Posts filed under ‘Advocacy’
Since I didn’t do a blog yesterday, I have too much to talk about today. So, with the caveat that you may see me expand on anyone of these subjects in the future, here are some tidbits to consider as you start your credit union day.
Greetings Congressman Nussle — I’m sure CUNA is relieved to know that I think they did a great job in hiring former Republican Congressman and Budget Director Jim Nussle. First, the political winds are blowing to the right and if the industry is to get big-ticket items done on a national level it needs a guy who can get Republicans listening. Plus, Nussle knows the budget as well as anyone, and given his bona fides as an advocate of deficit reduction he is well positioned to swat away tiresome complaints about the credit union tax exemption and keep Congress focused on issues that help credit unions help members. Welcome to the fight.
How much should foreclosure’s cost? Earlier this week, Benjamin Lawsky, the Superintendent of the DFS, sent a letter to Melvin Watt, the head of the FHFA urging him to quash a proposal for Fannie Mae and Freddie Mac to charge more for buying NY mortgages. Specifically, the FHFA is considering increasing the guarantee fee “g Fees” GSE charge on New York mortgages as well as those of four other states by 25 basis points to account for increased foreclosure costs. The other impacted states would be Connecticut, Florida and New Jersey. The DFS argues that the FHFA is relying on data that negatively skew the cost of foreclosing in New York and that, by penalizing New York and others, it is penalizing states for providing enhanced protections for homeowners. Here is the thing: the GSEs have a point, as well-intentioned as some of NYs foreclosure laws are, every new procedural hurdle or mediation delay makes owning a house more expensive for everyone. There are real costs involved in keeping someone in a house they can’t afford. Conversely, is it fair to make New York homeowners, the vast majority of whom won’t default, pay an increased burden? The real solution is for the Legislature to reexamine some of the protections it has put in place and see what steps can be taken to make the foreclosure process more efficient. I’m not holding my breath. Here is a link to the letter: http://www.dfs.ny.gov/about/press2014/pr140909-ltr.pdf.
The CFPB announced inflation adjusted thresholds after which Regulation Z will not apply to consumer transactions. Specifically, the Bureau that never sleeps announced, “[t]ruth in Lending Act and the Consumer Leasing Act generally will apply to consumer credit transactions and consumer leases of $54,600 or less in 2015 – an increase of $1,100 from 2014. However, private education loans and loans secured by real property (such as mortgages) are subject to the Truth in Lending Act regardless of the amount of the loan.“ Here is a link to the announcement:
Here is an earlier blog I did on the topic:
Judging by the interest generated by this topic at yesterday’s Legal and Compliance Conference, many of you are aware that even if your credit union is not unionized, your employers have a right to use social media to complain about workplace conditions where such employees are deemed to be taking taking concerted actions against work place conditions. Just how broadly this right can be interpreted is underscored by this blog post from Bond, Shoenick & King. It summarizes a recent administrative ruling by the NLRB in which it held that restaurant employees were wrongly terminated after complaining about sloppy paperwork by the owners that cost employees increased taxes. referring to your boss as an “Ass” on Facebook is not grounds for dismissal so long as other employees join in your complaints For more information on just how much employees can bad mouth their employers with impunity, here is the post.
Lost in all the hype about the new Apple product roll out was the tidbit that banks have agreed to pay Apple a fee for every transaction made on its Mobile Systems program. Apple’s technology may not be game changing, but its potential to change the payment system model is. The details are still sketchy. More on this in the future.
The SEC was literally asleep at the switch during the early days of the mortgage meltdown. Although it has made some marked improvements in its oversight of the financial industry, its glacial movement in implementing Dodd-Frank mandated reforms makes it quite clear that it is as reluctant to impose requirements on its regulated entities as the CFPB is zealous in dreaming up new and creative ways to protect the American consumer from himself.
