Posts filed under ‘Compliance’
I’m here to tell you this morning that you will be breached and if you have been already, you will be again. Cybercriminals are chameleons and they have the money to quickly adjust to the latest techniques meant to stop them.
For example, remember when “dual authentication” of your customer accounts was all the rage in IT security circles? The FFEIC even came out with a guidance mandating that depository institutions implement systems that demonstrate two forms of identification. It was originally updated in 2005 and updated again in 2012 to emphasize the need to “layer” your IT security.
To what do I owe my gloomy morning forecast? Two informative posts, one by the CU Times and the other by the Information Technology Website underscored just how fast moving the game of cyber security cat and mouse is and unfortunately the bad guys win fairly often. Specifically, hackers have broken into 34 banks in Asia and Europe by bypassing a dual authentication system developed by Android and used for online banking. Check with your IT people to get the technical details, but the basic idea is that they used email requests to lure customers to a fake website. Marks opened the door to hackers by opening the email and going to the site through which the hackers could steal all the information they needed to get by the dual authentication system. What is astounding the experts is that the banks used SMS technology, which requires a customer to enter a new password every time they access an account. This is above and beyond what most U.S. credit unions and banks require.
So, is there anything you can do to mitigate the risk beyond making sure that you have a good computer person on speed dial? In looking at cases examining the liability of financial institutions for data breaches, here are some of the points I would keep in mind. Although many of them are most relevant to those of you who offer business accounts, NCUA regulations require all of you to identify and monitor the “red flags” of identity theft on an ongoing basis.
- Member and staff education is key. Your security is only as effective as your most careless employee or technologically “savvy” member.
- In assessing commercial reasonableness of online business accounts, which are regulated by Article 4A of the UCC, courts consider (1) security measures that the credit union and customer agree to implement, and (2) security measures that the credit union offers to the customer but the customer declines. Make sure this is in writing and, if possible, attached to the contract.
- You must respond to changing threats by offering new mitigation techniques. For example, remember now that hackers can electronically impersonate an employee, dual control and not dual authentication is becoming the baseline standard. This way, hackers have to obtain the login information for two employees before transferring money.
- Here is the good news. Commercially reasonable and regulatory standards vary depending the size and sophistication of your credit union. However, this means that the policies and procedures you adopt must be unique to your credit union based on its resources and risk profile. This is one area where cutting and pasting a colleague’s policies the day before the examiner comes calling won’t cut it in the long run.
- Similarly, the vendor contract really matters. Most of you will use vendors to implement your cyber banking. How much must the vendor indemnify you if its negligence causes a breach? Are both parties legally obligated to monitor developments in cybercrime and update protocols when appropriate? Are these changes integrated into your security procedures? These are all questions that, if asked, can help mitigate losses and maintain member confidence in your electronic banking.
Second Quarter GDP Growth Stronger Than Expected
A few minutes ago, news came out that second quarter GDP growth grew at a 4% rate, beating the expectations of economists. In addition, the Government is reporting that household spending increased by 2.5%.
There are some issues that are hanging over the industry like a sword of Damocles. This morning an article in the Wall Street Journal provides further evidence for those who feel that the CFPB should do more to regulate overdraft fees.
According to a survey conducted by the paper, hundreds of small, regional banks, and credit unions are “clinging to the practice” of processing checks on a high to low basis. The paper’s survey revealed that smaller depository institutions are continuing this practice even as larger institutions are backing away from it.
What exactly to do about overdraft fees has been debated for more than a decade now. In 2010, the Federal Reserve promulgated regulations requiring that members opt in to bank payment on debit card overdrafts. I was silly enough to think that this would put the issue to a close, but it hasn’t. For example, in a statement accompanying a 2013 report on overdraft processing, CFPB warned that if “policies and practices do not protect consumers in accordance with consumer protection law, it will use it authorities to provide such protection.”
The more I look at the issue, the more I feel that overdraft fees are the most misunderstood practices engaged in by depository institutions. Do they represent an important source of income for many banks and credit unions? Absolutely, but I bet if you asked your average consumer if they are willing to pay more to make sure that their mortgage or car payment doesn’t bounce, they’d agree. In other words, overdraft fees are a product that some consumers want and need.
I’ve been AWOL for a couple of days and based the volume of work that regulators pumped out over the last week it’s obvious that many of our regulatory overlords intend on being AWOL for most of August. Here are a couple of regulatory proposals to review in preparation for Fall.
CFPB’s HMDA Proposal Empowered by the Dodd-Frank Act , the Bureau that never sleeps is proposing revisions to the Home Mortgage Disclosure Act. It may not sound like a page turner, but for those credit unions that have to comply with it, properly reporting mortgage loan information can be one of the great compliance headaches. If the regulation goes forward as proposed the types of mortgages subject to reporting requirements will be expanded to include “all mortgage loans secured by a dwelling, regardless of the purpose of the loan” including HELOCS and commercial loans secured by a home. Here is a link.
NYS moves to regulate Bitcoin New York State’s Department of Financial Services is rushing ahead of federal and state regulators by proposing licensing requirements and a comprehensive regulatory framework for institutions that buy, sell, transfer or store virtual currencies. Here’s a link to NYS’s proposal.
As I explained in my blog the other day, for banking compliance geeks FinCEN’s annual compilation of SAR filings is a big deal that gets noticed. So when it uses this publication to highlight issues related to the filing of Suspicious Activity Reports in relation to virtual currency in general and the Bitcoin specifically, it can be assumed that this is an issue of particular importance to individuals who work at the intersection of law enforcement and banking regulation. According to its SAR Narrative Spotlight Column, “FinCEN is observing a rise in the number of SARs flagging virtual currencies as a component of suspicious activity. Like all emerging payment methods, understanding virtual currencies is key to insightful SAR preparation and filing.”
According to FinCEN useful narrative information accompanying a SAR bitcoin filing may include:
• Information on users of crypto-currency (even when their participation in the transaction is not considered suspicious). If possible, such information should be supplemented with the ACH or wire data related to transactions conducted to or from known virtual currency exchanger. An exchanger is one of a handful of platforms, one of which filed for bankruptcy, which will exchange the Bitcoin into currency.
• Information related to Bitcoin speculation. Specifically, FinCEN reminds depository institutions that the value of a Bitcoin is highly volatile and “following a rapid rise in the relative value of crypto-currency to the dollar an institution may see high value deposits originating from foreign or domestic virtual currency exchangers.” FinCEN goes on to note that speculation is not criminal activity, however, “speculation can share a transaction footprint with other activities that might be suspicious.”
Depository institutions should be mindful that virtual currencies can be used to hide the source of funds stolen by hackers and identity thieves.
I’ve used more quotes than I like to in writing this blog today because I am not sure I completely understand where FinCEN is heading when it comes to the regulation of virtual currencies. It seems to be suggesting that virtually any time a member uses funds derived from a Bitcoin or other virtual currency, a SAR filing is appropriate. The concern I have is that very little of the account activity highlighted by FinCEN is necessarily suspicious. If and when virtual currencies become more commonly used, FinCEN is going to have to issue more formal guidance clarifying when member use of virtual currency is truly worthy of a SAR.
That’s the question posed by the New York Times in an article yesterday in which it seeks to sound the alarm: in a nutshell it argues that, just like the mortgage meltdown, major banks are loosening lending standards in an effort to ensure they have enough automobiles to meet Wall Street’s growing demand for securities comprised of auto loan pools. This is one of those times where I am glad that credit unions aren’t mentioned alongside the banks.
This is the type of article that gets regulators thinking that more needs to be done, so you may want to take a quick look to see how appropriate your underwriting standards are for auto lending. Here are some things to keep in mind.
The NCUA deserves credit for raising concerns about indirect auto lending long before it was trendy. The banks highlighted in the article are accused of hiding behind dealer practices when asked about questionable sales techniques and underwriting standards. But remember “the dealer made me do it” is no defense. This is particularly true for credit unions that have the added requirement of ensuring that any person taking out a car loan is a qualified member. As summarized succinctly in this indirect lending guidance from the NCUA from 2011:
Indirect lending standards should be consistent with the credit union’s direct (internal) loan underwriting standards. The standards should be reviewed at least annually or more often if risk levels increase or if negative trends begin to surface. Exceptions to the indirect loan policy should be infrequent. All exceptions should be approved by credit union personnel responsible for administering the indirect lending program and reported to the board of directors for their review.
One other quick point about the article. Not all securitization is bad. Financial institutions, and especially smaller ones, need a vibrant secondary market to sell off loans and make new ones to members. The Times is right to highlight the negative influence that demand for higher yielding securities may be having on auto lending standards, but I just hope that regulators don’t overreact and throw the baby out with the bath water.
I’ve done this blog long enough now that every so often I feel like Steve Martin in The Lonely Guy. When the new phone book is delivered, he runs down the street yelling: I’m in the book, I’m in the book. I was excited to find out this morning that the Annual Review of SAR Filings had been published by FinCEN. California and New York lead the way when it comes to depository institutions filing Suspicious Activity Reports.
On that note, have a nice day.
How much time do members have to inform you that they have spotted an unauthorized withdrawal from their account after receiving their statements?
The UCC gives consumers a year but that timeframe can be reduced by contract. Just how much that window can be closed has remained an open question in New York for decades until a narrow but an important ruling in New York’s Court of Appeals in May (Clemente Bros. Contracting Corp. v Hafner-Milazzo) held that business accounts opened by sophisticated large businesses could provide companies with as little as two weeks to report unauthorized withdrawals provided they receive adequate notice of account activity.
Clemente Brothers opened business accounts and a line of credit at NorthFork Bank which was subsequently gobbled up by CapitalOne; In order to open up the account it had to pass a corporate resolution specifying who could draw from the accounts and sign an account agreement that provided in pertinent part:
“That unless [Clemente Brothers] shall notify the Bank in writing within fourteen calendar days of the delivery or mailing of any statement of account and cancelled check, draft of any claimed errors in such statement, or that any such returned Instrument was forged…or that it was raised or otherwise altered … “ the account shall be considered correct for all purposes and said Bank shall not be liable for any payments made and charged to the account
All good unauthorized withdrawal cases seem to start with wayward employees and in this case a bookkeeper had been forging Clemente’s signature on certain CapitalOne Bank documents, including drawdown requests on the line of credit and checks paid from one of Clemente Brothers’ accounts. The company claimed she embezzled approximately $386,000 over the course of approximately two years, from January 2008 through December 2009. The withdrawals were discovered in 2010. They claimed that these were unauthorized withdrawals and that the Bank had to make them whole. You probably haven’t looked at the statute in a while. It provides that
1) When a bank sends to its customer a statement of account accompanied by items paid in good faith in support of the debit entries or holds the statement and items pursuant to a request or instructions of its customer or otherwise in a reasonable manner makes the statement and items available to the customer, the customer must exercise reasonable care and promptness to examine the statement and items to discover his unauthorized signature or any alteration on an item and must notify the bank promptly after discovery thereof.
(2) If the bank establishes that the customer failed with respect to an item to comply with the duties imposed on the customer by subsection (1) the customer is precluded from asserting against the bank.
N.Y. U.C.C. Law § 4-406 (McKinney)
The court bifurcated its ruling into two parts. The court did not dismiss the case in relation to the unauthorized draws against the line of credit. Even though the company was put on notice that money was being drawn on the line it wasn’t given copies of the actual drawdown requests. Therefore a trial court had to decide if the bank provided adequate notice to the company; chances are it did.
The more interesting question was whether or not the 14-day notice period could be enforced. The Court ruled that:
“Clemente Brothers had numerous employees, regularly moved hundreds of thousands of dollars in and out of its operating accounts, and had the resources to make an informed decision about opening accounts at CapitalOne. Critically, Clemente was fully aware of the terms of the agreements with CapitalOne because Clemente Brothers passed a corporate resolution acknowledging its obligation to notify CapitalOne of any irregularities within 14 days of each statement of account.”
Does this mean that all your account agreements should have a 14-day window? No. The court stressed that its ruling applied to a sophisticated large corporation. It might reach a different result if it was deciding a case involving an elderly account holder or a less sophisticated small business.
So what should you do? Don’t have the same window for members that you do for businesses and make sure you don’t rely on the UCC’s one-year language. The more sophisticated your business account members are, the shorter their notification window can be. No matter what number you decide on, make sure your policy is reflected in the account agreement and that your frontline staff gets the necessary paperwork as part of opening accounts.
Here is a link to the decision and an earlier blog I did on the case:
Having waved my family goodbye on Friday morning as they headed off to Ocean City Md. I was a man alone with his thoughts and no blog to write so when I read the CU Times article reporting on NCUA’s listening tour stop in Chicago I could do nothing but explain RBC reform to my dog. I’m pretty sure he just wanted to go for a walk. Here is what I told him.
–It’s good news that chairman Matz affirmed NCUA’s decision to extend the 18 month phase-in period for RBC reform even if she couldn’t resist lapsing into exasperated school-mum mode when she predicted that “no matter how long we extend it will never be enough.” The Chairman is half right: Some credit unions won’t be happy until the effective date is” sometime after when Hell freezes over.”
