BUILD IMPLEMENT SUSTAIN Lisa McGreevy Online Lenders Alliance What Do Service Providers Expect From Lenders and What Do Lenders Expect From Service Providers Jason Romrell LeadsMarketcom ID: 648692
Download Presentation The PPT/PDF document "WELCOME TO THE 2016 COMPLIANCE UNIVERSI..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
WELCOME TO THE
2016 COMPLIANCE UNIVERSITY
BUILD. IMPLEMENT. SUSTAIN.Slide2
Lisa McGreevy
Online Lenders Alliance Slide3
What Do Service Providers Expect From Lenders and What Do Lenders Expect From Service Providers?
Jason
Romrell
,
LeadsMarket.com
Doug Greenberg, MoneyLion
Brian Martin, EPIC Loan Systems
Jonathan
Pompan, Venable LLP Slide4
Overview
Regulators
Exposure
KYCSlide5
Lender’s Perspective
What we are looking for in Service Provider (in general):
Business partner
Management and compliance
Low RiskSlide6
Basic Items that we look for:
Compliance Officer
Compliance Program – Policies & Procedures
Regular audits
Belong to a trade group
On-Boarding Process – (Mutual due diligence)Slide7
Basic Items that we look for (cont’d)
Process:
Vendor Management System- Vendor Questionnaire
Complaints Handling Policy/Procedure
Regulatory Actions/Litigation
IT ComplianceBusiness Continuity PlanSlide8
Next Steps
Background check on service provider/company
Background check on owners
Approved
Contract - compliance
Contract allows us to do annual audits
Define how Personally Identifiable Information (PII) will be stored/protected
Obligations – Notify us of any breach or change in ownershipDefining – regulatory requirements, KPI or Service Levels (SLA)
Begin Business Relationship
Checklist may vary depending on the vendorSlide9
EPIC
Loan Systems
What We Expect
Annual Compliance Check
Confirm Lending License
Site Visits
Confirm Authorized POC
Update Contact Lists
Updated T&C and Acceptable Use Policies
What We Provide
Compliance Profile
Privacy Policy
Data Security Policy
Document Retention Policies
References for Other Vendors
Compliance ManagementSlide10
Jonathan Pompan
is co-chair of Venable’s CFPB Task Force and leads Venable’s debt and credit services team. Jonathan has extensive experience representing debt and credit services related companies, including some of the largest debt buyers and collectors and advertisers of financial services in the country, other consumer financial services providers, and their service providers. This work gives him considerable insight into successful strategies for satisfying new and evolving regulatory
expectations. Jonathan has assisted clients in bet-the-company government investigations and litigation pursued by federal agencies such as the CFPB and the FTC, as well as in-state enforcement proceedings involving state attorneys general. His experience includes several CFPB investigations and examination preparation and appeals. In addition, he provides ongoing compliance and general counseling advice to several clients in the debt collection and credit services, lenders, and advertising and marketing sectors.
Jonathan is a frequent speaker, organizer, and moderator of conference panels, and author on legal and regulatory issues of significance to debt buyers and collectors. Jonathan
recently presented on the “CFPB Turns Five” at the ACA International Convention on June 17, 2016, and will be moderating “Lead Gen Legal Responsibility and Accountability: A Sit Down” at the 2016 LeadsCon New York on August 23, 2016.
Jonathan L. PompanSlide11
IMPORTANT INFORMATION ABOUT THIS PRESENTATION
This presentation is for general informational purposes only and does not represent and is not intended to provide legal advice or opinion and should not be relied on as such. Legal advice can only be provided in response to specific fact situations.
This presentation does not represent any undertaking to keep recipients advised as to all or any relevant legal developments.Slide12
Covered Person and Service Provider Liability
Title
X of the Dodd-Frank Wall Street Reform Act gives the CFPB authority to regulate any “Consumer Financial Product or Service” offered by any “covered person.”“Consumer Financial Product or Service
” is defined as those that are offered or provided for use by consumers primarily for personal, family, or household purposes, or that which is offered or provided in connection with such products. 12 U.S.C § 5481(5).A
“covered person” is any person engaged in offering or providing a consumer financial product or service,
any affiliate if such affiliate acts as a service provider, and any related person.
A “service provider” is defined to include “any person that provides a material service to a
covered person in connection with the offering or provision by such covered person of a consumer financial product or service.” 12 U.S.C § 5481(26).
This includes providers that design, operate or maintain the product or service, or that process transactions. It does not include ministerial or non-material support services offered t businesses generally
and those who provide advertising space. A service provider shall be deemed a covered person to the extent it engages in the offering or provision of its own consumer financial product or
service.Key Question: How broad should “service provider” be interpreted? Legislative history suggests not as broad as CFPB may want.A “related person
” isany director, officer, or employee charged with managerial responsibility for, or controlling shareholder of, or agent for, such covered person;any shareholder, consultant, joint venture partner, or other person, as determined by the Bureau (by rule or on a case-by-case basis) who materially participates in the conduct of the affairs of such covered person; and
any independent contractor (including any attorney, appraiser, or accountant) who knowingly or recklessly participates in any—violation of any provision of law or regulation; orbreach of a fiduciary duty.Slide13
Substantial Assistance
Telemarketing Sales Rule (FTC & CFPB)Consumer Financial Protection Act (CFPB)
It prohibited for any person, even if not a covered person or service provider, to knowingly or recklessly provide substantial assistance to a covered person or service provider
in violating section 1031 of the Dodd-Frank Act. See Dodd-Frank Act, § 1036(a)(3), 12 U.S.C. § 5536(a)(3). Analogous to “aiding and abetting” prohibitions
Limited to “knowingly or recklessly” and “substantial” + recipient of the assistance itself must be liable for a UDAAPBroadly applies to “any person” and liability equivalent to recipient of the assistance.Allows CFPB to impose individual liability against owners and managers of closely held companies; and counterparties of entities alleged to have committed UDAAP violations. Slide14
CFPB Bulletin 2012-03
: Service Providers“Consumers are at a real disadvantage because they do not get to choose the service providers they deal with—the financial institution
does, Consumers must not be hurt by unfair, deceptive, or abusive practices of service providers. Banks and nonbanks must manage these relationships carefully and can be held accountable if they break the law.”
- Richard Cordray, April 13, 2012Slide15
What are the CFPB’s Expectations on Service Provider Relationships
Conducting thorough
due diligence to verify that the service provider understands and is capable of complying with the law;Requesting and reviewing the service provider’s policies, procedures, internal controls, and training materials to ensure that the service provider conducts appropriate training and oversight of employees or agents that have consumer contact or compliance responsibilities;
Including in the contract with the service provider clear expectations about compliance, as well as appropriate and enforceable consequences
for violating any compliance-related responsibilities;Establishing internal controls and on-going monitoring to determine whether the service provider is complying with the law; and
Taking prompt action to address fully any problems identified through the monitoring process.
The CFPB recommends that supervised financial institutions take steps to ensure that business arrangements with service providers do not present unwarranted risks to consumers. These steps include:Slide16
In re U.S. Bank, N.A.:
The CFPB ordered U.S. Bank to provide an estimated $48 million in relief to consumers harmed by illegal billing practices based on 3rd party vendor.
The CFPB found that U.S. Bank customers were unfairly charged for certain identity protection and credit monitoring services that they did not receive.
$48 million refund to 420,000 consumers, $5 million civil penalty.
Service Provider Enforcement Examples:Slide17
CFPB ordered Citibank, N.A. and its subsidiaries to provide an estimated $700 million in relief to eligible consumers harmed by illegal practices related to credit card add-on products and services.
Roughly 7 million consumer accounts were affected by Citibank’s deceptive marketing, billing, and administration of debt protection and credit monitoring add-on products.
A Citibank subsidiary also deceptively charged expedited payment fees to nearly 1.8 million consumer accounts during collection calls. Citibank and its subsidiaries will pay $35 million in civil money penalties to the CFPB.
