Regulations coming October 3 will have a big impact on real estate lawyers.

New regulations that take effect on October 3 will significantly alter common residential real estate closings and the practice of real estate attorneys. At a recent ISBA CLE seminar, Ralph Schumann, president of the Illinois Real Estate Lawyers Association (IRELA), referred to the coming changes as a "dramatic sea change" and notes that there "hasn't been anything this big in the past 40 years."

The changes are being implemented by the federal Consumer Financial Protection Bureau (CFPB), which was created by the Dodd-Frank Act in the wake of the 2008 mortgage meltdown. They take the form of a program that is commonly referred to as TRID - an acronym for TILA-RESPA Integrated Disclosure. The new rules will apply to transactions involving mortgage loan applications submitted on or after October 3, 2015.

What follows is a brief overview of the most significant changes impacting real estate attorneys. For more detailed information, see the resources in the informational sidebars.

New forms and terminology

The biggest change to real estate closings is a set of new closing documents. TILA's Good Faith Estimate (GFE) and the HUD-1 Settlement Statement will go the way of the dinosaurs, and will be replaced by the new "Loan Estimate" and "Closing Disclosure." Additionally, in the parlance of the CFPB, the lender in a transaction is now referred to as the "creditor," the borrower is referred to as the "consumer," and the real estate closing is now referred to as the "consummation."

While the new consummation documents might take some getting used to, it's the rules surrounding the new Closing Disclosure that might prove problematic. First, the creditor (i.e., mortgage lender) is now responsible for preparing and delivering the Closing Disclosure to the consumer. That said, the creditor is permitted to delegate these responsibilities to a title agent, although the creditor remains 100 percent liable for any violations of the new regulations.

Additionally, the Closing Disclosure must be made available for review by the consumer at least three business days prior to the consummation, and unless actual receipt can be proven, it is assumed to have been received three business days after mailing. What this means is that the consummation typically will not be possible until six business days after the creditor mails the Closing Disclosure to the consumer.

The problem with this new three-day rule is that the final walkthrough of the property usually occurs just before the consummation. What if issues are spotted during the walkthrough that require the seller to issue a credit to the buyer? If the credit results in a minor change to the Closing Disclosure, it might be possible to simply prepare a revised disclosure to be delivered at the consummation. If any significant changes (as specified in the new TRID rules) are needed, then a new Closing Disclosure must be prepared and delivered in accordance with the three-day rule, and the consummation will need to be rescheduled.

Technology requirements

Another major change that will impact real estate attorneys involves technology requirements regarding consumers' "Non-public Personal Information" (NPI). NPI includes social security numbers, birth dates, bank account numbers, and other information that can be used to personally identify a consumer. The CFPB is requiring creditors and other parties in the process to take affirmative steps to protect NPI, and since residential real estate attorneys often act as title agents in the consummation process, they too must protect NPI.

The CFPB hasn't explicitly laid out formal requirements for protecting NPI, but the American Land Title Association (ALTA) has addressed the issue with its Title Insurance and Settlement Company Best Practices. The vast majority of title companies will probably require that any attorneys acting as their title agent certify their compliance with the ALTA best practices.

While the entire set of best practices is required reading for residential real estate attorneys (see sidebar), best practice #3 is especially significant. It requires that you "[a]dopt and maintain a written privacy and information security program to protect [NPI] as required by local, state and federal law." In order to satisfy this best practice, ALTA specifies the following procedures:

• Physical security of [NPI].

- Restrict access to [NPI] to authorized employees who have undergone Background Checks at hiring.

- Prohibit or control the use of removable media.

- Use only secure delivery methods when transmitting [NPI].

• Network security of [NPI].

- Maintain and secure access to Company information technology.

- Develop guidelines for the appropriate use of Company information technology.

- Ensure secure collection and transmission of [NPI].

• Disposal of [NPI].

- Federal law requires companies that possess [NPI] for a business purpose to dispose of such information properly in a manner that protects against unauthorized access to or use of the information.

• Establish a disaster management plan.
• Appropriate management and training of employees to help ensure compliance with Company's information security program.
• Oversight of service providers to help ensure compliance with a Company's information security program.

- Companies should take reasonable steps to select and retain service providers that are capable of appropriately safeguarding [NPI].

• Audit and oversight procedures to help ensure compliance with Company's information security program.

- Companies should review their privacy and information security procedures to detect the potential for improper disclosure of confidential information.

• Notification of security breaches to customers and law enforcement.

- Companies should post the privacy and information security program on their websites or provide program information directly to customers in another useable form. When a breach is detected, the Company should have a program to inform customers and law enforcement as required by law.

As you can see, these procedures might be hard for the average general practitioner to implement. And as such, some commentators have suggested that they could drive low-volume real estate lawyers to stop engaging in residential real estate transactions. While only time will tell how the new requirements will impact practitioners, it's worth noting that a general tipping point in regard to protecting client's digital information is fast approaching and luddite lawyers would be well served to start implementing procedures like these in their practice.

Safe harbor?

The new CFPB rules, and the Dodd-Frank Act, impose strict compliance penalties. A violation results in a $5,000 per day penalty, a reckless violation results in a $25,000 per day penalty, and a knowing violation results in a million dollar per day penalty. And as Schumann put it, there is a "new sheriff in town" and it "is not Barney Fife." Whereas HUD, which used to oversee residential real estate transactions, was somewhat lax in the enforcement of its rules and regulations, the CFPB has been extremely aggressive in its enforcement efforts ever since its creation.

In light of these stiff penalties, the real estate industry has been frantically pushing for a legislative fix to ease the transition. As of press time, Congress has yet to fully act, but on July 29, the House Financial Service Committee overwhelmingly approved a bill that would provide some relief. If enacted, it would create a safe harbor for entities that have made a "good-faith effort" to comply with the new rules, and it would also forbid the CFPB from initiating any enforcement actions until February 1, 2016.

But even if Congress fails to act, CFPB Director Richard Cordray has indicated that enforcement actions will take good-faith compliance efforts into account. In a June 3, 2015 letter to two concerned Senators, Cordray stated that "our oversight of the implementation of the Rule will be sensitive to the progress made by those entities that have squarely focused on making good-faith efforts to come into compliance with the Rule on time."

Timothy A. Slating is the ISBA's Assistant Director of Publications.

tslating@isba.org