Home



The New Fannie Mae, Freddie Mac, and FHLB Whistleblower Rule
Mortgage Banking & Consumer Financial Products Alert
by Kristie D. Kully . February 1, 2010


Federal law, and the Federal Housing Finance Agency, will require Fannie Mae, Freddie Mac, and the Federal Home Loan Banks to report loan fraud or possible fraud to the Agency, and will protect them (and their officers, directors, attorneys, and accountants) from liability for those reports, in accordance with a final rule to become effective February 26, 2010.[1]

While those government sponsored entities have generally been required to maintain fraud prevention policies and to make reports to their respective regulators in the past (in furtherance of the regulators’ safety and soundness responsibilities), this final rule reflects the Agency’s coordination of its regulatory efforts for the entities and implements new requirements imposed in the Housing and Economic Recovery Act of 2008 (“HERA”).[2]   As part of a comprehensive reform of the entities’ regulation, HERA targets mortgage fraud by requiring Fannie Mae, Freddie Mac, and the 12 Federal Home Loan Banks (the “Banks”) to make a timely report of any such fraud or possible fraud in connection with any mortgage loan purchased or sold, and to establish and maintain procedures to discover that fraud.  HERA also provides that any entity that in good faith makes such a report, and any “entity-affiliated party” that in good faith makes or requires a report, will not be liable for the report or for any failure to notify any person who is the subject of or is identified in the report. 

The Federal Housing Finance Agency Fraud Reporting Rule
The Federal Housing Finance Agency (the “Agency”) was created by HERA as an independent agency with consolidated general regulatory authority over Fannie Mae, Freddie Mac, and the Banks.[3]   (Previously, those government sponsored entities were regulated by the Department of Housing and Urban Development/Office of Federal Housing Enterprise Oversight (which oversaw Fannie Mae and Freddie Mac), and the Federal Housing Finance Board (which oversaw the Banks).)  Among other efforts to strengthen the regulation of those entities, HERA created a new statutory requirement for them to target mortgage fraud in the following manner, and as described more fully below:

  • First, the Director of the Agency must require each entity generally to report to the Director upon discovery or suspicion by the entity that it has purchased or sold a fraudulent loan or financial instrument.
  • Second, the Director must require each entity to establish and maintain procedures designed to discover any such transactions.
  • Third, the statute protects from liability any entity and any “entity-affiliated party” that makes or requires to be made a mortgage fraud report.

Reporting Requirements
Specifically, the final rule requires an entity to report to the Director (or his or her designee) under three sets of circumstances:

  1. If an entity discovers that it has purchased or sold a fraudulent loan or financial instrument, it must submit a “timely written report.”
  2. If an entity suspects a possible fraud relating to the purchase or sale of any loan or financial instrument, the entity also must provide a “timely written report.”
  3. If an entity confronts “any situation that would have a significant impact” on the entity, it must immediately report any fraud or possible fraud by telephone or electronic communication.

The final rule continues to require the entities to retain a copy of the report and the supporting documentation for 5 years. 

The final rule does not provide much guidance as to the form or timing of the reports, but indicates that the Agency will be issuing additional prescriptions and form approvals, and that it will consider allowing entities to use a form or format accepted by other regulatory agencies.

What Must Be Reported?
As to what constitutes a “fraudulent loan” or what circumstances otherwise are reportable, the rule defines “fraud” as a misstatement, misrepresentation, or omission that cannot be corrected and that was relied upon by the entity to purchase or sell a loan or financial instrument.  (Thus, an entity is not required to report an error that may be corrected, or a misstatement or omission that would not have affected its decision at the time to enter into an applicable transaction.)  “Discovery” is intended to apply to discovery through any means (e.g., internal processes, government authorities, or third parties).  An entity must report “possible fraud” when an entity has a reasonable belief, based upon a review of information available to the entity, that fraud may be occurring or has occurred.  Ambiguities predictably arise in parsing the statute’s language – such as comparing the duty to report discovered fraud in connection with a fraudulent loan/instrument with the arguably more amorphous duty to report suspected fraud relating to the purchase or sale of any loan or financial instrument. 

While the Agency’s new final rule does not address with specificity the scope of the entities’ duty to identify and report fraud or what constitutes a significant impact on an entity, the Agency promises to provide additional guidance in the future.   As an indication of what the Agency may target in that guidance, the former regulator for Fannie Mae and Freddie Mac explained that among other acts or omissions, it sought information on false information in identification or employment documents, false mortgagee or mortgagor identity, fraudulent appraisals, theft of custodial funds, non-remitted payoff funds, misrepresentations of borrower funds, and property flipping designed to falsely inflate property values. 

