Financial Services Law

CFPB Releases Final Rule for Nonbank Auto Lenders Oversight

Why it matters

The Consumer Financial Protection Bureau (CFPB) released its final rule providing oversight of larger participants in the nonbank auto-financing ecosystem, along with examination procedures for covered entities, making the significant expansion of its supervision official. The final version largely mirrors the Bureau’s September 2014 proposal: the CFPB will supervise nonbank auto finance companies with at least 10,000 aggregate annual originations (including making, purchasing, acquiring, or refinancing extensions of credit for the purchase or lease of a car) to ensure compliance with the Equal Credit Opportunity Act (ECOA), the Truth in Lending Act, the Consumer Leasing Act, and the Dodd-Frank Wall Street Reform and Consumer Protection Act’s prohibition on unfair, deceptive, or abusive acts or practices. This authority will reach roughly 34 entities and affiliates, the Bureau estimated, or about 90 percent of the nonbank automobile financing market. For those market participants now subject to the CFPB’s oversight, the agency indicated areas of focus for examiners, including the marketing and disclosure of terms in auto financings, credit reporting practices and accuracy, the treatment of consumers when collecting debts (both directly and using third-party vendors), and fair lending under the ECOA. Enforcement begins 60 days after publication in the Federal Register. Other large nonbank consumer financial service providers that have become subject to CFPB supervision (and, in particular, examination), including large credit bureaus and debt collectors, have found the CFPB examination process challenging, and nonbank auto lenders likely will have a similar experience.

Detailed discussion

The Dodd-Frank Wall Street Reform and Consumer Protection Act provided the Consumer Financial Protection Bureau (CFPB) with the power to regulate “larger participants” in consumer financial markets in addition to those directly covered by the Bureau’s mandate (such as mortgage lending).

In September 2014, the CFPB issued a proposed rule to implement this authority to supervise large nonbank auto lenders.

As finalized, the Bureau defined “larger participants” as those that originate 10,000 or more auto loans and leases in a year. To reach the 10,000 threshold of “annual originations,” an entity must include credit granted for the purpose of purchasing a covered automobile; refinancings of such credit obligations; purchases or acquisitions of such credit obligations or refinancings; and automobile leases and purchases or acquisitions of automobile leases.

Title loans and loan securitization purchases and related activities are not included in the calculus. Loans and leases on motor homes, recreational vehicles, golf carts, and motor scooters are exempt, as are loans and leases for business purposes.

Only minor changes were made from the September proposal, with a tweak to the definition of refinancing for the purpose of the 10,000 threshold and an expansion of the category of transactions involving asset-backed securities that are not counted toward the threshold.

The Bureau estimated that the rule will generate oversight of 90 percent of nonbank auto loans and leases through the regulation of about 34 finance companies that provide financing to 6.8 million consumers.

Why the need for supervision over such entities for the first time? According to the CFPB, by extending its oversight beyond auto loans at the largest banks and credit unions, it will “ensure that auto finance companies are following the law” in the $900 billion market. “Auto leases and loans are among the most significant and complex financial transactions in a typical consumer’s life,” CFPB Director Richard Cordray said in a statement about the final rule. “Today’s rule will help ensure that larger auto finance companies treat consumers fairly.”

Along with the new rule, the CFPB released an updated Supervisory and Examination Manual, noting specific areas of focus for examiners. Those auto finance companies that market directly to consumers will be scrutinized “to ensure that consumers understand the terms they are getting,” the Bureau said, and that the companies are not engaging in deceptive tactics to market loans or leases.

Citing an enforcement action brought last year against an auto financing company that allegedly knowingly provided inaccurate information to credit reporting agencies about consumers’ payment history and delinquency status, the Bureau cautioned that auto finance companies now under supervision must provide accurate data to credit bureaus.

Other areas of focus for CFPB enforcement: ensuring that covered entities are complying with the fair lending requirements found in the ECOA and other laws protecting consumers and assessing whether auto finance companies are using legal tactics to collect debts. Collections and repossession should be based on accurate information and legal processes, the Bureau said, regardless of whether the auto finance company itself or a third party is doing the collection and/or repossessing. And based on past enforcement history, the CFPB is likely to take a close look at add-on products offered and frequently financed through auto credit, including vehicle service agreements.

To read the CFPB’s final rule, click here.

