MLA Compliance – Covered Borrower False Positives/Negatives, Historic Lookback Prohibition; The Downside of Compromise
Greetings Compliance Friends! Let's talk about the Military Lending Act.
The updated MLA rule expands protections to a broader range of closed-end and open-end credit. Since October 2016, to comply with the safe harbor standards, many credit unions have been using one of the safe harbor methods listed in the final rule. The safe harbor methods include 1) checking the member's duty status using the Defense Manpower Data Center (DMDC) database, or 2) using a consumer report obtained from a nationwide consumer reporting agency.
Section 232.5(a) allows a credit union to use its own method to determine whether a member is a covered borrower. However, the regulation only provides a safe harbor when a credit union uses either the MLA database or a member's status that is obtained from a consumer report obtained from a consumer reporting agency (e.g., Experian, Equifax, Transunion). Questions have come up about the historic lookback prohibition, or if the safe harbor seems to have generated a false result?
In order to benefit from the safe harbor, the covered borrower check (DMDC database or consumer report) is required at the time credit is offered or extended. Looking directly at the regulatory language, this prohibition specifically prevents a creditor from using the database (directly or indirectly) to ascertain whether a consumer had been a covered borrower at a previous point in time and still meet the safe harbor. This seems to mean that a credit union has one bite at the apple in order to establish a safe harbor checking with the database after consummation and determining that, in hindsight, the borrower was not covered on the date of consummation does not fall within the safe harbor.
232.5 Optional identification of covered borrower.
(a) No restriction on method for covered-borrower check. A creditor is permitted to apply its own method to assess whether a consumer is a covered borrower.
(b) Safe harbor
(1) In general. A creditor may conclusively determine whether credit is offered or extended to a covered borrower, and thus may be subject to 10 U.S.C. 987 and the requirements of this part, by assessing the status of a consumer in accordance with this paragraph (b).
(2) Methods to check status of consumer
(i) Department database
(B) Historic lookback prohibited. At any time after a consumer has entered into a transaction or established an account involving an extension of credit, a creditor (including an assignee) may not, directly or indirectly, obtain any information from any database maintained by the Department to ascertain whether a consumer had been a covered borrower as of the date of that transaction or as of the date that account was established.
(ii) Consumer report from a nationwide consumer reporting agency. To determine whether a consumer is a covered borrower, a creditor may verify the status of a consumer by using a statement, code, or similar indicator describing that status, if any, contained in a consumer report obtained from a consumer reporting agency that compiles and maintains files on consumers on a nationwide basis, or a reseller of such a consumer report (as each of those terms is defined in the Fair Credit Reporting Act (15 U.S.C. 1681a) and any implementing regulation (12 CFR part 1022))
32 CFR 232.5 (emphasis added).
With the prohibition against historic lookback, if a credit union were to use the DMDC to confirm a borrower's status at a later point in time, those transactions would not qualify for the safe harbor provision. Commentary in the preamble to the final rule suggests that the DoD anticipates credit unions will perform a covered borrower check in connection with each extension of credit made to a covered borrower:
"the Department's longstanding policy regarding this aspect of the scope of 10 U.S.C. 987 is consistent with the provision set forth in 987(f)(3),[120] which makes any credit contract that is prohibited under 10 U.S.C. 987 void from the inception of such contract. Section 987(f)(3) would operate unjustly if a consumer, upon obtaining the status of a covered borrower, could sue the creditor to void an existing credit contract on the grounds that the contract which may have been entirely lawful when originally entered into with the consumer violates one or more provisions of 10 U.S.C. 987. One practical consequence of the Department's longstanding policy is that a creditor is not required to constantly monitor the status of each consumer who has obtained credit or holds an account for credit to assess whether the consumer is a covered borrower; rather, the creditor may conduct that assessment, as the creditor may so elect, only at the outset of the transaction or when establishing the account for consumer credit. The Department proposes to adopt corresponding revisions to the language of certain other provisions of the regulation, notably 232.3(f) and 232.5(b)(2), for the sake of clarity and consistency with this policy."
79 Fed. Reg. at 58601, 58616 (emphasis added).
Overall, if your credit union does receive a false positive or negative, the rule does not clearly address the issue. Reporting the problem and waiting for the database to be updated and running a report later would be problematic in light of the historic lookback prohibition - the covered borrower check cannot be performed after consummation and provide a safe harbor. Delaying closing in hopes that the database updates also may not work for the borrower. If a person says they are not a covered borrower, but the DMDC database says otherwise, the credit union could treat that person as a covered borrower anyway but that has drawbacks. The credit union could also not treat the person as a covered borrower - but relying on information other than the DMDC database or consumer report does not provide a safe harbor which creates some risk.
The good news is false positives or negatives should be rather rare. Recently, one of my colleagues attended a MLA forum with representatives from the DoD who indicated that the DMDC received very few reports of inaccurate results - even with over 2.2 billion covered borrower checks processed through the DMDC between October 3, 2016 and December 8, 2016. During this discussion, the DoD advised that when a credit union receives a false positive or false negative, this is a good time to contact the help desk on the website. This information can be found on the DMDC website, on the right side under the heading resources, select "Help with Browser Certificate Error." Also, in the event a credit union experiences an issue with the DMDC system, the DoD is available to help resolve your issue and receive your feedback. To reach the DMDC Support Office, please call 1-800-538-9552.
Keep in mind that a credit union could use another method besides the DMDC or consumer report to verify a borrower's status, but the transaction in question would not fall under the safe harbor. This would not be a violation of the MLA, as section 232.5(a) specifies that there is no restriction on how covered borrower checks can be performed. It simply means the credit union would not be shielded from liability that might result from a failure to identify a covered borrower. To manage that litigation risk, a credit union may consider working with local counsel to draft policies and procedures which would establish a defense under 10 U.S.C. § 987(f)(5), for example, that the credit unions sufficiently maintains procedures that are reasonably adapted to avoid failing to identify a covered borrower. The decision whether to use the safe harbor or to exercise some other procedure, or both, is a risk-based business decision for a credit union.
NAFCU's Military Lending Act Guide provides a detailed overview of the rule. Other NAFCU resources can be found here at our MLA Compliance landing page. We continue our advocacy on this issue as well, especially on credit card related issues given the October 3, 2017 compliance deadline.
***
The Downside of Compromise. Did you know that when the legislation that became Dodd-Frank was debated, NAFCU opposed giving the CFPB rulemaking authority over the credit union industry? Check out this CU Journal editorial from NAFCU's President and CEO, Dan Berger giving background on our position and NAFCU's continued commitment to pull credit unions from the regulatory authority of the CFPB.
This Week's NAFCU Webcasts.
Embedding Cybersecurity into Vendor Selection
Live Webcast: Tuesday, February 28 | 2:00-3:30 p.m. ET
Enterprise-Wide BSA Compliance: All for One and One for All
Live Webcast: Thursday, March 9 | 2:00-3:30 p.m. ET