<img src="https://ws.zoominfo.com/pixel/pIUYSip8PKsGpxhxzC1V" width="1" height="1" style="display: none;">

Want to Avoid Litigation? Make Sure Your Financial Institution Isn’t Making These Three Common Mistakes

7 min read
Apr 27, 2021

Litigation is time-consuming and expensive—not to mention a huge risk to the reputation of a bank, credit union, or mortgage company.  Why do lawsuits happen and what steps can financial institutions take to minimize their exposure? In many cases, it comes down to compliance. 

Read on for three common compliance management mistakes that can result in litigation. 

1. Not understanding Home Mortgage Disclosure Act (HMDA) and Community Reinvestment Act (CRA) public data. 

Financial institutions are required to accurately collect and report certain data fields about applications, originations, and purchases of covered loans under HMDA. HMDA data is used for fair lending examinations, compliance examinations, and CRA examinations. Reporting errors by financial institutions can result in consequences like data resubmission demands, examination and regulatory violations, civil money penalties, and litigation.

april webinarBanks are also required to report CRA data. CRA was enacted to address redlining (the practice of denying financing to low and moderate-income (LMI) communities of color). While credit unions and non-bank mortgage companies are not required to comply with CRA, several states have been considering enacting their own version of CRA. There has been talk of revising CRA to possibly include non-bank financial institutions as well as reexamining the prior administration’s revisions of the CRA. 

Racial equity is one of the Biden administration’s top priorities, which will undoubtedly lead to increased enforcement and litigation by agencies such as the Consumer Financial Protection Bureau (CFPB). In this climate it is extremely important that all financial institutions understand the consequences of collecting and reporting HMDA/CRA data accurately, to avoid the threat of costly penalties, reputational harm, enforcement actions, and costly, time consuming litigation.  

Related: What Is Regulatory Change Management at Financial Institutions?

Recent violations 

The CFPB has instituted several enforcement actions since it issued a public statement expanding the types of required mortgage loan reportable data by financial institutions in 2017.  For example, it ordered Nationstar Mortgage LLC to pay a $1.75 million civil penalty for violating the HMDA by reporting inaccurate data about mortgage transactions from 2012 through 2014.  

Just as concerning as the enforcement actions and consent orders we know about are the ones we don’t know about. Some EAs and consent orders are only made known to the public during litigation. For that reason, litigation poses an even greater risk of reputational harm to a financial institution.  

In 2020, the CFPB initiated a lawsuit against Washington state bank for reporting inaccurate HMDA data between 2016 and 2017. The CFPB settled the lawsuit, requiring the bank to pay a $200,000 civil money penalty (CMP) and develop and implement an effective compliance management system to prevent future violations.  

The CFPB also initiated a lawsuit against Townstone Financial, a non-depository mortgage lender and broker, in 2020 for allegedly committing fair lending violations which the CFPB discovered via HMDA data. The CFPB lawsuit against Townstone Financial alleges that from 2014 through 2017 HMDA data Townstone engaged in unlawful redlining and acts that discouraged prospective applicants from applying for credit in the Chicago Metropolitan Statistical Area (MSA) on the basis of race. This lawsuit is still pending. If the CFPB is successful, it will likely become the basis for similar suits.  

Related: Fair Lending Enforcement Is Heating Up: Avoid These 3 Mistakes 

State agencies and national organizations have also initiated lawsuits against financial institutions for HMDA/CRA fair lending violations. The Connecticut Fair Housing Center and the National Consumer Law Center filed a lawsuit alleging a Connecticut bank violated the Fair Housing Act (FHA) and CRA by redlining and drawing assessment areas that largely excluded majority-minority communities. The lawsuit settlement requires the bank to make an additional $10 million available to borrowers at below-market mortgage rates, set aside $300,000 to promote minority homeownership and access to credit in LMI neighborhoods, open a new loan production office in Hartford, Conn., and expand its community development loan program by $5 million.  

Takeaway: These lawsuits demonstrate that understanding how to accurately report HMDA and CRA data is essential to ensuring your financial institution avoids and minimizes litigation risks. Make sure you’re following all developments, including the Federal Financial Institutions Examination Council's (FFIEC) 2021 Guide To HMDA Reporting: Getting It Right! It includes a summary of responsibilities and requirements, directions for assembling the necessary tools, and instructions for reporting HMDA data for financial institutions. The Guide also reflects updates in accordance with the Consumer Financial Protection Bureau’s (CFPB) HMDA Rule issued in April 2020.  

2. Ineffective management of consumer complaints.

The CFPB’s Consumer Response Annual Report for 2020 showed a 54 percent year-over-year increase in consumer complaints. Consumers have been submitting more than 3,000 complaints a month mentioning coronavirus keywords. States have also been seeing an uptick in consumer-initiated complaints to attorneys general offices. For instance, consumer complaints have increased by over 50 percent in Washington, D.C., in 2020.  

It is clear that consumers are actively filing complaints directly with their financial institutions as well as federal, state, and national consumer advocate agencies. A robust compliance management system with complaint policies and procedures can help financial institutions avoid litigation that arises when internal complaint management processes are lacking.  