To read the Examination Procedures for Auto Finance, click here.

back to top

BSA, AML Failures by West Virginia Bank Yield FDIC, FinCEN, DOJ Actions

Why it matters

In a coordinated effort, the U.S. government identified another “poster child” to demonstrate its continued vigilance and earnestness in pursuing lax BSA/AML procedures and oversight and violations of law. In this instance, a very small West Virginia bank was assessed a very large penalty for its failures. In concurrent actions against West Virginia’s Bank of Mingo, the Financial Crimes Enforcement Network assessed a civil money penalty of $4.5 million, the Department of Justice settled criminal charges with a deferred prosecution agreement providing for $2.2 million in asset forfeiture, and the Federal Deposit Insurance Corporation assessed $3.5 million in civil penalties. According to the regulators, the bank committed violations of the Bank Secrecy Act (BSA) as well as anti-money laundering (AML) laws and regulations by failing to implement an effective BSA/AML compliance program over an “extended period of time,” resulting in “unacceptable risk” in terms of illicit financial transactions. Bank of Mingo also intentionally failed to file required currency transaction reports and neglected to file suspicious activity reports, the regulators said, allowing more than $9.2 million in structured and otherwise suspicious cash transactions to pass through the financial institution unreported. The $2.2 million forfeiture offsets portions of both of the other penalties; the remaining $2.3 million will be paid to the Treasury.

Detailed discussion

Bank Secrecy Act (BSA) and anti-money laundering (AML) failures continue to trip up banks across the country. In the latest example, the Department of Justice (DOJ), the Federal Deposit Insurance Corporation (FDIC), and the Financial Crimes Enforcement Network of the U.S. Treasury (FinCEN) brought concurrent actions against a small bank in West Virginia.

Headquartered in Williamson, West Virginia, the Bank of Mingo has six branches and a total of 48 employees, with $93.879 million in assets as of December 31, 2014. The bank also had systemic BSA and AML violations, the regulators said.

Based on the bank’s failure to establish and maintain BSA/AML and customer due diligence programs, Mingo’s deficiencies “led to its failure to monitor, detect and report suspicious activity and to timely file currency transaction reports,” according to FinCEN’s Assessment of Civil Money Penalty order.

FinCEN highlighted four areas where the bank “willfully violated” its obligations from 2008 through the end of 2013: the failure to implement an adequate AML program; the failure to develop and implement an adequate customer identification program; the failure to identify and adequately report currency transactions; and the failure to detect and adequately report suspicious transactions.

Mingo had an AML program in place, but it lacked a customer identification program appropriate for its size and business, FinCEN said, and had insufficient internal controls. For example, although the bank used a software system to monitor its accounts for unusual activity, it did not use the system to detect and report suspicious activity. Also, Mingo did not properly rate its customers and their respective accounts, leaving the bank unable to monitor high-risk individuals.

Although Mingo designated a BSA Officer, the employee was also assigned multiple non-BSA responsibilities, leaving him unable to adequately fulfill his BSA obligations. Training for bank employees was “ineffective,” and independent testing on the bank’s AML program neglected to consider many of the appropriate controls needed.

Turning to Mingo’s Customer Identification Program, FinCEN determined it was inadequate and failed to meet even the most basic requirements. At a minimum, financial institutions are required to obtain a customer’s name, date of birth, and a residential or business street address when a new account is opened. A review of Mingo’s opening account documentation revealed that 26 percent of the accounts were opened with a P.O. Box instead of the required physical street address.

Also on the bank’s list of failures: neglecting to file currency transaction reports (CTRs). During the relevant time period, Mingo failed to file 619 CTRs in violation of the BSA and its implementing regulations, FinCEN charged. Of the 619, 438 were related to a single corporate customer, who was allowed to open a $50,000 line of credit. The account was used for payroll and bank employees would prepare cashier’s checks for the corporate customer’s workers. Over a four-year period, the corporate customer made 981 cash withdrawals averaging $9,417, just under the $10,000 currency reporting requirements, totaling over $9.2 million.

“Despite the high volume of unusual cash transactions conducted by the corporate customer, Mingo failed to timely file 438 CTRs relating to the cash intensive transactions and structured transactions conducted through the bank,” FinCEN said.

Compounding the problem: the BSA Officer monitored such activity through handwritten teller logs, “an inadequate control given the volume of cash activity going through the bank.”

Finally, the regulator found that Mingo failed to file suspicious activity reports (SARs) for a high volume of cash transactions with no apparent lawful purpose designed to evade BSA reporting requirements. In addition to the corporate customer referenced in the bank’s CTR failures, two other customers also demonstrated unusual transaction patterns that should have raised significant red flags for the bank, FinCEN said. One of the customers opened an account using a P.O. Box address and then made frequent and unusually large cash deposits and withdrawals; in one quarter in 2013, the cashed checks totaled $431,000.