Service Provider Enforcement Examples: (cont’d)Slide18
Supervisory Examination Example
Finally, CFPB recognizes the importance of third-party service providers to the operations of many supervised
entities. However, as the CFPB explained in Bulletin 2012-03, it expects entities to select these
service providers carefully, include compliance expectations in contracts, and monitor service providers’ work and complaints about their work. If a third-party service provider
fails to perform properly, a supervised entity is expected to require remediation and to take measures that may include, in appropriate circumstances, termination of
the service provider’s contract. The fact that a supervised entity enters into a business relationship with a service provider does
not absolve the supervised entity of responsibility for complying with Federal consumer financial law and, depending on the circumstances, it may be held legally responsible for violations by the third party.Slide19
What does this mean for a compliance management system? A better mousetrap?Slide20
A Framework for Analysis of Service Provider RelationshipsSlide21
A Framework for Analysis of Service Provider RelationshipsSlide22
CFPB UDAAP and Other Standards
An act or practice is
unfair when:(1) it causes or is likely to cause substantial injury to consumers;
(2) the injury is not reasonably avoidable by consumers; and(3) the injury is not outweighed by countervailing benefits to consumers or
to competition.A representation, omission, act, or practice is deceptive when:
the representation, omission, act, or practice misleads or is likely to mislead the consumer;the consumer’s interpretation of the representation, omission, act, or practice is reasonable under the circumstances; and the misleading representation, omission, act, or practice is material.
An
abusive act or practice:materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service; or
takes unreasonable advantage of a lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service;the inability of the consumer to protect its interests in selecting or using a consumer financial product or service; or
the reasonable reliance by the consumer on a covered person to act in the interests of the consumer. Other Standards:
Truth-in-Lending Act/ Regulation ZEqual Credit Opportunity Act / Regulation BFair Credit Reporting ActFair Debt Collection Practices Act and Related Requirements Electronic Fund Transfer Act/ Regulation E
Telemarketing Sales RuleGramm-Leach-Bliley ActSlide23
More Information and Questions
For related articles and presentations, see www.venable.com/cfpb/publications. Slide24
A Mutually Beneficial Relationship
Fairness in the contracting process
Terms should be balanced
Avoid “sole discretion” language
Accept responsibility for lending activities, NOAA and other lender-specific activities
Provide an unqualified commitment not to use data you don’t buy, and not to abuse data you do buy Other contract terms Slide25
Cooperate with our due diligence requests
Authority
to lend
Real business, real location, run by real people (accountability)
Data
security policiesIf
an intermediary/agency, you’ve done due diligence for your end-users
Complaints
OLA Best Practices (whether you’re a member or not)Slide26
Issues with Data Case Study:
Do You Know Where Your Data Is?
Do You Know Where it Went? Data
Audits
Jennifer
Galloway, Jennifer
Galloway, PASlide27
Applicable Laws
Protecting Consumer Data
The
Gramm-Leach-Bliley Act (GLBA)
- requires
“financial institutions” that collect nonpublic personal information about customers who obtain a financial product or service to implement policies and procedures to protect the information they
collect. Requires a written security plan.Fair Credit Reporting Act
-
user and furnisher obligationsRed Flags- Identity Theft
- policy needed to protect informationSlide28
Data Security- A Case
Study
Case study
Issue:
A lender with an LMS provider that did not properly handle data
Possible solutions:
Keep a real time copy of your data and have contractual obligations for quick vendor termination for data breach and immediate return of all data along with other contractual terms in place
Seed data to track data flowAudits
Good CMS policy on selection and oversight of vendorsSlide29
Data Security- FTC Cases
Discussion of FTC cases and data issues
See
Start with Security handout from the FTC
https
://www.ftc.gov/tips-advice/business-center/guidance/start-security-guide-business
Slide30
Service Providers- Selection and Oversight
In order to protect the customer information the
Creditor collects, the Creditor should take steps to evaluate and oversee its service providers. The following evaluation criteria should be utilized in selecting service providers
:The service provider’s willingness to comply with regulations that are relevant to the services being provided, including privacy and other consumer protection regulations.
