RESPA: Don’t simply assume an AfBA exists

Introduction

The Consumer Financial Protection Bureau (CFPB) enforces the Real Estate Settlement Procedures Act of 1974 (RESPA). The Congressional act was designed to implement significant reforms in the real estate settlement process needed to ensure that consumers are provided with greater and timelier information on the nature and costs of the residential real estate settlement process and are protected from unnecessarily high settlement charges caused by certain abusive practices.¹ The CFPB has promulgated regulations codified in Title 12, Part 1024 of the U.S. Code of Federal Regulations (CFR).² Among those regulations are specific sections that address the CFPB’s concerns regarding referrals, kickbacks, and Affiliated Business Arrangements (AfBA), which must be evaluated in light of referral incentive programs. RESPA has teeth, and mortgage lenders are well advised to guard against non-compliance.

While it is imperative that a mortgage lender comply fully with the law and regulations that support CFPB oversight, the lender must do so in a manner that appropriately balances the regulatory requirements and the business structure in accordance with its risk appetite. To fail to faithfully uphold RESPA’s requirements or to manipulate semantics to achieve noncompliant results would be both unethical and illegal. But to construe RESPA too broadly beyond its legislative intent, plain textual construction, and documented regulatory examination expectations would serve only to increase financial costs, generate operational complexity, and reduce sales opportunities to the lender and its shareholders without a corresponding improvement in regulatory compliance.

Commencement of RESPA Obligations

RESPA obligations apply to “all federally related mortgage loans, except for the exemptions provided” in 12 CFR 1024.5(b). Exemptions applicable to mortgage transactions include:

“(1) A loan on property of 25 acres or more;

 (2) Business purpose loans;

 (3) Temporary financing;

 (4) Vacant land;

 (5) Assumption without lender approval;

 (6) Loan conversions; and

 (7) Secondary market transactions.”³

The regulations define a federally related mortgage loan as it applies to a lender to mean “any loan…secured by a first or subordinate lien on residential real property… made in whole or in part by any lender that is either regulated by or whose deposits or accounts are insured by any agency of the Federal Government.”⁴

The regulations define settlement to mean “the process of executing legally binding documents regarding a lien on property that is subject to a federally related mortgage loan.” This process may also be called “closing” or “escrow” in different jurisdictions.⁵ Even construed most narrowly, a prospective or actual settlement process cannot exist in the absence of a real estate mortgage loan inquiry. A real estate settlement process typically involves one or more settlement services.

“Settlement service means any service provided in connection with a prospective or actual settlement”⁶, including many services commonly associated with closing a mortgage loan. While the regulation provides a non-exclusive list of settlement services, only a service that could be provided as a function of a real estate settlement process would be deemed a settlement service. A “referral” is not defined nor implied to be a settlement service under 12 CFR 1024.2(b). Services that would never be involved in a real estate settlement process are not deemed to be settlement services under RESPA.

Referrals, Kickbacks, and Affiliated Business Arrangements

Congress sought to guard against abusive referral practices that would result in kickbacks and unearned fees at the expense of the consumer. RESPA allows for civil and criminal liability for violating the prohibition against kickbacks and unearned fees including treble damages, fines and imprisonment. The CFPB has codified that “[a]ny referral of a settlement service is not a compensable service, except as set forth in §1024.14(g)(1). A company may not pay any other company or the employees of any other company for the referral of settlement service business.”⁷ While a company may not pay any other company or the employees of any other company, 12 CFR 1024.14(g)(1)(vii) explains that “Section 8 of RESPA permits: …An employer's payment to its own employees for any referral activities.”

Recognizing the potential for abusive practices among affiliated settlement service providers, especially those to whom a lender directs a mortgage loan applicant, RESPA regulates affiliated business arrangements at 12 CFR 1024.15.⁸ If a loan originator (or an associate) has either an affiliate relationship or a direct or beneficial ownership interest of more than one percent in a provider of settlement services and the loan originator directly or indirectly refers business to the provider it is an affiliated business arrangement.⁹ “Thus, both elements must be satisfied to create an affiliated business arrangement. A mere affiliated business relationship among two corporations absent the second prong whereby the loan originator refers business to an affiliated settlement service provider does not invoke the disclosure contemplated by 12 CFR 1024.15(b)(1).

