Posts Authored by David K. Stein

PHH’s hidden gem

The long-awaited en banc decision in PHH Corp., v. CFPB has finally been issued. The Court of Appeals for the D.C. Circuit upheld the constitutionality of the Consumer Financial Protection Bureau (CFPB) and reversed a prior finding that its structure is unlawful. This case has been discussed for years, with good reason.What is truly notable is the underlying issue that was appealed in the first place:  the CFPB’s new interpretation of RESPA regarding payments for business referrals. 


Consumer Lending and Services, Federal Regulatory, Legal Developments

TCPA: Not all leads are created equal

This year, more than 5,000 lawsuits alleging violations of the Telephone Consumer Protection Act (TCPA) have been filed. Many of these suits are destined for class action status.

The TCPA, in its present state, is almost unworkable for most modern businesses, most of which now drive business through technology and automation. If your company is engaging in any form of phone sales based on leads created through the internet or smart phone applications, it is particularly at risk. Read more >>

Federal Regulatory, State Regulatory

Federal district court sanctions CFPB for violations of discovery orders

A federal court in Georgia recently imposed sanctions on the Consumer Financial Protection Bureau (CFPB) after finding that the regulator engaged in a pattern of conduct that warranted substantial penalties. While the bureau is usually the accuser of wrongful conduct, it had some explaining to do in CFPB v. Universal Debt Solutions. Read More >>

Consumer Lending and Services, Federal Regulatory, Legal Developments

Ohio DFI issues data security guidelines

In response to increased financial fraud issues, the Ohio Division of Financial Institutions (DFI) recently issued data security guidelines. While the DFI specifically addressed debit card issues, its language indicates expectations for all institutions, requiring active steps to implement data security measures.

The DFI emphasized the following obligations:

  • Daily review of security-related issues
  • Email security and encryption
  • Timely review of security and activity reports
  • Suspicious activity report (SAR) training
  • Standardized security controls
  • After hours mechanisms to control suspicious activity

At its Ohio Banker’s Day on March 31, 2016, the DFI spent considerable time discussing financial fraud. It is apparent that further guidelines and bulletins will be forthcoming and will apply to all consumer-related activity, including lending. In light of its supervisory bulletin, verbal statements and the Consumer Financial Protection Bureau’s recent order in Dwolla, it is expected that data security will be a priority item in any future Ohio financial institution examinations.

Compliance Management, Consumer Lending and Services, State Regulatory

Announcing our Cybersecurity Law blog

Readers of the Financial Services Law blog are invited to visit our newly-launched Cybersecurity Law blog, an online resource featuring news, information and legal analysis on current cybersecurity and data breach issues. Articles and posts, authored by Bricker & Eckler attorneys, share in-depth insights and legal implications on topics that have both local and global significance.  

We encourage you to subscribe to the blog via FeedBurner to have frequent updates sent directly to your inbox. Additionally, be sure to visit the blog and bookmark the site for easy reference. 

Compliance Management, Consumer Lending and Services, Depository Institutions, Fair Lending, Federal Regulatory, Federal Regulatory, Legal Developments, Non-Depository Institutions, State Regulatory

Do your company’s cybersecurity practices deceive consumers?

Not a day goes by without breaking news of a cybersecurity breach. Indeed, thoughts of a system hack keep many executives up at night. Small- and medium-sized businesses often fear that they do not have the robust resources or staff to adequately handle these threats.

The Consumer Financial Protection Bureau (CFPB) has now weighed in on these issues with a consent order that delivers cybersecurity guidelines.Of particular importance is the fact that the CFPB has now used its ultimate weapon — Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) — as a tool to ensure that companies adopt effective security protocols.

