Posts filed under ‘Compliance’
President Obama’s decision to grant resident status to more than 4 million undocumented aliens may well have a direct impact on your credit union’s operations and procedures. Specifically, you may want to take a look at your credit union’s BSA customer identification policies and procedures.
The ability of credit unions and banks to open accounts for undocumented aliens is one of the few compliance issues that gets the non-compliance geek fired up. Read this 2007 article from the Wall Street Journal and you’ll see what I mean. Under existing customer identification program requirements, credit unions must have policies and procedures in place to verify a customer’s identity. As explained in a FinCEN guidance, the CIP regulations do not provide a definitive list of the type of documents that banks and credit unions must use to verify the identity of an account holder. Instead, the ultimate requirement is that whatever forms of identification your credit union uses enables it to “form a reasonable belief that it knows the true identity of the customer.” The regulation provides that for a non-U.S Citizen an acceptable form of identification could include a government issued document evidencing nationality or residence so long as it has a photograph. See 31 CFR 1020.220. This flexibility in the regulation is what makes it acceptable for some financial institutions to accept consular identification cards while others do not. My guess is that with the President’s Executive Order you will see many states pass laws requiring financial institutions to accept specific types of identification.
The second stumbling block to opening accounts for undocumented persons involves tax-payer identification numbers. The regulations are unequivocal in requiring that persons opening accounts must either have or be applying for a tax-payer identification number. 31 CFR 1020.220. Since many undocumented aliens work off the books, this has been one of the biggest challenges to opening an account. The President’s Executive Order will allow qualifying individuals to legally have jobs and start paying taxes. I would hope that FinCEN will provide guidance to financial institutions explaining the type of documentation that may be available to individuals eligible for legal protections under the President’s Executive Action.
Whether or not you agree with the President’s Executive Action it is not the role of your credit union to get involved with the immigration debate. If you disagree with what the President did last night, write your Congressman, but don’t make it more difficult than it has to be for a person to go into a credit union and open an account. As for the argument that doing so is aiding lawbreakers, let’s make a common sense distinction between individuals who come into the country to earn a living and individuals who earn a living by breaking the law.
Good morning, if this headline got your attention, get your mind out of the gutter. Think in bankruptcy parlance. A “strip off” occurs when a court cancels a lien that is wholly unsecured.
On Monday, the Supreme Court decided to hear an important case to answer this question: can a court overseeing a Chapter 7 Bankruptcy cancel a junior lien on a residential mortgage where the value of the property is so low that there is no equity with which to pay back the subordinate lien holder? The Supreme Court decided to consolidate two cases from the 11th Circuit (Bank of America v. Caulkett and Bank of America v. Toledo-Cardona). Both cases deal with residential mortgages that tumbled in value once the Great Recession hit. The homes tumbled so much in value, in fact, that there wasn’t enough money in either house to pay back the holder of the principle mortgage, let alone the holders of home equity lines of credit taken out on the properties.
Most courts that have addressed this issue in other jurisdictions have concluded that a subordinate lien survives bankruptcy regardless of the amount of equity left in the residential property. In New York, for example, the leading case is Wachovia Mortgage v. Smoot, 478 B.R. 555 (E.D. NY 2012). The court provided an excellent explanation of why subordinate liens survive Chapter 7 Bankruptcy. In addition, at least three other circuit courts have reached the same conclusion.
In contrast, the 11th Circuit, which includes Florida, has reached the opposite conclusion. In the consolidated cases to be decided by the Supreme Court, the Florida homeowners were successful in getting their subordinate liens cancelled. Why does this matter? In depressed housing markets, it may not make much of a difference, but in states like New York, where it may take several years to foreclose on a property, a homeowner could see a sharp rise in their property values between the time when they declare bankruptcy and the time a house is foreclosed on. They would end up pocketing money to which the subordinate lien holder would otherwise be entitled. The Court will be issuing a decision in this case by June.
In the immortal words of Elaine from Seinfeld is it time for you to attempt conversion?
Right now card issuers are liable for the costs of POS fraud involving both credit and debit cards. In October 2015 Visa and MasterCard shift this liability to merchants that can’t process chip based EMV transactions. This creates a huge incentive for merchants to invest in new terminals but the benefits aren’t quite as clear-cut for your credit union. After all if the vast majority of merchants can accept EMV by next October than you will be as liable as you are right now for card fraud.
To find out more about conversion issues yesterday I attended an excellent conference on EMV technology hosted by Covera. (Full disclosure: Covera is an affiliate of the Association). The most important lesson I learned is that, if you start planning today, credit unions have more flexibility than I thought they did in deciding when and how to make the migration to EMV. Deciding on how much of a push your credit union should make is ultimately an individual decision unique to each credit union’s circumstances. The more time you give yourself the better off you will be. Here are some of the key questions I would ask after attending the conference.
What is your timeframe for migrating to EMV? It’s going to take more than six months (optimistically) to roll out chip based cards. If you aren’t planning now than your plan is not to convert anytime soon.
How much card fraud do you have?
The switch to EMV is only helpful if data theft is an issue for your credit union. You are at no greater risk legally after October of next year if you choose not to go forward with an EMV conversion unless you think that the merchants your members shop with won’t be ready to accept EMV cards or you feel that the lack of EMV will make your CU more of a target.
Should you take a piece meal approach or integrate EMV all at once? One of the real interesting realizations for me was that credit unions have more flexibility in introducing EMV cards than the October 2015 date suggests. A credit union could start with a conversion to EMV credit cards, for example, see how the conversion goes, and then convert their debit cards.
How much money do you have to budget? These cards are estimated to be 2.5 times more expensive than traditional cards. That is a lot of money for technology that won’t prevent all fraud and that the bad guys will eventually make obsolete. In addition, there is a lot of staff training and member outreach that is involved in introducing EMV. All of this costs money.
Do you have a lot of international travelers in your field of membership? EMV technology is the industry standard in most other parts of the world.
Having read my list you may think that I am telling you not to go forward with EMV. Not at all. My Personal opinion is that consumers will eventually demand that financial institutions use the safest technology available. In addition legislators and regulators may eventually mandate that you adopt the technology whether you want to or not.
The CFPB continued its incredibly frenzied pace yesterday. In the same day, it proposed federal regulations on prepaid cards and fined Franklin Loan Corporartion, a California-based mortgage banker for illegally compensating its loan originators. In the pre-Dodd-Frank days, either one of these would have been among the biggest news of the year for one of our federal regulators. But for our good friends at the Bureau that Never Sleeps, it’s all in a day’s work.
First, let’s talk about the illegal compensation settlement. In 2010, the Federal Reserve Board imposed restrictions on the way loan originators could be compensated. Specifically, the Federal Reserve Board promulgated regulations prohibiting compensating originators based on a term or condition of a mortgage loan. The CFPB is now responsible for enforcing this provision and to avoid making this discussion any more complicated than it has to be, my references are to the re-codified regulation. Before the Board’s prohibition, Franklin had a straightforward compensation system in which originators would get a percentage of each mortgage loan they closed. The compensation would be based on the total cost of the loan, which included an originating fee, discount points and the retained cash rebate associated with the loan. As a result, loans with higher interest rates generated higher commissions. After the Board passed it prohibition in 2010, Franklin instituted a new system. All loan officers were given an upfront commission for each loan they closed. However, on a quarterly basis, they would receive the difference, if any, between the adjusted total commission, which was based in part on the interest rate of the mortgage, and the upfront commission. In other words, the higher the interest rate the more a Franklin originator would be compensated.
The originator clearly crossed the line with its compensation structure. But remember, the regulation isn’t as clear cut as it first appears. Take a look at the official staff commentary accompanying 12 CFR 1026.36(d)(1)(I):
- Permissible methods of compensation. Compensation based on the following factors is not compensation based on a term of a transaction or a proxy for a term of a transaction:
- The loan originator’s overall dollar volume (i.e., total dollar amount of credit extended or total number of transactions originated), delivered to the creditor. See comment 36(d)(1)–9 discussing variations of compensation based on the amount of credit extended.
- The long-term performance of the originator’s loans.
- An hourly rate of pay to compensate the originator for the actual number of hours worked.
- Whether the consumer is an existing customer of the creditor or a new customer,
Whether or not the way you compensate your originators is acceptable is a fact-specific analysis. The bottom line is this: in trying to comply with this prohibition it is best to keep in mind what the CFPB is seeking to prevent. It doesn’t want to create an incentive for originators to provide mortgages with higher interest rates and transaction costs than a member needs to pay in order to get an appropriate mortgage.
As for the CFPB’s proposed regulation of prepaid cards, in concept anyway, this is a proposal that is long overdue. More than a decade ago, legislation was introduced in the NYS Assembly that placed restrictions on prepaid cards which were increasingly being used by employers. At the time, one of the primary arguments against the proposal was that regulation of prepaid cards should be done on the federal and not the state level. Prepaid cards are increasingly being used as de facto bank accounts, particularly for the poor and young. It makes sense both from a competition standpoint and from a consumer protection standpoint that consumers that choose to use these cards get basic protections. I will undoubtedly have more to say about this regulation as a I read through its specific provisions. I know you can’t wait.
In the meantime, have a great weekend.
A day after the CU Times reported that NACUSO issued a call-to-arms urging credit unions to help fund regulatory and potential legal actions designed to protect CUSOs against regulatory encroachments by the NCUA, it is being reported that Home Depot’s data theft was much more serious than initially reported. Not only were a mere 56 million credit card accounts compromised, but 53 million email addresses were also stolen. It now appears that access to the system came from a password stolen from one of the company’s vendors. Just how many issues does this raise? Let me count them.
- Look to you left, look to your right. Then look down the hallway. Think about the most technologically incompetent person you have working for your credit union. Realize that your data security is only as safe as that employee can make it. Data security starts with your employees. Only give access to databases to those who truly need it. The hackers are so sophisticated now that once they have access to a password, they can virtually sneak around your system and find more and more vulnerabilities.
- I’ve said it once and I’ll say it again, and I expect NCUA will be saying it to you shortly: your vendor contracts are absolutely crucial. Given the explosion of technology, it is only natural that credit unions are going to turn to vendors. If they don’t they won’t be able to provide the type of services that members expect. But turning to the vendor doesn’t absolve the credit union of ultimate responsibility for the services the vendor is providing or the continuing need to protect member information. Consequently, just like Warren Buffet never invests in a business he doesn’t understand, your credit union should never contract for technology it doesn’t comprehend. Your vendor relationships must include ongoing monitoring by knowledgeable employees on your staff. You should make sure that your vendors document on an ongoing basis that they are compliant with the latest data security standards.
- CUSOs provide a crucial mechanism for credit unions to pool resources. Given the importance of vendor management, is it really that unreasonable for NCUA to seek a more holistic view of the CUSO industry? Personally, I don’t think so. The problem is that NCUA has sought to exercise powers it doesn’t yet have. Mandating that credit unions force their CUSOs to agree to NCUA audits is a blatant attempt to boot strap its jurisdiction. But at the end of the day, it makes sense for NCUA to have a clear picture of what a CUSO is doing, Not only are these organizations providing services for credit unions, but their financial success or failure directly impacts credit unions’ bottom line. The middle ground is for everyone to be a lot less dogmatic and a lot more pragmatic. NCUA should seek specific legislative authority to regulate CUSOs. But it should only exercise enhanced oversight over those CUSOs that represent a truly systemic risk to the industry. This means that NCUA should base its enhanced auditing not on the type of services the CUSO provides, but on how many credit unions use its services. In addition, NCUA should reduce its proposed risk rating for CUSOs. Credit unions should be encouraged to use CUSOs as opposed to third-party vendors with no connection to the industry.
The Federal Financial Institutions Examination Council (FFIEC), which reflects the combined wisdom of all the financial regulators including the NCUA, released a “statement” yesterday in which it strongly recommended that financial institutions participate in the Financial Services Information Sharing and Analysis Center (FS-ISAC) as part of their efforts to enhance the cyber security of their institutions. The call for greater information sharing is the biggest takeaway from a report and statement the FFEIC released yesterday based on an assessment of the steps that 500 financial institutions are taking to deal with cyber threats.
Although regulators stressed that the report’s observations were not to be treated as official Guidance, don’t believe them, they may not be binding on you, but they easily could be required of you in the near future. Plus, the report provides some great advice to help develop a more robust cyber security program. For example, the report is filled with questions that board members and executives should be asking about their cyber security preparedness and steps that institutions should consider taking to mitigate risk. Among the questions that boards should be asking are:
- What is the process for ensuring ongoing and routine discussions by the board and senior management about cyber threats and vulnerabilities to our financial institution?
- How is accountability determined for managing cyber risks across our financial
institution? Does this include management’s accountability for business decisions that may introduce new cyber risks?
- What is the process for ensuring ongoing employee awareness and effective response to cyber risks?
What I would suggest doing is actually asking yourself these and the other questions outlined in the report and see what vulnerabilities your credit union has and can realistically guard against given its size and sophistication. Furthermore, ask these questions at least once a year. Cyber security is a dynamic threat and has to be monitored constantly.
As for getting involved with FS-ISAC, this organization is designed to get information about cyber threats out to financial institutions as quickly as possible and act as a repository of emerging cyber threats. Here is a link to the site: https://www.fsisac.com/
One editorial comment: The way this information was released underscores a growing problem with the way credit unions and apparently other financial institutions are being regulated. By issuing “Guidance,” “Statements” and “Reports” without clearly delineating what obligations these documents are imposing on credit unions, regulators are adding a degree of confusion to compliance that doesn’t have to be there. Here is a simple solution: All documents directed at financial institutions should include a sentence explaining what statutory power an agency is exercising in publishing the material. Regulations always include a reference to the statute pursuant to which a regulation is being promulgated and the same procedure should have to be followed when it comes to issuing reports with recommendations that sound an awful lot like examiner commandments.
Here is a link to the material: http://www.ncua.gov/News/Pages/NW20141103FFIEC.aspx
According to this morning’s CU Times, NCUA officials have officially decided that interest rate risk would be removed as a focus of NCUA’s Risk Based capital proposal. Instead IRR would be dealt with in a separate proposal.
We have to see what NCUA is actually going to propose but in concept this is a very positive development. Many of the proposed risk weightings – most noticeably those dealing with mortgage concentrations – seemed to have been designed to make it structurally impossible for credit unions to take on too many long-term loans and investments even if this meant making it difficult for them to offer sound products that members wanted.
In addition, by the middle of next year, we should have a better idea of how risky the interest rate environment is. The Fed will either start raising short-term rates by the middle of next year or the economy will continue to be so sluggish that only the clinically paranoid will fear a sudden spike.
I know it’s a cliché, but people all over the world die for the right to vote. Don’t be lazy. Vote today.
That is my most important takeaway from the FDIC’s biannual survey of unbanked and under-banked households that was released yesterday. If you are interested in getting these potential members into your branches-as credit unions you have an ethical and legal obligation to try to do so-you better find a way of competing with the prepaid card.
“The survey results suggest that sizeable proportions of unbanked households and, to a lesser degree, under-banked households, relied on prepaid cards for many of the same purposes that households associate with checking accounts” Its authors conclude.
According to the report 7% of US households are unbanked but a staggering 20 percent of households are under-banked meaning they have an account but have obtained services from nonbank alternative financial service providers in the last 12 months. The unbanked rate is down from 8.2%.
The survey reveals that nearly 8% of all households use prepaid cards and 22.3% of unbanked households have used prepaid cards in the last year. Clearly this is a growing market and it’s going to get bigger but the report underscores just how difficult it is to break into this market. On the one hand almost half of unbanked prepaid card users plan to open up an account in the next year but here is the catch: Only 10% of all households obtained their prepaid cards from branches and among the unbanked, where distrust of banks is higher, only 4% do. It will be interesting to see how many of the unbanked really do open up accounts. I have my doubts because as prepaid cards offer more of the conveniences and consumer protections of traditional accounts many people won’t see the need to make that first visit to the bank or credit union.
I have always been squeamish about prepaid cards because people at the bottom rung of the financial climb need to open up accounts to climb to financial security. But prepaid cards are here to stay and if these survey results are accurate offering them may be a great way of exposing the unbanked to your credit union. Based on this survey if I was putting together a prepaid marketing plan here are the key points that I would want to get across to consumers looking for a Prepaid Card: Credit Unions are (1)Trusted partners that can (2) Offer you the convenience of prepaid cards and are (3) backed up with the safety and security that comes from belonging to a financial institution protected by your friends and neighbors.
The report is a great resource. Here is a link.
RIP Quantitative Easing
With the Fed’s announcement yesterday that it was no longer going to make additional purchases of long term treasury bonds and mortgage backed securities it means that the most aggressive long-term intervention by the Fed into the broader economy will be coming to an end almost. Remember that the Fed will still be rolling over its existing bond purchases so it will be continuing to exercise downward pressure on long-term interest rates. Yesterday’s FOMC statement also indicates that the fed is not concerned that the recent downturn in the global economy, which played such a big part in Wall Street’s recent gyrations, fundamentally alters the outlook for US economic growth. If the conventional wisdom is correct expect short-term rates to rise the middle of next year.
They Might Be Giants
With their third world series win in five years the Giants must now be considered the most dominant team in baseball. They can’t be considered one of baseball’s great flukes anymore. They win when it matters the most.
I like it when good teams consistently win championships because championships should be difficult to win. The Royals lost this year but their lose will make their eventual World Series victory that much sweeter. My only question is: Why is it that when the Yankees win four World Series in the 90’s with strong starters, dominant relievers and a solid lineup of great defensive players its considered bad for baseballs, but everyone celebrates the resurgence of the game when the Giants win with the same formula?