Compliance Question of the Week 2016
Under the Truth in Lending Act (“TILA”), is there assignee liability to a mortgage loan purchaser?
Yes, but only if (1) the underlying violation is “apparent on the face of the disclosure statement provided in connection with the transaction,” and (2) the assignment to the assignee was voluntary (15 USC § 1641).
A violation is “apparent on the face of the disclosure” if the disclosure can be determined to be incomplete or inaccurate when comparing the disclosure to any itemization of the amount financed, the note, or any other disclosure of disbursement. A violation will also be considered “apparent on its face” if the disclosure does not use the terms or format required under § 1641 of TILA.
Prior to the promulgation of the Know Before You Owe / TILA-RESPA Integrated Disclosure Rule (“KBYO/TRID”), violations of the Real Estate Settlement Procedures Act’s (“RESPA”) disclosure and delivery elements were not generally subject to assignee liability. While KBYO/TRID combined the TILA and RESPA disclosures, Congress did not amend the liability provisions of TILA or RESPA in conjunction therewith. As such, it is unclear how courts and regulators will apply assignee liability to violations of KBYO/TRID. It will likely depend upon whether the CFPB relied upon TILA as authority for the section of the statute which is claimed to have been violated.
What is the timeline for Post-Closing Quality Control (“QC”) audits?
Post-closing QC audit timelines vary by Agency:
i. Fannie Mae requires the loan selection to take place within 30 days of closing, the QC audit and rebuttal should be completed within 60 days of the loan selection, and the final report should be issued within 30 days of the rebuttal. Total timeline is 120 days. A lender must notify Fannie Mae within 30 days of confirmation that one or more defects in the loan file results in it being ineligible for delivery to Fannie Mae.
ii. Freddie Mac requires the results of the QC audit be reported in writing to the senior management team within 90 days of the loan selection. Total timeline is 90 days. If a lender determines that post-closing QC findings affect the eligibility of a mortgage sold to Freddie Mac the lender must notify Freddie Mac in writing within 30 days of such determination.
iii. FHA requires the loan selection to take place on a monthly basis, selection must be comprised of loans closed within the prior (1) one-month period, and the review must be completed within 60 days of the end of the prior (1) one month period. The initial findings must be provided to senior management within 30 days of completion of the initial findings report. A lender must issue its final report within 60 days from the date the initial review findings were reported to senior management. Total timeline is 150 days. A lender must report all material findings it is unable to mitigate to FHA no later than 90 days after the completion of the initial findings report.
Did FHA recently revise the 203(k) Consultant Draw Inspection Fee limit?
Yes, on August 10, 2016, FHA announced that it amended the Consultant Draw Inspection Fee to permit a Consultant to charge a fee that is reasonable and customary for work performed in the area where the property is located, provided the fee does not exceed a maximum of $350. The previous fee limit was $100.
Please see Mortgagee Letter 2016–12 (http://portal.hud.gov/hudportal/documents/huddoc?id=16-12ml.pdf) and HUD Handbook 4000.1, section II.A.9.c.iii.
What is the difference between a Quality Control Audit (QC) and an Internal Audit?
A mortgage lender is required, for a variety of reasons, to implement a QC program that identifies credit and/or regulatory issues in either their origination or servicing functions. A QC audit looks at the end product, regardless if the process is credit or compliance focused. Generally, you find that QC audits, which are basic forms of transactional testing, are narrower in scope than Internal Audits, which tend to be broader in scope.
Internal Audits identify a variety of items such as credit, regulatory, operational, financial, and reputational risks. An Internal Auditor looks at the process itself and independently evaluates the risks and control activities within the process. When Internal Auditors test controls in a process, they are not necessarily looking at the end product like a QC audit, but rather looking at the controls within a process to ensure the end product is attained and all investor guidelines, laws and regulations and industry best practices are followed.
Are both banks and nonbanks required to perform an independent audit of their anti-money laundering (“AML”) program? What are the requirements for such audit?
Yes, the Bank Secrecy Act (“BSA”) requires all residential mortgage lenders and originators to perform an independent review or audit of their AML program. Although the BSA does not specifically set forth the time frame for performing such testing, the Federal Financial Institutions Examination Council (“FFIEC”) indicated that sound practice is for an entity to perform an independent audit of its AML program at least every 12-18 months, commensurate with the entity’s risk profile.
Testing must be performed by both an independent and qualified party. While this does not mean the audit cannot be performed by an employee, the individual or individuals completing the audit must be fully familiar with AML requirements and cannot be involved in any of the AML functions of the Company. As such, the Company designated AML Officer would be unable to perform the audit. For this reason, many entities engage outside service providers to perform independent audits of their AML program.
Whoever performs the review should report directly to the entity’s Board of Directors or Executive Management. Testing should cover all of the entity’s activities and the results should be sufficiently detailed to assist the Board of Directors and/or Executive Management in identifying areas of weakness so that improvements may be made and additional controls may be established. Among other items, the Company’s written policies and procedures should be reviewed as well as the qualifications of the AML Officer and the Company’s training materials and attendance logs.
In recent years, state regulators have commenced examining the AML programs of their supervised entities more closely. In particular, many states now require entities to produce AML policies and procedures, as well as AML risk assessments and independent AML audit results as part of examinations. Failure to maintain these documents can oftentimes result in an adverse finding. Some states also maintain their own money laundering regulations, such as California, Florida, New Jersey, and Texas.
Most recently, on June 30, 2016, New York State’s Department of Financial Services (“NYADFS”) issued a final Anti-Terrorism Transaction Monitoring and Filtering Program regulation. The new regulation, which goes into effect January 1, 2017, requires regulated institutions (banks, check cashers and money transmitters) to maintain a Transaction Monitoring Program that monitors transactions for potential BSA/AML violations and Suspicious Activity Reporting. The regulated entities will have to annually submit a board resolution or senior officer compliance finding to the NYSDFS confirming the steps taken to ascertain compliance with this regulation. Nonbank mortgage lenders and originators are not currently covered by this regulation.