A View from the Field: Commonly Cited Violations
During outreach events with bankers, Federal Reserve System staff are often asked about the most commonly cited compliance violations. This information can alert bankers to potential risks at their own institutions. To generate awareness in the areas in which examiners routinely find violations, Outlook published an article in 2012 titled, “View from the Field: Commonly Cited Compliance Violations in 2011.” Because this is one of Outlook’s most popular articles and because it was published eight years ago, we are refreshing it with more recent examination data.
Based on a review of all of the Federal Reserve’s consumer compliance examinations conducted since the 2012 article was published, the most common violations are:
- Regulation B’s spousal signature requirements;
- Regulation H’s flood insurance purchase and force-placement requirements;
- Regulation Z’s finance charge requirements; and
- Fair Credit Reporting Act’s adverse action notice requirement.
Some of these violations, such as force-placed flood insurance, were discussed in the 2012 Outlook article. But examiners also found some new frequent violations, such as the flood insurance purchase requirements. This article discusses the top violations, the associated regulatory requirements, and the steps financial institutions may undertake to mitigate risks.
REGULATION B — EQUAL CREDIT OPPORTUNITY
The Equal Credit Opportunity Act (ECOA), as implemented by Regulation B, makes it unlawful for creditors to discriminate on a prohibited basis in any aspect of a credit transaction, including sex and marital status: 15 U.S.C. §1691(a); 12 C.F.R. §§1002.2(z), 4(a). In enacting the ECOA, Congress sought “to insure that the various financial institutions and other firms engaged in the extensions of credit exercise their responsibility to make credit available with fairness, impartiality, and without discrimination on the basis of sex or marital status.”1 Violations of the spousal signature requirements continue to be a common violation.
Spousal Signatures —12 C.F.R. §1002.7(d)
Regulatory Requirements
Section 7(d) of Regulation B generally provides that a creditor shall not require the signature of an applicant’s spouse who is not a joint applicant on any credit instrument if the applicant qualifies on his or her own, except in certain circumstances, including:
- When the spouse’s signature is necessary as a matter of state law to provide a secured creditor access to collateral in the event of default, or to give an unsecured creditor access to property otherwise relied upon in the event of death or default; or
- When the spouse is providing credit support because the primary applicant does not meet the creditor’s lending standards. However, when an additional party is needed, a creditor may not require that it be a spouse.
In the case of a joint application, the commentary to the regulation also states that a “person’s intent to be a joint applicant must be evidenced at the time of application.”2
Common Violations
Commercial and agricultural loans. In some cases, examiners have observed that violations occurred because a creditor had strong controls for consumer loans but not for commercial and agricultural loans. It is important to recognize that Regulation B applies to consumer and commercial credit because the definition of “credit” in Section 2(j) is not limited to consumer credit.3
State law. Some creditors have impermissibly required spousal signatures on credit instruments out of an “abundance of caution.” A creditor cannot require a spouse’s signature on a credit instrument unless one of the regulation’s exceptions applies, and “abundance of caution” is not one of them. If a creditor believes a spouse’s signature on an instrument is necessary under state law, the commentary to Regulation B states that the creditor should support and document this determination by “a thorough review of pertinent [state] statutory and decisional law or an opinion of the state attorney general.”4
Evidence of joint intent. To satisfy the intent requirement for joint applications, some creditors rely on a signed joint financial statement obtained at application as evidence of the applicants’ intent to apply for credit jointly. The commentary to Regulation B clarifies that “[t]he method used to establish intent must be distinct from the means used by individuals to affirm the accuracy of information. For example, signatures on a joint financial statement affirming the veracity of information are not sufficient to establish intent to apply for joint credit.”5 (Emphasis added.)
Compliance Risk Management
Lenders can take several steps to help mitigate the risk of a potential Regulation B spousal signature violation:
- Policies and procedures. At the time of application, lenders can document that spouses intended to apply for credit jointly by using the Regulation B model application form, which specifically contains a field to show joint intent: See Figure 1.
- Training. Lenders can provide regular training to ensure the staff understands Regulation B’s spousal signature requirements. Training in this particular aspect of Regulation B compliance is sometimes overlooked, especially when the staff has many years of experience or when lenders concentrate in commercial or agricultural lending.
