Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On September 30, the HUD, Office of the Inspector General (HUD OIG) issued a follow-up study examining the information on mortgage loan servicers’ websites about the CARES Act loan forbearance provisions. As previously covered by InfoBytes, in April, HUD OIG issued consumer guidance noting that among the top 30 FHA mortgage servicers, information on forbearance options under the CARES Act was found to be incomplete, outdated, inconsistent, or unclear. On August 11, HUD OIG reviewed the “readily available” Covid-19 pandemic information on the websites of the same top 30 FHA mortgage servicers, noting that some of the servicers still provided misleading forbearance information. Among other things, HUD OIG found that certain mortgage servicers (i) did not offer clear information on the length of the initial forbearance period; (ii) did not make it clear that borrowers could qualify for forbearance extensions after the initial 180 day period; and (iii) did not clearly state that forbearance is an option for borrowers.
The Office of the Inspector General of the Federal Reserve Board, which provides independent oversight of both the Consumer Financial Protection Bureau and the Federal Reserve Board, issued a statement on Coronavirus pandemic oversight challenges. The statement identifies areas of focus for the OIG, including coordination between the Reserve Banks, data aggregation, and monitoring and tracing the unique features associated with specific programs (e.g., the Paycheck Protection Program). The OIG is also actively monitoring, among other things, measures taken to encourage financial institutions to lend consistent with specific lending programs and the extent to which pandemic response lending efforts reach intended recipients and communities. The OIG has also expanded testing of critical information technology systems and has broadened the scope of security reviews.
On April 28, the Department of Housing and Urban Development’s Office of Inspector General issued a bulletin outlining Federal Housing Administration guidance to servicers and borrowers regarding implementing the forbearance requirements of the CARES Act. The office issued the bulletin based on a review of information that the top 30 FHA mortgage servicers provide on their websites, which the office found to be incomplete, outdated, inconsistent, or unclear.
On October 8, the Department of Veterans Affairs (VA) announced that it completed its home loan funding fee refund initiative, returning more than $400 million to VA borrowers. As previously covered by InfoBytes, in June the VA Office of the Inspector General (OIG) issued a report concluding that the VA improperly charged exempt veterans VA home loan funding fees. The OIG recommended that the VA develop a plan to, among other things, identify exempt veterans who were inappropriately charged funding fees and issue refunds. The VA reviewed nearly 20 years of loan originations, and identified 130,000 loans for potential refunds. VA notes that most fees were charged correctly, except for veterans whose exemption status changed after the closing of their loan. VA also announced changes to its program, in order to provide veterans with “the most up-to-date information possible on a Veteran’s funding fee exemption status,” including (i) enhancements to communications to veterans regarding the loan funding fee; (ii) new policy guidance directing lenders to inquire about a veteran’s disability claim status during the underwriting process; (iii) instructing lenders to obtain an updated Certificate of Eligibility for a veteran within three days of closing, if there was a disability claim pending; (iv) and procedural changes to ensure regulator internal oversight of funding fee activities.
On June 6, the Department of Veteran’s Affairs (VA) Office of the Inspector General (OIG) issued a report concluding that the VA improperly charged exempt veterans VA home loan funding fees. According to the OIG, from 2012 through 2017, the VA charged approximately 72,900 exempt veterans around $286.4 million in funding fees, which represents 3 percent of the total amount of funding fees collected during that time. The OIG reports that, while the Certificate of Eligibility (COE) that the VA produces is intended to assist lenders in identifying the exempt veterans, “many COEs reflected an outdated, incorrect, or missing exemption status resulting in veterans being incorrectly charged a funding fee.”
Additionally, the OIG found that the VA does not have a policy in place to identify and issue refunds for inappropriate funding fee charges. Currently the VA relies on the veterans to contact the VA and file a claim for a refund, although the VA has not published a standard form for the request. Based on the findings, the OIG recommends that the VA develop a plan to (i) identify exempt veterans who were inappropriately charged funding fees and issue refunds; (ii) create system enhancements or procedural changes that minimize inappropriate funding fee charges; (iii) conduct periodic reviews to identify exempt veterans charged funding fees from January 1, 2018, forward and issue refunds in a timely manner; and (iv) consistently obtain documentation and verify lenders apply the funding fee refunds to loan balances in a timely manner.
