Posts filed under ‘Compliance’

Why We All Need To Know More About Mortgages

The SEC was literally asleep at the switch during the early days of the mortgage meltdown. Although it has made some marked improvements in its oversight of the financial industry, its glacial movement in implementing Dodd-Frank mandated reforms makes it quite clear that it is as reluctant to impose requirements on its regulated entities as the CFPB is zealous in dreaming up new and creative ways to protect the American consumer from himself.

So it’s big news whenever the SEC finally gets around to implementing Dodd-Frank requirements and even bigger news when, on balance, the proposal is one that makes a lot of sense. In fact, at the risk of insulting the CFPB, the proposal the SEC is reportedly finalizing today should nudge the CFPB to take a second look at its proposed revisions to HMDA regulations. Humor me a little bit and you will see where I am going on this one.

Asset-backed securities are a broad categorization of bonds comprised of pools of assets ranging from student loans to car loans to everyone’s personal favorite in the industry — mortgage backed securities. Purchases of these bonds are repaid with the revenue from consumer loan payments. These bonds are typically broken into tranches with more conservative investors getting less of a return but being first in line to get paid in the event that the loans start going delinquent.

As credit unions are painfully aware, in the pre-financial crisis days regulations permitted institutions like the corporate credit unions to rely on ratings agencies when deciding whether or not it was safe to buy an asset backed security like one comprised of mortgage loans. With 20-20 hindsight, we all know that this assumption was dangerously naïve. For the last several years, the question has been with what should the old system be replaced? New regulations require that institutions, including credit unions, no longer rely exclusively on rating agency determinations when buying securities, but as I have complained in previous blogs, it is unrealistic to think that most institutions have the expertise or access to information necessary to make the type of decisions for which they relied on the rating agencies. In addition, remember that all this is taking place against the backdrop of litigation in which credit unions have billions of dollars at stake in which the primary issue is the extent to which the bundlers and underwriters of mortgage-backed securities knowingly provided inaccurate information when selling securities that faded quicker than the Yankee’s playoff hopes. (Hey, at least we have the Jets and Giants to look forward to…Right?).

According to several news reports, the SEC will be finalizing regulations mandated by Dodd-Frank that require the issuers of asset-backed securities to provide more loan-level data about the assets that are being bundled and sold into securities. As a result, before an institution purchases a mortgage-backed security, for example, it will be able to examine the individual mortgage loans comprising the security.

Similar proposals have been floating around since 2010. So why the holdup? According to press reports, privacy groups have been concerned about how regulators planned on protecting such a huge treasure trove of personal financial data and a way that protects the individual homeowner. These are, of course, legitimate concerns, particularly since hackers have demonstrated on an almost daily basis that it is about as easy to steal computer-protected data as it is to find a first-term Senator who thinks he should be President. As legitimate as this concern is, the benefits of the proposal far outweigh its harms. By putting buyers on notice that the information is available to assess a loan’s quality, we’re creating a mechanism to improve credit quality before bonds go bad as opposed to trying to deter recklessness almost exclusively with after-the-fact law suits.

So where does HMDA and the CFPB come in? Currently, the agency that never sleeps called a Bureau has out for public comment proposed revisions to Regulation C, which implements HMDA. These mandate that you log information about mortgage loans you provide. Dodd-Frank gives the Bureau the authority to mandate the creation of a truly universal loan identifier. In an ideal world, regulators and lenders could track every loan from its creation to its payoff.  This would benefit housing advocates who believe that, with just a little more information, they can prove that lenders are somehow to blame for every mortgage not given to anyone who wants one and every foreclosure that takes place. It would also benefit lenders, many of whom already have to comply with unique loan identifier requirements if they participate in the MERS system. But the Bureau notes in the preamble that it isn’t planning a formal universal identifier proposal at this time. It should reconsider.

Given the nationalization of mortgage finance and the benefit to the financial system of insuring that all parties to complicated financial transactions have as much information to perform adequate due diligence as possible, the CFPB should consider speeding up its timeline for implementation of a universal loan identifier system. I understand that this process won’t be quick but the sooner a mortgage tracking system is implemented the sooner consumers and lenders can benefit from a more transparent lending system and resulting efficiencies.

On that note enjoy your day and, if you are in the Albany area, I’m giving you permission to leave early and take advantage of this beautiful weather while it is still around.







