Posted on 07/12/2018 at 10:32 AM by Jesse Johnston
The Office of the Comptroller of the Currency (“OCC”) recently entered into a consent order with a mortgage loan officer (“MLO”) who was employed at a national bank in Illinois. The facts state that in January of 2015, the MLO acquired a new job with a different financial institution. Before the MLO left her position at the national bank (“Bank”), she sent the Bank’s prospective customers’ information to the financial institution at which she had accepted a new position. Some of these customers eventually obtained loans from the second financial institution, which resulted in approximately $1.14 million in mortgage loans from that institution and some pecuniary benefit to her personally.
The MLO transferred these customers to her new employer to her detriment. A bank employee owes her employer a duty of loyalty. The OCC found that the MLO breached her fiduciary duty to the Bank when she diverted the business away from the Bank and to her new employer.
This consent order and the legal conclusion it comes to is underpinned by the law of agency. An employee acts as an agent for their employer and because they do so, employees—as a matter of law—generally have a fiduciary duty of loyalty to the principal (employer). The duty of loyalty broadly prohibits an employee from negatively affecting business opportunities of the employer. In this case, the MLO intentionally diverted potential business away from her employer, and in doing so, violated her fiduciary duty.
The non-compete that was presumably in place adds an additional layer of protection for the Bank. The MLO had previously executed an employment agreement with the Bank which prohibited her from soliciting business to a competitor or working as an agent for another lending business. The non-compete agreement would prevent the MLO from soliciting or competing with the Bank’s customers after her employment ended with the Bank.
The consent order also noted that the MLO engaged in unsafe or unsound practices. A bank, or any entity, that comes to learn of customer information that was shared without authorization to another company or person may be required to notify the customers of a breach of their confidential information. In Iowa, this type of conduct would be a “breach of security” and trigger a security breach notification. Thus, the Bank would have to notify its customers of the breach that comprised their personal information. Despite losing the borrowers that the MLO diverted, the Bank could suffer from reputational harm related to such a security breach incident. For her unsafe and unsound acts, the MLO was ordered to pay a civil money penalty in the amount of $7,500.
Banks should be careful to review employee’s email and other correspondence prior to an employee’s departure from the institution. This oversight can assist a Bank in protecting its relationship with its customers, but also allows monitor for potential breaches of confidential information. And although this consent order reinforces regulatory commitment to requiring a fiduciary to act accordingly, banks should also consider utilizing non-compete and non-solicitation agreements where applicable.
The material in this blog is not intended, nor should it be construed or relied upon, as legal advice. Please consult with an attorney if specific legal information is needed.
- Jesse Johnston