Related: 5 Features Your Consumer Complaint Management Program Needs to Succeed 

For instance, several banks and credit unions have faced allegations that they used deceptive practices in charging customers excessive overdraft fees. Excessive bank overdraft fees lawsuits have been filed and/or settled against a variety of banks and credit unions, including Wells Fargo, Navy Federal Credit Union, Bank of America, M&T Bank, HSBC, UMB Bankand Wachovia. These costly lawsuits can also harm an institution’s reputation. For example, Florida-based credit union agreed to pay $2.375 million to settle a class-action lawsuit regarding its overdraft fee practices, and a federal judge awarded $203 million to Wells Fargo customers for abusive overdraft fee practices. Both of these cases were widely publicized and scrutinized by consumer advocates. 

In most cases, customers’ complaints were widely overlooked and not handled promptly before these lawsuits were filed, resulting in customers filing bank overdraft fees lawsuits. Now that consumer rights attorneys have caught wind of this systemic issue with overdraft fees, consumer advocate law firms are actively soliciting consumers to join class-action overdraft fee lawsuits.  

Related: What Are Examiners Looking for in 2023? A Look at the OCC and Operational Risk and Compliance

3. Lack of third-party oversight. 

A lack of third-party oversight is a compliance and vendor management risk that can also lead to various types of litigation risk.  

For example, banks’ and credit unions’ lack of third-party oversight over technology vendors has resulted in lawsuits and pending threats of lawsuits for various patent infringements. USAA filed two Remote Deposit Capture (RDC) technology patent infringement lawsuits against Wells Fargo in the summer of 2018. In both lawsuits juries found in favor of USAA and determined that Wells Fargo willfully infringed on two of USAA’s RDC technology patents. This includes an “alignment guide” patent that assisted in image captures and a monitoring-system criteria patent, where systems and methods for image and criterion monitoring are activated during mobile deposits.  

These lawsuits were not only costly for Wells Fargo, but time consuming NAFCU now warns its credit union members that “USAA could decide to increase its efforts to secure licensing fees from financial institutions, including credit unions; and should USAA take this kind of route, the use of RDC technology will increasingly be an area of litigation risk for credit unions.” NAFCU noted that credit unions that offer RDC do so through a vendor or a third-party’s software and advised its members to review these third-party vendor contracts to determine how indemnity is addressed, and to what extent the technology provider makes warranties or guarantees that the software or product does not infringe on any other party’s patents.  

NAFCU’s warning and advice, coupled with USAA’s successful lawsuits against Wells Fargo demonstrate the lack of third-party oversight can lead to litigation.  

Related: Advanced Data And Ncontracts Develop Strategic Partnership

How tavoid litigation  

These three examples of common litigation risks show how defects in a financial institution’s compliance management system can result in banks, credit unions, and mortgage companies defending themselves against lawsuits brought by consumers, third parties, and state and federal agencies.  

While HDMA/CRA reporting errors, ineffective consumer complaint management, and poor third-party oversight can cause litigation risks, they are not the only compliance management fails that can lead to lawsuits. There are many other potential sources.  

In its 2018 updated Litigation And Other Legal Matters Report, the Office of the Comptroller of the Currency (OCC) noted that external-party initiated litigation occurs when an action has been threatened or initiated against a financial institution. This litigation may involve allegations of errors, omissions, violations of law, damages, or personal injury caused by the FI, its management, or its staff. The OCC further advises that the primary risks associated with litigation and other legal matters are compliancereputation risk, and then strategic, credit, and operational factors 

The OCC identified several recommendations to control, minimize and mitigate litigation risk. They include:  

      • Compliance management. Implement systems and controls for compliance with laws, regulations, and other legal requirements. 
      • Risk management. Identify, measure, monitor, and control risk by implementing an effective risk management system appropriate for the size and complexity of your operations. 
      • Policies and processes. Have policies and processes in place to reduce the likelihood of litigation, prevent undue harm to reputation, control expenses associated with litigation, and mitigate potential liabilities. 
      • Complaint management. Since legal action often begins as a consumer complaint, have a process for identifying, managing, and analyzing complaints. 
      • Legal counsel reviews. To identify potential litigation and reduce its likelihood, have legal counsel (internal or external) participate in reviews of products and services, use of third parties, loan, investment documents and correspondence, and large loss events to identify and determine any potential liability issues or legal exposure. 
      • Company culture. Establish a culture of ethical standards. 
      • Company compensation. Establish compensation systems that are aligned with risk management objectives. 
      • Capital reserves. Maintain adequate capital or specific contingency reserves to cover potential judgments or settlements consistent with generally accepted accounting principles. 
      • Training. Implement training programs and internal control processes to identify, limit, and manage litigation exposure. 
      • Vendor management. Oversee and monitor third-party relationships for general and legal services. 
      • Insurance coverage. Ensure adequate insurance coverage as a risk-mitigating control against adverse legal settlements. 
      • Internal and external audit activities. Any area of the FI that is subject to litigation and other legal matters should be considered for audit program coverage.  

Don’t get caught up in litigation. Mitigate litigation risk with a strong compliance management system. 


Subscribe to the Nsight Blog