CFPB Issues Policy Guidance on Early Implementation of the 2016 Mortgage Servicing Amendments

CFPB Issues Policy Guidance on Early Implementation of the 2016 Mortgage Servicing Amendments The Consumer Financial Protection Bureau (CFPB) released “policy guidance” on June 27, 2017 related to the effective dates of the 2016 mortgage servicing rule amendments. In response to repeated requests from the mortgage servicing industry to change the two effective dates, the CFPB explained that it does not “intend to take supervisory or enforcement action for violations of existing Regulation X or Regulation Z resulting from” early implementation of the amendments. However, this “relief” technically only applies to a three-day window prior to each of the effective dates of the 2016 amendments. While this guidance may be useful for some areas of the new law, in some ways the CFPB may have injected additional considerations into the implementation process that must be worked through in the coming months.

The vast majority of the 2016 amendments are slated to go into effect on October 19, 2017, with certain sections of the law becoming effective on April 19, 2018. Both of those dates fall on a Thursday, which raises issues regarding implementing a new process mid-week. This is further complicated by the CFPB’s decision in the initial release of the amendments to not provide an early implementation safe harbor. While early implementation of some provisions will not raise any compliance issues, there are some areas where changing a process in response to the amendments prior to the effective date would likely violate existing laws.

The CFPB’s policy guidance—which is labeled as “non-binding”—explains that the CFPB does not intend to take supervisory or enforcement action for any violations that result from implementing the 2016 amendments up to three days early. This means that servicers can implement the new rules starting on October 16, 2017, and April 16, 2018, without any repercussions from the CFPB. This relief certainly will be helpful to servicers who have been hoping and requesting to have a weekend to implement and test certain processes associated with the new law. However, there are a couple of interesting points related to the CFPB’s choice that are worth consideration.

First, the CFPB chose to issue a “non-binding general statement of policy” rather than actually amend the effective dates of the rules. In that regard, it is worth noting that, in conjunction with the issuance of its policy guidance, the CFPB did release a handful of technical, non-substantive corrections to the original amendments. The CFPB did not explain why it chose to formally amend certain aspects of the rule but not to formally amend the effective dates, but the implications of this choice are important. For example, the CFPB’s policy only protects servicers from regulatory risk associated with the CFPB. It does not protect servicers from state regulators that have authority to supervise and enforce compliance with the federal servicing obligations. And, as has been alluded to above, it is not even binding on the CFPB.

Additionally, the CFPB’s choice to issue policy guidance rather than formally amend the rules also does not protect servicers from litigation risk. Many of the servicing requirements in Regulations X and Z are enforceable through private litigation, and the CFPB’s decision to refrain from taking supervisory or enforcement action does not in any way alleviate that risk. Admittedly, this leaves a relatively small window of time where a revised process could be subject to possible state action or private litigation. Nevertheless, the risk that remains must be taken into account by mortgage servicers as they schedule the roll-out of new processes to comply with the 2016 amendments.

As the first effective date quickly approaches, servicers should assess which provisions can be implemented early without violating another existing state or federal law. For those provisions that would violate applicable law, servicers should assess whether the benefits of implementing three days early outweigh any risk that may exist. The end result of this analysis likely will be a true rolling implementation calendar that will enable new processes to be put in place over time, with very few areas that will need to be addressed mid-week.

Military Consumer Enforcement Act Introduced in Senate Seeks to Enhance SCRA Enforcement

Military Consumer Enforcement Act Introduced in Senate Seeks to Enhance SCRA EnforcementSeveral U.S. Senators have introduced legislation for a Military Consumer Enforcement Act that would seek to empower the Consumer Financial Protection Bureau (CFPB) to oversee and enforce compliance with the Servicemember Civil Relief Act (SCRA). If passed and signed into law, the new act would amend the Consumer Financial Protection Act of 2010.

The SCRA, 50 U.S.C. § § 3901 – 4043, provides a range of civil and financial protections to eligible servicemembers, including capping interest rates, protecting against foreclosure and eviction without a court order, and requiring certain steps to obtain a default judgment against a protected servicemember. The CFPB currently does not have direct enforcement authority over the SCRA but has been indirectly enforcing the SCRA through referrals to the Department of Justice. The CFPB has established the Office of Servicemember Affairs, led by Assistant Director Holly Petraeus, to focus on consumer financial challenges affecting servicemembers, veterans, and their families. The Military Consumer Enforcement Act would give the CFPB enforcement power over 10 key provisions in the SCRA, including protections related to interest rates, foreclosure, eviction, installment contracts (including automobile loans), and default judgments.

Senators Jack Reed of Rhode Island and Charles Schumer of New York are co-sponsoring the act “in an effort to better protect members of the military and their families from abusive financial practices.”  According to Wisconsin Senator Terry Baldwin, another co-sponsor, “enforcement of this critical law has been inconsistent and subject to the discretion of financial regulators[,]” and that the proposed Military Consumer Enforcement Act “would ensure that SCRA enforcement will be a permanent priority for the CFPB.”  “Our servicemen and women and their families face unique challenges and they deserve strong consumer protections,” said Senator Baldwin. “Our Military Consumer Enforcement Act will ensure that the CFPB has the tools it needs to be able to protect the men and women who volunteer to protect our country.” Senator Reed noted that “[w]ithout a change in the law, SCRA enforcement will continue to be subject to the changing priorities of financial regulators. Prioritizing the consumer protection of our servicemembers should not be discretionary.”

The federation of state Public Interest Research Groups (PIRG) agreed that SCRA protections have been “unevenly enforced” and that “giving the CFPB the jurisdiction over key parts of the SCRA means that the law will actually be enforced.”

Co-sponsored by numerous U.S. Senators, the proposed legislation has the support of over 30 organizations that represent servicemember interests as well. Relatedly, the Department of Justice has also recently increased its efforts towards SCRA enforcement as seen through the DOJ’s Servicemember and Veterans Initiative and SCRA Enforcement Support Pilot Program. More information can be found at and

The new Military Consumer Enforcement Act legislation, if passed, will spurn increased SCRA-focused exams and enforcement actions.

CFPB Rolls Out Student Loan Servicing Campaign Focusing on Public Service Loan Forgiveness Program

CFPB Rolls Out Student Loan Servicing Campaign Focusing on Public Service Loan Forgiveness ProgramDespite the uncertain future of the Public Service Loan Forgiveness program, Consumer Financial Protection Bureau (CFPB) Director Richard Cordray partnered with North Carolina’s Attorney General Josh Stein to roll out a new campaign focused on how student loan servicers should address borrowers applying for, and currently enrolled in, the Public Service Loan Forgiveness program (PSLF program). The 2018 White House budget currently calls for the elimination of the PSLF program for students taking out loans on or after July 1, 2018. Although Education Department officials have stated that the approximately 552,931 individuals currently enrolled in PSLF will not be impacted, the budget does not expressly provide that those they will be grandfathered into forgiveness.

Nonetheless, neither Cordray nor Stein made any mention of an uncertain future for the PSLF program at a hearing at North Carolina State University in Raleigh, North Carolina today. Stein and Cordray expressed an increased focus on correcting purported problems in student loan servicing at the state level and through the CFPB complaint process. The CFPB campaign, called “Certify Your Service,” emphasizes several steps borrowers can take to ensure compliance with the PSLF program, but Stein and Cordray’s public remarks placed the responsibility for keeping borrowers on track squarely on student loan servicers.

Cordray emphasized that the CFPB is updating its exam procedures to scrutinize how servicers apply payments and evaluate borrowers for loan forgiveness. The announcement comes at a time when complaints to the CFPB regarding student loan servicers are purportedly rampant. Cordray specifically highlighted processing errors which prevented borrowers’ payments from counting as qualifying payments towards forgiveness and the lack of clarity in the information student loan servicers provide to borrowers about the availability of modified payment plans as two major problem areas. Borrowers in public service careers gave first-hand testimonials at the morning event, speaking to attendees about their experiences with “sloppy servicing” which allegedly cost them money and indicated that borrowers “could not trust” their student loan servicers. Stein closed out the hearing by emphasizing that, “[f]or this program to work, the servicers have to pay a critical role in helping the people ensure they get the benefits that they are entitled to under the law.”

Student loan servicers have relationships with a large number of consumers across the country, and thus should take the comments by Director Cordray–but even more so Attorney General Stein–seriously in light of the recent role states have taken in regulating student loan servicers. In North Carolina alone, Stein noted that more than 60 percent of students graduating from college have student loan debt. He indicated that he will continue to enforce state consumer protection laws against student loan servicers and for-profit universities doing business in North Carolina and “aggressively” investigate companies charging what Stein called “illegal fees.” Stay tuned for updates on how this campaign by the CFPB and state initiatives nationwide play out.

Two Key Takeaways from the Defendant’s FDCPA Win in Henson v. Santander

Two Key Takeaways from the Defendant’s FDCPA Win in Henson v. SantanderThe United States Supreme Court issued a significant decision in Henson v. Santander Consumer USA, Inc. drastically restricting the universe of companies subject to potential liability under the Fair Debt Collection Practices Act (FDCPA). In a unanimous decision authored by new Justice Neil Gorsuch, the Court held that companies that buy defaulted debts are not “debt collectors” under the FDCPA because they are not, by definition, “collect[ing] or attempt[ing] to collect . . . debts owed or due . . . another,” under 15 U.S.C. §1692a(6). The upshot of the decision is that companies that actually buy bad debts—as opposed to just the servicing or collection rights for loans in default—have a solid defense to FDCPA claims.

In Henson, the plaintiffs brought a class action lawsuit against Santander, claiming that Santander had acquired the plaintiffs’ automobile loans from the original lender after the loans were in default and then subsequently violated the FDCPA through its debt collection practices. The plaintiffs did not dispute that Santander had acquired the entire loans from the originator, as opposed to merely acquiring the servicing rights; nonetheless, the plaintiffs claimed that Santander qualified as a “debt collector” under 15 U.S.C. § 1692a. The district court dismissed the claims after concluding that Santander was not a “debt collector,” and the United States Court of Appeals for the 4th Circuit affirmed, following the precedents of the 9th and 11th Circuits and splitting with decisions by the 3rd, 6th, and 7th Circuits.

After granting the plaintiffs’ petition for a writ of certiorari, the unanimous Supreme Court affirmed the 4th Circuit’s decision. In his first opinion on the court, Justice Gorsuch rejected the plaintiffs’ position, pointing out the inherent problem of claiming that Santander was a “debt collector,” when the statutory definition of “debt collector” requires the debt to be owed to “another.” The opinion further rejected the plaintiffs’ arguments that an entity becomes a “debt collector” when it obtains a debt that was originally “owed”—in the past tense—to the originator, or by regularly purchasing debts that are already in default.

Henson is great news for companies that buy debts in default, as it provides a very strong basis for defending FDCPA claims that might have otherwise resulted in liability under the FDCPA. Despite the vigor of Justice Gorsuch’s opinion, however, at least two cautions are in order. First, Henson does not help companies that have merely acquired servicing rights to debts in default, as they may very well still qualify as debt collectors because they seek to collect debts owed to another. Second, the Court pointedly refused to consider the plaintiffs’ alternative arguments that Santander was a debt collector because it allegedly regularly attempts to collect debts for other companies as a servicer—though not the specific debts at issue in Henson—and because it is allegedly engaged in a business “the principal purpose of which is the collection of any debts.” The Court punted those issues for another day, which foreshadows arguments to be litigated in the federal courts for years to come.

OCC Addresses Long-Standing Questions on Vendor Management Programs

OCC Addresses Long-Standing Questions on Vendor Management ProgramsThe Office of the Comptroller of the Currency (OCC) recently issued supplemental guidance (Bulletin 2017-21) on third-party risk management. Responding to questions raised by banks and federal savings associations since the release of the OCC’s Bulletin 2013-19 on vendor management issues, the OCC provided additional insight on topics in the 2013 Bulletin and the application of certain vendor oversight principles to recent developments. Notably, in the four years since the OCC’s 2013 guidance, the relationship between banks and financial technology (fintech) start-ups  has matured and more banks than ever are partnering with fintech companies to offer competitive digital products and services. As a result, the OCC specifically addressed third-party relationships with fintech companies in its supplemental guidance. Highlights of the new guidance include:

Third-Party Relationships: Those business arrangements that fall under the OCC’s definition of a third-party relationship are subject to the OCC’s expectations for vendor management. The OCC defines third-party relationships broadly. Any business arrangement between a bank and another entity may qualify as a third-party relationship, such as providers of services and products, consultants, and any relationship in which the bank maintains responsibility for the associated business records.

While relationships with fintech firms are often achieved through joint ventures and other forms of partially or fully owned affiliates, the OCC has made clear that if a fintech company performs services or delivers products on behalf of a bank or banks, the relationship meets the definition of a third-party relationship. As a result, the OCC expects bank management to include fintech companies in the bank’s third-party risk management process.

Due Diligence for Third-Party Relationships: Banks are expected to maintain robust third-party risk management programs. These programs should include detailed due diligence efforts for new and ongoing relationships. OCC Bulletin 2013-29 states that banks should consider the financial condition of their third parties during the due diligence stage of the life cycle before the banks select or enter into contracts or relationships with third parties. However, fintech companies or start-ups often have limited financial information. Realizing that the economic and time pressures of the modern business environment may mean that certain information is unavailable, the OCC addressed efforts to fill the void. When a bank is unable to obtain all the detailed information it desires, the bank should retain documentation of its efforts to obtain such information and related decisions. The bank should consider a company’s access to funds, its funding sources, earnings, net cash flow, expected growth, projected borrowing capacity, and other factors that may affect the third party’s overall financial stability. These factors should be monitored through the life cycle of the third party.

The bank should have contingency plans and create risk mitigation controls and anticipate service interruptions. For example, vendors could be required to provide multiple lines of communication, back-up servers in multiple locations, and power generators to ensure continued operations.

Saving Money on Vendor Management: The OCC is not oblivious that banks are interested in finding opportunities to reduce vendor management costs. Thus, the guidance addresses the fact that not every third-party relationship will be a critical relationship with equal levels of risk. A bank’s relationship with a fintech company may or may not involve critical bank activities. OCC Bulletin 2013-29 provides criteria that a bank’s board and management may use to determine what critical activities are. The bank’s board and management must identify the critical activities of the bank and the corresponding fintech relationships involving those critical activities.

Under OCC Bulletin 2013-29, critical activities can include significant bank functions, significant shared services, or other activities that:

  • Could cause the bank to face significant risk if a third party fails to meet expectations;
  • Could have significant bank customer impact;
  • Require significant investment in resources to implement third-party relationships and manage risks; or
  • Could have major impact on bank operations if the bank has to find an alternative third party or if the outsourced activities have to be brought in-house.

If a bank determines that a third-party relationship involves a critical activity, the OCC expects the bank to more comprehensively and rigorously manage those relationships. Accordingly, a vendor management program should be tailored to provide oversight commensurate with the vendor’s risk level. While critical vendors should receive the highest level of oversight, vendors with lower risk levels may be subject to certain streamlined processes. Regardless of the level of risk, however, the OCC expects banks to periodically reevaluate the level of risk and to perform ongoing due diligence on all vendors.

Sharing the Burden of Vendor Oversight: When multiple banks use the same third-party providers, collaboration allows those banks to share the burden of due diligence and ongoing monitoring programs. Common functions such as information security, privacy, and business recovery assessments are good candidates to consider using collaborative tools. The OCC does not prohibit this collaboration, but warns that it may not be used to meet all oversight responsibilities. This is because each vendor poses a different risk level to each bank, based upon the level of reliance on the vendor. The OCC stresses that individual banks should retain individual responsibility for issues such as monitoring legal and regulatory compliance, termination plans, and risk assessments.

CFPB’s Debt Collection Rules May Be Coming Sooner Than Some in the Industry Anticipated

CFPB’s Debt Collection Rules May Be Coming Sooner Than Some in the Industry AnticipatedYesterday, at the Consumer Advisory Board Meeting in Washington D.C., Consumer Financial Protection Bureau (CFPB) Director Richard Cordray provided an update on one of the most highly anticipated areas in the debt collection industry – the CFPB’s intentions with respect to its proposed debt collection rulemaking. The biggest news from the meeting was that the CFPB is indeed moving forward with rulemaking efforts in this area, as there was some skepticism in the industry as to whether the current political climate would thwart efforts to do so. In addition to reaffirming the CFPB’s intention to move forward, Director Cordray’s remarks provided some interesting specifics that should interest both third-party debt collectors as well as first-party creditors (i.e., creditors collecting their own debt).

As background, the CFPB issued an outline of proposed debt collection rules last summer intended to “drastically overhaul the debt collection market.” As Director Cordray noted in his comments to the Consumer Advisory Board, the 117 page outline, which is summarized here, focused on three primary issues:

  1. Ensuring collectors were collecting the right amount from the right consumer.
  2. Ensuring consumers understand the debt collection process and their rights.
  3. Ensuring consumers were treated with dignity and respect in their communications with collectors.

The CFPB made clear that the outline would only apply to third-party debt collectors subject to the Fair Debt Collection Practices (FDCPA), but Director Cordray’s prepared remarks indicated that the CFPB would issue future rulemaking that would apply to first-party creditors.

Change of Course for Right Consumer, Right Amount Rulemaking

Yesterday, however, Director Cordray announced a change of course. The CFPB will now be taking a bifurcated approach to addressing the issues detailed in its outline. Specifically, the CFPB will be developing a separate rule to deal with the “right consumer, right amount” aspect of the outline that will simultaneously address both third-party debt collectors and first-party creditors.

The CFPB noted that it had received substantial feedback from the industry about the difficulties for debt collectors to comply with the “right consumer, right amount” without concurrent rulemaking to ensure first-party creditors and third-party debt collectors were working together to guarantee they were collecting the right amount from the right consumer. As a result, the CFPB felt that it would be best to address these intertwined issues apart from the other two areas addressed in its outline, which are limited to third-party debt collectors.

For third-party debt collectors, this means the rulemaking process with respect to the “right consumer, right amount” aspect of the outline is effectively starting over. For first-party creditors, however, this likely means that first-party rules are much closer than previously anticipated. Either way, this announcement further demonstrates the CFPB’s continued focus on these issues, and there is no sign that the CFPB is stepping back from eventually addressing the topic.

CFPB to Move Quickly on Other Debt Collection Proposals

In addition to announcing that the CFPB would be developing a separate rule to deal with both first-party creditors and third-party debt collectors, Director Cordray indicated that following this path would enable the CFPB “to move forward more quickly with a proposed rule focused on … information third-party collectors must disclose to people about the debt collection process and their rights as consumers and ensuring that third-party collectors treat people with the dignity and respect they deserve.”

Third-party debt collectors should be prepared to adjust their policies and procedures to account for this rulemaking, but many collectors should already be in substantial compliance with any proposed rule that requires them to treat consumers with respect and disclose their identity and the nature of the debt to the consumer. By removing the hurdle of “right consumer, right amount” issue from the immediate debt collection rulemaking, it is expected that the CFPB will issue a proposed debt collection rule much sooner than previously expected.

Given the expiration of Director Cordray’s term in July 2018, the high volume of consumer complaints the CFPB has received related to debt collection and the urgency felt by many CFPB staff members to complete a debt collection rulemaking while Director Cordray is still leading the Bureau, the industry should expect to see an announcement on a debt collection rulemaking from the CFPB within the next year.

Supreme Court Decision Provides Significant Protection to Securities Industry, Limits SEC Enforcement

Supreme Court Decision Provides Significant Protection to Securities Industry, Limits SEC EnforcementIn a decision previewed in an earlier post, the United States Supreme Court ruled unanimously in Kokesh v. Securities and Exchange Commission that the five-year statute of limitations in 28 U.S.C. section 2462 applies to SEC enforcement actions seeking the remedy of disgorgement. Resolving a Circuit split, the Supreme Court ruled that disgorgement is a “penalty” meant to deter wrongful conduct, and therefore falls squarely within section 2462’s limitation of any “action, suit or proceeding for the enforcement of any civil fine, penalty, or forfeiture, pecuniary or otherwise.

Although the decision resolves the debate about the application of this statute of limitations to disgorgement actions, Justice Sotomayor’s opinion includes a tantalizing footnote. It states the Court’s intention that “nothing in this opinion should be interpreted as an opinion on whether courts possess authority to order disgorgement in SEC enforcement proceedings or on whether courts have properly applied disgorgement principles in this context.” The footnote may suggest that whether disgorgement should even be an available remedy is subject to further review, if the right case comes along to present it. Kokesh, however, decided only that the five-year statute of limitations applied to SEC actions seeking that remedy.

The decision provides significant protection to the securities industry and provides more certainty for targets of SEC enforcement proceedings; previously, the SEC was unlimited in its ability to seek disgorgement, except in the 11th Circuit. As the limitation is applied in future SEC enforcement actions, there is likely to be a significant reduction in the amount of disgorged funds deposited in the U.S. Treasury — accounting for approximately $3 billion in 2015 alone.

Alabama Supreme Court Says Cash Advance Company Not a Debt Collector

Alabama Supreme Court Says Cash Advance Company Not a Debt CollectorThe Supreme Court of Alabama has reversed a jury verdict awarding the plaintiff $200,000 in damages, ruling on appeal that the Fair Debt Collection Practices Act (FDCPA) did not apply to the pawn transaction at issue.

The case, Complete Cash Holdings, LLC v. Powell, arose from a forged title-pawn agreement. Ms. Powell’s granddaughter stole title to Ms. Powell’s truck, and then, with the assistance of a Complete Cash employee, entered into a forged agreement with Complete Cash to pawn the truck. The granddaughter received $2,352 in cash from Complete Cash, purported to give Complete Cash a security interest in the truck, and forged signatures so that her grandmother was obligated to repay the loan (plus a finance charge) the following month. All of this was done without Ms. Powell’s knowledge. The title-pawn agreement was then extended several times for additional 30-day periods, and the granddaughter made several payments pursuant to the extensions. But the payments eventually stopped, and Ms. Powell’s truck was therefore repossessed.

Ms. Powell later brought suit against Complete Cash. Among other claims, she brought claims under the Alabama Pawnshop Act (Ala. Code § 5-19A-1, et. seq.) and the FDCPA. The trial court dismissed various claims before trial but it did not dismiss the FDCPA claim, and thus the FDCPA claim and several others were eventually tried to a jury. The jury ruled in Ms. Powell’s favor and awarded her $200,000 in damages.

On appeal, Complete Cash reiterated its argument that the FDCPA did not apply to the facts of this case because Complete Cash is not a “debt collector” as that term is defined under the FDCPA. Specifically, Complete Cash argued that it “is in the business of lending money to consumers by way of deferred presentment agreements and title pawns,” and that it is a “creditor” (rather than a “debt collector”) under the FDCPA.

The Alabama Supreme Court agreed with Complete Cash, noting that the company’s business “is to extend credit to borrowers, which places these borrowers in debt,” and that “Complete Cash is [therefore] Powell’s creditor.” Although Ms. Powell argued on appeal that a “creditor” may nonetheless become a “debt collector” when it seeks to enforce a security interest, the court rejected that argument. Instead, the court ruled that Complete Cash was merely collecting its own debt and enforcing its own security interest when it repossessed the truck. It was not collecting debts owed to others, and thus could not be a “debt collector” for purposes of the FDCPA.

The Alabama Supreme Court rarely gets an opportunity to weigh in on FDCPA matters. The court’s ruling in this case should provide some limited comfort to companies like Complete Cash that do business in Alabama. If the companies are merely collecting their own debts, they now have a strong precedent to rely upon in arguing that they should not face liability under the FDCPA.

Ruling Eases Lenders’ Path to Deficiency Judgments in NC

Ruling Eases Lenders’ Path to Deficiency Judgments in NCWinning a deficiency judgment following foreclosure may become less costly for lenders following a May 5 ruling by the North Carolina Supreme Court in United Community Bank v. Wolfe. Reversing a previous ruling by the Court of Appeals, the Supreme Court held that a borrower may not defeat summary judgment simply by filing a sworn statement that the property’s value is equal to the indebtedness secured by the mortgage.

Over the years, North Carolina has placed a number of constraints on traditional rules that allowed lenders to sue borrowers for leftover indebtedness not discharged by the proceeds of a foreclosure sale (i.e., the “deficiency”). One such statute, N.C.G.S. § 45-21.36, gives the borrower an offset against the deficiency when the lender is the high bidder at the foreclosure sale and buys the property at a discount from the property’s “true value.” Thus, if a lender forecloses on a $500,000 mortgage and buys the property for $250,000 at the foreclosure sale, but the property’s true value is $400,000, the lender should only be able to obtain a deficiency judgment for the $100,000 difference between the debt and the true value.

In Wolfe, the bank loaned $350,000 to purchase property in Transylvania County, North Carolina in 2008, shortly before the collapse of the real estate market. In exchange the borrowers, Thomas and Barbara Wolfe, signed a deed of trust giving the bank the right to sell the property if the Wolfes failed to pay back the loan. The Wolfes subsequently defaulted on their payments. The bank foreclosed and, following a public sale, bought the property after making a bid of $275,000, which matched an appraisal obtained by the bank. The bank then put the property on the market and ultimately sold it for $205,000. Afterward, the bank brought suit to collect the deficiency. The trial court awarded summary judgment for the bank, in spite of an affidavit filed by the Wolfes stating their belief that the property “was at the time of the sale fairly worth the amount of the debt . . . [and] the amount bid for the property was substantially less than its fair market value at the time of the sale.”

On appeal, the North Carolina Court of Appeals reversed the trial court’s ruling, holding that the borrowers’ affidavit was sufficient to preclude summary judgment and required a trial to determine the value of the property. On May 5, however, the North Carolina Supreme Court reversed the ruling of the Court of Appeals and reinstated the judgment, finding that the borrowers’ affidavit did not create a genuine factual dispute as to the property’s value. Writing the opinion for the court, Justice Newby stated that the borrower’s opinion must be supported by specific facts and cannot simply restate statutory language in the form of an affidavit.  By making the bare statement that the property’s value was equal to the debt without stating any supporting facts or information, the Wolfes fell short of this standard.

The decision leaves an open question as to what underlying facts or information, if included in the affidavit, would have been sufficient to defeat summary judgment for the bank. At a minimum, lenders can expect that courts will now be less likely to require a trial based merely on the borrower’s unsupported statement of the property’s value.

Guess Who’s Getting Directly into the Vendor Management Business?

Guess Who’s Getting Directly into the Vendor Management Business?In a regulatory field already crowded with federal and state regulators mandating the processes financial services companies employ in managing their vendors, the rather short insertion in the Spring 2017 issue of the Consumer Financial Protection Bureau’s (CFPB) Supervisory Highlights  may initially have sailed largely under the collective industry radar. Recently, however, trade publications have drawn attention to what may represent yet another seismic change impacting a vendor population already burdened by multiple, overlapping, intrusive customer/client oversight processes. The CFPB has, in short, given fair warning that it intends to move beyond review of vendor oversight processes and into the business of direct vendor oversight.