So it’s big news whenever the SEC finally gets around to implementing Dodd-Frank requirements and even bigger news when, on balance, the proposal is one that makes a lot of sense. In fact, at the risk of insulting the CFPB, the proposal the SEC is reportedly finalizing today should nudge the CFPB to take a second look at its proposed revisions to HMDA regulations. Humor me a little bit and you will see where I am going on this one.
Asset-backed securities are a broad categorization of bonds comprised of pools of assets ranging from student loans to car loans to everyone’s personal favorite in the industry — mortgage backed securities. Purchases of these bonds are repaid with the revenue from consumer loan payments. These bonds are typically broken into tranches with more conservative investors getting less of a return but being first in line to get paid in the event that the loans start going delinquent.
As credit unions are painfully aware, in the pre-financial crisis days regulations permitted institutions like the corporate credit unions to rely on ratings agencies when deciding whether or not it was safe to buy an asset backed security like one comprised of mortgage loans. With 20-20 hindsight, we all know that this assumption was dangerously naïve. For the last several years, the question has been with what should the old system be replaced? New regulations require that institutions, including credit unions, no longer rely exclusively on rating agency determinations when buying securities, but as I have complained in previous blogs, it is unrealistic to think that most institutions have the expertise or access to information necessary to make the type of decisions for which they relied on the rating agencies. In addition, remember that all this is taking place against the backdrop of litigation in which credit unions have billions of dollars at stake in which the primary issue is the extent to which the bundlers and underwriters of mortgage-backed securities knowingly provided inaccurate information when selling securities that faded quicker than the Yankee’s playoff hopes. (Hey, at least we have the Jets and Giants to look forward to…Right?).
According to several news reports, the SEC will be finalizing regulations mandated by Dodd-Frank that require the issuers of asset-backed securities to provide more loan-level data about the assets that are being bundled and sold into securities. As a result, before an institution purchases a mortgage-backed security, for example, it will be able to examine the individual mortgage loans comprising the security.
Similar proposals have been floating around since 2010. So why the holdup? According to press reports, privacy groups have been concerned about how regulators planned on protecting such a huge treasure trove of personal financial data and a way that protects the individual homeowner. These are, of course, legitimate concerns, particularly since hackers have demonstrated on an almost daily basis that it is about as easy to steal computer-protected data as it is to find a first-term Senator who thinks he should be President. As legitimate as this concern is, the benefits of the proposal far outweigh its harms. By putting buyers on notice that the information is available to assess a loan’s quality, we’re creating a mechanism to improve credit quality before bonds go bad as opposed to trying to deter recklessness almost exclusively with after-the-fact law suits.
So where does HMDA and the CFPB come in? Currently, the agency that never sleeps called a Bureau has out for public comment proposed revisions to Regulation C, which implements HMDA. These mandate that you log information about mortgage loans you provide. Dodd-Frank gives the Bureau the authority to mandate the creation of a truly universal loan identifier. In an ideal world, regulators and lenders could track every loan from its creation to its payoff. This would benefit housing advocates who believe that, with just a little more information, they can prove that lenders are somehow to blame for every mortgage not given to anyone who wants one and every foreclosure that takes place. It would also benefit lenders, many of whom already have to comply with unique loan identifier requirements if they participate in the MERS system. But the Bureau notes in the preamble that it isn’t planning a formal universal identifier proposal at this time. It should reconsider.
Given the nationalization of mortgage finance and the benefit to the financial system of insuring that all parties to complicated financial transactions have as much information to perform adequate due diligence as possible, the CFPB should consider speeding up its timeline for implementation of a universal loan identifier system. I understand that this process won’t be quick but the sooner a mortgage tracking system is implemented the sooner consumers and lenders can benefit from a more transparent lending system and resulting efficiencies.
On that note enjoy your day and, if you are in the Albany area, I’m giving you permission to leave early and take advantage of this beautiful weather while it is still around.
