Compliance Corner

CFPB guidance on indirect auto lending

By Mary Thorson

Historically, indirect auto financing has offered opportunities as a low-risk form of lending, with its risk spread among a large volume of small-balance collateralized loans. Recent regulatory concerns about discriminatory lending practices, discretionary lending standards and effective third-party oversight have cast shadows over the indirect lending channel.

The Consumer Financial Protection Bureau published a bulletin in March announcing that it will start holding banks accountable for the discriminatory actions of indirect auto lenders.

Instead of coming into the bank to apply for a loan, a consumer goes to purchase a car and applies for financing at the dealership. Often, auto dealers submit credit applications to banks, and banks receiving the applications either decline the request or offer to make a loan at a fixed rate. Dealers typically mark up the cost of approved bank loans with what is known in the industry as “dealer reserve.”

The CFPB’s March bulletin points out various chokepoints in the process that it sees potentially creating for fair lending risk.

It states that there may be a misunderstanding of the fact that the coverage of the Equal Credit Opportunity Act extends to financial institutions, nonbank lenders and indirect auto dealers. It encourages institutions subject to CFPB jurisdiction, including indirect auto dealers, to take steps to ensure they are operating in compliance with the ECOA and Regulation B as it applies to dealer markup and compensation policies, including these two actions:

  • imposing controls on dealer markups and compensation policies, or otherwise revising dealer markups and compensation policies, and also monitoring and addressing the effects of those policies to address unexplained pricing disparities on prohibited bases; or
  • eliminating dealer discretion on markup buy rates and fairly compensating dealers using another mechanism, such as a flat fee per transaction that does not result in discrimination.

The CFPB also suggests financial institutions develop a fair lending program that includes these seven elements:

  • up-to-date fair lending policies;
  • appropriate staff training;
  • ongoing monitoring for compliance with fair lending policies and procedures;
  • reviews of lending policies for potential violations;
  • analysis of loan data for potential disparities;
  • regular assessments of loan marketing practices; and
  • meaningful oversight of fair lending compliance to demonstrate senior management and board of director involvement.

Standards and discretion

At the heart of the CFPB’s message to financial institutions and the automobile dealers with which they contract for indirect loans is compliance and risk management. The bureau’s bulletin points out that lenders may need to take additional compliance management steps to mitigate significant fair lending risks. It suggests employing monitoring and taking corrective action, when necessary, for dealer markups and compensation policies that include, but may not be limited to, these four activities:

  • sending communications to all participating dealers explaining the ECOA, stating the lender’s expectations with respect to ECOA compliance, and articulating the dealer’s obligation to mark up interest rates in a nondiscriminatory manner in instances where such markups are permitted;
  • conducting regular analyses of both dealer-specific and portfolio-wide loan pricing data for potential disparities on a prohibited basis resulting from dealer markups and compensation policies;
  • effecting prompt corrective action against dealers, including restricting or eliminating their use of dealer markups and compensation policies or excluding dealers from future transactions when analysis identifies unexplained disparities on a prohibited basis; and
  • remunerating affected consumers promptly when unexplained disparities on a prohibited basis are identified either within an individual dealer’s transactions or across the indirect lender’s portfolio.

Third-party oversight

From recent discussions with community bankers and observation of examination results, it is clear that the federal bank regulatory agencies are pursuing citations for deceptive and abusive practices (UDAAP) as part of their bank examinations for retail products and services, including indirect lending. UDAAP citations are often paired with the technical compliance citation, for instance, involving a violation of an account disclosure or advertising requirement. Examiners can easily make a case that incorrect or omitted disclosures, triggering terms, or errors or omissions in terms and conditions of account operation provided to the consumer could lead the consumer to be significantly misinformed about the product or service.

Community banks should begin to develop comprehensive and effective UDAAP compliance management programs. UDAAP implementation, training and monitoring should be included throughout the compliance program with other laws and regulations.

Coverage of UDAAP is broad, and it should not be overlooked in the indirect lending business. Its requirements and prohibitions should be incorporated into activities including, but not limited to:

  • written policies and procedures in all areas;
  • underwriting standards and procedures;
  • internal or external collections;
  • training;
  • business development, marketing and advertising;
  • product development, terms and conditions;
  • enterprise risk management programs;
  • communication channels, including social media;
  • customer and consumer complaints;
  • internal and external audits;
  • compliance monitoring and review activities; and
  • board of director discussions.

The federal bank regulatory agencies continue to look closely at activities banks conduct through the use of third-party vendors or partners. The parameters of effective third-party risk management dovetail nicely with indirect lending risk management. Regulators expect oversight that includes these steps:

  • due diligence of the third-party, including its ability to comply with federal law;
  • review of third-party policies, procedures, internal controls and training materials to ensure oversight of employees who have consumer contact or compliance responsibilities;
  • contract provisions containing clear expectations about compliance, as well as appropriate and enforceable consequences for violating any compliance-related responsibilities, including engaging in unfair, deceptive or abusive acts or practices;
  • internal controls and ongoing monitoring to determine whether a third party is complying with federal consumer financial law; and
  • prompt action to address fully any problems identified through the monitoring process, including terminating the relationship when appropriate.

Community banks can benefit from indirect lending channels. However, the risks and rewards must be balanced effectively. Good compliance and operational risk management make good business sense.