The CFPB’s focus on third-party service providers is not new. As the Supervisory Highlights points out, the CFPB addressed this topic in the Fall 2016 issue, where the CFPB noted that evidence of good compliance management systems (CMS) included “strength in their oversight programs for service providers. In particular, they defined processes that outlined the steps to assess due diligence information, and their oversight programs varied commensurate with the risk and complexity of the processes or services provided by the relevant service providers.” Perhaps more ominously and prophetically, in the Summer 2016 issue of Supervisory Highlights, the CFPB warned that it would “consider appropriate action if law violations are identified at institutions or their service providers, consistent with the Bureau’s authority.” In a 2016 Compliance Bulletin and Policy Guidance, the CFPB returned to the subject and reminded the regulated community that: “[t]he [CFPB] expects supervised banks and nonbanks to oversee their business relationships with service providers in a manner that ensures compliance with Federal consumer financial law, which is designed to protect the interests of consumers and avoid consumer harm. The CFPB’s exercise of its supervisory and enforcement authority will closely reflect this orientation and emphasis.” The CFPB recently carried through on the threat of enforcement against third-party service providers, with enforcement actions filed against financial service vendors such as Experian and Frederic J. Hanna & Associates, P.C.

The Supervisory Highlights begin by echoing  a statement from the Fall 2016 issue reminding the regulated community of their obligation to oversee vendors: “[t]he CFPB has and will continue to evaluate the oversight of service providers in its compliance management reviews according to these expectations.” However, having reiterated this point, the CFPB devotes the entire next paragraph to emphasizing the “potential risks to consumers posed by large service providers” — particularly those in the technology space — “which provide technological support to facilitate compliance with Federal consumer financial law, including software packages, electronic system platforms, and other types of technological tools.” This delineation and statement of heightened risk serves as the logical underpinning for the next paragraph, where the CFPB pivots into its new oversight role.

“Because a single service provider might affect consumer risk at many institutions, the CFPB has begun to develop and implement a program to supervise these service providers directly. Direct examination of key service providers will provide the CFPB the opportunity to monitor and potentially reduce risks to consumers at their source” (footnote omitted). In other words, the CFPB believes that the level of third- party service provider risk is sufficient to justify the CFPB’s transition from reviewing the vendor management programs of financial service companies to directly overseeing and evaluating actual financial service company vendors. Rather than simply receive audit requests from their customers, third-party service providers may expect direct oversight and communications from the CFPB.

Having announced its intention to exercise oversight authority over third-party service providers, the CFPB devotes the last paragraph of the section to discussing process and next steps: “In its initial work, the CFPB is conducting baseline reviews of some service providers to learn about the structure of these companies, their operations, their compliance systems, and their CMS. In more targeted work, the CFPB is focusing on service providers that directly affect the mortgage origination and servicing markets. The CFPB will shape its future service provider supervisory activities based on what it learns through its initial work. As with all new examination programs, service provider supervision is folded into the Bureau’s overall risk-based prioritization process” (footnote omitted). In other words, the CFPB already has begun the process of establishing lines of communication with third-party service providers and gathering relevant information from them. The CFPB will ultimately use this information to develop standards, guidance, and processes that will allow them to exercise their authority in a consistent manner.

These are tempestuous times for the CFPB, where it is facing both political and legal challenges that threaten it on an existential basis. Accordingly, reading too far into the future is a risky and uncertain endeavor. However, there is every indication that the CFPB will continue to bring its oversight and enforcement authority to bear on third-party service providers. While that focus appears initially aimed at technology companies, there is every reason to expect it will expand to all third-party service providers used by financial services companies in the origination and servicing space. Additionally, financial services companies will need to watch closely the steps the CFPB takes as it develops and implements its oversight program and to ensure that there are no gaps between their programs and the CFPB’s. In short, the vendor management landscape is about to get a lot more crowded and perhaps a lot more adversarial.