Appellate Court Holds Secondary Market Mortgage Investor Not Liable Under ECOA for Discriminatory Conduct of Unaffiliated Originator

On February 16, the U.S. Court of Appeals for the Fifth Circuit issued an opinion addressing whether Section 8 mortgage applicants may claim discrimination under the Equal Credit Opportunity Act (ECOA) by both a mortgage originator and a subsequent investor in the secondary mortgage market. See Alexander v. AmeriPro Funding, Inc. No. 15-20710, 2017 WL 650193 (5th Cir. Feb. 16, 2017). At issue before the Appellate Court were claims alleging that both the mortgage originator that interacted with borrowers, made credit decisions, and actually gave mortgages to home buyers, and the investor, engaged in the business of investing in or buying mortgages originated by the mortgage originator, were subject to liability for discriminatory conduct in violation of ECOA based upon plaintiffs’ allegations that “they applied for mortgages through [the mortgage originator] and that [the mortgage originator] did not consider their Section 8 income in processing the application because it intended to sell the mortgages to [the investor].”

Ultimately, the Court denied all but a small subset of the various claims asserted by plaintiffs.  Among other things, the Court held: (i) that the record did not support a claim that the investor—having purchased the mortgages at issue in the secondary market after execution—discriminated against and/or failed to consider Section 8 income in assessing the creditworthiness of any plaintiff; (ii) that plaintiffs’ allegations concerning their application with the mortgage originator could not also be applied to a subsequent secondary mortgage investor such as the investor; and (iii) that the record similarly did not support a finding that  the investor was a “creditor” with respect to the plaintiffs and/or the mortgage agreements entered into with the mortgage originator.

The Appellate Court did, however, side with plaintiffs as to those claims against the mortgage originator that set forth facts plausibly alleging conduct on the part of the mortgage originator that might constitute improper discounting of Section 8 income in assessing their creditworthiness. The Appellate Court reversed the district court’s dismissal as to those claims and remanded for further proceedings.

Notably, the Court expressly disagreed with the CFPB’s argument (as amicus) for a broader definition of “creditor” under ECOA and Regulation B’s definition of the term because it determined that “a potential assignee who establishes underwriting guidelines for its purchases but does not influence individual credit it not a creditor,” and that Regulation B’s definition would not include “those who have no direct involvement whatsoever in an individual credit decision.”


NYDFS Landmark Cybersecurity Rule Set to Take Effect on March 1

On February 16, New York Governor Andrew Cuomo announced that with the New York Department of Financial Services’ (NYDFS) publication of a Final Regulation, New York’s “First-in-the-Nation Cybersecurity Regulation” is set to take effect on March 1.  As discussed previously in InfoBytes, the regulation—which requires banks, insurance companies, and other financial services institutions regulated by NYDFS to establish and maintain a cybersecurity program designed to protect consumers’ private data—imposes broad and, in some cases proscriptive, data security and cybersecurity requirements on Covered Entities that venture into new territory for both state and federal financial regulators. Indeed, as described by Governor Cuomo, the regulation reflects New York’s efforts to “lead[] the nation” through “decisive action to protect consumers and our financial system from serious economic harm that is often perpetrated by state-sponsored organizations, global terrorist networks, and other criminal enterprises.”

On December 28, NYDFS had issued a revised proposal of the regulation originally issued in September. As detailed in an InfoBytes Special Alert in January, the December proposal incorporated several changes in response to over 150 comments to the original proposal and testimony presented at a hearing on the regulation before New York State lawmakers. Though the updated proposed regulation did not fundamentally differ from the approach from the original, the revised proposed regulation provided for somewhat greater flexibility in how covered entities could go about implementing the requirements. Among other things, the December 28 revisions provided for: (i) longer time-frames for compliance with its requirements; (ii) more flexibility for compliance with certain requirements and acknowledgement that some requirements may not be applicable to all financial institutions; and (iii) clarifications to certain key definitions.

The newly released Final Regulation of the rule retains the revisions incorporated in the December 28 revision, but also contains the following notable revisions:

  • Record retention requirements for audit trail materials relating to Cybersecurity Events were reduced from five years to three years.
  • Clarification that Covered Entities’ policies and procedures for reporting by Third Party Service Providers of Cybersecurity Events only apply to the Covered Entity’s Nonpublic Information.
  • The limited exemption for small businesses to certain requirements of the rule has been narrowed by including a Covered Entity’s New York affiliates when calculating its number of employees and annual revenue.
  • Further clarification on the exemptions for companies regulated under New York’s Insurance Law.

With the expiration of the 30-day comment period and the publication of the Final Rule, New York’s Cybersecurity regulation is officially cleared to become effective upon publication in the New York State Register on March 1.

InfoBytes will continue to monitor the rollout of this pioneering regulation as it progresses.


FinCEN Renews GTOs for Title Insurance Companies in Six Major Metropolitan Areas Upon Finding that GTOs Provide ‘Valuable Data’

On February 23, the Financial Crimes Enforcement Network (FinCEN) announced the renewal of its existing GTOs Geographic Targeting Orders (GTOs), each of which temporarily require U.S. title insurance companies to identify the natural persons behind shell companies used to pay “all cash” for high-end residential real estate in six major metropolitan areas. Generally, the GTOs require all title insurance companies in the targeted cities to file a FinCEN Form 8300 within 30 days of closing a covered transaction, identifying the buyer, any beneficial owner of the buyer, and the individual primarily responsible for representing the buyer in an “all-cash” purchase of high-end residential real estate. Covered businesses must also retain their records for at least five years after the GTO expires.

Notably, the decision to continue the GTO program for another 180 days—beginning on February 24, 2017—was based largely on FinCEN’s finding that the first GTOs issued back in July are producing “valuable data” that is assisting both law enforcement and FinCEN’s efforts to address money laundering through real estate transactions. Nearly one-third of the targeted transactions covered by the July GTOs ended up involving a beneficial owner or representative who is already the subject of a previous suspicious activity report. The results appear to validate the concerns underlying FinCEN’s rationale for issuing GTOs in the first place, namely the use of shell companies to buy luxury real estate in all-cash transactions.

The targeted geographic areas and corresponding closing price thresholds include: (i) Manhattan ($3 million) and all other boroughs of New York City ($1.5 million); (ii) Miami-Dade, Broward, and Palm Beach counties ($1 million); (iii) Los Angeles County ($2 million); (iv) San Francisco, San Mateo, and Santa Clara counties ($2 million); (v) San Diego County ($2 million); and (vi) Bexar County, Texas, which includes San Antonio ($500,000). In targeting the above-listed metropolitan areas, FinCEN clarified that “GTOs do not imply any derogatory finding by FinCEN with respect to the covered companies.” Rather, as explained by FinCEN Acting Director Jamal El-Hindi, “Money laundering and illicit financial flows involving the real estate sector is something that we have been taking on in steps to ensure that we continue to build an efficient and effective regulatory approach.”

For additional information concerning GTO compliance, FAQs released by FinCEN in August 2016 are available here.

COMMENTS: Comments Off
TAGS: , ,
POSTED IN: Miscellany, Mortgages

FTC Reaches Settlement in Mortgage Relief Scheme with Final Defendant

On February 23, the FTC announced that it had reached a settlement with the final defendant facing charges originally brought against six mortgage relief operations in 2014. The FTC had alleged that the defendants preyed on distressed homeowners by claiming to be able to lower mortgage payments and interest rates or prevent foreclosures, while illegally charging advance fees. The stipulated order requires the defendant to pay $105,487, which represents the amount of money he received from the scam, and imposes a total judgment of more than $1.7 million which will become due immediately if it is found that the defendant misrepresented his finances. The defendant was also banned from the mortgage and debt relief business. Certain other defendants reached settlements in 2016, which, in addition to imposing a judgment of more than $1.7 million, also prohibited them from participating in the mortgage and debt relief business.

COMMENTS: Comments Off
POSTED IN: Courts, Mortgages

Industry Groups Submit Letters in Response to CFPB’s Request for Input Concerning Consumer Access to Financial Data

As previously covered in InfoBytes, on November 17 the CFPB launched an inquiry into the benefits and risks associated with consumers authorizing third-parties to access their financial and account information held by financial service providers. In response to the Bureau’s Request for Information (Dkt No. CFPB-2016-0048), consumer and industry groups have offered their thoughts and positions concerning the issue. A summary of several comment letters is included below:

American Bankers Association (ABA). The ABA submitted a comment letter in which it noted that “technology is fundamentally changing the way financial services are being delivered,” but urged the CFPB, subject to certain enumerated regulatory limitations, to “fairly address[] both the opportunities and risks” in order to “give consumers innovative services that they can trust.” Among other things, the ABA discussed the need for the Bureau to clarify data aggregator responsibility for maintaining the privacy and security of consumer financial data. Specifically, the ABA recommended that the CFPB: (i) impose breach notification obligations; (ii) confirm liability assignments under Regulation E; (iii) subject larger data aggregators to supervisory oversight; and (iv) educate consumers about the choices, responsibilities, and risks presented.

Financial Services Roundtable (FSR). FSR and its technology policy division responded with a letter highlighting the importance of innovation and collaboration and outlining five core elements the group believes should be considered in assessing this “evolving ecosystem.” These elements are: (i) security and privacy; (ii) data access and use transparency; (iii) clarity of liability; (iv) customer choice and control; and (v) technology neutrality. FSR also encouraged the CFPB to avoid unnecessary rulemaking or standard-setting that would “blunt innovation.”

Independent Community Bankers of America (ICBA). The ICBA urged the CFPB, subject to certain enumerated regulatory limitations, to carefully consider the privacy, regulatory burden, data security, and legal implications posed by third-party account access. Among other things, the ICBA expressed concern that “non-bank entities” do not take the same care in protecting consumer privacy and data as community banks and stated that community banks “must be able to protect customer data without having to meet new regulatory mandates which increase the risk of breach and/or consumer loss.” ICBA’s letter also stated that consumers’ rights to have access to their own information should be balanced with ensuring that consumer privacy is not needlessly threatened.

Americans for Financial Reform (AFR). AFR and a coalition of consumer groups set forth the organizations’ position that “the digital economy should ensure consumers can access and use records about themselves, and that consumers can choose to authorize third-parties to access such data on their behalf to support their financial health and facilitate competition among financial services providers.” Among other things, the letter stressed the need for “standards to enforce compliance with Section 1033 to benefit consumers who utilize online data aggregation and other applications.” Additionally, the letter urged the CFPB to confirm that consumers “retain their legal protections vis-a-vis account-holding institutions if unauthorized charges are made to their accounts when they use data aggregation services.”

Financial Innovation Now (FIN). FIN expressed the organization’s belief that regulation of permissioned access to consumer financial account data is “not necessary at this time.” Rather, FIN argued for “standards for permissioned access to consumer financial account data,” which could be “developed by industry, regularly reviewed and updated.” Ultimately, FIN pushed for consumer access to consumer financial account data “securely and easily, using whatever secure application or technology they wish, without charges or restrictions that unreasonably favor any one application or technology over another.”