You are here

The Road to Compliance is Flooded

Written by: 
Asaad A. Faquir

 

In the world of regulatory compliance, the biggest issue right now is private flood insurance. Since July 1, 2019, lenders are required to accept private flood insurance in lieu of the standard National Flood Insurance Program (NFIP) flood insurance. As such, borrowers now have a choice—which is great for them and for the $30 billion-in-debt NFIP—but this choice is a problem for financial institutions.

Despite how frequently financial institutions receive enforcement actions, flood compliance is fairly easy. A simplification of the process, prior to July 1, was as simple as:

  1. Get a Standard Flood Hazard Determination Certification (SFHD or “flood cert”) in all cases where the institution is making, increasing, renewing, or extending a loan on improved land with a structure, as defined in the rules.
  2. If the SFHD identifies that the property (and, most importantly, the structure) is in a Special Flood Hazard Area, provide and have the borrower sign a notice which states that they are being made aware that their structure is in a flood zone, and that they need special flood hazard insurance provided by the NFIP. 
  3. Close the loan only when proof of insurance has been provided by the borrower, and make sure that they maintain that insurance in the appropriate amount, without lapse, throughout the life of the loan.

This three-step process was like breathing to an institution: It’s clear, it’s easy, and it requires a minimal amount of effort. However, since July 1, the borrower’s ability to obtain private insurance is having a significant impact on what it means to “get proof of insurance.”

Now, if a borrower presents private flood insurance instead of NFIP insurance to an institution, there must be a process in place to verify that the private insurance policy is at least equivalent to an NFIP policy. While it helps that there’s an NFIP compliance statement private insurers can include in the policy, not all private insurers are using it, nor are they required to use it.

More importantly, if an institution sells loans in the secondary market, a full review of the policy may be required, even if the private insurer provides the compliance language. For example, Fannie Mae specifies private insurance is acceptable with a full review of the policy in their user guide. As a result, financial institutions must either become flood insurance policy experts, or shell out money for a professional to review private insurance policies.

While outsourcing seems like a great idea (and for commercial loans it probably is), paying for this policy review fee will become a compliance issue for consumer residential transactions. This is because fees—and who pays them on these types of transactions—isn’t governed by the flood compliance rules and regulations, but rather by the Real Estate Settlement Procedures Act (RESPA) and Regulation Z. This means that for a large number of traditional community financial institutions making mortgage loans, paying for this private flood insurance policy review becomes a TILA-RESPA Integrated Disclosures (TRID) issue.

And, as any good compliance officer will tell you, not disclosing a fee related to a TRID-covered loan is a big “no-no.” However, for profit-minded institutions, eating the review costs can be an equally big “no-no.” Not to mention the potential disparate treatment issues that can arise from charging one group of buyers a fee, while another group of buyers doesn’t have to pay that same fee. Or even disclosing and charging the fee, which then dissuades buyers from obtaining private flood insurance, and then being written up by a regulator for a de-facto practice of not accepting private flood insurance.   

So what is a financial institution supposed to do? Unfortunately, there are more questions than answers. In fact, when the final rule was released—inclusive of all the comments received from the industry—the rule-writers acknowledged that a lot of issues that were brought up were legitimate and probably significant. However, since the statute was written the way it was, the rules were written exactly as prescribed and according to statute. Meaning: Since the legislature said it should be this way, we (the rule-writers) have to keep it this way, and you (the rule followers) have to sort it out. Not very helpful, but here are some things an institution should do to ensure compliance:

  1. Have these important compliance discussions with the Board and executive management, and decide the best course of action: review internally or pay for an external review.
  2. If the decision is review internally, the institution should have a clear checklist it will use to compare private insurance policies against an NFIP policy.
  3. If the decision is to pay for an external review, the institution should follow its vendor management process and ensure it is able to address all outsourcing risks appropriately through that process (e.g. claw backs for errors).
  4. Disclose all fees associated with the external review appropriately and within the compliance confines of the applicable regulations (even on commercial loans, just to be safe).
  5. Keep a log of all loans with private flood insurance policies for loan risk rating purposes.
  6. Roll the bottom of your pants up above your ankles to avoid the flood waters!

If you’re considering hiring an external resource to conduct your organization’s compliance review and implementation program related to proper flood insurance protocol, reach out to me at afaquir@wolfandco.com or (617) 419-4205.