Alston & Bird Consumer Finance Blog

#compliancemanagement

CFPB Seeks Permanent Enforcement – Will this Further its Repeat Offender Agenda?

By

What Happened?

On May 31, 2024, the Consumer Financial Protection Bureau (CFPB) sued student loan servicer Pennsylvania Higher Education Assistance Agency (PHEAA) for illegally collecting on student loans that have been discharged in bankruptcy and sending false information about consumers to credit reporting companies, in violation of the Consumer Financial Protection Act (CFPA) and the Fair Credit Reporting Act. As a result of PHEAA’s alleged practices, borrowers are forced to either pay debt they do not owe or risk being hit with negative information on their credit reports and default due to the purported non-payment. The CFPB’s lawsuit asks the court to order PHEAA to stop its illegal conduct, provide redress to borrowers it has harmed, and pay a civil penalty.

Notably, this lawsuit follows a prior complaint and proposed stipulated judgments filed by the CFPB against PHEAA and National Collegiate Student Loan Trusts (the Trusts) just 25 days earlier. The stipulated judgments filed by the CFPB on May 6, 2024, if approved (briefing to continue until at least June 28, 2024), would require the PHEAA and the Trusts to pay more than $5 million for student loan servicing failures, including failing to provide accurate information to borrowers and incorrectly denying forbearance requests. In addition to certain affirmative obligations, the Trusts are prohibited from directly or indirectly violating sections 1031 (prohibiting unfair, deceptive, abusive acts and practices) and 1036 (prohibiting violating a federal consumer financial law) of the CFPA with respect to certain borrower requests.

Why Is It Important?

The proposed stipulated judgments conspicuously lack one important feature – they do not provide for a termination date. While certain administrative provisions contain time limits (such as 5-year notification and recordkeeping requirements), the stipulated judgments effectively act as a permanent injunction against PHEAA and the Trusts. In other words, if, at any point in the future, PHEAA were to violate the Consumer Financial Protection Act, then PHEAA would be liable for violating the stipulated judgment – and, subsequently, at risk of being branded a “repeat offender” by the CFPB. Conveniently, just last week, the CFPB finalized a rule to establish a registry to detect and deter corporate offenders that have broken consumer laws and are subject to federal, state, or local government or court orders.

What Do I Need to Do?

Institutions within the CFPB’s jurisdiction should be aware of the CFPB’s actions and present any applicable legal defenses as to why an indefinite contract may be deemed unenforceable in court. Further, institutions should enhance their compliance management systems to mitigate risk and ensure they do not end up on the CFPB’s repeat offender list.

Iowa Adopts Mortgage Servicer Prudential Standards

By ,

What Happened?

Effective July 1, Iowa House File 2392 (the “Iowa Law”) enacts mortgage servicer prudential standards (codified in Chapter 535B of the Iowa Code) that largely follow those promoted by the Conference of State Bank Supervisors (“CSBS”).

As we have previously reported, the CSBS adopted model “State Regulatory Prudential Standards for Nonbank Mortgage Servicers” (the “CSBS Standards”) in 2021.  The CSBS Standards address financial condition and corporate governance requirements for certain mortgage servicers.

Why Is It Important?

Following the CSBS Standards, the Iowa Law’s requirements apply to a “covered institution.”  A “covered institution” services or subservices at least 2,000 residential mortgage loans (excluding whole loans owned and loans being interim serviced prior to sale) as of the most recent calendar year end as reported on the NMLS mortgage call report.  For entities within a holding company or an affiliated group of companies, the Iowa Law’s requirements apply at the covered institution level.

Financial Condition:

The Iowa Law requires a covered institution to meet specified financial condition standards. First, a covered institution must maintain capital and liquidity as set forth in new Section 535B.24.  Second, a covered institution must maintain written policies and procedures necessary to implement that section’s capital, operating liquidity, servicing liquidity requirements.

Third, a covered institution must maintain sufficient allowable assets for operating liquidity, in addition to amounts required for servicing liquidity.  Fourth, a covered institution must develop, establish, and implement written plans, policies and procedures, utilizing sustainable documented methodologies to maintain operating liquidity.  Finally, a covered institution must have a sound written cash management plan and a sound written business operating plan (commensurate with the entity’s complexity) that ensures normal business operations.

The financial condition standards do not apply to servicers that solely own or conduct servicing on reverse annuity mortgage loans, or to a covered institution’s  reverse annuity mortgage loan portfolio.

Corporate Governance:

The Iowa Law also requires a covered institution to comply with enumerated corporate governance requirements. First, a covered institution must establish and maintain a board of directors (or equivalent body).  The board’s responsibilities include: (a) establishing a written corporate governance framework that includes appropriate internal controls to monitor and assessing compliance with the corporate governance framework; (b)  monitoring and ensuring that the covered institution complies with the corporate governance framework and with the Iowa Law’s requirements; and (c) ensuring that the covered institution establishes and maintains a risk management program that identifies, measures, monitors, and controls risk commensurate with the covered institution’s size and complexity.

Second, new Section 535B.25 enumerates criteria for a covered institution’s risk management program (to include addressing the potential that a borrower or counterparty fails to perform on an obligation). Third, the Iowa Law requires a covered institution to undergo an annual external audit (including an evaluation of the entity’s internal control structure, a review of the entity’s annual financial statements of the company, and a computation of the entity’s tangible net worth).

Fourth, the Iowa law requires a covered institution to conduct an annual risk management assessment that concludes with a formal report to the board of directors. The risk management assessment must include findings and action taken to address each issue. Additionally, a covered institution must maintain ongoing documentation of risk management activities and include the documentation in its risk management assessment.

What Do I Need to Do?

Mortgage servicers subject to the Iowa Law should review the new standards and ensure that their business practices are compliant.  We will continue to monitor other states for adoption of their own versions of the CSBS Standards.