CFPB Update: Lender Audits Ongoing

CFPB Update: Lender Audits Ongoing

Background: The CFPB is BornCFPB_2tone_Horiz_RGB

In 2010, President Obama signed the Dodd-Frank act into law, which changed financial and banking regulations and created a federal agency dedicated to consumer financial protection, the Consumer Financial Protection Bureau (CFPB). Much of the Dodd-Frank act has already taken effect, although the new disclosure forms (known as TRID, short for TILA RESPA Integrated Disclosure) weren’t finally adopted until October of 2015. Under the Dodd-Frank act, the CFPB is responsible for regulating the mortgage industry, which includes enforcing and maintaining regulations under the Truth In Lending Act (TILA) and the Real Estate Settlement Procedures Act (RESPA) as well as the Dodd-Frank act. The CFPB has already begun auditing lenders and mortgage service providers; at first, it was much larger lenders that were primarily being audited by the CFPB, but now there has been some news of smaller lenders also being audited by CFPB examiners.

CFPB Now Auditing Smaller Companies

There are a number of accounts of the CFPB auditing smaller lenders, and sometimes taking further actions. It’s difficult to find statistics about CFPB audits, although there is a lot of information about audit processes and specific enforcement actions. Michigan’s Lighthouse Title was recently fined because of RESPA-violating marketing services agreements. In May of 2013, the CFPB took a similar enforcement action against Paul Taylor Homes and Benchmark Bank of Dallas, TX.

How Has Dodd-Frank Changed the Real Estate Closing Process?

  • The HUD-1, TIL, and GFE forms replaced by TRID/KBYO Integrated Disclosure
  • New standards and time limits for mortgage statements, disclosures, and notices
  • Lenders now take all liability for mistakes made by mortgage servicers
  • The CFPB has taken over some of the enforcement authority from the FDIC
  • Part of the CFPB’s audit checklist is to confirm that the lender or mortgage service provider is following the data privacy rules of the Gramm-Leech-Bliley act (which requires a written security plan)

What Does This Mean For Real Estate Closers?

  • We’re seeing more compliance and data security pressure from lenders. Because of the liability shift to lenders and because of the CFPB’s ongoing auditing and enforcement processes, lenders are under a lot of regulatory pressure which is being passed on to settlement services and other third-party service providers. The CFPB’s 2012-03 Bulletin explains that it will expect lenders to “review[] the service providers’ policies, procedures, internal controls, and training materials”, and also that lenders must “establish internal controls and on-going monitoring to determine whether the service provider is complying with Federal consumer financial law…”
  • Be ready to take data security rules more seriously. Data security regulations (especially Gramm-Leech-Bliley) have applied for years to anyone even remotely involved in the mortgage process; however, now there is a regulatory agency actively enforcing these for settlement services.
  • You can now be audited by the CFPB in person. Although the CFPB is currently focusing more on auditing larger lenders, their mandate requires them to audit mortgage servicers and lenders of all sizes. From the CFPB’s 2012-03 Bulletin, they stated very clearly that “Title X [] grants the CFPB supervisory and enforcement authority over supervised service providers, which includes the authority to examine the operations of service providers on site.”

Where Can You Get Help With Compliance Management?

  • Direct iT’s compliance team is very experienced at helping with the IT and technology side of the compliance process. We can perform technical risk assessments and help you establish a written information security plan (as required by the CFPB as well as state data security regulations).
  • ALTA’s Best Practices 2.0 is a set of policies and procedures developed by ALTA (American Land Title Association); while not officially endorsed by the CFPB, ALTA has been very involved with the CFPB rule-making process and has developed their Best Practices with compliance in mind.
  • An ongoing network maintenance and monitoring program like Direct iT’s RemoteNet program is essential for ensuring that the minimum standard of data security required by Gramm-Leach-Bliley is met.

Where Can You Read More About The CFPB And Dodd-Frank?

16 CFR 314.4 (data privacy rules authorized by Gramm-Leech-Bliley act)

CFPB Examination Procedures for Mortgage Servicers

ALTA Best Practices

CFPB Bulletin 2012-03

CFPB Auditing Small Texas Builder


Call Direct iT Today!


One of our IT specialists is waiting to talk to you.

About Direct iT

Direct iT, Inc. is a New England based IT services firm offering products and services for small businesses in Greater Boston, New Hampshire, Rhode Island, and the rest of New England. Cloud, compliance, and document management services are also available worldwide. Many of our customers are along the Route 128 technology corridor.

Direct iT, Inc. Main Offices

39 Emerson Rd. Suite 215
Waltham, MA 02451
Sales: 781-890-4400
Support 781-890-1907