On April 16, the FDIC’s Office of Inspector General (OIG) released its Special Inquiry Report—“The FDIC’s Response, Reporting, and Interactions with Congress Concerning Information Security Incidents and Breaches”—which contains findings from an examination of the FDIC’s practices and policies related to data security, incident response and reporting, and Congressional interactions. The Special Inquiry Report is the culmination of a request made by the former Chairman of the Senate Committee on Banking, Housing, and Urban Affairs in 2016, and focuses on the circumstances surrounding eight information security incidents that occurred in 2015 and 2016—seven of which involved personally identifiable information and constituted data breaches. An eighth incident involved the removal of “highly sensitive components of resolution plans submitted by certain large systemically important financial institutions without authorization” by a departing FDIC employee.
According to the report, the OIG asserts that, among other things, the FDIC failed to (i) put in place a “comprehensive incident response program and plan” to handle security incidents and breaches; (ii) clearly document risk assessments and decisions associated with data incidents; (iii) fully consider the range of impacts on bank customers whose information was compromised; (iv) promptly notify consumers when an incident occurred and did not adequately consider notifications as a separate decision from whether it would provide credit monitoring services; (v) for at least one incident, failed to convey the seriousness of the breach; and (vi) provide timely, accurate, and complete responses to Congressional requests to gather information about how the agency was handling the incidents.
As a result of these findings, the OIG presented recommendations and timeframes for the FDIC to “address the systemic issues.” Recommendations include: (i) clearly defining roles and responsibilities within the FDIC Breach Response Plan, and establishing procedures “consistent with legal, regulatory, and/or operational requirements for records management”; (ii) establishing a separation between consumer breach notifications and the offer of credit monitoring services; (iii) adhering to established timeframes for reporting incidents to FinCEN when suspicious activity report information has been compromised; (iv) conducting an annual review of the Breach Response Plan to confirm that that the guidance has been consistently followed during the preceding year; (v) developing guidance and training to ensure that employees and contractors are fully aware of the legal consequences of removing any sensitive information from FDIC premises before they depart; (vi) ensuring that FDIC policies, procedures, and practices result in complete, accurate statements and representations to Congress, and updating and correcting prior statements and representations as necessary; (vii) clarifying “legal hold policies and processes”; and (viii) specifying that the Office of Legislative Affairs is responsible for “providing timely responses to Congressional requests and communicating with Congressional staff regarding those requests.”
The FDIC concurred with the recommendations and has completed corrective actions for two, with plans to address the remaining recommendations between June and December of this year. The FDIC has also agreed to keep the OIG informed of the progress made to address the identified performance issues.
On December 6, the FDIC’s Office of Inspector General (OIG) released an evaluation report to examine how the agency implements certain consumer protection rules concerning consumers’ ability to repay mortgage loans and limits for loan originator compensation. The OIG report, FDIC’s Implementation of Consumer Protection Rules Regarding Ability to Repay Mortgages and Compensation for Loan Originators (EVAL-18-001), focused on the FDIC’s Division of Depositor and Consumer Protection (DCP), which is responsible for implementing the Ability to Repay/Qualified Mortgage (ATR/QM) and Loan Originator rules and tracking violations of the rules. The report found that the DCP “incorporated these rules into its examination program, trained its examiners, and communicated regulatory changes to FDIC-supervised institutions.” However, based on a sample of 12 examinations, the OIG also determined that examination workpapers generally needed improvement, finding (i) inconsistent documentation by examiners on decisions to exclude compliance testing for the ATR/QM and Loan Originator rules, and (ii) in certain circumstances, incomplete, incorrect, or improperly stored examiners’ workpapers, “which would preclude someone independent of the examination team from fully understanding examination findings and conclusions, based on the workpapers alone.”
OIG further noted that, because DCP’s examination practices did not include tracking the number of institutions subject to the rules or recording how frequently examiners tested for compliance, any identified variances among the FDIC’s six regional offices could not be assessed for significance due to lack of context.
As a result of these findings, the OIG made several recommendations for the DCP to strengthen its compliance examination process, including:
- “research potential reasons for the regional variances in the number of rule violations by banks in the FDIC’s six regional offices”;
- “track the aggregate number of FDIC-supervised institutions in each region that are subject to the rules”;
- “track how often examiners test for compliance with the rules”; and
- ‘‘take steps to improve workpaper documentation and retention.”
The DCP agreed to implement these recommendations June 30, 2018.
HUD IG Blames Ginnie Mae for Inadequate Supervision; HUD IG Concludes HUD Did Not Follow Requirements When Forgiving Debts
On September 21, the HUD Inspector General (IG) released an audit report of Ginnie Mae’s oversight of nonbanks in the mortgage servicing industry. The report found that Ginnie Mae did not adequately respond to the growth in its nonbank issuer base; a base, the report notes, that tends to have more complex financial and operating structures than banking institutions. The IG found, among other things, that Ginnie Mae may not be prepared to identify problems with nonbank issuers prior to default, requiring additional funds from the U.S. Treasury to pay back investors in the event of a large default.