- Risk monitoring and internal controls. Finally, lenders can conduct risk assessments, compliance reviews, and/or audits that include transaction testing for compliance with Section (7)(d). Where findings occur, financial institutions can consider working to understand the specific root causes and implementing practices to address the causes.
Regulation H — Flood Insurance
Under the Flood Disaster Protection Act of 1973 (FDPA), regulated lending institutions cannot extend real estate secured loans in areas at high risk for floods unless the borrower obtains flood insurance. See 42 U.S.C. §4012a(b)(1) and 12 C.F.R. §208.25(c)(1).
In addition, if a lender determines after origination that a covered loan has no insurance or insufficient insurance, the lender is required to notify the borrower and force-place insurance if the borrower fails to obtain sufficient flood insurance in a timely manner. See 42 U.S.C. §4012a(e) and 12 C.F.R. §208.25(g)(1).
Congress enacted this law because it was “acutely aware of the national need for a reliable and comprehensive flood insurance program to provide adequate indemnification for the loss of property and the disastrous personal loss suffered by victims of recurring flood disasters throughout the nation. … Floods have been, and continue to be, one of the most destructive national hazards facing the people of the United States.”6
Purchase of Flood Insurance — 12 C.F.R. §208.25(c)(1)
Regulatory requirements
Section 208.25(c)(1) states:
A [lender] shall not make, increase, extend, or renew any designated loan [a loan secured by property in a special flood hazard area located in a National Flood Insurance Program (NFIP) participating community] unless the building or mobile home and any personal property securing the loan is covered by flood insurance for the term of the loan. The amount of insurance must be at least equal to the lesser of the outstanding principal balance of the designated loan or the maximum limit of coverage available for the particular type of property under the Act.
Flood insurance coverage under the Act is limited to the building or mobile home and any personal property that secures a loan and not the land itself.
Common Violations
Examinations showed that this violation commonly occurred because the issuing bank did not have adequate controls, policies, and procedures for ensuring adequate flood insurance was in place prior to loan closing. For example, some lenders required flood insurance prior to loan consummation but did not have sufficient controls for ensuring coverage the proper amount was obtained.
Examiners also found violations occurred because lending staff did not understand the regulatory requirements and issues with third-party flood insurance vendors. In 2019, Outlook published an article “Vendor Management Considerations for Flood Insurance Requirements,” addressing vendor issues.7
Compliance Risk Management
To facilitate compliance with 12 C.F.R. §208.25(c)(1), a lender might consider integrating some or all of the following steps in its compliance management systems (CMS) to mitigate risk:
- Checklists. One practice is to use checklists during loan origination that address the proper timing of the Standard Flood Hazard Determination (SFHD) form and the purchase of adequate flood insurance where necessary.8 This checklist could contain a section in which the loan processor or lender can indicate that the SFHD has been received and where the processor can indicate whether flood insurance is required. The checklist also could contain the different minimum amounts of insurance, based on collateral type, and include a space for the loan processor or lender to write in the loan amount. These latter additions could make it easier for the processor to determine the correct amount of flood insurance required.
- Centralization. The degree to which an institution centralizes its compliance operations affects compliance risk. “Centralized activities may help limit risk by consolidating knowledge and processes in fewer locations. When centralized operations are handled effectively, the opportunity for error may decrease as a result.” Conversely, decentralizing compliance operations can increase compliance risk.9
- Secondary review. CMS also can be strengthened by implementing a secondary review to ensure all loans secured by a property located in a standard flood hazard area close with adequate flood insurance in place.
Force Placement — 12 C.F.R. §208.25(g)
Regulatory Requirements
The regulation (12 C.F.R. §208.25(g)) states that if at any time during the term of the loan a lender or its servicer determines that the collateral has less flood insurance coverage than is required by the federal agencies’ implementing regulations, it is required to notify the borrower to obtain the required insurance. If the borrower has not purchased the necessary flood insurance within 45 days after the notice was sent, the lender must purchase insurance on the borrower’s behalf.
A lender may comply with the force-placement requirement by purchasing a National Flood Insurance Policy or an appropriate private flood insurance policy in the amount required by the implementing regulations.
