CFPB to Examine Service Providers—Are You Affected? June 13 Webinar Has Answers!

Lightbulb2A recent blog by law firm Ballard Spahr reports the Consumer Financial Protection Bureau (CFPB) has begun to examine service providers on a regular, systematic basis, particularly those supporting the mortgage industry.  The blog recounts information provided by the CFPB during an American Bar Association (ABA) Business Law Section meeting held May 7, 2017, stating: “The change represents a significant expansion of the CFPB’s use of its supervisory authority and will substantially increase the number and types of entities facing CFPB examinations.”  To be fair, the blog does not specifically mention law firms or title and settlement agencies, but both law firms and title agencies are groups that clearly fall into the category of service providers “supporting the mortgage industry.”

Fortunately, there will be an opportunity to hear more detail about whether title and settlement agents will be subject to increased supervision.  Ballard Spahr is conducting a free webinar June 13, 2017, from 12-1 p.m. (ET) which could provide an opportunity to specifically ask such questions.

For further background on this topic prior to the webinar, carefully read the CFPB’s Bulletin 2012-04, “CFPB to Hold Financial Institutions and Their Service Providers Accountable.”  As is obvious from the title of this five-year-old bulletin, the 2017 announcement to directly examine third-party vendors is not an announcement of new policy, but clarification of how the CFPB intends to implement its longstanding policy to hold third parties accountable.

Read more

On My Soapbox—Is it Fair to Make Title Agents and Law Firms Prove Compliance with Best Practices?

2

Speakers’ Corner Hyde Park 1970’s – Leonard Bentley

For those in the title and legal industries, it can be more than a little annoying to have one’s role in representing lenders characterized as merely that of “third-party service provider.”  Title agencies and law firms perform the same trusted services for the lending community today—handling confidential bank client information and millions of dollars of lenders’ funds, as they have day after day for the last half century!

That being the case, why are title agencies and law firms now being required to jump through hoops to prove they are in compliance with either newly imposed bank standards or ALTA Best Practices?  Can anyone point to an explosion of cases where title agencies and law firms providing services to bank clients have been repeatedly harmed?

The short answer is “no”—currently there is no extensive list of data breach cases that could give rise to the conclusion that any sort of crisis has arisen from dealing with title agencies and law firms.  For those two specific industries, there is almost nothing that lenders can point to and say, “That’s why we need to make every one of you prove that you are following existing law.”  To the contrary, many in the title and legal industry want to tell the lending community, “We are doing a good job, and there is no reason to make us prove compliance when there is no proof of non-compliance.”

Unfortunately, there are some highly visible examples of other bank service providers who have caused the banking industry huge losses.  The following is a list of fines that were levied on financial institutions, not because of what they did, but as a result of the compliance violations committed by third-party vendors hired by those financial institutions.  The blog “Regulators Go After Banks for Vendor Management,” by Reed White, an associate in Bryan Cave’s Atlanta financial institutions practice, outlines the following examples of some of the levied fines:

  • Consumer Financial Protection Bureau (CFPB): Discover Bank, $14 million civil penalty (September 2012)
  • Office of the Comptroller of the Currency (OCC): American Express Bank, estimated $6 million in restitution (September 2012)
  • CFPB: J.P. Morgan Chase, $309 million in restitution and $20 million civil penalty (September 2013)
  • CFPB: American Express, $59.5 million in restitution and $9.6 million civil penalty (December 2013)

Read more

“Beeeeeeeeeep… This Is a Test.”

Ahhh…the jolting sound that sometimes interrupts our prime-time television programming: This is a test.  For the next thirty seconds, this station will conduct a test of the Emergency Broadcast System.  This is only a test.

EBS ScreenThough they are prickly interruptions, we tolerate these tests because they are brief and, perhaps most importantly, we understand that should a real emergency occur, the Emergency Broadcasting System (EBS) would keep us informed.  As it should, system testing takes place before an actual emergency to ensure that notifications function properly before the need is dire.  In the same way, emergency preparedness for a cyberattack should occur before an attack happens.  This blog will concentrate on testing your emergency plan in advance of an attack and analyzing your established insurance policies to see if you would be covered for inevitable financial costs associated with such an attack.

The EBS and its predecessor notification programs have been operating almost the same way since 1951.  When we take a look at why, several underlying principles become apparent:

  1. It’s critical to anticipate a wide variety of potential disasters.
  2. It’s important to have plans in place to deal with such disasters before they occur.
  3. It’s critical that the plans can be implemented in a timely fashion to minimize loss.
  4. It’s crucial to get people’s attention, so the established plans are repeatedly tested.

Read more

Should a Settlement Agency Be Considered a Daycare for Customer Data?

Protect Computer DataAll too often, title and settlement agents give little more than a passing thought to the importance of protecting highly sensitive customer data.  But to the lenders we service, the care and protection of the customer data with which we’re entrusted is extremely important.  That’s because the law unequivocally requires customer data to be protected and, on at least an annual basis, various federal regulators are going to conduct multi-day, in-office assessments of lenders’ policies, procedures, and actual practices to ensure lenders are effectively protecting that data, even when it is in the hands of settlement agents.  Lenders realize that if they fail to protect the data, it can cost millions of dollars in fines, and even more importantly, the incalculable damage associated with the loss of customer confidence.  Title agents need to be more aware of the lender’s perspective on the importance of protecting customer data.

Title agents should think of lender data as the lender’s child and their role in protecting it as that of the lender’s daycare agency.  I think lenders would agree that this is an appropriate analogy.  The care of one’s child and the care of customer data are both of paramount importance.  In this analogy, lenders want to be sure their “sons or daughters” are cared for in a safe and secure “daycare facility” while out of their direct control.  They would want to be assured that while their “child” is at the daycare, it’s protected from a whole variety of rare, but very possible occurrences.  For example, as a parent evaluating a daycare facility, you would likely want to be assured that:

  • No one can randomly walk into the facility and leave with your child.
  • If there was a fire or a tornado, the daycare has a pre-established exit plan to ensure everyone stays safe.
  • During the day, your child’s growing mind is properly nurtured, and you are kept advised about the positive ways the daycare staff is handling those responsibilities.
  • If the daycare takes your child on field trips, there are policies and procedures in place to ensure there will always be enough chaperones, and they are properly trained to watch over the children when they are away from your secure facility.
  • The daycare is regularly inspected by a daycare licensing agency, it has a comprehensive manual outlining processes for carrying out day-to-day responsibilities, and it has an unrestricted offer to allow you to stop by anytime to personally inspect the high degree of care your child is receiving.

Read more