August 27, 2014 at 9:31 am Leave a comment

Where is the Line Compliance Officers Must Not Cross?

Monday, New York State’s Department of Financial Services (DFS) announced that it was banning Price-Waterhouse-Cooper from providing financial consulting services to financial institutions for two years and imposing a $25 million fine.  The settlement resulted from charges that PWC helped a Japanese bank evade BSA and OFAC requirements to facilitate wire transfers through American branches to sanctioned countries.

In zeroing in not only on illegal bank activity but the consultants who provide them legal advice, DFS’s actions may amount to a watershed moment in bank regulation that impacts compliance officers not only at the biggest banks but the smallest credit unions.  If you think I’m exaggerating, you’re wrong.  Here’s why.

The documents released by the DFS on Monday included an amendment made to a report tracking the bank’s wire transfer activities.  The PWC consultant correctly highlighted the transaction in a report to the bank.  But the bank successfully pressured PWC to remove the offending finding since it directly contradicted what the bank was telling the DFS.  Now, don’t get me wrong.  This is a particularly egregious example and the DFS was right to take the action it did, but the kind of pressures placed on the consultant are the type that are placed on lawyers and compliance officers every day.  We live in a world of regulations and every time a regulation in interpreted in a given way, it could restrict the actions a credit union can take.  Not every one of these decisions should be fodder for increased regulatory scrutiny.

At its core, the responsibility of the person who handles compliance at your credit union is to lay out a plan for translating regulations and laws into an operational framework.  By definition, this means that banks and credit unions are confronted with legal barriers between what they want to do and what the law says they should do.

I think it is perfectly legitimate for boards and CEOs to weigh legal and compliance advice and decide that the cost of compliance outweighs its benefits.  What isn’t legitimate is for any organization to create an environment where people are rewarded not for providing the best legal advice they can, but for providing the legal advice that the boss most wants to hear.  Ultimately, the line that shouldn’t be crossed is almost never going to be as clear as the case highlighted by DFS this week. 

What we need is a robust discussion about creating a codified set of ethical rules that apply to compliance officers,  What we also need is to clarify the distinction between the responsibilities of compliance officers and attorneys.  Regulators like to think that regulations are so clear cut that any institution that doesn’t interpret them the way regulators intended is clearly violating the law.  But I would hate to see regulators scrutinize legal memoranda in which retained and in-house counsels creatively analyze defensible interpretations of regulations for evidence that institutions chose not to adhere to the “correct” answer. 



August 20, 2014 at 8:32 am Leave a comment

No More Zombies on the Jersey Shore?

Late last week , the State that gave us Bruce Springsteen and a politically inspired traffic jam took another step in clamping down on so-called zombie property when Governor Chris Christie approved legislation authorizing municipalities to mandate that foreclosing lenders take more responsibility for vacant and abandoned property even before they have legal possession of the homes in question. The legislation is the latest – and what I believe to be misguided – attempt to deal with properties that have effectively been abandoned by delinquent homeowners but for which a foreclosure process has not been completed.

Municipalities in New Jersey have had authority to mandate that a foreclosing lender take steps to maintain vacant property since 2008, but this first section of New Jersey’s latest legislation gives you a feel for how much more expansive the law is:

   (New section) a. The governing body of any municipality may [make, amend, repeal and enforce] adopt ordinances to regulate the care, maintenance, security, and upkeep of the exterior of vacant and abandoned residential properties on which a summons and complaint in an action to foreclose has been filed. 

In addition, the law deals extensively with the regulation of out-of-state mortgagees commencing foreclosures.  Read between the lines and you have a state with a glut of abandoned property and a lot of frustration working with out-of-state lenders.

Not all the news is bad.  In 2012, New Jersey passed a law permitting lenders to put foreclosures on the fast track when they could prove that property is vacant and abandoned. Residential property is considered “vacant and abandoned” if a court finds that the mortgaged property is not occupied by a mortgagor or tenant, and at least two of more than a dozen conditions exist such as:

(1) overgrown or neglected vegetation;

(2) the accumulation of newspapers, circulars, flyers or mail on the property; and

(3) disconnected gas, electric, or water utility services to the property.  See N.J. Stat. Ann. § 2A:50-73 (West).