For these willful violations of the AML requirements of the BSA, FinCEN assessed Mingo a civil penalty of $4.5 million. The penalty runs concurrent with the FDIC’s $3.5 million penalty, of which $2.2 million is concurrent with the amount forfeited pursuant to the deferred prosecution agreement with the U.S. Attorney’s Office for the Southern District of West Virginia.

To reach the deal with the DOJ, Mingo admitted that it failed to establish an effective AML program and that a bank employee facilitated structured transactions to evade the filing of CTRs. Although the bank was aware of the structuring scheme, it failed to file either the requisite CTRs or SARs, it acknowledged.

The bank was ordered to pay the remaining $2.3 million to the U.S. Treasury.

To read the FDIC’s Order to Pay, click here.

To read FinCEN’s Assessment of Civil Money Penalty, click here.

back to top

Go Online, Young Man: Goldman Sachs to Hit the Web for Online Lending Gold Rush

Why it matters

Marketplace lending has exploded onto the scene and become a multibillion-dollar industry. Hoping to capitalize on the gold rush of consumers turning to websites to borrow money, Goldman Sachs announced its plans to loan money to consumers via the web. The investment firm, where investor clients are limited to institutions and ultra-high net worth individuals, does not generally work with consumers. The firm opted to set up a bank holding company as part of the 2008 financial crisis, permitting the firm to now offer consumer lending. As one of Wall Street’s more venerable institutions, the move by Goldman is notable and could launch a trend followed by other firms, particularly given the expanding online lending market. However, while the upside of entering a growing industry is clear, Goldman does face some serious challenges. The firm admittedly has zero experience in small consumer loans, a fundamentally risky proposition that could involve trying to collect money from struggling borrowers. On the other hand, the firm would have the advantage of being the only marketplace lender with its own bank, a function currently outsourced by every consumer lender. Goldman is looking to offer its first loans in 2016, sources said.

Detailed discussion

In an internal memo circulated to employees, Goldman Sachs revealed its plans to work with ordinary consumers for the first time, taking advantage of the burgeoning online lending market to offer small loans to individual consumers with the potential to expand offerings to small businesses. Historically, the investment firm has worked with larger businesses and wealthy clients with a minimum of $10 million to invest. The impetus for the new market can be traced to the booming online lending industry as well as heightened regulation of Goldman’s existing business lines.

“The traditional means by which financial services are delivered to consumers and small businesses is being fundamentally re-shaped by advances in technology, maturity of digital channels, use of data and analytics, and a focus on customer experience,” CEO Lloyd Blankfein and President Gary Cohn wrote in the memo, which was circulated to employees to announce the hiring of Harit Talwar to head the program. “The firm has identified digitally led banking services to consumers and small businesses as an area of opportunity for GS Bank.”

The memo, which was provided to the Associated Press, did not provide a schedule for the new offerings. Insiders revealed that initial plans would not require the loans to be secured by collateral, such as a home or automobile, and would be in the $15,000 to $20,000 range. One option being considered: a prepaid card issued by Goldman that could be drawn down each time the borrower makes a purchase.

To avoid having to open retail locations, Goldman will stick to online lending through its website and/or an app, according to the source. Those cost savings will allow the firm to offer lower interest rates, and, unlike some of the larger online lenders that match a borrower with a potential investor, Goldman can turn to its own deposits as a resource—the GS Bank division had $83 billion in deposits at the end of 2014, according to regulatory filings.

Goldman is not the first Wall Street firm to enter the online lending market. Other firms have also dipped their toes into the water, purchasing loans from a lender and converting them into securities, for example.

“Today, we see an opportunity to leverage our competencies in technology and risk management to capture this opportunity at accretive returns and without the burdens of legacy costs and fixed infrastructure,” according to the memo. “In this way, GS Bank can effectively extend capital to this important segment of the market and economy.”

