What Was the Flagstar Bank Controversy?

Flagstar Bank, a prominent financial institution with a significant presence in mortgage lending and servicing, has faced public scrutiny over several controversies. These events have drawn attention to the bank’s operational practices and compliance with regulatory standards.

The Core Allegations

Allegations involved fraudulent mortgage lending practices, particularly concerning loans insured by the Federal Housing Administration (FHA). Flagstar was accused of improperly approving residential home mortgage loans for government insurance, leading to substantial losses for the Department of Housing and Urban Development (HUD) when these loans defaulted. The U.S. government asserted Flagstar submitted false certifications about its underwriting practices, which did not adhere to FHA program rules.

Flagstar Bank’s mortgage servicing operations also drew scrutiny. The Consumer Financial Protection Bureau (CFPB) alleged the bank violated mortgage servicing rules by hindering borrowers’ efforts to avoid foreclosure. Flagstar was accused of taking excessive time to process applications for foreclosure relief, failing to notify borrowers when applications were incomplete, and improperly denying loan modifications to qualified individuals. The bank also faced claims of delaying the finalization of permanent loan modifications.

Allegations also centered on discriminatory lending practices, sometimes referred to as redlining. The Office of the Comptroller of the Currency (OCC) found that Flagstar, through its mortgage lending affiliates, engaged in practices that resulted in Black homeowners being charged more for mortgages than their white counterparts. This indicated a failure to ensure fair and equal treatment in lending.

Recently, Flagstar Bank faced accusations from the Securities and Exchange Commission (SEC) regarding misleading statements made after a cyberattack in late 2021. The SEC alleged the bank made misleading statements about the incident in its financial filings and public notices. These statements omitted details about the breach’s scope and consequences, which compromised the personal information of over 1.5 million customers.

Timeline and Key Events

Allegations concerning Flagstar’s FHA-insured mortgage lending practices trace back to at least January 1, 2002. These issues came to public attention when the Department of Justice (DOJ) filed a civil fraud lawsuit against the bank in February 2012.

Flagstar’s mortgage servicing operations drew regulatory attention around 2011. The CFPB initiated an investigation, culminating in an enforcement action in September 2014 addressing widespread violations.

In 2017, the OCC concluded that Flagstar had engaged in discriminatory lending practices. In December 2021, the OCC also issued a consent order against Flagstar for violations of the Flood Disaster Protection Act, identifying issues with flood insurance requirements between February 2017 and February 2020.

A major cybersecurity incident occurred in late 2021, when a hacker gained unauthorized access to Flagstar’s systems between November 22 and December 25, 2021, leading to the theft of personal information for over 1.5 million individuals. The bank’s subsequent disclosures about this breach became the subject of an SEC investigation. Flagstar’s March 2022 annual report and a June 2022 notice to customers about the breach were found to be misleading by the SEC.

Regulatory Actions and Settlements

The civil fraud lawsuit brought by the Department of Justice (DOJ) in February 2012 resulted in Flagstar Bank agreeing to a settlement of $132.8 million under the False Claims Act. In April 2021, the DOJ and Flagstar amended this settlement, with Flagstar making a one-time cash payment of $70 million, resolving its remaining obligations.

The Consumer Financial Protection Bureau (CFPB) took action against Flagstar Bank in September 2014 for its mortgage servicing violations. The bank was ordered to pay $27.5 million in redress to approximately 6,500 affected consumers. A civil penalty of $10 million was also imposed, bringing the total payment to $37.5 million. The CFPB’s order also mandated Flagstar implement reforms to its mortgage servicing operations.

In December 2021, the Office of the Comptroller of the Currency (OCC) issued a consent order against Flagstar Bank for violations of the Flood Disaster Protection Act. This action resulted in a civil penalty of $3.62 million. The OCC found deficiencies in Flagstar’s compliance program related to flood insurance requirements.

Most recently, in December 2024, the Securities and Exchange Commission (SEC) announced a settlement with Flagstar Bank regarding misleading statements about its 2021 cyberattack. Flagstar agreed to pay a penalty of $3.5 million and consented to a cease-and-desist order, without admitting or denying the SEC’s findings.