limited exceptions. Law enforcement officers in Illinois are also instructed to cease enforcement of orders of eviction for certain non-residential premises. The executive order does not relieve an individual or entity of an obligation to pay rent or comply with any other obligation in the lease or rental agreement. The executive order will remain in effect for the duration of the gubernatorial disaster proclamations.
FDIC encourages relief for Mississippi borrowers affected by severe weather
On April 21, the FDIC issued FIL-47-2020 to provide regulatory relief to financial institutions and help facilitate recovery in areas of Mississippi affected by a recent series of severe weather. In the letter, the FDIC encourages institutions to consider, among other things, (i) extending repayment terms; (ii) restructuring existing loans; or (iii) easing terms for new loans to borrowers affected by the severe weather, provided the measures are “done in a manner consistent with sound banking practices, can contribute to the health of the local community and serve the long-term interests of the lending institution.” Additionally, the FDIC notes that institutions may receive Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery. The FDIC states it will also consider relief from certain filing and publishing requirements.
Find continuing InfoBytes coverage on disaster relief guidance here.
Oklahoma Department of Consumer Credit issues amended interim guidance regarding remote work for employees of licensees
On April 23, the Oklahoma Department of Consumer Credit issued amended interim guidance to licensees regarding temporary operations from home and alternate locations. Mortgage loan originators and employees of other regulated entities who are typically required to work only from licensed locations may work from home, and sets forth data security requirements that must be met to conduct activities from home. Companies may also use an alternate site for conducting business if a licensed location is compromised or undergoing decontamination procedures. In such an event, the department is prepared to expedite address changes and waive associated fees. The department also states that it will work with affected licensees to schedule examinations or inspections to minimize disruption. The interim guidance is effective through May 31, 2020, unless otherwise changed, extended, or withdrawn.
District of Columbia Department of Insurance, Securities and Banking issues bulletin to certain insurance companies
On April 23, the District of Columbia Department of Insurance, Securities and Banking issued a bulletin to insurers, captives, and risk retention groups regarding modified regulatory filing requirements during the public health emergency. While companies are still required to make all required electronic filings with the NAIC based on modified filing deadlines, if applicable, the department will allow insurers an additional 30 to 60 days, depending on the filing, to complete filings upon a request to the department on or before the normal deadline. The bulletin sets forth the filings eligible for 30- or 60-day extensions. The bulletin also provides guidance regarding electronic filings and signatures. Further, while the department will not conduct any on-site examination work during the stay-at-home order, the department may still request certain electronic records to track trends arising from the Covid-19 pandemic.
OFAC issues amended Venezuela-related general license
On April 21, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued amended Venezuela General License (GL) 8F, titled “Authorizing Transactions Involving Petróleos de Venezuela, S.A. (PdVSA) Necessary for the Limited Maintenance of Essential Operations in Venezuela or the Wind Down of Operations in Venezuela for Certain Entities.” GL 8F supersedes GL 8E and extends the expiration date for certain authorizations through December 1 that would otherwise be prohibited under Executive Orders 13850, 13857, or 13884.
Visit here for additional InfoBytes coverage of actions related to Venezuela.