Sources said Goldman hopes to make its first loans in 2016.

back to top

Lenders Get TRID Reprieve Thanks to CFPB Admin Error

Why it matters

An “administrative error” on the part of the Consumer Financial Protection Bureau (CFPB) may have been the best news lenders received in a long time. On August 1, the new TRID (TILA-RESPA Integrated Disclosures) rule was set to take effect, combining the disclosure forms required pursuant to the Truth in Lending Act (TILA) and Real Estate Settlement Procedures Act (RESPA) into a single disclosure. The change in forms requires substantial reprogramming and training. The industry, supported by federal lawmakers, had already asked for an extension as well as a “hold harmless period” as to enforcement and liability for those lenders that were unable to achieve timely compliance despite good faith efforts. The Bureau previously rejected both requests, stating that it would “be sensitive to the progress made by those entities that have been squarely focused on making good-faith efforts to come into compliance with the rule on time.” However, just a few weeks later, an “administrative error” caused the CFPB to file its own paperwork with Congress late—and provided lenders with an additional two-month period in which to prepare for the coming changes. The TRID rule will now take effect on Saturday, October 3, 2015.

Detailed discussion

After 30 years of using disclosure forms mandated by the Truth in Lending Act (TILA) and Real Estate Settlement Procedures Act (RESPA), the Consumer Financial Protection Bureau (CFPB) released new “Know Before You Owe” disclosures in 2013.

The new rule—which applies to most closed-end consumer mortgages—was mandated by the Dodd-Frank Wall Street Reform and Consumer Protection Act, which required the CFPB to integrate and combine the existing RESPA and TILA disclosures.

Two documents were created by the new rule.

The three-page Loan Estimate combines requirements of several statutes, featuring disclosures from the current TILA statement and the RESPA Good Faith Estimate, as well as additional disclosures required by Dodd-Frank and the appraisal notice mandated by the Equal Credit Opportunity Act (ECOA). This form must be provided to the consumer within three business days after a loan application is submitted. Lenders may not charge any fees until after the Loan Estimate form has been provided and after the consumer goes forward with the loan.

At least three business days before the loan closes, the borrower must receive the second document, the five-page Closing Disclosure. If a “significant change” to the loan terms occurs after the borrower receives the Closing Disclosure, a new Closing Disclosure form must be provided and another three business days must elapse before the closing can occur.

Given the radical changes required—creating entirely new forms featuring new information and disclosure items, modifying systems to perform newly required calculations, and working with title agents, appraisal companies, and realtors to gather all of the necessary data to meet the new deadlines—the industry pushed for more time. While the CFPB agreed to a 20-month implementation period between the release of the final rule in November 2013 and the effective date of August 1, 2015, the Bureau refused to provide any extensions.

As the clock ticked down, the industry called upon the CFPB to institute a “hold harmless period” as to enforcement and liability for those lenders that made good faith efforts to achieve timely compliance but were unable to do so. Led by the American Bankers Association (ABA), trade groups requested the passage of a federal bill that would establish this type of a hold harmless period for TRID.

Although the CFPB stated that its oversight “will be sensitive to the progress made by those entities that have been squarely focused on making good-faith efforts to come into compliance with the rule on time,” the industry said the statement was not enough to protect lenders from potential litigation. The ABA said that a recent survey showed more than 20 percent of banks would not meet the deadline and warned of “a measurable reduction in credit availability during a transition period.”

Ultimately, though, the CFPB capitulated, due in part to an “administrative error” on its part. In a statement released on June 17, CFPB Director Richard Cordray said the new effective date for TRID would be October 1, 2015 (later changed to October 3, as noted below).

“We made a decision to correct an administrative error that we just discovered in meeting the requirements under federal law, which would have delayed the effective date of the rule by two weeks,” Cordray said. “We further believe that the additional time included in the proposed effective date would better accommodate the interests of the many consumers and providers whose families will be busy with the transition to the new school year at that time.”

The “administrative error” was the CFPB’s failure to file a notice with Congress under the Congressional Review Act of the forthcoming rule at least 60 days prior to the required effective date.

Both lawmakers and industry representatives approved of the extension.

The delay “will provide the industry and homebuyers with the breathing room they needed,” Rep. Carolyn B. Maloney (D-N.Y.) said, with ABA president and CEO Frank Keating in agreement. “This extension will help protect consumers from disruptions during a traditionally busy period for home purchases,” he stated. “It will also help to assure new loan origination systems and compliance software under development by lenders and the vendors on whom they rely will be adequately installed and debugged, and staff training completed, before the effective date.”

One week after the Bureau’s announcement, it issued a formal proposal to delay the effective date until Saturday, October 3. The additional time “may facilitate implementation by giving industry time over the weekend to launch new systems configurations and to test systems,” the CFPB said in a press release.

To read the CFPB’s statement on the two-month extension of the TRID rule, click here.

