FDIC Releases Consumer Compliance Supervisory Highlights – UDAP, RESPA Kickbacks, and Fair Lending

Every year, the Federal Deposit Insurance Corporation (FDIC) issues the Consumer Compliance Supervisory Highlights, a round-up of common violations discovered during recent examinations that at times communicates regulatory expectations. The latest edition came out late last week, so what can we learn from this 24 page document? In short, advertising product features requires care, exchanging payments with settlement service providers may result in scrutiny, and fair lending remains top of mind for federal regulators.

UDAP and Advertising Credit Builder Products

Some lenders promote products like secured credit cards as a way for consumers with little to no credit history, or a damaged credit report, to improve their credit score. In some cases, particularly where lenders partnered with fintechs to offer these products, the FDIC found unfair or deceptive acts or practices including:

• Advertising credit building as a benefit to sell products that had no actual features that would improve consumers’ credit scores;
• Marketing credit builder products as improving credit scores via periodic increases in the loan’s credit limit; and
• Making specific claims about how much consumers could increase their credit scores by, based on figures for unrelated products instead of the loan being advertised.

The FDIC suggests several ways to mitigate these risks that boil down to being cautious when making claims about the products’ ability to positively impact credit scores. Lenders should make sure such claims can be backed up with results, as “credit building should be tangible and meaningful and not merely a marketing ploy.” Lenders should provide clear disclosures, ensure product features match promotions, any marketing claims can be substantiated, there is appropriate oversight of any third-party relationships involved in offering credit builder loans, and complaints are monitored.

RESPA Prohibition Against Kickbacks

Section 8 of the Real Estate Settlement Procedures Act prohibits parties involved in most mortgages from exchanging fees or any “thing of value” in exchange for referrals relative to any settlement service. The rules do not prohibit paying settlement service providers for the value of work actually performed, but that requires some documentation. For a quick overview of RESPA’s prohibition against kickbacks, check out this prior post I published last fall.

The FDIC found issues with payments made for mortgage brokerage services that did not comply with Department of Housing and Urban Development (HUD) guidance, specifically Statement of Policy 1999-1 and Statement of Policy 2001-1. This guidance sets some parameters for permissible payments, as Section 8 does not per se prohibit mortgage lenders from making payments to mortgage brokers. Rather, payments to mortgage brokers are permitted if certain goods or services outlined in the HUD guidance were actually provided or performed and the payment is reasonably related to the value of the goods or services. This requirement is generally met when a broker takes the application and performs at least five additional services as outlined in the SOP-1999-1. In some cases, mortgage lenders were not validating whether the brokers were actually conducting sufficient services for a fee to be earned and thus paid in a compliant manner, resulting in Section 8 violations.

The FDIC’s risk mitigation recommendations include incorporating the HUD guidance documents into procedures, applying the principles to digital channels, and implementing robust monitoring of mortgage broker relationships, particularly the services being rendered and the payments being made. ?Also, it is not sufficient to just confirm that brokers are providing a minimum of five of the kinds of services outlined by HUD, but rather the payment made still needs to be reasonably related to the value of those services.

Fair Lending – Third Party Relationships and Redlining

The FDIC also flagged two specific areas for fair lending risks. First, the agency highlighted issues that can arise when partnering with third parties to leverage technology for making unsecured consumer loans and other credit products. One specific institution did not establish the minimum controls, information systems, or underwriting practices to meet safety and soundness requirements while also leading to violations of the Equal Credit Opportunity Act (ECOA) and its implementing Regulation B. For example, the agreement with the third party did not provide for full access to loan transaction records, in turn preventing appropriate monitoring for fair lending risks and oversight of the underwriting.

Specifically, “relevant compliance personnel were not provided access to all variables used in the pricing and underwriting models” used to originate loans with third parties. Third parties were also able to make material changes to pricing and underwriting model criteria without the institution’s review or approval. This is a common tension when working with third party technology, as the partner will view their products, including specifics of an underwriting model, as a trade secret in terms of sharing specifics. However, regulators increasingly expect financial institutions to have an understanding of how complex underwriting algorithms work and be able to identify possible disparate treatment or impact resulting from those programs.

Here, the FDIC’s risk mitigation recommendations include performing periodic risk assessments including relative to automated underwriting models and having specific policies and procedures to address fair lending risks stemming from third-party relationships. The FDIC also recommends ensuring contracts with third parties provide the right to access data and information including lending criteria as well as allowing the financial institution to approve changes in the system before implementation.

The FDIC also found some broader fair lending issues during exams. The FDIC agency noted that the “vast majority” of regulated institutions comply with ECOA and related anti-discrimination laws, occasionally an examination will show a financial institution engaged in a pattern or practice of discrimination. In these cases, federal law requires the FDIC to refer the issue to the Department of Justice (DOJ) for consideration of further enforcement action. In 2023, the FDIC made seven such referrals to DOJ, most of which unfortunately involved redlining, with other referrals related to auto loan pricing and overt discrimination in lending policies.

Four of the DOJ referrals included redlining, a practice where a lender provides unequal access to credit, or unequal terms of credit to certain geographic areas based on the race, ethnicity, national origin, or similar characteristics of the residents of that area. Redlining occurs not only where an area is wholly avoided by a lender, but if there is differences in how a majority-minority area is served, like limited marketing of credit products in those areas. The auto lending referrals related to discretionary pricing without any monitoring of that discretion.

To mitigate these kinds of risks, the FDIC points to compliance management systems as a strong tool to ensure consumers are treated fairly and laws are followed. Specific to redlining risk, the agency recommends understanding the institution’s expected market area and related demographics, evaluating how loan applications are sourced (e.g. branches, marketing campaigns) to confirm that majority-minority areas are reached, and monitoring lending performance in these areas.

Trends in Compliance Violations

Last, but not least, the FDIC’s summary of the most common regulatory violations found during examinations is worth a review. The Truth in Lending Act/Regulation Z tops the list by far, followed by the flood rules and the Electronic Fund Transfer Act/Regulation E, then UDAP (aka “Section 5 of the FTC Act) and the Truth in Savings Act.

The FDIC’s annual report is dense, but signals what regulators are looking for, as well as finding. Chances are that the problems outlined in this report are happening at other financial institutions. Having an understanding of where others erred can help you shore up your compliance program, mitigating a variety of risks, including transaction, operation, litigation, and reputation risks. If it has been a while since your policies and procedures in this area were reviewed, we can help and provide counsel on ensuring compliant practices.