On the same day, the IG also announced a report which found that HUD did not always follow applicable requirements when forgiving debts and terminating debt collections. The report determined that HUD’s review process for evaluating debt forgiveness or collection termination was not thorough enough to ensure that statutory, regulatory, and policy requirements associated with this process were met—such as ensuring DOJ approval was obtained when required.
OIG Report: Potential for Improvement Within CFPB Examiner Commissioning and On-the-Job Training Programs
On September 20, the Office of Inspector General (OIG) for the CFPB issued findings in a report entitled The CFPB Can Enhance the Effectiveness of Its Examiner Commissioning Program and On-the-Job Training Program (the Report) stemming from an evaluation to assess the Bureau’s effectiveness when designing, implementing, and executing these two programs.
Examiner Commissioning Program (ECP). The Report found that, despite efforts to enhance the program since it began in 2014, the CFPB's Supervision Learning and Development Division (SL&D)—which is responsible for examiner training—presented several areas in need of improvement, including: (i) where examiners appeared to pursue commissioning before being fully prepared or required multiple attempts to pass commissioning components, which in turn affected the number of examiners available for examinations; (ii) where examiners commenced components of the ECP, despite inadequate training, developmental opportunities, or exposure to certain internal processes; (iii) findings that SL&D lacked a formal method for evaluating and updating the ECP, thus reducing opportunities to identify potential areas for improvement; (iv) inconsistent delivery of ECP requirements to prospective employees; and (v) a lack of clarity on when the start of the five-year time requirement begins for examiners trying to obtain their commissioning, which can create the risk of examiners moving through the ECP before being ready.
On-the-Job Training Program (OJT). The OIG also identified areas for improvement in the CFPB’s implementation of the OJT program. Specifically, the OIG found that due to inconsistent implementation of the OJT program, examiners are unable to clearly understand the program’s requirements and expectations.
Recommendations. The OIG presented the following recommendations: (i) issue guidance documenting an examiner’s readiness, including recommendations from regional management; (ii) update ECP guidance to better prepare examiners in understanding the program’s requirements, including the starting point of the five-year requirement; (iii) implement a formal method to evaluate the ECP program; (iv) develop guidelines for applicants of the ECP program; and (v) reassess the OJT program timeline for module development, communicate guidelines effectively at all regional offices, and develop guidelines for OJT program expectations.
On July 14, the HUD Office of Inspector General (HUD-OIG) published a report on HUD’s rulemaking process for its single-family note sales program, now referred to as the Distressed Asset Stabilization Program (DASP), under which HUD has sold more than 108,000 notes with over $18 billion in unpaid principal balances. According to the report, HUD-OIG conducted an audit to determine whether HUD adhered to open public rulemaking requirements when it implemented the program. The report concluded that while HUD issued an advance notice of proposed rulemaking in 2006, it did not finalize the comment process or prepare the program for a final rule. The report further stated that there was a lack of formal guidance and procedures for the program, stating that “[s]ince its inception, HUD has issued 31 enhancements, or changes, to its single-family note sales program . . . [but does not have] a handbook or guidebook that establishe[s] its formal requirements or policies for the administration of the program.”
As a result, HUD-OIG recommended that HUD (i) “[c]omplete the rulemaking process for [its] single-family note sales program,” and (ii) “[d]evelop and implement formal procedures and guidance for the note sales program.”
- Jonice Gray Tucker to moderate “Pandemic relief response and lasting impacts on access, credit, banking, and equality” at the American Bar Association Business Law Section Spring Meeting
- Jeffrey P. Naimon to discuss "Post-pandemic CFPB exam preparation" at the Mortgage Bankers Association Spring Conference & Expo
- Jonice Gray Tucker to discuss "Making fair lending work for you" at the Mortgage Bankers Association Spring Conference & Expo
- Jonice Gray Tucker to discuss "Reading the tea leaves of President Biden’s initial financial appointees" at LendIt Fintech
- Moorari K. Shah to discuss “CA, NY, federal licensing and disclosure” at the Equipment Leasing & Finance Association Legal Forum
- Jonice Gray Tucker to discuss "Compliance under Biden" at the WSJ Risk & Compliance Forum
- Sherry-Maria Safchuk to discuss UDAAP at an American Bar Association webinar
- Jonice Gray Tucker to discuss “The future of fair lending” at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference