Top Story Lending Related

The Federal Housing Administration's Mortgagee Letter 2024-10, issued yesterday, requires FHA-approved mortgagees to notify HUD when a cyber incident occurs. The letter, effective immediately, applies to all FHA insurance programs.

The mortgagee letter adds a new section, Significant Cybersecurity Incident, which requires FHA-approved mortgagees to report cyber incidents to HUD within 12 hours of detection. Reports will be made to HUD's FHA Resource Center and to HUDs Security Operations Center.

The FDIC yesterday issued FIL-26-2024 announcing revisions to Call Reports and the FFIEC 002 Report as published [89 FR 45046] on May 22, 2024, in the Federal Register.

Proposed changes were issued on September 28, 2023 (FIL-52-2023) and December 27, 2023 (FIL-68-2023). After considering the comments received on these notices, the agencies are moving forward with certain proposed revisions related to replacing references to “troubled debt restructurings” with “modifications to borrowers experiencing financial difficulty” consistent with ASU 2022-02, the reporting on the internet website addresses of depository institution trade names, and the adoption of the standards for electronic signatures. These updates to the Call Report and FFIEC 002 report forms and instructions will be effective as of the June 30, 2024, report date.

The agencies are implementing revisions related to reporting of loans to NDFIs as of the December 31, 2024, report date. The agencies are also adding a new Memorandum item that would identify the amounts reported as a structured financial product that are guaranteed by U.S. Government agencies or sponsored agencies, which would be effective as of the December 31, 2024, report date.

The agencies are continuing to review comment letters related to loan modifications to borrowers experiencing financial difficulty under ASU 2022-02, as well as the proposed clarification on the reporting of past due loans and proposed reporting of long-term debt requirements, for further changes to the Call Report and the FFIEC 002. Comments on the May 22, 2024, Federal Register notice will be accepted through June 21, 2024.

The OCC yesterday reported recent enforcement actions against two national banks and five institution-affiliated parties to OCC-supervised institutions.

• A formal agreement with Comerica Bank & Trust, National Association, Ann Arbor, Michigan, for unsafe or unsound practices, including those relating to the bank’s risk governance framework and internal controls
• A formal agreement with Lemont National Bank, Lemont, Illinois, for unsafe or unsound practices, including those relating to capital planning, strategic planning, succession planning, and liquidity risk management
• An order of prohibition against Stanley Acosta, a former senior specialist relationship banker at a Dartmouth, Massachusetts, branch of Santander Bank, N.A., Wilmington, Delaware, for stealing approximately $27,449 from cash deposit bags that customers provided to the bank via the night deposit vault
• An order of prohibition against Bahtia Greene, a former associate operations processor at the Philadelphia, Pennsylvania, lockbox facility for Wells Fargo Bank, N.A., Sioux Falls, South Dakota, for misappropriating confidential information of bank customers and selling the information to a third party, resulting in fraudulent transactions and a loss to the bank of approximately $688,000
• An order of prohibition against Sabina Prince, former teller at a Mountain Brook, Alabama, branch of PNC Bank, National Association, Wilmington, Delaware, for taking $15,000 in cash from the bank and manipulating cash shipment processing receipts to hide her actions
• An order of prohibition against Stephanie Sanders, former relationship banker at NBT Bank, N.A., Norwich, New York, for misappropriating approximately $30,650 from the bank by crediting her checking and savings accounts over 100 times
• A notice of charges for Gerald E. Milligan, II, a former teller at a Royal Palm, Florida, branch of PNC Bank, N.A., Wilmington, Delaware. The Notice of Charges alleges, among other things, that Milligan knowingly made false attestations and provided false supporting documentation for a Paycheck Protection Plan (PPP) loan application, received PPP loan proceeds in the amount of $141,530, and used the funds for personal gain.

The FDIC yesterday published its 2024 Risk Review, which provides an overview of banking conditions in 2023 in five broad categories: market risks, credit risks, operational risks, crypto-asset risks, and climate-related financial risks. The market risks areas discussed are liquidity, deposits and funding, and net interest margins and interest rate risk. The credit risks areas discussed are commercial real estate, residential real estate, consumer, agriculture, small business, corporate debt and leveraged lending, nonbanks, and energy.

The discussion of operational risks examines the potential negative impact to banks from cyber threats and illicit activity. The crypto-asset risks section discusses the FDIC’s approach to understanding and evaluating crypto-asset-related markets and activities. The discussion of climate-related financial risks focuses on the physical risk of severe weather and climate events to the banking system.