On Friday, the Department of Homeland Security issued an advisory urging organizations, “regardless of size,” to “proactively check” for possible infection of their point of sale technology by a data theft virus which steals debit and credit card information as purchases are being made. The catch is that the computer virus that Homeland Security wants merchants to look for has been compromising purchases since at least October 2013 with the result that an estimated 1,000 businesses have been compromised. Brace for phone calls from concerned members and the expense of replacing cards…again!
The latest developments in the data theft wars mean that Target was just the canary in the coal mine and de facto scape goat for failing to recognize that its Point Of Sale equipment had been compromised during the holiday rush. Now, let’s hope that policy makers and industry leaders don’t make the mistake of thinking that a single technology can prevent systemic breaches from happening again. But I have my doubts.
A lot of analysts were quoted over the weekend as hoping that the latest disclosures will be the straw that broke the camel’s back and force merchants of all sizes to convert to payment processors that accept so-called EMV or chip technology. The basic idea is that chip enabled cards combined with PIN verification provide dynamic protection of payment information. In contrast, that strip on the back of the credit and debit card contains static information and firewalls. Once it is breached, it can be used over and over again by anyone with the ability to replicate the magnetic strip.
A typical quote I read over the weekend was this one in the Times: “The weakness is the magnetic stripe,” said Avivah Litan, a security analyst for Gartner Research. “I can buy a mag stripe reader on eBay and easily read all the data from your credit card. It’s an antiquated technology from the ’60s.”
To be sure, EMV technology is long overdue but it is no panacea in part because it has already been around so long. Magnetic cards have been around since the ‘60s, but chip technology has been around since the ‘90’s. Two decades is like a million dog years when it comes to technology. And the cracks in the wall are beginning to show. As this post for the excellent FICO blog demonstrates, cyber theft is creeping back up in Europe again after dramatically declining with the introduction of EMV technology.
In addition, card theft is just one component of cybercrime. As retail migrates to cyberspace, passwords are becoming as good as gold as I pointed out in this blog about a huge criminal operation intent on stealing as many passwords as possible.
My point is that there is no silver bullet technology. EMV technology makes sense but if it comes at the expense of another generation of merchant inaction, it’s not a price worth paying. At the risk of being redundant to my faithful readers, we need: a true national commitment to fighting cybercrime both in terms of increased government spending on a robust security infrastructure and laws that make merchants responsible for using reasonable care to prevent and deter data breaches. This standard will force merchants to change security protocols as the technology does or face the consequences.
Keeping in mind that you have an obligation to monitor potential red flags of identity theft and mitigate evolving risks, here is some news worth reaching out to your IT vendor about. The NY Times reported earlier this week that “A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses. . .” What’s more, according to the security firm that uncovered the scheme, since the goal of the hackers was to steal password credentials as opposed to stealing from the compromised companies the hackers were targeting businesses of all shapes and sizes. Given the scope of the operation, you can bet a credit union or two or three is among the institutions that are being informed their websites have been compromised. As usual, an excellent source of additional information is this post from Krebs on Security.
First, on a purely practical note, this news showed me why it’s so dumb to use the same password for everything. The only reason this treasure trove of lifted passwords is valuable is because they can be used to access multiple online accounts and services.
The more I think about this news the angrier I am at our government. It may be ideologically edifying for some of our elected representatives to stand in the way of any government action, but there are some things that only the government can do. Cybersecurity should be a top national priority right now. In fact, Preet Bharara has correctly argued that cyber-attacks are this century’s Pearl Harbor. But our government is unable and or unwilling to pass meaningful legislation and make the investment necessary to have a truly robust defense against cyber-attacks.
What we are left with is a bunch of well-meaning but ultimately impotent attempts by regulators to do their part to help protect consumers. For example, earlier this year the FFEIC highlighted the need for smaller institutions to guard against cyber-attacks. As part of this effort, it’s conducting pilot cyber assessments and has held a Webinar geared towards community banks and credit unions. I just reviewed the slides and it has some good advice such as suggesting depository institutions ask themselves:
How is my organization identifying and monitoring cyber-threats and attacks both to my institution and to the sector as a whole? How is this information used to inform my risk assessment process?
Such well-meaning advice is tantamount to reminding kids not to play with guns in the middle of a war zone. Without a concerted national commitment, all but the largest businesses in America will find it increasingly impossible to offer cost effective cyber services. You are all being subject to a virtual shakedown and the only institution with the resources to effectively do anything about it is the federal government. Unfortunately, this is the same government that can’t pass meaningful cyber reforms such as imposing risk assessment obligations on merchants.
In the meantime, the nation is furious that the Government isn’t doing more to stop kids who are rushing to the nation’s borders for a better life. Why isn’t it furious that foreign criminals are making billions by ripping off businesses and consumers?
On that note, have a nice day.
Having waved my family goodbye on Friday morning as they headed off to Ocean City Md. I was a man alone with his thoughts and no blog to write so when I read the CU Times article reporting on NCUA’s listening tour stop in Chicago I could do nothing but explain RBC reform to my dog. I’m pretty sure he just wanted to go for a walk. Here is what I told him.
–It’s good news that chairman Matz affirmed NCUA’s decision to extend the 18 month phase-in period for RBC reform even if she couldn’t resist lapsing into exasperated school-mum mode when she predicted that “no matter how long we extend it will never be enough.” The Chairman is half right: Some credit unions won’t be happy until the effective date is” sometime after when Hell freezes over.”
But she shouldn’t be too dismissive. Eighteen months is too short a period to make the necessary capital adjustments; train key staff; review investment policies and make sure vendor software is up to speed. I personally would give credit unions three years to be in compliance with these regulations so that the most impacted institutions can actually choose between cutting their balance sheets and growing to meet enhanced capital demands. But hey I’m just a middle-aged guy with a hyper dog.
Personally I’m as concerned with implementing a phase in period for credit unions currently below the $50 billion threshold than I am pushing back the effective date. Since credit unions that reach $50 billion are immediately required to operate under the RBC framework, growing credit unions have to start adjusting their practices long before RBC officially applies to them. Some credit unions have suggested a phase in period for institutions that reach the magic number. NCUA should also consider raising the threshold. It’s in no one’s interest for a credit union to slow down its growth simply to avoid the RBC framework,
–Chairman Matz described as “a myth” the contention of the trades that RBC reform will force credit unions to raise $7 billion. She explained that “more than half of all credit unions subject to the rule would have a buffer of at least 3.5% or even higher than they do today”
Do I note a change in emphasis? What happened to the statistic about over 90% of credit unions being in compliance with the proposal so it’s really no big deal? As I explained in a previous blog NCUA is the only financial regulator implementing Basel III reform that hasn’t informed its financial institutions that it expects them to have capital buffers well in excess of being well capitalized. Even if NCUA decides not to push individual credit unions to raise their buffers credit union boards will. Many more credit unions are impacted by this proposal than NCUA originally suggested.
–Matz said that it was not the NCUA’s intent to provide examiners with the independent authority to raise capital requirements. You could have fooled me. The agency plans to re-write this portion of the proposal. This is good news but the devil is still in the details. NCUA’s proposal to authorize customized RBC requirements for specific credit unions should be scrapped completely. If it isn’t willing to do that it should develop objective quantifiable criteria for determining what credit unions would be subject to these customized plans.
–The RBC proposal is morphing from a regulation into a Rorschach test with regulators assuring the industry that the proposal doesn’t do what it says it does and\or is going to be amended to make necessary changes. This is a proposal that isn’t ready for prime time and a subsequent comment period would give stakeholders the ability to comment on the type of technical issues that are more typically addressed when regulations are proposed.
Besides it will keep me from muttering at my dog.
Nothing at all to do with credit unions but unless my eyes and ears deceived me there was a commercial in the run- up to the World Cup final yesterday for a movie coming out “this holiday season” in November! I Want a law banning holiday advertisements before November 20th. Otherwise marketers are going to suck the joy out of the holiday season. First Amendment be dammed.