Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On November 28, the OIG for the FDIC delivered a material loss review report. The report’s objectives were twofold: first, to determine why a bank’s issues led to a material loss to the deposit insurance fund; and second, to review the FDIC’s supervision of the bank and make recommendations to prevent similar losses in the future.
The report outlined 11 recommendations for the FDIC to implement so it can improve its supervision process over the banking sector. The recommendations include: (i) to evaluate if and why banks may wait to issue CAMELS ratings downgrades until they issue a Report of Examination; (ii) to identify whether the training curriculum should be adjusted to emphasize why timely ratings changes are important; (iii) to review FDIC examination guidance to determine if enhancements are necessary to highlight when a bank’s practices do not align with its policies, and make recommendations; (iv) to evaluate and update examination guidance to require supervisory actions when it violates its risk-appetite statement metrics; (v) to comprehensively review the FDIC manual for any updates to the examination guidance pertinent to evaluating the stability of uninsured deposits; (vi) to comprehensively review the FDIC manual to determine if any updates are required to the examination guidance pertinent to banks’ deposit outflow assumptions for liquidity stress testing; (vii) to revisit examination guidance to determine if any updates are required for monitoring other banks, horizontally, for similar risk characteristics; (viii) to revisit examination guidance to determine if any updates are required regarding incorporating shared risk characteristics that lead to risk in the FDIC’s supervisory approach; (ix) to explore research methods to monitor large bank reputational risk; (x) to evaluate if Chief Risk Officers should place more consideration on unrealized losses and declines in fair value; and (xi) to work with other federal regulators on evaluating necessary rule changes, such as the adoption of noncapital triggers.
On September 21, FHFA Office of Inspector General (OIG) released a report on Federal Home Loan Bank Supervisory Activities in 2023 in Response to Market Disruptions (report), to evaluate the Division of Federal Home Loan Bank Regulation (DBR) risk assessment. DBR is responsible for supervising the Federal Home Loan (FHL) Bank System “to ensure the safe and sound operation of FHL banks.” The OIG addressed March bank failures and how the DBR scrutinized the FHL banks’ member credit risk management practices and, more broadly, into the system’s role in lending to troubled members. The report found that DBR examiners, in response to the increased risk environment, adjusted its supervisory activities and examination planning. Additionally, the OIG noted that DBR intends to conduct a comprehensive assessment of credit risk management across the entire FHL bank system to address concerns regarding systemic vulnerabilities. The report also revealed that in the review of examiner compliance, although DBR mostly followed procedure and requirements, “in certain instances, examiners did not describe primary worksteps in their pre-examination analysis memoranda, as required by DBR procedures.”
According to the report, FHFA also ordered an assessment of six FHL banks during or after the March market disruption, “in response to the abrupt increase in demand for FHLBank advances and the collapse of several member banks.” The report notably revealed that home loan banks’ credit risk management “fail[ed] to meet existing expectations.” As a result, DBR is preparing a supervisory letter for all the FHL banks and an advisory bulletin on member credit risk.
On September 30, the HUD, Office of the Inspector General (HUD OIG) issued a follow-up study examining the information on mortgage loan servicers’ websites about the CARES Act loan forbearance provisions. As previously covered by InfoBytes, in April, HUD OIG issued consumer guidance noting that among the top 30 FHA mortgage servicers, information on forbearance options under the CARES Act was found to be incomplete, outdated, inconsistent, or unclear. On August 11, HUD OIG reviewed the “readily available” Covid-19 pandemic information on the websites of the same top 30 FHA mortgage servicers, noting that some of the servicers still provided misleading forbearance information. Among other things, HUD OIG found that certain mortgage servicers (i) did not offer clear information on the length of the initial forbearance period; (ii) did not make it clear that borrowers could qualify for forbearance extensions after the initial 180 day period; and (iii) did not clearly state that forbearance is an option for borrowers.
The Office of the Inspector General of the Federal Reserve Board, which provides independent oversight of both the Consumer Financial Protection Bureau and the Federal Reserve Board, issued a statement on Coronavirus pandemic oversight challenges. The statement identifies areas of focus for the OIG, including coordination between the Reserve Banks, data aggregation, and monitoring and tracing the unique features associated with specific programs (e.g., the Paycheck Protection Program). The OIG is also actively monitoring, among other things, measures taken to encourage financial institutions to lend consistent with specific lending programs and the extent to which pandemic response lending efforts reach intended recipients and communities. The OIG has also expanded testing of critical information technology systems and has broadened the scope of security reviews.