The term ‘‘affiliated business arrangement’’ (AfBA) means an arrangement in which (A) a person who is in a position to refer business incident to or a part of a real estate settlement service involving a federally related mortgage loan, or an associate of such person, has either an affiliate relationship with or a direct or beneficial ownership interest of more than 1 percent in a provider of settlement services; and (B) either of such persons directly or indirectly refers such business to that provider or affirmatively influences the selection of that provider…”¹⁰ 12 CFR 1024.15(c) further clarifies that a “person who is in a position to refer settlement service business means any real estate broker or agent, lender, mortgage broker, builder or developer, attorney, title company, title agent, or other person deriving a significant portion of his or her gross income from providing settlement services.”¹¹

Determining whether an entity may derive a “significant portion” of gross income from providing real estate settlement services would require financial analysis, as an entity may also derive a significant portion of its gross income entirely unrelated to providing a “settlement service” for the closing of a “federally related mortgage loan.” It would be inappropriate to assume an attribution of significance absent quantitative support.

In clear contrast, many business lines clearly do not derive any gross income—let alone a “significant portion” of gross income—from providing settlement services. Given the products or services they offer, many entities could never be real estate settlement service providers as understood by the industry and by the regulators. As such, those lines of business and their employees would never constitute a “person who is in a position to refer settlement service business” pursuant to the regulation’s own definition.

The U.S. Department of Housing and Urban Development (HUD) has further delineated the requirement as follows:

An Affiliated Business Arrangement (AfBA) Disclosure is required whenever a settlement service provider involved in a RESPA covered transaction refers the consumer to a provider with whom the referring party has an ownership or other beneficial interest.¹²

Thus, a disclosure would not be required when the referral is given by an organization or employee of an organization that is not “a settlement service provider involved in a RESPA covered transaction.” Even a referral made by an affiliated settlement service provider where no “RESPA covered transaction” has occurred involving a “federally related mortgage loan” would not by itself trigger the 12 CFR 1024.15(b)(1) disclosure. In other words, merely suggesting that a consumer consider future use of a title insurance company in the absence of that consumer actually inquiring about or applying for a mortgage loan would mean that no settlement service provider is even required. The absence of a mortgage loan application implies the absence of a prospective or actual settlement process.

Appendix MS-1 to Part 1024¹³ further explains that the loan application triggers the RESPA obligation: “You are applying for a mortgage loan covered by the Real Estate Settlement Procedures Act (RESPA).” Once the lender’s mortgage loan application process has begun (or more conservatively, an inquiry has been made of the lender), a RESPA covered transaction has commenced. The “Affiliated Business Arrangement Disclosure Statement Format Notice” includes explicit language further memorializing this intent:

·         “…as a condition for [settlement of your loan on] [or] [purchase, sale, or refinance of] the subject property.”

·         “…we, as your lender, will require you to use, as a condition of your loan on this property, to represent our interests in the transaction.”¹⁴

Regulatory Intent and CFPB Enforcement

The CFPB is noted for its aggressive and expansive interpretation of its regulatory power. Against that backdrop, the CFPB Examination Manual procedure for AfBA testing recognizes that the lending institution’s loan origination is the trigger for AfBA compliance. According to the CFPB RESPA Examination Manual, the CFPB’s examination of Affiliated Business Arrangements entails:

25.   Determine from the HUD-1 or HUD-1A and from interviews with institution management, or through other appropriate methods, if the institution referred a borrower to a settlement service provider with which the institution was affiliated or in which the institution had a direct or beneficial ownership interest of more than 1 percent (hereinafter, an “affiliated business arrangement”).

26.   If the financial institution had an affiliated business arrangement, determine whether the affiliated business arrangement disclosure statement (Appendix D to Part 1024) was provided as required by 12 CFR 1024.15(b)(1).

27.   Other than an attorney, credit reporting agency, or appraiser representing the lender, if the financial institution referred a borrower to a settlement service provider, determine whether the institution required the use of the provider (12 CFR 1024.15(b)(2)).

