It’s no secret that lenders are living in a more regulated space as a result of interest from the Consumer Financial Protection Bureau. And, as the case of Condor Capital in New York shows, state regulators are likely to flex their own muscle to take on lenders in years to come.
The Condor case is the first legal action initiated by a state regulator under section 1042 of the Dodd-Frank Act. That provision empowers state regulators to bring similar civil actions in federal court for violations of Dodd-Frank’s consumer protection requirements and to obtain restitution for abused customers, as well as securing other remedies under that law.
While most auto lenders make an effort to operate within the realm of the law, the prosecution of Condor and its allegedly criminal behavior is a warning to everyone in the space. There are lessons other lenders can learn from Condor’s sloppy mistakes.
Customer complaints
It was likely consumer complaints that first raised a red flag for the New York State Department of Financial Services.
For lenders, staying on top of complaints, documenting them and addressing each of them, is the first step in fostering a more compliant atmosphere.
When state regulators did arrive at Condor, unannounced, they collected 200 loan files and met with the company’s management. A few months later, examiners from the DFS office spent three weeks on site conducting a triennial safety and soundness examination.
Legal experts say that they probably found violations related to information, security and privacy on site. The state of affairs at Condor likely confirmed the suspicions that helped launch the investigation.
Security was a problem for Condor, and taking care of this should be a top concern for lenders.
In an official complaint, the state said hard copies of customer documents and files were often not locked up and left unattended for indefinite periods. They also said the company stored files on open shelves in a garage attached to the company’s office.
Files should not be stored in a garage out back — but if they are, they had better be securely locked and well organized.
The examiners said there were virtually no documented policies and procedures for almost all the company’s operations. There were no systemic plans or programs to assess or monitor compliance with fair lending and debt collection practices, or to comply with data security regulations and other applicable consumer protection laws. Condor had no internal audit function, segregation of duties, or other basic accounting controls.
In short, the operation was allegedly in violation of a host of regulations. There’s a clear message in the state’s findings.
Be clear, hold yourself accountable, and be proactive. Taking those steps can help streamline regulatory practices and in the end, it’s just good business too.