What Entity Business is Covered?
HERA imposed the fraud reporting obligation in connection with fraudulent loans or financial instruments that the entities purchased or sold, or possible fraud relating to the purchase or sale of any loan or financial instrument.   In defining “financial instrument,” the rule refers broadly to any legally enforceable agreement, certificate, or other writing, in hardcopy or electronic form, having monetary value including, but not limited to, evidence of an asset pledged as collateral to a Bank by a member to secure an advance.  “Purchased or sold” or “relating to the purchase or sale” means any transaction involving a financial instrument, including any purchase, sale, other acquisition, or creation of a financial instrument by a Bank member to be pledged as collateral to the Bank to secure an advance, the making of a grant by a Bank under its affordable housing or community investment programs, or the effecting of a wire transfer or other form of electronic payments transaction by the Bank. 

Thus, the Agency intends its fraud reporting rule to apply to all the entities’ programs and products, including mortgage loan purchase programs, but also including mortgage-backed securitization programs and secured Bank advances.   The rule provides the example that if a single substitution is made in a securitized mortgage loan pool, and the entity is notified that the substitution was made due to fraud (and in spite of any representations or warranties made by the issuer), the entity must submit a fraud report.  Again, the Agency promises to provide additional guidance in the future specific to certain products or programs, and “expects that the number of reports for each program or product will differ.”

Fraud Discovery Controls, Procedures, and Training Requirements
Imposing a duty to report mortgage fraud that an entity discovers, or suspects based on a review of available information, clearly entails imposing a duty to establish and maintain procedures designed to reveal such fraud.   The entities have previously been required to maintain such controls, procedures, and training.  As part of those controls, the entities have all generally required their business partners to report known or suspected fraud, although the scope of those duties arguably varies or is not crystal clear. 

Fannie Mae, for its part, requires its lender partners to notify it immediately if the lender learns about any misrepresentation or possible breach of a selling warranty, including fraud, regardless of who committed the act or whether it is believed to rise to the level of an actual breach.  Fannie Mae also requires lenders to report to it any fraudulent or dishonest activities by lenders, contractors, or brokers.[4]   Freddie Mac requires its seller/servicers to notify it in writing immediately upon obtaining knowledge of any act or offense by a seller/servicer or a person with management or supervisory responsibilities within a seller/servicer indicating a lack of integrity or honesty, including knowledge of a criminal conviction or civil judgment for commission of fraud.[5]   The Chicago Bank’s Mortgage Partnership Finance Program similarly requires participants to report any incident of suspected fraud or false representation immediately.[6]   Of course, unlike with the suspicious activities reports (SARs) that financial institutions are required to provide under federal banking laws,[7]and unlike the similar protection for Fannie Mae, Freddie Mac, and the Banks in HERA (discussed below), there is unfortunately no express protection from liability for the entities’ lender partners when they report to those entities incidents of fraud, suspected fraud, or other allegedly dishonest activities. 

It is not clear whether or how the Agency will require changes in those requirements for Fannie Mae, Freddie Mac, or the Banks to uncover fraud going forward.   Again, the rule provides few details, simply stating that each entity must establish and maintain adequate and efficient internal controls, policies, procedures, and an operational training program to discover and report fraud or possible fraud in connection with the purchase or sale of any loan or financial instrument.  The Agency otherwise indicates that it may, in certain circumstances, allow the entities to rely upon a third party’s fraud discovery controls or procedures (such as the Chicago Bank’s quality control processes for its Mortgage Partnership Finance Program).  In any event, the Agency promises to provide “due diligence requirements” to uncover fraud or possible fraud in particular products or programs (e.g., collateral, MBS, and whole loans) through separate policy guidance, and promises to include a review of an entity’s controls, policies, and training programs in its examinations.

Protection from Liability for Report
HERA provides that an entity that in good faith makes a fraud report, and any entity-affiliated party that in good faith makes or requires another to make a fraud report, is not liable to any person “for the report” or for “any failure to provide notice of such report to the person who is the subject of such report or any other persons identified in the report.”   That protection extends to liability that could arise under any provision of law, or under any contract, arbitration agreement, or other legally enforceable agreement.  The rule also states that an entity does not waive any privilege under applicable law (such as an attorney-client privilege) by reporting fraud or possible fraud.

The Agency does not describe that protection from “liability for the report” in any greater detail.   The protection language largely resembles the federal SARs safe harbor, which protects financial institutions and their directors, officers, employees, and agents that make a disclosure to the appropriate authorities of any possible violation of law or regulation, including a disclosure in connection with the preparation of a SAR, from liability for the disclosure or for any failure to provide notice of such disclosure.  Thus, the Agency (or a court) may interpret the scope of the entities’ protection in a similar manner.

In addition to protecting Fannie Mae, Freddie Mac, and the Banks from reporting liability, HERA also protects an “entity-affiliated party,” defined as: 

  1. Any director, officer, employee, or controlling stockholder of, or agent for, an entity;
  2. Any shareholder, affiliate, consultant, or joint venture partner of an entity, and any other person, as determined by the Director (by regulation or on a case-by-case basis) that participates in the conduct of the entity’s affairs;[8] or
  3. Any independent contractor for an entity (including any attorney, appraiser, or accountant), if the independent contractor knowingly or recklessly participates in any violation of any law or regulation; any breach of fiduciary duty; or any unsafe or unsound practice; and the violation, breach, or practice caused, or is likely to cause, more than a minimal financial loss.

Although HERA specifies that independent contractors are only protected from liability if they knowingly or recklessly participated in a violation, breach of duty, or unsafe practice, one can imagine Congress intended to include an “unless” or an “except when” in there somewhere.  With that, the Agency’s final rule states that an entity’s independent contractor should be protected regardless of whether he or she knew of or participated in the conduct, and regardless of whether the conduct is likely to cause more than a minimal financial loss.  The rule also includes, among the protected entity-affiliated parties, any not-for-profit corporation that receives its principal funding, on an ongoing basis, from any regulated entity.[9] 

As indicated above, the protection from liability applies not just to “the report,” but to the failure to provide notice of any such report to the person who is the subject of the report or who is identified in the report.   In fact, the rule continues to prohibit an entity or any entity-affiliated party from disclosing to any person that it has submitted a fraud report to the Agency (unless of course the entity or party is required by law to disclose or report fraud or possible fraud, such as to law enforcement authorities, or unless the Agency provides written permission for the disclosure). 

Conclusion
Until the Agency issues additional guidance on the format and content of the fraud reports required by the entities, it is not clear whether the Agency intends to significantly change the format or scope of those reports or its treatment of the information contained in the reports.   Clearly, finding and eliminating fraud is of crucial importance to all participants in the housing finance industry.  Yet, while Fannie Mae, Freddie Mac, and the Federal Home Loan Banks will benefit from the statutory protections against liability for fraud reports made in good faith, HERA does not provide similar protection to approved sellers whose reports may provide the foundation for Fannie Mae, Freddie Mac and the Banks to meet their statutory obligations under HERA.

[1] Reporting of Fraudulent Financial Instruments, 75 Fed. Reg. 4,255 (Jan. 27, 2010) (to be codified at 12 C.F.R. pt. 1731).

[2] Pub. L. No. 110-289, 122 Stat. 2654, § 1115 (codified at 12 U.S.C. § 4642(a)).

[3]The Agency also was given authority over the Office of Finance, previously regulated by the Federal Housing Finance Board.   See 12 C.F.R. pt. 985.

[4] Fannie Mae Single Family 2009 Selling Guide, A3-4-03, Preventing, Detecting, and Reporting Mortgage Fraud.

[5] Freddie Mac Single Family 2006 Seller/Servicer Guide, Vol. 1, Ch. 2.15: Notification concerning Principals.

[6] Mortgage Partnership Finance, PFI Notice 2005-4 (Sept. 9, 2005).

[7] 31 U.S.C. § 5318(g)(3).

[8] However, a member of a Bank is not deemed to have participated in the Bank’s affairs solely by virtue of being a shareholder of, and obtaining advances from, that Bank.

[9] The Agency’s final rule also includes the Office of Finance as an “entity-affiliated party.”

Contacts:
Kristie D. Kully, +1.202.778.9301, kris.kully@klgates.com

This publication/newsletter is for informational purposes and does not contain or convey legal advice. The information herein should not be used or relied upon in regard to any particular facts or circumstances without first consulting a lawyer.

Related Practices / Industries
Mortgage Banking & Consumer Financial Products
Newsletter Registration
Printable Version
Newsstand via RSS



Terms and Conditions of UsePrivacy PolicyCopyright and Trademark NoticeUse of CookiesRSS 
©1996-2010 K&L Gates LLP. All Rights Reserved.

K&L Gates is comprised of multiple affiliated entities: a limited liability partnership with the full name K&L Gates LLP qualified in Delaware and maintaining offices throughout the United States, in Berlin and Frankfurt, Germany, in Beijing (K&L Gates LLP Beijing Representative Office), in Dubai, U.A.E., in Shanghai (K&L Gates LLP Shanghai Representative Office), in Tokyo, and in Singapore; a limited liability partnership (also named K&L Gates LLP) incorporated in England and maintaining offices in London and Paris; a Taiwan general partnership (K&L Gates) maintaining an office in Taipei; a Hong Kong general partnership (K&L Gates, Solicitors) maintaining an office in Hong Kong; a Polish limited partnership (K&L Gates Jamka sp. k.) maintaining an office in Warsaw; and a Delaware limited liability company (K&L Gates Holdings, LLC) maintaining an office in Moscow. K&L Gates maintains appropriate registrations in the jurisdictions in which its offices are located. A list of the partners or members in each entity is available for inspection at any K&L Gates office.

Portions of this Web site may contain Attorney Advertising under the rules of some states. Prior results do not guarantee a similar outcome.