28.   Determine if compensation received by the lender in connection with an affiliated business arrangement is limited to a return on an ownership interest or other amounts permissible under RESPA (12 CFR 1024.15(b)(3)).¹⁵

Appropriately Triggered Affiliated Business Arrangement Disclosures

The aforementioned review of the CFPB regulation, forms, and examination procedures indicates that unless an affiliated entity or employee of that entity is involved in the RESPA-covered transaction prior to the referral, then the AfBA would not apply. Thus, making a referral before any RESPA-covered lending transaction has begun would not trigger RESPA applicability.

It would of course follow that if a RESPA-covered transaction has been conceived by a consumer mortgage loan inquiry or application, and the prospective borrower has then been referred to or has chosen an affiliated settlement service provider, then the mortgage lender must provide the required AfBA Disclosure.

Additionally, in this scenario the affiliated entity receiving the referral has now become a settlement service provider involved in this RESPA-covered transaction vis-à-vis the federally related mortgage loan. At that point any subsequent referral by the affiliate involved in this RESPA-covered transaction also would entail the AfBA Disclosure obligation. An example of this obligation would arise if a hazard insurance affiliate involved in a federally related mortgage loan then referred the borrower to a title insurer for the RESPA-covered transaction.

Conclusion

RESPA focuses upon providing consumers with information transparency and protection from unscrupulous providers in all phases of the real estate settlement service process. Mortgage lenders and all other settlement service providers must always seek to comply fully with the law and regulations that support CFPB oversight. Organizations must also be careful not to assume REPSA obligations prior to when those obligations are actually invoked. In alignment with defined risk appetites, affiliated entities must comply in a manner that appropriately balances the regulatory requirements for settlement service providers with the business imperatives to avoid unnecessarily increasing financial costs, manufacturing operational complexity, and reducing sales opportunities. A tailored AfBA process will provide this compliant solution.

Endnotes

1            Final Rule; Official Interpretations, 12 CFR Part 1024, Docket No. CFPB-2012-0034, RIN 3170-AA14, Mortgage Servicing Rules under the Real Estate Settlement Procedures Act (Regulation X), Bureau of Consumer Financial Protection, p. 23, January 17, 2013, effective January 10, 2014.

2              12 CFR 1024, “REAL ESTATE SETTLEMENT PROCEDURES ACT (REGULATION X).”

3              12 CFR 1024.5   “Coverage of RESPA.”

4              Definitions; other terms, “Federally Related Mortgage Loan”, 12 CFR 1024.2(b).

               

5              Definitions; other terms, “Settlement”, 12 CFR 1024.2(b). 

6              Definitions; other terms, “Settlement Service”, 12 CFR 1024.2(b).   

7              Prohibition against kickbacks and unearned fees, “No referral fees.” 12 CFR 1024.14(b)

8              12 CFR 1024.15, “Affiliated Business Arrangements.”

9              “Affiliated Business Arrangements – 12 CFR 1024.15,” Examination Procedures, Regulation X Real Estate Settlement Procedures Act, CFPB Consumer Laws and Regulations, p. 17, November 2013.

10            12 USC 2602(7), “Definitions.”

11            12 CFR 1024.15(c), “Definitions.”

12            “Disclosures before settlement/closing occurs”, “An Affiliated Business Arrangement (AfBA) Disclosure”, More Information About RESPA, Department of Housing and Urban Development.

13            “Appendix MS-1 to Part 1024,” 12 CFR 1024.

14            “Appendix D to Part 1024—Affiliated Business Arrangement Disclosure Statement Format Notice,” 12 CFR 1024.

15            “Affiliated Business Arrangements – 12 CFR 1024.15,” Examination Procedures, Regulation X Real Estate Settlement Procedures Act, CFPB Consumer Laws and Regulations, pp. 56-57, November 2013.

Your Brother’s Keeper: the OCC & Third-Party Mortgage Vendor Relationships

Background

Nationally-chartered federal savings banks are subject to the prudential regulation of the Office of the Comptroller of the Currency (the “OCC”). National banks may engage in activities that are part of, or incidental to, the business of banking, or are otherwise authorized for a national bank. The business of banking is an evolving concept and the permissible activities of national banks similarly evolve over time.¹ But when your bank’s senior management decides to outsource a critical function—especially a consumer-facing function like mortgage loan origination or servicing—you truly become your “brother’s keeper.” No Chief Executive Officer or Chief Compliance Officer wishes to find himself or herself targeted by the OCC for failure to conduct adequate third-party vendor due diligence or ongoing monitoring.

It had been historically understood that when employing third-party entities to conduct all or part of a critical banking function, by not fully understanding the nature of the risks being introduced to the bank and by not ensuring appropriate risk controls, senior management and boards of directors breach their most fundamental fiduciary responsibility to depositors and shareholders.² The Federal Financial Institutions Examination Council (the “FFIEC”) very aptly highlights that although the technology needed to support business objectives is often a critical factor in deciding to outsource, managing such relationships is more than just a technology issue; it is an enterprise-wide corporate management issue.³

Long-standing OCC guidance

A national bank and its operating subsidiaries may make, purchase, sell, service, or warehouse house loans or other extensions of credit for its own or another’s account, including residential mortgage loans.⁴ A bank may conduct its mortgage operations in conjunction with a third-party not owned by the bank or bank holding company. Vendors, brokers, dealers, and agents can offer banks a variety of legitimate and safe opportunities to enhance product offerings, improve earnings, diversify assets and revenues, or reduce costs. In most instances the fundamental risks associated with activities introduced by third parties are no greater or less than the bank would have incurred had the bank performed the activity on its own.⁵

Historically, the OCC had very explicitly decreed that bank management cannot rely solely on third-party assertions, representations, or warranties when entering such relationships.⁶ Specifically, the OCC has long required that:

• Before entering into a major relationship with a third party, a bank should establish a comprehensive program for managing the relationship.
• Such programs should be documented and include front-end management planning, appropriate due diligence selecting a vendor, and performance monitoring.⁷

The requirements above were not merely satisfied by a bank relying solely upon its own internal Vendor Management Policy. The OCC expressly contemplated that the bank’s negotiators and signatories to the vendor contract would tailor the program to the specific vendor, and that the documentation would reflect the criteria and validation specific to that vendor with regard to the services for which the bank sought to contract.

OCC activity in the wake of Bulletin 2013-29

OCC treatment of third-party vendor risk management was recently further clarified when the agency issued Bulletin 2013-29: Third-Party Relationships - Risk Management Guidance on October 30, 2013.⁸  Among the OCC’s explicit guidance, the Agency deemed that an effective risk management process throughout the life cycle of the relationship includes:

·     plans that outline the bank’s strategy, identify the inherent risks of the activity, and detail how the bank selects, assesses, and oversees the third party;

·         proper due diligence in selecting a third party;

·         written contracts that outline the rights and responsibilities of all parties;

·         ongoing monitoring of the third party’s activities and performance;

·         contingency plans for terminating the relationship in an effective manner;

·       clear roles and responsibilities for overseeing and managing the relationship and risk management process;

·        documentation and reporting that facilitates oversight, accountability, monitoring, and risk management; and

·   independent reviews that allow bank management to determine that the bank’s process aligns with its strategy and effectively manages risks.

The OCC has wasted no time applying those third-party risk management principles immediately before and since the issuance of Bulletin 2013-29. On September 19, 2013, the OCC assessed a $60 million penalty against JPMorgan Chase and ordered the bank to reimburse consumers for unfair billing practices.⁹ In the JPMorgan Chase matter, the OCC order also requires the bank to take a number of corrective measures that include:

·         ensuring compliance with the FTC Act;

·   improving governance of third-party vendors associated with certain consumer products;

·    developing an enterprise-wide risk management program for such consumer products marketed or sold by the bank or its vendors; and

·         improving its consumer compliance internal audit program.

American Express Bank received an early Christmas present, when the OCC announced on December 24, 2013 that it would assess a $3 million penalty against the bank and order restitution to customers for unfair billing and deceptive marketing practices.¹⁰ The OCC order, whose restitution payments also satisfied related Consumer Financial Protection Bureau (CFPB) obligations, requires the bank to:

·  improve governance of third-party vendors associated with “add-on” consumer products;

·     develop a risk management program for “add-on” consumer products marketed or sold by the bank or its vendors; and

·    conduct an “add-on” product review to, among other things, identify and remediate consumer harm and any program weaknesses.

The OCC has clearly communicated that it intends to aggressively protect consumers from harmful activities resulting from a bank’s use of third-party vendors, and that it will hold a bank fully responsible for that third party’s missteps.