By the way, having just reread the list, it’s a good thing I don’t live in New Jersey since I rarely remember to cancel the paper when I am out of town and mowing the lawn is not my favorite activity.

Those of you with mortgages in New Jersey should certainly run this by your attorney and compliance people and everyone should pay attention to these latest developments.  New York is also taking a look at the zombie property problem and this legislation will certainly give greater impetus to proponents of a similar approach.


August 19, 2014 at 9:20 am Leave a comment

The Virtual Spy Next Door

Keeping in mind that you have an obligation to monitor potential red flags of identity theft and mitigate evolving risks, here is some news worth reaching out to your IT vendor about. The NY Times reported earlier this week that “A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses. . .” What’s more, according to the security firm that uncovered the scheme, since the goal of the hackers was to steal password credentials as opposed to stealing from the compromised companies the hackers were targeting businesses of all shapes and sizes. Given the scope of the operation, you can bet a credit union or two or three is among the institutions that are being informed their websites have been compromised. As usual, an excellent source of additional information is this post from Krebs on Security.

First, on a purely practical note, this news showed me why it’s so dumb to use the same password for everything. The only reason this treasure trove of lifted passwords is valuable is because they can be used to access multiple online accounts and services.

The more I think about this news the angrier I am at our government. It may be ideologically edifying for some of our elected representatives to stand in the way of any government action, but there are some things that only the government can do. Cybersecurity should be a top national priority right now. In fact, Preet Bharara has correctly argued that cyber-attacks are this century’s Pearl Harbor. But our government is unable and or unwilling to pass meaningful legislation and make the investment necessary to have a truly robust defense against cyber-attacks.

What we are left with is a bunch of well-meaning but ultimately impotent attempts by regulators to do their part to help protect consumers.  For example, earlier this year the FFEIC highlighted the need for smaller institutions to guard against cyber-attacks. As part of this effort, it’s conducting pilot cyber assessments and has held a Webinar geared towards community banks and credit unions. I just reviewed the slides and it has some good advice such as suggesting depository institutions ask themselves:

How is my organization identifying and monitoring cyber-threats and attacks both to my institution and to the sector as a whole? How is this information used to inform my risk assessment process?

Such well-meaning advice is tantamount to reminding kids not to play with guns in the middle of a war zone. Without a concerted national commitment, all but the largest businesses in America will find it increasingly impossible to offer cost effective cyber services. You are all being subject to a virtual shakedown and the only institution with the resources to effectively do anything about it is the federal government. Unfortunately, this is the same government that can’t pass meaningful cyber reforms such as imposing risk assessment obligations on merchants.

In the meantime, the nation is furious that the Government isn’t doing more to stop kids who are rushing to the nation’s borders for a better life. Why isn’t it furious that foreign criminals are making billions by ripping off businesses and consumers?

On that note, have a nice day.






August 7, 2014 at 8:52 am 1 comment

Does Dodd-Frank Have Teeth After All?

Just how big a deal is the announcement late yesterday afternoon that the Federal Reserve Board and the FDIC have rejected the so-called “living wills” drawn up by the nation’s 11 largest financial institutions as inadequate to ensure that they can be liquidated in a cost effective manner? Depending on what happens next it could be like Vladimir Putin saying “I’m sorry” to the Ukrainians and giving them back Crimea, Tiger Woods suddenly getting healthy and winning the next five majors, or Congress actually passing meaningful legislation.

Dodd-Frank required systemically important banks to submit bankruptcy plans that explain to the Federal Reserve and the FDIC how their liquidation can be executed in bankruptcy court in the event they fail. Previous submissions have been accepted by regulators without amendment.  But, yesterday, the Fed and FDIC told the 11 largest banks, each with more than $250 billion in assets, to go back to the drawing board and credibly demonstrate how they can fail without putting the American taxpayer on the hook.

The ostensible Dodd-Frank logic is that these plans will prevent the American public from extending an implicit guarantee to the behemoths that they are too big to fail. The statute provides that, in the event these plans are deficient, regulators can order these institutions to sell some of their assets and adhere to higher capital standards. But, as this recent exchange between Fed Chairman Yellen and Massachusetts Senator Warren demonstrates, it didn’t seem that regulators was taking these living wills seriously. Now they are or at least pretending like they are. The real test will be when the adjusted plans are resubmitted. If they don’t include asset divestitures than they aren’t serious proposals. But, the banks involved may be willing to gamble that, despite yesterday’s announcement, regulators will never force them to restructure their monstrosities.  Time will tell.

Why does it matter? Because if credit unions have to comply with Dodd-Frank it isn’t asking too much for a financial system to be put in place that prevents the banking system from getting sucked down another sinkhole anytime soon and taking credit unions down with it.

The eight largest banks hold assets equal to 65% of the nation’s GDP.  In addition, these banks are given a competitive advantage by virtue of the fact that the Government has to bail them out, or so it believes. As I said before – and I know this is hardly an original thought – Dodd-Frank does too little to reign in the biggest banks. After all, next week’s crisis may not be triggered by mortgages but as long as a handful of institutions are allowed to suck up a disproportionate amount of the nations’ economy something bad is bound to happen, right? Maybe, just maybe, the Fed will prove me wrong.

What is so fascinating about the Fed’s announcement is that it is ordering the behemoths not to simply write up better contingency plans, but to restructure their operations to accommodate a liquidation. In its own words, by July 2015 they all must:

  • Establish a rational and less complex legal structure that would take into account the best alignment of legal entities and business lines to improve the firm’s resolvability;
  • Develop a holding company structure that supports resolvability;
  • Amend, on an industry-wide and firm-specific basis, financial contracts to provide for a stay of certain early termination rights of external counterparties triggered by insolvency proceedings;
  • Ensure the continuity of shared services that support critical operations and core business lines throughout the resolution process; and
  • Demonstrate operational capabilities for resolution preparedness, such as the ability to produce reliable information in a timely manner.

In addition, look at the language used by the members of the FDIC, and it’s clear that there are regulators annoyed that too little has been done to prevent another disaster. For instance, in supporting yesterday’s decision FDIC board member Jeremiah O. Norton argued that “achieving a credible and workable framework for resolving large and complex financial institutions would be the pinnacle accomplishment in the wake of the 2008 financial crisis.“

And Vice Chairman Thomas M. Hoenig, who has long been a vocal critic of too big to fail banks, pointed out that the economy today is more, not less dependent on these institutions which are still highly leveraged and noted:

“Some parties nurture the view that bankruptcy for the largest firms is impractical because current bankruptcy laws won’t work given the issues just noted. This view contends that rather than require that these most complicated firms make themselves bankruptcy compliant, the Government should rely on other means to resolve systemically important firms that fail. This view serves us poorly by delaying changes needed to assert market discipline and reduce systemic risk, and it undermines bankruptcy as a viable option for resolving these firms. These alternative approaches only perpetuate “too big to fail.”

Maybe real banking reform isn’t just a blogger’s pipe dream after all.






August 6, 2014 at 8:49 am Leave a comment

How great an impact is Dodd-Frank having on mortgage lending?

I want to thank the American Bankers Association for letting me be an honorary member for this post today. As I looked around for stuff to write about what struck me as most interesting and informative came from the banker’s side of the aisle.  

That was the question the Federal Reserve tried to answer in its most recent Survey of Senior Loan Officers and the results provide support for both opponents and proponents of the mortgage lending rule changes. (Incidentally, I would love to report on the same type of survey results for credit unions, our industry should take this on).

Most importantly, while banks are certainly loosening the spigot on mortgage lending, if you don’t qualify for a conforming loan you aren’t going to find it anywhere near as easy to qualify for a mortgage as you did before the meltdown. As summarized by the Federal Reserve: “[t]he majority of banks reported that the new rule has had no effect on the approval rate of prime conforming mortgages, in part because those loans qualify for a safe harbor under the exemption for loans that meet the underwriting criteria of the government-sponsored housing enterprises (GSEs). In contrast, about half of the respondents indicated that the ATR/QM rule has reduced approval rates on applications for prime jumbo home-purchase loans and nontraditional mortgages.“

Dodd-Frank is having a pronounced impact with 47.8% of respondents indicating that they would be approving more prime mortgages but for the QM rules. Interestingly, that is almost the same response the banks gave when asked about not-traditional mortgages.

The parts of the survey that concern me most are those indicating that smaller banks are pulling the reigns in tighter than larger ones. For instance, 33% of larger banks are making fewer nontraditional loans while 61% of all other banks are tightening standards.

Bottom-line: the stated goal of Dodd-Frank was to cut back on reckless underwriting. So far, so good. The hope of the CFPB was that it could accomplish this goal with minimal impact to smaller credit unions and community banks. This may ultimately prove to be an impossible challenge. After all, larger banks are better able to absorb real estate losses and legal costs than smaller depository institutions ever will be.


Since I’m channeling my inner-banker today let me compliment the American Bankers Association on a recent letter to the Bureau requesting clarification on notice requirements for delinquent real estate loans, as well as other areas where guidance would be helpful. You now must wait 120 days before commencing a foreclosure action. The ABA asks how this requirement applies to “rolling delinquencies” where a member pays off some but not all of the debt over the 120 day period. As the ABA explains “[e]ven though the borrower may resume making scheduled monthly payments, s/he never becomes fully current on the loan and is unresponsive to loss mitigation outreach efforts. The CFPB’s servicing regulations do not specify how a servicer is to calculate delinquency for purposes of the 120-Day Rule.”


If you are thinking of selling your debt to third-party debt collectors then you might want to take a look at this Guidance warning depositors to be mindful of the operational and reputational risks that come with such sales. Now I’m talking specifically about companies that buy your debt and then pursue payment not the run-of-the mill third-party collector that all creditors have to turn to occasionally.

Third-party debt purchasers have really moved up the depth chart of groups that consumer advocates love to hate in recent months. As I explained in a previous blog, NYS has also proposed regulations limiting third-party collection practices.

August 5, 2014 at 8:59 am Leave a comment

Mandate Relief Light

I think Chairman Matz may have gotten a little carried away by the lights of Vegas the other day when she announced fixed asset mandate relief at NAFCU’S convention. I can’t get excited by mandate relief that replaces one mandate, the requirement to get preapproval of property investments exceeding five percent of assets, with another replete with a new acronym.

If you thought your days of not having to worry about the fixed asset rule were over, then you are going to be disappointed by NCUA’s mandate relief proposal.

Currently, the aggregate of all a credit union’s investments in fixed assets must not exceed five percent of its shares and retained earnings without a waiver from NCUA. In addition, since much of your standard Information technology investments count against this cap, CUNA and others have pointed out that the rule can restrict needed investments. The good news is that if this proposal goes forward credit unions would be able exceed the cap without getting a waiver. But, credit union boards exceeding the threshold will have to develop an effective Fixed Assets Management (FAM) program. In addition, the your credit union must have analyzed and determined that the investment in fixed assets in excess of the five percent limit is appropriate, safe and sound, and supported by its FAM program.

The FAM must include a “prudent” aggregate limit for the FCU; be accompanied by a board resolution detailing the board’s approval of the expansion and internal controls to assure proper oversight of the program. The resolution is quite detailed since it must include:

(i) The board’s analysis of the purpose for the investment;

(ii) The board’s analysis, supported by reasonable growth assumptions, of the federal credit union’s pro-forma balance sheet and income statement projections; and

(iii) For an investment in real property, the board’s consideration of the future marketability of the premises, in the event the federal credit union needs or wants to sell the premises in the future.

FCUs with an existing waiver would not have to implement a FAM on the existing project.  

Are these pro forma requirements? No. Even though you no longer need prior approval for exceeding the 5% limit, the preamble to the proposal states that NCUA may, “in the discretion of the appropriate Regional Director, prohibit a FCU from making any further fixed assets acquisitions and require the FCU to reduce fixed asset levels. . .”

Currently, when a FCU acquires improved property it has three years to partially occupy the premises and if it acquires unimproved land it has up to six years to partially occupy the property. The proposed rule would establish a single five year timeframe to partially occupy all property. FCUs would still have to seek a waiver from NCUA to exceed these limits.

The Association will be sending out a survey on this proposal and I’m curious how many of you are as underwhelmed by it as I am or if I am just being too cynical on this beautiful summer day. Speaking of which, I am off to entertain my kids, enjoy your weekend.

August 1, 2014 at 8:53 am Leave a comment

Older Posts

Authored By:

Henry Meier, Esq., Associate General Counsel, Credit Union Association of New York

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 323 other followers



Get every new post delivered to your Inbox.

Join 323 other followers