Common Violations
Examiners observed several common circumstances resulting in force-placement violations, including:
- FEMA remapped a property into a SFHA and the life-of-loan vendor failed to flag this; or the vendor flagged it and notified the bank, but the lender failed to timely act upon this change.
- The borrower let a policy lapse or reduced the amount of coverage below the required amount, and the lender failed to verify the policy was renewed in the correct amount.
- The lender discovered a violation but failed to send out the 45-day notice or sent the notice but failed to force-place insurance after 45 days.
- The loan staff did not understand the regulatory requirement for force-placement insurance.
Compliance Risk Management
Some steps lenders can undertake to help reduce the risk of force-placement violations include:
- FEMA changes to flood insurance maps. Many force-placement violations occurred when flood maps changed, but a lender was not aware of the changes affecting properties securing its loans. Hiring a reputable life-of-loan vendor and carefully monitoring communications from the vendor for remapped properties can reduce this risk.
- Monitoring, audit, and corrections. Introducing monitoring and audit programs can help to ensure a bank becomes aware when a property has no insurance or inadequate insurance. In addition, lenders may want to ensure they address any flood insurance issues identified during audit or compliance reviews in a timely manner and implement responsive procedures to ensure compliance going forward.
- Tickler systems. A lender can use a tickler system that provides notifications of flood insurance policies nearing renewal dates and generates notices to borrowers to provide proof that the policy was renewed in the proper amount. An additional sound practice is to assign more than one person to monitor the tickler system for backup.
- Training. A lender can provide training to the lending staff. Examiners see greater levels of compliance when all parties responsible for complying with procedures relative to flood insurance receive appropriate and regular training on their duties under the flood insurance provisions of Regulation H.
Regulation Z — Truth in Lending Act
Congress enacted the Truth in Lending Act (TILA) “to assure a meaningful disclosure of credit terms so that the consumer will be able to compare more readily the various credit terms available to him and avoid the uninformed use of credit, and to protect the consumer against inaccurate and unfair credit billing and credit card practices.”10 One of TILA’s primary goals is uniform credit cost disclosures. TILA is implemented by Regulation Z.
Understated Finance Charges — 12 C.F.R. §1026.18(d)
Regulatory requirements
To help achieve uniform credit costs disclosures, Regulation Z requires creditors to calculate and disclose the “finance charge,” as defined in 12 C.F.R. §1026.4(a):
The finance charge is the cost of consumer credit as a dollar amount. It includes any charge payable directly or indirectly by the consumer and imposed directly or indirectly by the creditor as an incident to or a condition of the extension of credit. It does not include any charge of a type payable in a comparable cash transaction.
For residential mortgage loans, calculating the finance charge can be challenging because a lender must determine which of its fees and charges are incidental to the extension of credit and would not be charged to cash customers and therefore qualify as finance charges.
The regulation also requires disclosure of prepaid finance charges, which are defined as “any finance charge paid separately in cash or by check before or at consummation of a transaction, or withheld from the proceeds of the credit at any time.”11 These typically occur in residential mortgages. For example, discount points paid at closing to lower the mortgage loan rate qualify as a prepaid finance charge.
Common Violations
A common Regulation Z violation is understating finance charges for closed-end residential mortgage loans by more than the $100 tolerance permitted under Section 18(d). Examination data indicated that this violation typically occurred because either the lender had insufficient knowledge of what constitutes a finance charge across varying circumstances or because of incorrect configuration or use of disclosure software. For example, one Report of Examination found that a bank did not subtract the origination fee from the amount financed, resulting in an understated finance charge disclosed to the customer. Examiners also found instances in which some prepaid charges — such as monthly guaranty payments, inspection fees, settlement and closing fees, and title fees — were not included in the finance charge, leading it to be understated by more than the $100 tolerance.
Another common violation was related to software platform deficiencies. In some instances, these platforms included default settings that erroneously allowed the loan processor to bypass the proper finance charge designation during the setup of required disclosures.
Compliance Risk Management
Lenders can take several steps to help mitigate the risk of a potential Regulation Z violation:
- Training. Many finance charge errors occurred because the staff did not understand the regulation’s technical provisions. Regular substantive training on finance charge definitions and disclosure requirements for loan processors and lenders would be beneficial. Outlook published an article in 2017 titled “Understanding Finance Charges for Closed-End Credit,” which reviewed the technical requirements in detail. Training that promotes an understanding of whether any particular charge meets the finance charge definition based on its purpose, rather than the name of the charge, can be especially helpful.