Critical Attention to Pre-Contractual Due Diligence

Every activity undertaken by bank management and its agents should accord with OCC requirements, and support subsequent examination by the OCC, the internal audit function, and external auditors. The contemplation of a significant third-party business relationship that contributes directly to a bank’s growth plan should be disclosed in sufficient detail by bank management to the bank’s board of directors to facilitate the board’s fiduciary responsibility. Negotiators of a third-party business relationship (inclusive of bank management, holding company management, and legal counsel) are in the best position to review, inquire, and edit contract provisions accordingly prior to execution to ensure that all contract provisions directly address OCC compliance requirements, including those relating directly to third-party risk and due diligence.

With reliance upon bank management and its agents who engage directly in the planning, negotiation, and execution of the third-party agreement, one should reasonably be able to conclude that those parties have conducted their activities in accordance with OCC Bulletin 2013-29.¹¹ In advance of executing an agreement, bank management and its agents would have engaged in and fully documented both management planning and due diligence in selecting a vendor. The agreement would further have documented the ongoing performance monitoring required to evaluate the ongoing vendor risk management posture. To have failed to faithfully adhere to the details of the Bulletin by simply relying upon professional relationships or contractual representations and warranties would be both imprudent and discordant with explicit OCC guidance.

Ongoing Risk Assessment and Improved Governance

If a CEO or CCO had not been involved in contract negotiations with a third-party vendor, then that leader may not be able to independently confirm whether or not bank management and its agents adhered to OCC requirements during the pre-contractual due diligence period. Once that leader becomes aware that such a gap may have occurred, it becomes incumbent upon that leader to undertake an independent risk assessment of the third-party vendor relationship. This obligation becomes critically important when the third-party vendor is providing consumer mortgage loan services.

The auditors assigned to conduct the independent third-party risk management review should be able to request, obtain and evaluate pre-contractual documentation, and supplement their initial conclusions with interviews with the individuals directly engaged in the planning, negotiation, and execution of the third-party vendor agreement. As with any audit, should the auditors identify exceptions to the OCC’s third-party risk management guidelines that present a material risk of non-compliance or future financial loss, then in accordance with the Chief Audit Executive, you would advise that bank management and the bank board be so advised that subsequent remedial measures be undertaken.

Conclusion

It is evident that the OCC expects governance, risk management, and controls (GRC) to be in place prior to and at the inception of third-party mortgage vendor relationships. Even as bank management remediates the existing relationship with a consumer mortgage vendor, all stakeholders should take note of the lessons learned from a less-than-thorough due diligence; explicit contractual role definition; and contractual provisions for detailed oversight, accountability, and monitoring. Future third-party vendor relationships must incorporate those onboarding elements as standard requirements of a larger enterprise-wide risk management process, lest the OCC surmise that your bank’s governance practices are insufficient to take heed of Bulletin 2013-29.

References

1     Activities Permissible for a National Bank, Cumulative, Comptroller of the Currency, Administrator of National Banks, 2011 Annual Edition, April 2012.

2      Third-Party Risk, OCC ADVISORY LETTER AL 2000–9, Comptroller of the Currency, Administrator of National Banks, August 29, 2000. (Subsequently rescinded by OCC Bulletin 2013-29)

3    Board and Management Responsibilities, IT Examination Handbook InfoBase, Federal Financial Institutions Examination Council.

4      12 USC 24 (Seventh), 371; 12 CFR 5.34.

5      Third-Party Risk, August 29, 2000. (Subsequently rescinded by OCC Bulletin 2013-29)

6      Ibid.

7      Ibid.

8  Bulletin 2013-29: Third-Party Relationships - Risk Management Guidance, Office of the Comptroller of the Currency, October 30, 2013.

9      “OCC Assesses $60 Million Penalty Against JPMorgan Chase, Orders Bank to Reimburse Consumers for Unfair Billing Practices,” Office of the Comptroller of the Currency, September 19, 2013.

10    “OCC Assesses $3 Million Penalty Against American Express Bank, F.S.B; Orders Restitution to Customers for Unfair Billing and Deceptive Marketing Practices,” Office of the Comptroller of the Currency, December 24, 2013.

11    Bulletin 2013-29, OCC, October 30, 2013.