Monitoring these risks is among the FDIC's top priorities.

The Federal Reserve has posted the Minutes of the Federal Open Market Committee held on April 30 and May 1, 2024.

The CFPB this morning issued an interpretive rule that confirms that Buy Now, Pay Later (BNPL) lenders are credit card providers. Accordingly, BNPL lenders must provide consumers some key legal protections and rights that apply to conventional credit cards. These include a right to dispute charges and demand a refund from the lender after returning a product purchased with a BNPL loan. The CFPB launched its inquiry into the rapidly expanding BNPL market more than two years ago and continues to see consumer complaints related to refunds and disputed transactions.

Under the rule, BNPL lenders will be required to:

• Investigate disputes
• Refund returned products or canceled services
• Provide periodic billing statements

The interpretive rule is applicable 60 days after its May 31, 2024, publication at 89 FR 47068 in the Federal Register (Effective date July 30, 2024). While the CFPB states that Administrative Procedures Act does not require it, the Bureau is opting to collect comments on the rule and may make revisions after reviewing any feedback. Comments will be accepted on the rule through August 1, 2024.
Update: Federal Register publication information and effective date have been added. References to a "proposal" have been removed; the interpretive rule was issued to become effective as published, but may be revised after the CFPB reviews the feedback it receives.

The Conference of State Bank Supervisors, which owns and operates the NMLS, is inviting comments on proposed 2025 NMLS fee changes affecting both state licensing and federal registration of mortgage loan originators. Comments are due by Monday, July 22, 2024, at 5 p.m. EDT.

The NMLS will conduct a virtual town hall discussion on the proposal on Thursday, June 13, at 1 p.m. EDT. Registration in now open for the event. Webinar space is limited, but a recording will be made available.

FDIC FIL-25-2024, issued yesterday, provides guidance to help financial institutions and facilitate recovery in areas of Massachusetts affected by severe storms and flooding September 11–13, 2023. The areas included in the declared disaster include Worcester and Bristol counties in Massachusetts.

The CFPB on Monday reported it had taken action against Western Benefits Group for charging illegal advance fees for student loan debt relief and misrepresenting to consumers that advance fees would go toward paying down their loans. The CFPB found Western Benefits also misrepresented that it was affiliated with and endorsed by the Department of Education, and that the company would help consumers consolidate student loans, lower consumers’ monthly student loan payments, or obtain loan cancellation.

The Bureau found that since 2016, Western Benefits Group’s practices caused approximately 5,970 consumers a total of approximately $974,590 in harm, reflecting the total fees they paid, less any refunds.

The CFPB is ordering Western Benefits to permanently cease operations and pay a $400,000 penalty to be deposited in the CFPB’s victims relief fund. The order also rescinds all existing agreements with consumers.

Western Benefits Group is reportedly a nonbank telemarketer headquartered in Pleasanton, California, that has offered debt relief services since at least 2016.

In January 2016, Western Benefits began to market, sell, and administer student loan debt relief services to consumers. Western Benefits used lead generators to increase its inbound telemarketing calls. The lead generators marketed debt relief services to consumers through email marketing campaigns and web campaigns.

• Consent Order against Western Benefits Group, LLC

The FDIC on Friday announced a settlement with Bank of England, England, Arkansas, for violations of Section 5 of the Federal Trade Commission Act (Section 5), the Real Estate Settlement Procedures Act (RESPA), the Fair Credit Reporting Act (FCRA), and the Home Mortgage Disclosure Act (HMDA). The bank has stipulated to the issuance of an Order to Pay Civil Money Penalty (CMP) in the amount of $1.5 million. In addition, nine former employees of the Bank of England have stipulated to individual enforcement actions. Based on the FDIC’s findings, the bank made $1.9 million in remediation to over 900 harmed consumers.

Section 5 prohibits banks from engaging in unfair or deceptive acts or practices. The FDIC determined that the bank, through one of its loan production offices (LPOs), violated Section 5 by misrepresenting to consumers that they would be able to skip multiple loan payments when refinancing a Department of Veterans Affairs (VA) mortgage loan. The FDIC also determined that loan officers’ or LPO’s misrepresented to consumers their relationship with the VA. Bank of England was also fined $129,800 in October 2021 for similar deceptive activity alleging a relationship with the VA.

The FDIC also determined that the bank failed to provide consumers with firm offers of credit and required disclosures as required by the FCRA, and the bank failed to report accurate data on its 2021 loan application register in violation of HMDA.

The nine enforcement actions against former Bank of England employees were announced in January.