Posts filed under ‘Advocacy’
The SEC was literally asleep at the switch during the early days of the mortgage meltdown. Although it has made some marked improvements in its oversight of the financial industry, its glacial movement in implementing Dodd-Frank mandated reforms makes it quite clear that it is as reluctant to impose requirements on its regulated entities as the CFPB is zealous in dreaming up new and creative ways to protect the American consumer from himself.
So it’s big news whenever the SEC finally gets around to implementing Dodd-Frank requirements and even bigger news when, on balance, the proposal is one that makes a lot of sense. In fact, at the risk of insulting the CFPB, the proposal the SEC is reportedly finalizing today should nudge the CFPB to take a second look at its proposed revisions to HMDA regulations. Humor me a little bit and you will see where I am going on this one.
Asset-backed securities are a broad categorization of bonds comprised of pools of assets ranging from student loans to car loans to everyone’s personal favorite in the industry — mortgage backed securities. Purchases of these bonds are repaid with the revenue from consumer loan payments. These bonds are typically broken into tranches with more conservative investors getting less of a return but being first in line to get paid in the event that the loans start going delinquent.
As credit unions are painfully aware, in the pre-financial crisis days regulations permitted institutions like the corporate credit unions to rely on ratings agencies when deciding whether or not it was safe to buy an asset backed security like one comprised of mortgage loans. With 20-20 hindsight, we all know that this assumption was dangerously naïve. For the last several years, the question has been with what should the old system be replaced? New regulations require that institutions, including credit unions, no longer rely exclusively on rating agency determinations when buying securities, but as I have complained in previous blogs, it is unrealistic to think that most institutions have the expertise or access to information necessary to make the type of decisions for which they relied on the rating agencies. In addition, remember that all this is taking place against the backdrop of litigation in which credit unions have billions of dollars at stake in which the primary issue is the extent to which the bundlers and underwriters of mortgage-backed securities knowingly provided inaccurate information when selling securities that faded quicker than the Yankee’s playoff hopes. (Hey, at least we have the Jets and Giants to look forward to…Right?).
According to several news reports, the SEC will be finalizing regulations mandated by Dodd-Frank that require the issuers of asset-backed securities to provide more loan-level data about the assets that are being bundled and sold into securities. As a result, before an institution purchases a mortgage-backed security, for example, it will be able to examine the individual mortgage loans comprising the security.
Similar proposals have been floating around since 2010. So why the holdup? According to press reports, privacy groups have been concerned about how regulators planned on protecting such a huge treasure trove of personal financial data and a way that protects the individual homeowner. These are, of course, legitimate concerns, particularly since hackers have demonstrated on an almost daily basis that it is about as easy to steal computer-protected data as it is to find a first-term Senator who thinks he should be President. As legitimate as this concern is, the benefits of the proposal far outweigh its harms. By putting buyers on notice that the information is available to assess a loan’s quality, we’re creating a mechanism to improve credit quality before bonds go bad as opposed to trying to deter recklessness almost exclusively with after-the-fact law suits.
So where does HMDA and the CFPB come in? Currently, the agency that never sleeps called a Bureau has out for public comment proposed revisions to Regulation C, which implements HMDA. These mandate that you log information about mortgage loans you provide. Dodd-Frank gives the Bureau the authority to mandate the creation of a truly universal loan identifier. In an ideal world, regulators and lenders could track every loan from its creation to its payoff. This would benefit housing advocates who believe that, with just a little more information, they can prove that lenders are somehow to blame for every mortgage not given to anyone who wants one and every foreclosure that takes place. It would also benefit lenders, many of whom already have to comply with unique loan identifier requirements if they participate in the MERS system. But the Bureau notes in the preamble that it isn’t planning a formal universal identifier proposal at this time. It should reconsider.
Given the nationalization of mortgage finance and the benefit to the financial system of insuring that all parties to complicated financial transactions have as much information to perform adequate due diligence as possible, the CFPB should consider speeding up its timeline for implementation of a universal loan identifier system. I understand that this process won’t be quick but the sooner a mortgage tracking system is implemented the sooner consumers and lenders can benefit from a more transparent lending system and resulting efficiencies.
On that note enjoy your day and, if you are in the Albany area, I’m giving you permission to leave early and take advantage of this beautiful weather while it is still around.
