Posts filed under ‘Client Alerts’

Bank/Tech Contract Concerns Issued By FDIC IG

Written by: Lindsay Harden

The FDIC’s independent Office of Inspector General (OIG) issued a report late last week detailing a study it conducted of contracts between financial institutions and technology service providers (TSPs). The report concluded that such contracts are commonly not sufficient to address certain risks that are inherent in these relationships. Specifically, contracts with TSPs frequently lack specificity and completeness with respect to business continuity and incident response procedures and obligations.

For several years the financial regulatory agencies have shown an interest in third-party risk management, including ensuring adequate protection of private customer information. Recently, the FDIC and FFIEC have engaged in further initiatives related to cybersecurity and outsourcing of technology services. However, according to the FDIC’s Division of Risk Management Supervision, contracts with TSPs are generally out of date and do not reflect recent efforts to strengthen cybersecurity.

Based on a review of 48 contracts between financial institutions and TSPs, the OIG report made the following findings:

  • Financial institution analyses do not fully consider business continuity and incident response risks presented by TSPs
  • Key contract provisions provide limited coverage of the TSP’s business continuity planning and incident response and reporting responsibilities
  • Key contract terms lack clear and specific definition
  • The FDIC has implemented numerous initiatives to address cybersecurity risks
  • Financial institution third-party relationship risks remain and will require continued supervisory attention

In addition, the report provided some examples of necessary types of provisions that are frequently missing from contracts. For instance, only half of the contracts reviewed explicitly included business continuity provisions, and only a handful established clear performance standards and remedies for failure to meet those standards. Furthermore, many key terms used in regulatory and supervisory guidance—including “misuse of information,” “unauthorized access,” “significant disruption,” and “cyber event”—were often unused, undefined, or inadequately defined in TSP contracts.

The FDIC has plans to take certain actions by October of 2018 to follow up on the OIG’s recommendations in the report. One such action is continuing to communicate to financial institutions the importance of effective contracts with TSPs through the FDIC’s risk management supervision program, which includes guidance, examination procedures, examinations, and off-site monitoring.

The OIG report and potential FDIC action provide banks with additional leverage in negotiating TSP contracts. Affected banks should closely review existing contracts, and if your contracts are close to renewal, or if you are considering adding services under those contracts, you have an opportunity to address deficiencies.  You should review the terms of the agreement and work with counsel to identify gaps in existing or proposed agreements. Please contact us if you need assistance, as we have significant experience negotiating and drafting contracts with TSPs and assisting banks with TSP vendor diligence.

For more information, please contact Karen Garrett or Steve Cosentino, leaders of our fintech practice.

February 23, 2017 at 10:00 am

CFPB Issues Consent Order for RESPA Violations

Written by:  Robert Harry

On January 31, 2017, the Consumer Financial Protection Bureau (“CFPB”) published a Consent Order with Prospect Mortgage, LLC (“Prospect”) for alleged violations of the Real Estate Settlement Procedures Act (“RESPA”) prohibitions against kickbacks and unearned fees, commonly referred to as “RESPA Section 8”. RESPA Section 8 states that “no person shall give and no person shall accept any fee, kickback or thing of value pursuant to any agreement or understanding, oral or otherwise, that business incident to or a part of a real estate settlement service involving a federally related mortgage loan shall be referred to any person”. RESPA Section 8 applies to, among others, mortgage lenders, title companies, lawyers, servicers, and real estate agents.

The CFPB alleges that Prospect entered into a series of agreements with two real estate brokerage agencies and a loan servicer for mortgage origination referrals. The CFPB noted that Prospect violated RESPA Section 8 by:

1. Using lead agreements to pay brokers for referrals;
2. Using Marketing Services Agreements, commonly referred to as “MSAs” to pay brokers for referrals;
3. Using desk licensing agreements to pay brokers for referrals;
4. Encouraging brokers and agents to require consumers to loan obtain pre-approvals with Prospect’s loan officers
5. Paying the servicer for referrals;
6. Using a third-party’s website advertising to pay real estate brokers for referrals; and
7. Encouraging brokers to use fees and credits to pressure consumers into using Prospect.

The CFPB ordered Prospect to pay a $3.5 million dollar civil money penalty to the bureau. Further, Prospect may still have liability for any private civil action available under RESPA Section 8 to any consumer harmed by these actions, is prohibited from engaging in the activities described in the Consent Order, and must undergo compliance training, and conduct extensive reporting and recordkeeping.

Additionally, and in a departure from the CFPB’s prior RESPA Section 8 enforcement actions, the CFPB also entered into Consent Orders with the two real estate brokerages for accepting the payments in violation of the law. This is the first time the CFPB has enforced RESPA Section 8’s prohibition against kickbacks against real estate brokers under the common use of MSAs, desk licensing, and co-marketing agreements. The two brokerages agreed to pay a combined $230,000.00 in fines and disgorgement due to the alleged violations and may still be held liable under related consumer private causes of action.

The actions by the CFPB reinforce Richard Cordray’s position that the bureau will analyze marketing arrangements between settlement service providers with great scrutiny. The orders rely on internal communications and statements to demonstrate that the facially lawful arrangements under RESPA Section 8 were likely only a means of circumventing the anti-kickback provisions while still paying for referrals. It’s imperative that all settlement service providers carefully evaluate any marketing or business activities with other settlement service providers to ensure compliance with RESPA.

The attorneys at Stinson Leonard Street are uniquely able to counsel and assist clients in the residential real estate finance and sales industry to navigate the complex regulation that is RESPA Section 8.