Experience and ability to provide the necessary services and supporting technology for current and anticipated needs.Compatibility and willingness to comply with the Creditor’s privacy policies and information security standards and the adequacy of the service provider’s own privacy policies and information security
standards. Records to be maintained by the service provider and whether the Creditor will have access to information maintained by the service provider.Slide31
Service
Providers-
Selection and Oversight
Functionality of any service or system proposed and policies concerning maintaining secure systems, intrusion detection and reporting systems, customer authentication, verification, and authorization, and ability to respond to service disruptions.
Service and support that will be provided in terms of maintenance, security, and other service levels. The stability and reputation of the service provider within the industry.
Contractual obligations and requirements.The right of the Creditor to audit the service provider’s records, to obtain documentation regarding the resolution of disclosed deficiencies, and to inspect the service provider’s facilities.
Service providers with access to customer information should be required to agree contractually to be responsible for securing and maintaining the confidentiality of customer information.Slide32
Service Providers- Selection and Oversight
Service
providers should be subject to ongoing assessment to evaluate their consistency with selection criteria, performance and financial conditions, and contract compliance.
Maintain oversight of all service providers that touch consumer data and back up your records.Slide33
Legal Disclaimer/Contact Information
This presentation is provided with the understanding that the presenters are not rendering legal advice or services.
Laws are constantly changing, and each federal law, state law, and regulation should be checked by legal counsel for the most current version.
We make no claims, promises, or guarantees about the accuracy, completeness, or adequacy of the information contained in this presentation.
Do not act upon this information without seeking the advice of an attorney.
This outline is intended to be informational. It does not provide legal advice.
Neither your attendance nor the presenters answering a specific audience member question creates an attorney-client
relationship.
Jennifer Galloway
Jennifer Galloway, PA711 S Howard Ave, Suite 200Tampa, FL 33611
T: (813) 401-6161E: jennifer@gallowaypa.comSlide34
Review of Recent CFPB/FTC Cases: What Can We Learn?
Jason
Romrell
,
LeadsMarket.com
Dustin Alonzo, McGlinchy
StaffordSlide35
Underwriting Post-CFPB Rule: Thoughts for Compliance
Moderator: Andrew Smith, Covington & Burling, LLP
Dan Richard,
FactorTrustBill
Colstad, FactorTrust
Slide36
Presenters
Dan Richard, VP Analytics & Product Strategy
Expert at leading the development of scoring models and attribute suites for business use cases including acquisition risk, ability to repay, fraud, direct marketing, account management, collections and enhancement of high-volume data processes.
Bill Colstad, Product Manager
Extensive management experience in the financial services and marketing industries. He has a broad background in direct marketing, risk management, campaign management, market research, strategy and product development.Slide37
ABILITY TO REPAY & RESIDUAL INCOME
Residual Income test
Residual Income = (Net Income) - (Major Financial Obligations)Reasonable projection of incomeAmount and timing of major financial obligations
Covered Loan Check/Presumptions of UnaffordabilityLoans in a sequenceMore than 5 loans in the last 12 monthsMore than 90 days of outstanding loans in last 12 monthsMust review borrowing history
No loans within 30 days of payoff of a short-term loan from the lender or its affiliateIncome and expense validationReport loan to all registered information systems For short-term loans, and for longer-term loans made with ability-to-repay determination
Report to nationwide consumer reporting agency For NCUA PAL loans and 5% Portfolio Default loansSlide38
Residual Income with Configurable Validation Logic
Residual Income calculation:
Stated Monthly Income (application)
Stated housing expense (application)Stated living expense (application)
Monthly debt obligations (FactorTrust + traditional bureau)
Loan payment amount (lender)Residual Income
Considers monthly values for 30 day projection of income and expensesAdditional logic validates whether Residual Income and stated application fields are within lender-configurable thresholds
Estimated Health & Food expenses based on percent of Stated Monthly IncomeSlide39
Covered Loan Check/Presumptions of Unaffordability
Standalone modules to determine “cooling off” period:
Presumptions of Unaffordability modules:
Currently has an open covered loan
Had a covered loan that was paid off in the last 30 days
And meets specific conditions
Greater than three (3) covered loans in a sequence
A total of greater than five (5) covered loans reported in the last 12 months
Greater than 90 days outstanding on covered loans in the last 12 monthsSlide40
Income and expense validation
Combines proprietary and public sources into a single algorithm
Income Validation
Housing Expense Validation for Renters & Owners
Telephone & Utility Expense ValidationSlide41
Complex Reporting Environment
CRAs Have Different Reporting Formats & Reporting Frequencies
Metro 2 (30-day cycle)
Custom (daily, real-time)
Custom (daily)
Custom (daily)
Reporting will become extremely complex, require additional resources and cost to manage
Lenders expected to report to multiple CRAs in multiple formats
One format is expected to be Metro 2 format which is required by the Big 3 credit reporting agencies (CRAs)
Auto Lender
STL Lender
Installment Lender
Title Lender
Other
LENDERS
Equifax
TransUnion
FactorTrust
Bureau X
Bureau Y
Experian
CREDIT REPORTING AGENCIES
Report Performance Updates, Corrections, Errors, Cycle Updates
Covered LoansSlide42
Reporting Gateway Simplifies Compliance
Auto Lender
LENDERS
Equifax
TransUnion
FIS
Bureau X
Bureau Y
Experian
CREDIT REPORTING AGENCIES
Report Performance Updates, Error Corrections, Out of Cycle Updates
REPORTING GATEWAY
STL Lender
Installment Lender
Title Lender
Other
Covered Loans
Reporting Formats
Metro 2 (30-day)
RTR (instant, daily)
Custom (instant, daily)
High Level Benefits
Lender Reports ONCE easing resources
Lenders can configure to report to as many CRA’s as needed
Lenders can report only inquired on loans or all loan data
Secure (SSL encryption)
Enables reporting complianceSlide43
ATR Compliance Dashboard
A management and compliance dashboard with robust insight capabilities
Metrics to help lenders monitor procedures and audit processes
Documents and stores the decisions, data, and scores that factored into how the ATR and residual income was calculated
Reporting capabilities to demonstrate accuracy in loan reporting at the transaction levelSlide44
Enhanced Underwriting
FCRA data elements used in ATR compliance are dual-purposed for actionable underwriting decisionsSlide45Slide46
Why You Should Care About The Nationwide Multistate Licensing System & Registry
Derek
Schultz
Conference of State Bank Supervisors
Slide47
Today’s Presentation
Who we areWhat we do
What you can doSlide48
NMLS: Who we areSlide49
NMLS: Who We Are
State Financial Services RegulatorsPurpose and Goals of NMLS
General Snapshot of Who is Using NMLS for LicensingTrends we have observedSlide50
NMLS – State Financial Services Regulators
State Agencies
OrganizationsConference of State Bank SupervisorsAmerican Association of Residential Mortgage RegulatorsNational Association of Consumer Credit Administrators
Money Transmitter Regulators AssociationNorth American Collection Agency Regulatory Association Slide51
NMLS – Original Purpose and Goals
Information Sharing for StatesUniform Application DataMultiple Regulator Review
NMLS ID – Unique Entity TrackingConsistent Validation Started with mortgage industry then expanded to other supervised financial services in 2012Slide52
Basic to Complex
Basic Goals and Functionality Singular IndustryProvide Better Information for Consumers
Uniform forms for applications Accomplishments and More Complex FunctionalityFacilitated better information sharing for states
Succeeded in providing Better Information for Consumers Reduced Regulatory Burden for Industry and Regulators by Streamlining Multiple ProcessesSlide53
NMLS To Date
As of the end of 2015, 61 state agencies
managed 585 licenses through NMLS.34 agencies managing 167 non-mortgage licenses authoritiesAnother 6
agencies plan on adding 13 additional non-mortgage license authorities to NMLS by March of 2016. States
manage over 2,1000 licensing checklists through the NMLS Resource CenterSlide54
Consumer Finance Licenses in NMLS
20 State Agencies50 License Types
Examples: Sales Finance, Small Loan, Installment Sales, Deferred Presentment3,300 LicenseesSlide55Slide56
Payday lending - storefront
Escrowing agentsPayday lending - online1031 exchange companiesConsumer loan brokeringPrivate student loan lending
Consumer loan lendingNon-private student loan lendingConsumer loan servicingRent-to-ownSales finance company activities – motor vehicles
Accounting/Billing servicingSales finance company activities – generalIndustrial loan lending companiesTitle lending
Pawn brokeringRefund anticipation lendingProperty tax lendingPremium finance company activitiesNon-depository ATM operation
Retail installment sellingPrepaid funeral plan providers
Consumer Finance Business ActivitiesSlide57Slide58
NMLS: What we doSlide59
Policy Initiatives
NMLS InformationSince 2008, NMLS data expanded in scope & quality
New Analytical tools & data available to statesMCR Analytics softwareRenewal DashboardPublic Comment
MSB Call ReportMortgage Call ReportNMLS Consumer AccessSlide60
NMLS Enhancements 2016 and Beyond
State Agency Manager’s Dashboard
MCR Examiners ReportSurety Bond Management
FBI RapBack ProgramMoney Services Business (MSB) Call ReportSlide61
NMLS Enhancements 2016 and Beyond
Data Analytics & User Reporting
NMLS Consumer AccessConsumer Complaint Processing
Exam Management Tool Suite (EMTS)Criminal Background Checks for Directors and OwnersSystem Modernization
Slide62
NMLS: WHAT YOU CAN DOSlide63Slide64
NMLS Consumer AccessSlide65Slide66Slide67
OLA Accredited Companies Panel: What Trips People Up? What Is The Hardest Part?
Roseann
Higgins, NCP Finance
Jennifer Galloway, Jennifer Galloway P.A. Slide68
OLA Accreditation- Overview
Reasons to get accredited:
Shows customers and regulators that you are serious about complying with applicable law.
Committed to OLA Best
Practices
Committed to a robust compliance program
Following the Consumer Financial Protection Bureau’s supervision and examination manual; and
Dedicated to adhering to the highest industry standards.Slide69
OLA Accreditation- Overview
Overview:
This program is carefully designed for both OLA lenders and vendors.
Consists
of a (1) Self-Accreditation process and (2) Subsequent
Third-Party Review.Slide70
OLA Accreditation- Overview
Getting Started
:
Contact OLA with your Interest
OLA will provide an application packet
After you return all completed forms and payment to OLA, Promontory will provide access to the online self-accreditationCollections and Reporting; and
Third Party
RelationshipsThe process begins with an inherent risk assessment followed by specific modules:
Marketing, Application and Origination, Payments and Renewals, Collections and Reporting and Third Party RelationshipsSlide71
OLA Accreditation- Overview
Getting Started
:
After completing
the self-accreditation process, contact OLA for a list of testers who you can hire to perform the independent third-party testing of the Accreditation Seal for your website
The third-party tester will begin an independent assessment of your organization’s self-accreditation and notify you of the resultsAfter successful completion of the assessment, OLA will recognize your company as accredited and provide you with the OLA Accreditation SealSlide72
Introduction to CSO
NCP Funds cash advances, title loans and installment loans for some of the largest retail companies operating as CSO
NCP utilizes the CSO model to fund loans for the payday lending/specialty finance sector. The products NCP holds in the Company’s portfolio include payday loans, title loans and installment loans. Although the underwriting criteria vary between the different product lines, the mechanics of the CSO arrangement are substantially similar for each.Slide73
What Were our Challenges
Coordinating all the information from CSO’s. there is a heavy reliance on how they do business
Obtaining a nice sampling of loans across all CSO’s and all products
Weighing the risk for all our customers.Slide74
How Can Companies Prepare
Maintain good files
Keep communications open with the CSO’s
Be willing to dedicate resourcesSlide75
Why Accreditation is Important
Current and potential customers, along with regulators acknowledge a high standard of compliance
Promotes a culture of compliance Slide76
What
Trips People Up? What is the Hardest Part?Questions?