For a detailed analysis of the CFPB's consent order and what it means for consumer-facing businesses, read the latest Cybersecurity Insight

Federal Regulatory

The myth of fingerprints: Maturity in compliance

Fingerprints are unique to each individual. Likewise, every company is unique. However, the need for every lender to maintain effective management and control is the same across the board. Every financial institution is in the same boat, whether or not you think the CFPB will examine you and whether or not you feel your organization is subject to the bureau’s oversight. (Yes, they can and will regulate any company coming between a consumer and its money.) 

What are you doing to address this issue? Are you prepared to handle the scrutiny that may be headed your way? Read more.


Compliance Management, Consumer Financial Protection Bureau, Federal Regulatory

What are you doing to build relationships with state regulators?

For today’s mortgage providers, seeking meaningful interaction with state regulators, beyond the licensing process, is essential. In her recently published Mortgage Compliance magazine article, “In Your Face – Seeking Meaningful Interaction With Your Regulators,” Bricker & Eckler attorney Jackie Mallett urges business leaders to be aware and take advantage of opportunities to network with regulators. Specifically, Jackie gives tips on communicating face-to-face with regulators at two national events: the Nationwide Mortgage Licensing System (NMLS) and the American Association of Residential Mortgage Regulators (AARMR) annual conferences.

Federal News, Non-Depository Institutions, State Regulatory

Are MSAs lawful? CFPB finally makes a statement: It’s all in the facts

The CFPB has just published written guidance on the issue of marketing service agreements (MSAs). These agreements create significant regulatory and legal risk, given that the Real Estate Settlement Procedures Act of 1974 (RESPA) establishes significant civil and criminal sanctions for steering business or providing “kickbacks” for the referral of business among real estate settlement service providers.

In the past year, several major RESPA penalties were ordered by the CFPB, with the bureau’s language striking at the very heart of whether relations between lenders and other real estate participants would ever be deemed lawful. Now, the CFPB has spoken directly to the issue.

In its October 8, 2015, Compliance Bulletin, the bureau has brought considerable doubt as to whether the exchange of money or referrals between providers can ever been free from risk. Read more in the latest Bricker publication.

Consumer Financial Protection Bureau, Legal Developments

Want some regulatory relief?

These days, you have to take relief when you can get — even if it is in small doses. This week, HUD granted some relief for FHA-approved mortgagees. HUD issued ML 2015-21, which grants additional time to utilize loss mitigation options or initiate foreclosure in certain circumstances. 

HUD mortgagees must utilize a loss mitigation option or commence foreclosure within six months of default (Regulation X). Thus, an extension of this timeline is a blessing and a curse. Using an extension may further delay the foreclosure process. However, complying with the CFPB-imposed timelines is often difficult, if not impossible. 

In granting mortgagees extra time, HUD reiterated the fact that there are already eight automatic extensions available to mortgagees who may be unable to initiate foreclosure in the time required. HUD has now introduced two additional “new and improved” automatic extensions.

HUD will now allow an automatic extension for commencing foreclosure in those cases in which the servicer needs additional time to comply with the appeals process required by the CFPB. If there is a formal loss mitigation denial, a 90-day extension will begin to run on the date the mortgagee sends notice to the borrower that the loss mitigation effort has been denied. 

In addition, HUD has allowed an automatic 90-day extension in cases where a federal regulation requires a delay in the initiation of foreclosure and the delay is not covered in any of the other automatic extensions. 

In both of these cases, mortgagees do not need to obtain HUD approval via the EVARS system. However, the mortgagee must document the use of the automatic extension in the claim review file and file reports related to the extension in the SFDMS and on HUD Form 27011, Part A. 

The loss mitigation and foreclosure process is very complicated and requires some clear planning and strict adherence to a variety of time restrictions. Those lenders that utilize subservicers must prioritize compliance with these standards in their oversight procedures. 

Any compliance relief related to stringent timelines is always welcome, given that lenders are held to a high standard of compliance. So, take this as an ounce of good news.

Consumer Financial Protection Bureau, Federal Regulatory, Legal Developments
  • 1
  • 2
  • 3