February 16, 2017 at 10:35 am

Stinson Leonard Street’s Quarterly Banking Seminar – How to Prosper Through Market Change

With the beginning of a new year comes new opportunities in the banking and financial fields. These opportunities, however, are not without potential challenges, obstacles and pitfalls. Focused attention on strategy and problem avoidance is more critical than ever.

Join us Tuesday, January 24 for a panel discussion on some of the hot topics in the banking industry. Learn how new regulations will pose significant compliance and operational challenges for your organization and how you can prepare to implement the right steps to avoid complications and scrutiny.

Our presenters will cover critical changes in the market including :

  • Strategy and Competition
  • Financial Technology
  • Regulatory Landscape
  • Talent Acquisition and Retention
  • Customer Demands
  • The Impact of Global Decisions

This program will be presented from various Stinson Leonard Street locations.

Join us in person in the Denver, Kansas City, Minneapolis, St. Louis and Washington, DC offices for this informative event.

Register online to attend this event.

WHEN:

Tuesday, January 24

Registration: 8:30 – 9 a.m. (MT) 9:30 – 10 a.m. (CT) 10:30 -11 a.m. (ET)

Program: 9 – 11 a.m. (MT) 10 a.m. – 12 p.m. (CT) 11 a.m. – 1 p.m. (ET)

Lunch reception immediately following in Denver, Kansas City, Minneapolis, St. Louis and Washington, DC.

WHERE:

Stinson Leonard Street

Denver [map]

Kansas City [map]

Minneapolis [map]

St. Louis [map]

Washington, DC [map]

December 7, 2016 at 8:00 am

National Bank Charters for FinTech Companies

Written by: P. Michael Campbell

On Friday December 2nd, the Office of the Comptroller of Currency (“OCC”) announced that it would start considering applications for special purpose national bank charters from fintech (financial technology) companies.  The OCC believes that providing fintech companies charters will establish a regulatory framework for the fintech industry.  As noted by the OCC, a company receiving the special purpose national bank charter will be “held to the same rigorous standards of safety and soundness, fair access, and fair treatment of customers that apply to national banks and federal savings associations.”

In addition to regulation by the OCC, a fintech company receiving a charter could be subject to regulation from other governmental bodies, including the Federal Reserve, Federal Deposit Insurance Corporation and the Consumer Financial Protection Bureau.

Any company seeking a special purpose national bank charter is expected to have a well-developed business plan setting forth in “significant detail” the bank’s activities. The plan must also cover the governance structure, capital, liquidity, compliance risk management, financial inclusion and recovery and exit strategies.

SLS is well positioned to advise any company seeking a special purpose national bank charter. SLS has experts in every aspect of the application process and years of experience working with regulatory agencies.

The OCC’s proposal is open for comment until January 15th and is expected to receive many comments as the move has been both applauded and criticized in the financial and banking industry.  SLS will continue to monitor any developments with the OCC’s announcement.

December 6, 2016 at 8:00 am

CFPB Reissues Guidance on Supervised Bank and Non-Bank Relationship with Third-Party Service Providers

Written by:  George Sand

On October 31, 2016, the Bureau of Consumer Financial Protection (“CFPB”) reissued Bulletin 2012-03 (Service Providers) to clarify certain aspects of the risk management program for service providers. The intention behind the release is to clarify that appropriate risk management can be accomplished through giving flexibility to supervised entities.

The CFPB expects supervised banks and non-banks to properly provide oversight to their respective service providers to ensure compliance with Federal consumer financial law and to prevent consumer harm. Section 1002(26) of the Dodd-Frank Act (12 U.S.C. 5481(14)) defines a service provider as “any person that provides a material service to a covered person in connection with the offering or provision by such covered person of a consumer financial product or service.” The fact that a supervised bank or non-bank enters into a relationship with a service provider does not mean such bank or non-bank is absolved from liability for the service provider’s product. The supervised bank or non-bank may be liable for its service provider’s unfair, deceptive, or abusive acts or practices towards consumers. Circumstances triggering supervised bank or non-bank liability include a service provider’s unfamiliarity with legal requirements applicable to the product provided, inadequate efforts to implement such requirements carefully and effectively, and insufficient internal controls, among others. Title X authorizes CFPB to exercise enforcement authority over supervised service providers, which includes the ability of CFPB to examine supervised service provider operations on site.

Under the reissued bulletin, the CFPB clarifies that a supervised bank or non-bank risk management program may vary depending on the service being performed. Factors taken into consideration include the service’s size, scope, complexity, importance and potential for customer harm. The CFPB provides that supervised banks and non-banks should take the following steps with service providers:

  • Conduct a thorough due diligence to ensure service provider has the requisite knowledge and capacity to comply with Federal consumer financial law;
  • Review the service provider’s policies, procedures, internal controls, and training materials to ensure they provide for appropriate operations and oversight;
  • Draft contractual provisions with the service provider that provide “clear expectations about compliance, as well as appropriate and enforceable consequences for violating any compliance-related responsibilities, including engaging in unfair, deceptive, or abusive acts or practices”;
  • Establish internal controls and monitoring procedures for surveillance of the service provider to ensure service provider is abiding by Federal consumer financial law; and
  • “Promptly” react to identified problems, including terminating the relationship when necessary.

November 3, 2016 at 8:00 am

Older Posts


Enter your email address to follow this blog and receive notifications of new posts by email.

Produced & Maintained By

Stinson Leonard Street Logo

Categories

A legal resource for Banking & Financial Services

Archives


%d bloggers like this: