FDIC: Guidelines For Payday Lending
Purpose
This guidance provides information about payday lending, a particular type of subprime lending, and supplements previously issued guidance about such programs.1 It describes safety and soundness and compliance considerations for examining and supervising state nonmember institutions that have payday lending programs.
This guidance is necessitated by the high risk nature of payday lending and the substantial growth of this product. It describes the FDIC's expectations for prudent risk-management practices for payday lending activities, particularly with regard to concentrations, capital, allowance for loan and lease losses, classifications, and protection of consumers. The guidelines also address recovery practices, income recognition, and managing risks associated with third-party relationships.
When examiners determine that management of safety and soundness or compliance risks is deficient, they should criticize management and initiate corrective action. Such actions may include formal or informal enforcement action. When serious deficiencies exist, enforcement actions may instruct institutions to discontinue payday lending.
Procedures
General
Examiners should apply this guidance to banks with payday lending programs that the bank administers directly or that are administered by a third party contractor. This guidance does not apply to situations where a bank makes occasional low-denomination, short-term loans to its customers.
As described in the 2001 Subprime Guidance, a program involves the regular origination of loans, using tailored marketing, underwriting standards and risk selection. The 2001 Subprime Guidance applies specifically to institutions with programs where the aggregate credit exposure is equal to or greater than 25% or more of tier 1 capital. However, because of the significant credit, operational, legal, and reputation risks inherent in payday lending, this guidance applies regardless of whether a payday loan program meets that credit exposure threshold.
All examiners should use the procedures outlined in the Subprime Lending Examination Procedures, as well as those described here. While focused on safety and soundness issues, segments of the Subprime Lending Examination Procedures also are applicable to compliance examinations. They will need to be supplemented with existing procedures relating to specific consumer protection laws and regulations.
Due to the heightened safety and soundness and compliance risks posed by payday lending, concurrent risk management and consumer protection examinations should be conducted absent overriding resource or scheduling problems. In all cases, a review of each discipline's examinations and workpapers should be part of the pre-examination planning process. Relevant state examinations also should be reviewed.
Examiners may conduct targeted examinations of the third party where appropriate. Authority to conduct examinations of third parties may be established under several circumstances, including through the bank's written agreement with the third party, section 7 of the Bank Service Company Act, or through powers granted under section 10 of the Federal Deposit Insurance Act. Third party examination activities would typically include, but not be limited to, a review of compensation and staffing practices; marketing and pricing policies; management information systems; and compliance with bank policy, outstanding law, and regulations. Third party reviews should also include testing of individual loans for compliance with underwriting and loan administration guidelines, appropriate treatment of loans under delinquency, and re-aging and cure programs.
Third-Party Relationships and Agreements
The use of third parties in no way diminishes the responsibility of the board of directors and management to ensure that the third-party activity is conducted in a safe and sound manner and in compliance with policies and applicable laws. Appropriate corrective actions, including enforcement actions, may be pursued for deficiencies related to a third-party relationship that pose concerns about either safety and soundness or the adequacy of protection afforded to consumers.
The FDIC's principal concern relating to third parties is that effective risk controls are implemented. Examiners should assess the institution's risk management program for third-party payday lending relationships. An assessment of third-party relationships should include an evaluation of the bank's risk assessment and strategic planning, as well as the bank's due diligence process for selecting a competent and qualified third party provider. (Refer to the Subprime Lending Examination Procedures for additional detail on strategic planning and due diligence.)
Examiners also should ensure that arrangements with third parties are guided by written contract and approved by the institution's board. At a minimum, the arrangement should:
* Describe the duties and responsibilities of each party, including the scope of the arrangement, performance measures or benchmarks, and responsibilities for providing and receiving information;
* Specify that the third party will comply with all applicable laws and regulations;
* Specify which party will provide consumer compliance related disclosures;
* Authorize the institution to monitor the third party and periodically review and verify that the third party and its representatives are complying with its agreement with the institution;
* Authorize the institution and the appropriate banking agency to have access to such records of the third party and conduct onsite transaction testing and operational reviews at third party locations as necessary or appropriate to evaluate such compliance;
* Require the third party to indemnify the institution for potential liability resulting from action of the third party with regard to the payday lending program; and
* Address customer complaints, including any responsibility for third-party forwarding and responding to such complaints.
Examiners also should ensure that management sufficiently monitors the third party with respect to its activities and performance. Management should dedicate sufficient staff with the necessary expertise to oversee the third party. The bank's oversight program should monitor the third party's financial condition, its controls, and the quality of its service and support, including its resolution of consumer complaints if handled by the third party. Oversight programs should be documented sufficiently to facilitate the monitoring and management of the risks associated with third-party relationships.