On April 28, the Department of Housing and Urban Development’s Office of Inspector General issued a bulletin outlining Federal Housing Administration guidance to servicers and borrowers regarding implementing the forbearance requirements of the CARES Act. The office issued the bulletin based on a review of information that the top 30 FHA mortgage servicers provide on their websites, which the office found to be incomplete, outdated, inconsistent, or unclear.
On October 8, the Department of Veterans Affairs (VA) announced that it completed its home loan funding fee refund initiative, returning more than $400 million to VA borrowers. As previously covered by InfoBytes, in June the VA Office of the Inspector General (OIG) issued a report concluding that the VA improperly charged exempt veterans VA home loan funding fees. The OIG recommended that the VA develop a plan to, among other things, identify exempt veterans who were inappropriately charged funding fees and issue refunds. The VA reviewed nearly 20 years of loan originations, and identified 130,000 loans for potential refunds. VA notes that most fees were charged correctly, except for veterans whose exemption status changed after the closing of their loan. VA also announced changes to its program, in order to provide veterans with “the most up-to-date information possible on a Veteran’s funding fee exemption status,” including (i) enhancements to communications to veterans regarding the loan funding fee; (ii) new policy guidance directing lenders to inquire about a veteran’s disability claim status during the underwriting process; (iii) instructing lenders to obtain an updated Certificate of Eligibility for a veteran within three days of closing, if there was a disability claim pending; (iv) and procedural changes to ensure regulator internal oversight of funding fee activities.
On June 6, the Department of Veteran’s Affairs (VA) Office of the Inspector General (OIG) issued a report concluding that the VA improperly charged exempt veterans VA home loan funding fees. According to the OIG, from 2012 through 2017, the VA charged approximately 72,900 exempt veterans around $286.4 million in funding fees, which represents 3 percent of the total amount of funding fees collected during that time. The OIG reports that, while the Certificate of Eligibility (COE) that the VA produces is intended to assist lenders in identifying the exempt veterans, “many COEs reflected an outdated, incorrect, or missing exemption status resulting in veterans being incorrectly charged a funding fee.”
Additionally, the OIG found that the VA does not have a policy in place to identify and issue refunds for inappropriate funding fee charges. Currently the VA relies on the veterans to contact the VA and file a claim for a refund, although the VA has not published a standard form for the request. Based on the findings, the OIG recommends that the VA develop a plan to (i) identify exempt veterans who were inappropriately charged funding fees and issue refunds; (ii) create system enhancements or procedural changes that minimize inappropriate funding fee charges; (iii) conduct periodic reviews to identify exempt veterans charged funding fees from January 1, 2018, forward and issue refunds in a timely manner; and (iv) consistently obtain documentation and verify lenders apply the funding fee refunds to loan balances in a timely manner.
On April 16, the FDIC’s Office of Inspector General (OIG) released its Special Inquiry Report—“The FDIC’s Response, Reporting, and Interactions with Congress Concerning Information Security Incidents and Breaches”—which contains findings from an examination of the FDIC’s practices and policies related to data security, incident response and reporting, and Congressional interactions. The Special Inquiry Report is the culmination of a request made by the former Chairman of the Senate Committee on Banking, Housing, and Urban Affairs in 2016, and focuses on the circumstances surrounding eight information security incidents that occurred in 2015 and 2016—seven of which involved personally identifiable information and constituted data breaches. An eighth incident involved the removal of “highly sensitive components of resolution plans submitted by certain large systemically important financial institutions without authorization” by a departing FDIC employee.
According to the report, the OIG asserts that, among other things, the FDIC failed to (i) put in place a “comprehensive incident response program and plan” to handle security incidents and breaches; (ii) clearly document risk assessments and decisions associated with data incidents; (iii) fully consider the range of impacts on bank customers whose information was compromised; (iv) promptly notify consumers when an incident occurred and did not adequately consider notifications as a separate decision from whether it would provide credit monitoring services; (v) for at least one incident, failed to convey the seriousness of the breach; and (vi) provide timely, accurate, and complete responses to Congressional requests to gather information about how the agency was handling the incidents.
As a result of these findings, the OIG presented recommendations and timeframes for the FDIC to “address the systemic issues.” Recommendations include: (i) clearly defining roles and responsibilities within the FDIC Breach Response Plan, and establishing procedures “consistent with legal, regulatory, and/or operational requirements for records management”; (ii) establishing a separation between consumer breach notifications and the offer of credit monitoring services; (iii) adhering to established timeframes for reporting incidents to FinCEN when suspicious activity report information has been compromised; (iv) conducting an annual review of the Breach Response Plan to confirm that that the guidance has been consistently followed during the preceding year; (v) developing guidance and training to ensure that employees and contractors are fully aware of the legal consequences of removing any sensitive information from FDIC premises before they depart; (vi) ensuring that FDIC policies, procedures, and practices result in complete, accurate statements and representations to Congress, and updating and correcting prior statements and representations as necessary; (vii) clarifying “legal hold policies and processes”; and (viii) specifying that the Office of Legislative Affairs is responsible for “providing timely responses to Congressional requests and communicating with Congressional staff regarding those requests.”
The FDIC concurred with the recommendations and has completed corrective actions for two, with plans to address the remaining recommendations between June and December of this year. The FDIC has also agreed to keep the OIG informed of the progress made to address the identified performance issues.
On December 6, the FDIC’s Office of Inspector General (OIG) released an evaluation report to examine how the agency implements certain consumer protection rules concerning consumers’ ability to repay mortgage loans and limits for loan originator compensation. The OIG report, FDIC’s Implementation of Consumer Protection Rules Regarding Ability to Repay Mortgages and Compensation for Loan Originators (EVAL-18-001), focused on the FDIC’s Division of Depositor and Consumer Protection (DCP), which is responsible for implementing the Ability to Repay/Qualified Mortgage (ATR/QM) and Loan Originator rules and tracking violations of the rules. The report found that the DCP “incorporated these rules into its examination program, trained its examiners, and communicated regulatory changes to FDIC-supervised institutions.” However, based on a sample of 12 examinations, the OIG also determined that examination workpapers generally needed improvement, finding (i) inconsistent documentation by examiners on decisions to exclude compliance testing for the ATR/QM and Loan Originator rules, and (ii) in certain circumstances, incomplete, incorrect, or improperly stored examiners’ workpapers, “which would preclude someone independent of the examination team from fully understanding examination findings and conclusions, based on the workpapers alone.”
OIG further noted that, because DCP’s examination practices did not include tracking the number of institutions subject to the rules or recording how frequently examiners tested for compliance, any identified variances among the FDIC’s six regional offices could not be assessed for significance due to lack of context.
As a result of these findings, the OIG made several recommendations for the DCP to strengthen its compliance examination process, including:
- “research potential reasons for the regional variances in the number of rule violations by banks in the FDIC’s six regional offices”;
- “track the aggregate number of FDIC-supervised institutions in each region that are subject to the rules”;
- “track how often examiners test for compliance with the rules”; and
- ‘‘take steps to improve workpaper documentation and retention.”
The DCP agreed to implement these recommendations June 30, 2018.
HUD IG Blames Ginnie Mae for Inadequate Supervision; HUD IG Concludes HUD Did Not Follow Requirements When Forgiving Debts
On September 21, the HUD Inspector General (IG) released an audit report of Ginnie Mae’s oversight of nonbanks in the mortgage servicing industry. The report found that Ginnie Mae did not adequately respond to the growth in its nonbank issuer base; a base, the report notes, that tends to have more complex financial and operating structures than banking institutions. The IG found, among other things, that Ginnie Mae may not be prepared to identify problems with nonbank issuers prior to default, requiring additional funds from the U.S. Treasury to pay back investors in the event of a large default.
On the same day, the IG also announced a report which found that HUD did not always follow applicable requirements when forgiving debts and terminating debt collections. The report determined that HUD’s review process for evaluating debt forgiveness or collection termination was not thorough enough to ensure that statutory, regulatory, and policy requirements associated with this process were met—such as ensuring DOJ approval was obtained when required.