- Policies and procedures. Documents that provide visual representation of all of the lender’s applicable loan fees and the instances in which they are deemed prepaid finance charges can be particularly helpful. These types of documents give loan processors and lenders ready assistance with the nuances of each potential charge in each potential circumstance.
- Oversight of software. When lenders install new automated loan software, employees often need time to become accustomed to the software. To help prevent finance charge violations resulting from the transition to new software, lenders should account for the time needed to integrate new systems, and strengthen the monitoring, oversight, and auditing of these systems.
FAIR CREDIT REPORTING ACT
The Fair Credit Reporting Act (FCRA) regulates consumer credit reports, furnishers of credit information, and the consumer reporting agencies: 15 U.S.C. §1681a et seq.; 12 C.F.R. Part 1022. To help alert consumers to negative information in their credit report and its impact, the FCRA requires notices to consumers in certain circumstances.
Adverse Action Disclosure — 15 U.S.C. §1681m(a); FCRA Section 615(a)
Statutory Requirements
Section 615(a) of the FCRA requires that when a user of a consumer report takes adverse action against a consumer based in whole or part upon information in the report, the user must provide an adverse action notice to the consumer. If a credit score was relied on in taking the adverse action, the score must also be disclosed along with the consumer reporting agency from which the report was obtained as well as instructions on obtaining reports from the agency. Institutions often combine the FCRA adverse action disclosures with those required under Regulation B and the Equal Credit Opportunity Act when taking adverse action against a consumer.
Common Violations
Violations of FCRA’s adverse action notice requirements were more common in recent examinations than in examinations reviewed in the 2012 Outlook article. Many violations concerned failing to provide required disclosures such as credit score disclosures, range of credit scores, or information about the consumer reporting agency providing the consumer report. Section 1100F of the Dodd–Frank Wall Street Reform and Consumer Protection Act added credit score disclosure requirements for FCRA adverse action notices and risk-based pricing notices. This change did not become effective until August 15, 2011, and provides context for the increase in FCRA violations.12
Compliance Risk Management
Institutions can take several steps to help mitigate the risk of a potential FCRA violation:
- Oversight of software. Several examinations attributed the failure to include all required disclosures in adverse action notices to the bank’s disclosure software. The software relied on parameters to trigger disclosures, and the software parameters were incorrectly set so that mandatory information was not automatically generated and printed. Reviewing and validating the parameters can address this problem.
- Training, policies, and procedures. Similar to the violations discussed earlier, another root cause of the FCRA violation is that employees did not fully understand regulatory requirements. To ensure future compliance, the strategies for CMS enhancements described throughout this article apply here, too; namely, the use of training, policies, and procedures to ensure the bank provides the required FCRA disclosures.
- Checklists. The use of checklists to record (1) whether FCRA disclosures are required for the particular transaction, and (2) whether, when, by whom, and by what means such disclosures were provided to the applicant. This is more effective when checklists are part of a preclosing review.
- Audits and monitoring. As discussed for other common violations, internal audits or monitoring can also help prevent or identify violations.
CONCLUSION
This updated article on common violations identified by Federal Reserve System bank examiners revealed that some common violations identified in 2011 still persist, while new common violations also were found. Through awareness and training, a compliance officer can help ensure that the financial institution and its staff comply with consumer protection laws and regulations. These sound practices can help accomplish this, provided they are tailored to each institution’s specific challenges. Specific issues and questions should be raised with your primary regulator.
ENDNOTE
4 Comments 7(d)(2)-2 (unsecured credit) and 7(d)(4)-2 (secured credit).
6 See S. Rep. 93-583, p. 4.
7 Danielle Martinage, “Vendor Management Considerations for Flood Insurance Requirements,” Consumer Compliance Outlook (Issue 2 2019).
8 Doing so may result in a change of procedures, as well as for those institutions currently not using similar checklists.
9 See the Federal Reserve’s Consumer Compliance Handbook (December 2016), p. 9.
11 See 12 C.F.R. §1026.2(a)(23).
12 See 76 Federal Register 41602 (July 15, 2011).