On July 26, 2023, the Consumer Financial Protection Bureau (“CFPB”) published its Summer 2023 Supervisory Highlights (“Supervisory Highlights”). This latest edition focuses on unfair, deceptive, or abusive acts or practices (“UDAAP”) identified by the agency during supervisory examinations completed from July 2022 to March 2023.
In general, the annual Supervisory Highlights communicates information about operational changes to the CFPB’s supervision program and provides some insight into areas of focus for reviews. The 2023 edition covers key examination findings in the areas of mortgage origination, mortgage servicing, and fair lending as well as auto loan origination, auto servicing, consumer reporting, debt collection, deposits, payday and small dollar lending and remittances. For the first time, the Supervisory Highlights also covers findings regarding information technology used by supervised entities.
As with previous editions, the 2023 Supervisory Highlights emphasizes consumer protection and many of the UDAAP examples included cover well-understood issues that the CFPB has commented on in the past.
Notable findings include:
Mortgage Origination:
- The CFPB 2013 Loan Origination Final Rule states that it is not permissible to differentiate compensation based on credit product type, since products are simply a bundle of particular terms and loan originators cannot be compensated based on the terms of a transaction. Some institutions brokered-out certain mortgage products that were not offered in-house. The issue found by examiners were institutions that used a compensation plan that allowed a loan originator who originated both brokered-out and in-house loans to receive different levels of compensation for the brokered-out loans versus in-house loans. This violates Regulation Z by basing compensation on the terms of the transaction.
- The Supervisory Highlights reports findings of institutions not reflecting the correct terms of the legal obligation on disclosures. For instance, an adjustable-rate note may state that the margin plus index will be rounded up or down to the nearest one-eighth of one percentage point, but the institutions’ loan origination system did not round, resulting in a rate calculated contrary to the promissory note in violation of Reg Z.
Fair Lending
- The CFPB found that mortgage lenders violated ECOA and Regulation B by discriminating in the granting of pricing exceptions across a range of ECOA-protected characteristics, including race, national origin, sex, or age. Some lenders maintain policies and procedures that allow for pricing exceptions such as to maintain competitiveness in a particular transaction. However, examiners identified some lenders with statistically significant disparities for the incidence of pricing exceptions at differential rates on a prohibited basis compared to similarly situated borrowers. Weaknesses were found in training programs, design of policies and procedures, mortgage loan officers not following policies and procedures or lacking documentation of having complied with those policies/procedures, and lenders’ lack of oversight.
- The use of criminal history in credit decisioning creates a heightened risk of violation ECOA and Regulation B. Examiners found the that the discovery of a criminal record often prompted enhanced or second-level underwriting review without clear policies and procedures in place.
- Examiners found instances of stricter underwriting standards imposed on applicants who had income derived from public assistance sources.
Technology
- Examiners found institutions engaged in unfair acts or practices by failing to implement adequate information technology security controls that could have prevented or mitigated cyberattacks. Institutions were found to have weak password management policies for certain online accounts, failed to establish adequate controls in connection with log-in attempts or did not adequately implement multi-factor authentication or a reasonable equivalent.
Supervision Program Developments
- The CFPB has entered into discussions with several nonbank entities regarding the CFPB’s supervision program and its benefits in identifying potential compliance issues. The CPFB previously announced its plans to invoke its “dormant authority” to supervise nonbank financial companies that pose risk to consumers. Several Notices of Reasonable Cause were issued based on the CFPB’s authority under the Supervisory Risk Determination Rule resulting in several entities voluntarily consenting to the CFPB’s supervisory authority.