To read the Bureau’s proposed rule delaying the effective date until October 3, 2015, click here.

back to top

Dead Hand Proxy Puts Create Litigation Risk for Lenders

Why it matters

In a noteworthy decision, the Delaware Court of Chancery ruled that a lender could be held liable for aiding and abetting a breach of fiduciary duty by directors of a public company borrower by including in a syndicated credit facility a dead hand proxy put. A shareholder of Healthways, Inc., challenged an amendment to the company’s credit agreement with SunTrust Bank that featured a dead hand proxy put. Although the lender and the firm filed motions to dismiss, the court said such provisions are “highly suspect” and can give rise to lender liability for their entrenching effect, denying the motion. The decision highlights the associated risks of such provisions based on recent attacks of the plaintiffs’ bar. After the court’s ruling, the parties reached a settlement agreement that required Healthways and SunTrust to eliminate the dead hand proxy put from the credit agreement.

Detailed discussion

Shareholder Pontiac General Employees Retirement Fund brought a derivative action against the directors of Healthways, Inc., and SunTrust Bank in Delaware Chancery Court, alleging that the directors of Healthways breached their fiduciary duties by approving a credit agreement that included a dead hand proxy put and that SunTrust aided and abetted the breach.

The dispute arose after the borrower was faced with shareholder dissatisfaction and a potential proxy contest. While the proxy contest loomed, the borrower’s directors approved a fifth amendment to the company’s credit agreement.

Prior versions of the agreement contained a proxy put: a covenant intended to protect the lender in the event of a change of control that allowed the lender to accelerate the debt if a majority of the borrower’s board became composed of “non-continuing” directors.

The new amendment added in 2012 incorporated a dead hand feature that made any director elected as a result of an actual or threatened proxy contest a non-continuing director for purposes of the change of control covenant. Unlike the previous proxy put under which the board could approve new or dissident directors as continuing directors and thereby avoid triggering the covenant, the dead hand feature precluded new directors from qualifying as continuing directors and thus ensured that the election of a majority of new directors would breach the covenant.

SunTrust filed a motion to dismiss the suit, arguing that the dead hand feature was a customary or “market” term for credit agreements, that lenders like to know their borrowers, and that the dead hand feature protected the lender in the event of a wholesale change in the borrower’s board. The mere inclusion of a dead hand proxy put should not give rise to aiding and abetting liability, the lender told the court, and it should be allowed to protect its own commercial interests.

But in a ruling from the bench, Delaware Chancery Court Judge J. Travis Laster disagreed.

Because dead hand proxy puts impose a cost for and deter board changes, they can have an “entrenching” effect on the existing board and limit shareholder choice in directors, the court said. As a result, previous Delaware decisions—such as San Antonio Fire & Police Pension Fund v. Amylin Pharmaceuticals, C.A. No. 4446 VCL (Del. Ch. May 12, 2009) and Kallick v. SandRidge Energy, C.A. No. 446 VCL (Del. Ch. March 8, 2013)—have recognized that dead hand proxy puts raise conflict issues for directors.

The prior case law established that dead hand proxy puts serve a director’s personal interest in protecting his or her board incumbency but can disenfranchise shareholders and may give rise to breach of fiduciary duty claims for directors approving them, the court explained. The “ample precedent” put lenders on notice that proxy put provisions are “highly suspect.”

The judge questioned whether the lender’s change of control concerns could be better addressed through other financial covenants going to the creditworthiness of the borrower—debt ratio constraints or investment restraints, for example.

The dead hand feature was not the subject of negotiation and the borrower failed to obtain anything in return for its inclusion, the court said, and the lender knew or should have known that dead hand proxy puts are disfavored terms under recent cases in light of their eviscerating effect on shareholder franchise. Finally, notwithstanding the known public policy issues with such provisions, the lender participated in the inclusion of a provision that created a conflict for its counterparty.

Ultimately, the court was satisfied that the plaintiff had stated an aiding and abetting claim based on allegations that the borrower did not need the additional credit and the directors sought the amendment and its dead hand feature specifically because it would tend to protect their removal in the looming proxy contest.

The judge was careful to note that dead hand proxy puts are not illegal per se but can give rise to lender liability where included for their entrenching effect rather than to protect a commercial interest of the lender. The ruling reconfirms that courts view dead hand proxy puts as suspect and that lenders should be aware of the litigation risks they pose.

In May, Judge Laster granted final approval of a settlement between the parties in which Healthways and SunTrust agreed to eliminate the dead hand proxy put from the credit agreement.

To read the hearing transcript in Pontiac General Employees Retirement Fund v. Healthways, Inc., click here.

back to top