On Friday, the Department of Homeland Security issued an advisory urging organizations, “regardless of size,” to “proactively check” for possible infection of their point of sale technology by a data theft virus which steals debit and credit card information as purchases are being made. The catch is that the computer virus that Homeland Security wants merchants to look for has been compromising purchases since at least October 2013 with the result that an estimated 1,000 businesses have been compromised. Brace for phone calls from concerned members and the expense of replacing cards…again!
The latest developments in the data theft wars mean that Target was just the canary in the coal mine and de facto scape goat for failing to recognize that its Point Of Sale equipment had been compromised during the holiday rush. Now, let’s hope that policy makers and industry leaders don’t make the mistake of thinking that a single technology can prevent systemic breaches from happening again. But I have my doubts.
A lot of analysts were quoted over the weekend as hoping that the latest disclosures will be the straw that broke the camel’s back and force merchants of all sizes to convert to payment processors that accept so-called EMV or chip technology. The basic idea is that chip enabled cards combined with PIN verification provide dynamic protection of payment information. In contrast, that strip on the back of the credit and debit card contains static information and firewalls. Once it is breached, it can be used over and over again by anyone with the ability to replicate the magnetic strip.
A typical quote I read over the weekend was this one in the Times: “The weakness is the magnetic stripe,” said Avivah Litan, a security analyst for Gartner Research. “I can buy a mag stripe reader on eBay and easily read all the data from your credit card. It’s an antiquated technology from the ’60s.”
To be sure, EMV technology is long overdue but it is no panacea in part because it has already been around so long. Magnetic cards have been around since the ‘60s, but chip technology has been around since the ‘90’s. Two decades is like a million dog years when it comes to technology. And the cracks in the wall are beginning to show. As this post for the excellent FICO blog demonstrates, cyber theft is creeping back up in Europe again after dramatically declining with the introduction of EMV technology.
In addition, card theft is just one component of cybercrime. As retail migrates to cyberspace, passwords are becoming as good as gold as I pointed out in this blog about a huge criminal operation intent on stealing as many passwords as possible.
My point is that there is no silver bullet technology. EMV technology makes sense but if it comes at the expense of another generation of merchant inaction, it’s not a price worth paying. At the risk of being redundant to my faithful readers, we need: a true national commitment to fighting cybercrime both in terms of increased government spending on a robust security infrastructure and laws that make merchants responsible for using reasonable care to prevent and deter data breaches. This standard will force merchants to change security protocols as the technology does or face the consequences.
Keeping in mind that you have an obligation to monitor potential red flags of identity theft and mitigate evolving risks, here is some news worth reaching out to your IT vendor about. The NY Times reported earlier this week that “A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses. . .” What’s more, according to the security firm that uncovered the scheme, since the goal of the hackers was to steal password credentials as opposed to stealing from the compromised companies the hackers were targeting businesses of all shapes and sizes. Given the scope of the operation, you can bet a credit union or two or three is among the institutions that are being informed their websites have been compromised. As usual, an excellent source of additional information is this post from Krebs on Security.
First, on a purely practical note, this news showed me why it’s so dumb to use the same password for everything. The only reason this treasure trove of lifted passwords is valuable is because they can be used to access multiple online accounts and services.
The more I think about this news the angrier I am at our government. It may be ideologically edifying for some of our elected representatives to stand in the way of any government action, but there are some things that only the government can do. Cybersecurity should be a top national priority right now. In fact, Preet Bharara has correctly argued that cyber-attacks are this century’s Pearl Harbor. But our government is unable and or unwilling to pass meaningful legislation and make the investment necessary to have a truly robust defense against cyber-attacks.
What we are left with is a bunch of well-meaning but ultimately impotent attempts by regulators to do their part to help protect consumers. For example, earlier this year the FFEIC highlighted the need for smaller institutions to guard against cyber-attacks. As part of this effort, it’s conducting pilot cyber assessments and has held a Webinar geared towards community banks and credit unions. I just reviewed the slides and it has some good advice such as suggesting depository institutions ask themselves:
How is my organization identifying and monitoring cyber-threats and attacks both to my institution and to the sector as a whole? How is this information used to inform my risk assessment process?
Such well-meaning advice is tantamount to reminding kids not to play with guns in the middle of a war zone. Without a concerted national commitment, all but the largest businesses in America will find it increasingly impossible to offer cost effective cyber services. You are all being subject to a virtual shakedown and the only institution with the resources to effectively do anything about it is the federal government. Unfortunately, this is the same government that can’t pass meaningful cyber reforms such as imposing risk assessment obligations on merchants.
In the meantime, the nation is furious that the Government isn’t doing more to stop kids who are rushing to the nation’s borders for a better life. Why isn’t it furious that foreign criminals are making billions by ripping off businesses and consumers?
On that note, have a nice day.
Having waved my family goodbye on Friday morning as they headed off to Ocean City Md. I was a man alone with his thoughts and no blog to write so when I read the CU Times article reporting on NCUA’s listening tour stop in Chicago I could do nothing but explain RBC reform to my dog. I’m pretty sure he just wanted to go for a walk. Here is what I told him.
–It’s good news that chairman Matz affirmed NCUA’s decision to extend the 18 month phase-in period for RBC reform even if she couldn’t resist lapsing into exasperated school-mum mode when she predicted that “no matter how long we extend it will never be enough.” The Chairman is half right: Some credit unions won’t be happy until the effective date is” sometime after when Hell freezes over.”
But she shouldn’t be too dismissive. Eighteen months is too short a period to make the necessary capital adjustments; train key staff; review investment policies and make sure vendor software is up to speed. I personally would give credit unions three years to be in compliance with these regulations so that the most impacted institutions can actually choose between cutting their balance sheets and growing to meet enhanced capital demands. But hey I’m just a middle-aged guy with a hyper dog.
Personally I’m as concerned with implementing a phase in period for credit unions currently below the $50 billion threshold than I am pushing back the effective date. Since credit unions that reach $50 billion are immediately required to operate under the RBC framework, growing credit unions have to start adjusting their practices long before RBC officially applies to them. Some credit unions have suggested a phase in period for institutions that reach the magic number. NCUA should also consider raising the threshold. It’s in no one’s interest for a credit union to slow down its growth simply to avoid the RBC framework,
–Chairman Matz described as “a myth” the contention of the trades that RBC reform will force credit unions to raise $7 billion. She explained that “more than half of all credit unions subject to the rule would have a buffer of at least 3.5% or even higher than they do today”
Do I note a change in emphasis? What happened to the statistic about over 90% of credit unions being in compliance with the proposal so it’s really no big deal? As I explained in a previous blog NCUA is the only financial regulator implementing Basel III reform that hasn’t informed its financial institutions that it expects them to have capital buffers well in excess of being well capitalized. Even if NCUA decides not to push individual credit unions to raise their buffers credit union boards will. Many more credit unions are impacted by this proposal than NCUA originally suggested.
–Matz said that it was not the NCUA’s intent to provide examiners with the independent authority to raise capital requirements. You could have fooled me. The agency plans to re-write this portion of the proposal. This is good news but the devil is still in the details. NCUA’s proposal to authorize customized RBC requirements for specific credit unions should be scrapped completely. If it isn’t willing to do that it should develop objective quantifiable criteria for determining what credit unions would be subject to these customized plans.
–The RBC proposal is morphing from a regulation into a Rorschach test with regulators assuring the industry that the proposal doesn’t do what it says it does and\or is going to be amended to make necessary changes. This is a proposal that isn’t ready for prime time and a subsequent comment period would give stakeholders the ability to comment on the type of technical issues that are more typically addressed when regulations are proposed.
Besides it will keep me from muttering at my dog.
Nothing at all to do with credit unions but unless my eyes and ears deceived me there was a commercial in the run- up to the World Cup final yesterday for a movie coming out “this holiday season” in November! I Want a law banning holiday advertisements before November 20th. Otherwise marketers are going to suck the joy out of the holiday season. First Amendment be dammed.
It wasn’t all that long ago that debt collection law firms in New York would literally inundate credit unions with information subpoenas seeking to track down debtors without any regard for whether or not a credit union would realistically have such information. After all, chances are a single SEG credit union for telephone workers in Binghamton isn’t going to have an account for a debtor in Manhattan. These large scale fishing expeditions were just a cost of doing business to these firms, but to credit unions they were imposing huge operational burdens since every subpoena required a response. Today, the law isn’t perfect but New York’s existing statute, improved by amendments resulting from credit union lobbying efforts, have reduced this huge operational burden.
Why the trip down memory lane? Recently, an information subpoena that was sent to a credit union demonstrated that the law must be working because debt collecting lawyers are trying to do end runs around it. Let’s make sure they don’t get away with it.
First, a refresher course, with apologies to those of you who handle these things on a regular basis. When used properly, information subpoenas are an important means of getting money from people who haven’t paid off a debt. They can be issued by attorneys acting in their legal capacity. But there are several conditions that must be met for a subpoena to be valid. First, unless both parties agree to accept subpoenas in electronic form, an information subpoena must be accompanied by a “copy and original of written questions and a prepaid, addressed return envelope. Service of an information subpoena may be made by registered or certified mail, return receipt requested. Answers shall be made in writing under oath by the person upon whom served.” (N.Y. C.P.L.R. 5224 (McKinney)).
Second, it has to include a signed certification from the issuing attorney that she has “A REASONABLE BELIEF THAT THE PARTY RECEIVING THIS SUBPOENA HAS IN THEIR POSSESSION INFORMATION ABOUT THE DEBTOR THAT WILL ASSIST THE CREDITOR IN COLLECTING THE JUDGMENT.”
Finally, attorneys who send out more than 50 subpoenas a month must maintain for five years records detailing the basis of their reasonable beliefs. Failure to do so can get them sued by the AG. If this is valid, then an attorney could circumvent virtually all the law’s requirements by bulk mailing subpoenas with an accompanying certification cover page.
Nice try fellas, but I don’t think this is kosher. First, there is no provision in the statute allowing the certification requirement to be waived except for authorizing subpoenas to be sent electronically with the consent of the party to be served. It’s quite a stretch to suggest that the certified mail requirement can be waived for any other reason.
In addition, since a party receiving a valid information subpoena is obligated to respond, suggesting that their signature waives the certification requirement is awfully close to making an offer that can’t be refused. (“Either your blood or your signature is going to be on this contract” but – with apologies to those of you who haven’t watched The Godfather – I digress).
So what should you do if you receive one of these subpoenas? If you get a subpoena with this waiver request, I would cross out the offending sentence, initial the change and answer the subpoena subject to your amendment. Otherwise, you may be paving the way for bulk mailings of uncertified mail. In addition, remember the subpoena has to include the attorney’s good faith assertion, otherwise place it in the garbage. Last, but not least, send a copy of questionable subpoenas to the Association. My boss, Mike Lanotte, gets almost as fired up about protecting credit union advances in this area as he does about his Mets actually playing well, and if we see abuses taking place we will bring them to the attention of the right people.
Bond buying to end by October
Here are the minutes from the last Fed meeting. The big take away is that the bond buying program will be done by October.
See you Monday.
In a recent interview, President Obama suggested that what the country needs is more banking reform. Speaking on MarketPlace Radio last Wednesday, the President was asked whether Dodd-Frank had worked since mega banks are as big as ever? After going through the usual litany of Dodd-Frank accomplishments – i.e., the CFPB and so-called “living wills,” as well as increased capital requirements, the President changed his tone:
“Here’s the problem, the problem is that for 60 years, we’ve seen the financial sector grow massively. Now, it’s a great strength of our economies that we’ve got the deepest, strongest capital markets in the world, but what has also happened is that as the financial sector has grown, more and more of the revenue generated on Wall Street is based on arbitrage — trading bets — as opposed to investing in companies that actually make something and hire people. And so, what I’ve said to my economic team, is that we have to continue to see how can we rebalance the economy sensibly, so that we have a banking system that is doing what it is supposed to be doing to grow the real economy, but not a situation in which we continue to see a lot of these banks take big risks because the profit incentive and the bonus incentive is there for them. That is an unfinished piece of business, but that doesn’t detract from the important stabilization functions that Dodd-Frank was designed to address.”
Now, to be clear, politics being politics the White House quickly got out the word that the President’s comments didn’t mean that another push for banking reform was on its way. And there was speculation as to whether the President actually meant what he said or if his comments were simply intended to preempt criticism of Dodd-Frank in advance of its upcoming anniversary.
But the President’s comments reveal an inconvenient truth of which anyone who has tried to implement Dodd-Frank is aware: Congress and the President have done precious little to prevent another financial crisis. The too big to fail banks are still too big and with finance taking on an increasingly important role in the economy as a whole, reform of the banking system – such as reinstating boundaries between investment and commercial banking – are now all but impossible to achieve. The President had his chance, and he did not go far enough. For my money, it will go down as the greatest failure of his Presidency,
Unfortunately, credit unions are still left with the financial burden of complying with Dodd-Frank inspired mandates that are making it increasingly difficult for them to provide the types of products and services that got them into the business in the first place. In the meantime, the reality that major banks are “too big to fail” does give them a competitive advantage over their smaller counterparts. To steal a favorite political metaphor, the banks went through the car wash with the windows down and credit unions got wet.
True banking reform is not going to happen, but maybe, just maybe, with both Republicans and Democrats criticizing aspects of Dodd-Frank now’s a good time to push once again for mandate relief. At the top of my list would be an outright exemption from Dodd-Frank mortgage requirements for all credit unions. There is no evidence that credit unions caused the financial crisis, yet there is lots of evidence that Dodd-Frank is increasing costs for credit unions. There is also no good reason why credit unions should have to bear the costs for institutions that Congress doesn’t have the stomach to truly regulate.
The government reported stronger than expected job growth in June with the economy adding 280,000 new jobs. In addition, the growth was spread over a large cross-section of industries providing the best evidence yet for those of you who see the economic glass as half full. About the only negative I could find in the report is that the workforce participation rate was unchanged. People are already arguing that the jobs report is a signal that the Fed should move up its timeline for raising short term interest rates. There are some great arguments for why this approach is short sighted, but the blog has already gone on longer than I wanted.
Good luck making it through today after a nice long weekend. My advice: more coffee – lots and lots of coffee.
NCUA has proposed important changes to its Chartering and Field of Membership Manual regarding how and if an Association qualifies for inclusion in a credit union’s field of membership. I know many of you have put in yeoman’s work responding to NCUA’s risk-based capital proposal and find the idea of taking a look at this proposed regulation about as tantalizing as a follow-up visit to the dentist to get a cavity filled, but there are some important issues at stake and more of you may want to comment before the June 30 deadline.
NCUA is concerned that some credit unions are forming associations for the primary purpose of gaining access to new members. In its own words, “As a threshold matter, when reviewing an application to include an association in an FCU’s FOM, NCUA will determine if the association has been formed primarily for the purpose of expanding credit union membership. If NCUA makes such a determination, then the analysis ends and the association is denied inclusion in the FCU’s FOM. If NCUA determines that the association was formed to serve another separate function as an organization, then NCUA will apply the totality of the circumstances test to determine if the association satisfies the associational common bond requirements.”
There are two basic problems with this approach. First, while NCUA has a list of criteria – which it is adding to under this proposal – to determine if a credit union meets the associational common bond requirements, the regulation provides precious little suggested criteria about how NCUA will determine if a perfectly valid association was actually formed for the purpose of increasing membership. This is another example of NCUA seeking to give itself the authority to substitute examiner judgment for the plain language of the regulation on a case-by-case basis. Second, so long as an association is a valid, legal entity separate and distinct from a credit union, the motivations of a credit union in helping to form it are irrelevant. If a credit union forms an association to Save the Amazon Rainforest, provide aid to service members, or to lobby for a moratorium on any new reality TV shows – I am a charter member of this one, so long as these associations actively further these goals by holding meetings and sponsoring events, communities are benefitting.
Right now the tireless gadfly and blog devotee Keith Leggett is one of only six people to have commented on this proposal. Even if you disagree with me, please take a look at this proposal and consider dropping NCUA a line or two if, like me, you think it is going to have important consequences for the industry.
Credit Unions Hit Hard by Target Breach
The Target Breach provided fresh evidence for why Congress and State Legislatures have to re-examine the way liability is allocated between merchants and card issuers for data breaches. Despite the fact that card issuing credit unions and banks in no way contributed to causing the Target Breach, financial institutions, particularly smaller ones, were hit hard financially by the theft, according to a report released by PULSE yesterday. The report also indicates that more and more Americans are using plastic to transact business, meaning that if you haven’t already seen a decline in your debit card income, you will probably start seeing it soon.
On that happy note, enjoy your day.