But she shouldn’t be too dismissive. Eighteen months is too short a period to make the necessary capital adjustments; train key staff; review investment policies and make sure vendor software is up to speed. I personally would give credit unions three years to be in compliance with these regulations so that the most impacted institutions can actually choose between cutting their balance sheets and growing to meet enhanced capital demands. But hey I’m just a middle-aged guy with a hyper dog.
Personally I’m as concerned with implementing a phase in period for credit unions currently below the $50 billion threshold than I am pushing back the effective date. Since credit unions that reach $50 billion are immediately required to operate under the RBC framework, growing credit unions have to start adjusting their practices long before RBC officially applies to them. Some credit unions have suggested a phase in period for institutions that reach the magic number. NCUA should also consider raising the threshold. It’s in no one’s interest for a credit union to slow down its growth simply to avoid the RBC framework,
–Chairman Matz described as “a myth” the contention of the trades that RBC reform will force credit unions to raise $7 billion. She explained that “more than half of all credit unions subject to the rule would have a buffer of at least 3.5% or even higher than they do today”
Do I note a change in emphasis? What happened to the statistic about over 90% of credit unions being in compliance with the proposal so it’s really no big deal? As I explained in a previous blog NCUA is the only financial regulator implementing Basel III reform that hasn’t informed its financial institutions that it expects them to have capital buffers well in excess of being well capitalized. Even if NCUA decides not to push individual credit unions to raise their buffers credit union boards will. Many more credit unions are impacted by this proposal than NCUA originally suggested.
–Matz said that it was not the NCUA’s intent to provide examiners with the independent authority to raise capital requirements. You could have fooled me. The agency plans to re-write this portion of the proposal. This is good news but the devil is still in the details. NCUA’s proposal to authorize customized RBC requirements for specific credit unions should be scrapped completely. If it isn’t willing to do that it should develop objective quantifiable criteria for determining what credit unions would be subject to these customized plans.
–The RBC proposal is morphing from a regulation into a Rorschach test with regulators assuring the industry that the proposal doesn’t do what it says it does and\or is going to be amended to make necessary changes. This is a proposal that isn’t ready for prime time and a subsequent comment period would give stakeholders the ability to comment on the type of technical issues that are more typically addressed when regulations are proposed.
Besides it will keep me from muttering at my dog.
Nothing at all to do with credit unions but unless my eyes and ears deceived me there was a commercial in the run- up to the World Cup final yesterday for a movie coming out “this holiday season” in November! I Want a law banning holiday advertisements before November 20th. Otherwise marketers are going to suck the joy out of the holiday season. First Amendment be dammed.
It wasn’t all that long ago that debt collection law firms in New York would literally inundate credit unions with information subpoenas seeking to track down debtors without any regard for whether or not a credit union would realistically have such information. After all, chances are a single SEG credit union for telephone workers in Binghamton isn’t going to have an account for a debtor in Manhattan. These large scale fishing expeditions were just a cost of doing business to these firms, but to credit unions they were imposing huge operational burdens since every subpoena required a response. Today, the law isn’t perfect but New York’s existing statute, improved by amendments resulting from credit union lobbying efforts, have reduced this huge operational burden.
Why the trip down memory lane? Recently, an information subpoena that was sent to a credit union demonstrated that the law must be working because debt collecting lawyers are trying to do end runs around it. Let’s make sure they don’t get away with it.
First, a refresher course, with apologies to those of you who handle these things on a regular basis. When used properly, information subpoenas are an important means of getting money from people who haven’t paid off a debt. They can be issued by attorneys acting in their legal capacity. But there are several conditions that must be met for a subpoena to be valid. First, unless both parties agree to accept subpoenas in electronic form, an information subpoena must be accompanied by a “copy and original of written questions and a prepaid, addressed return envelope. Service of an information subpoena may be made by registered or certified mail, return receipt requested. Answers shall be made in writing under oath by the person upon whom served.” (N.Y. C.P.L.R. 5224 (McKinney)).
Second, it has to include a signed certification from the issuing attorney that she has “A REASONABLE BELIEF THAT THE PARTY RECEIVING THIS SUBPOENA HAS IN THEIR POSSESSION INFORMATION ABOUT THE DEBTOR THAT WILL ASSIST THE CREDITOR IN COLLECTING THE JUDGMENT.”
Finally, attorneys who send out more than 50 subpoenas a month must maintain for five years records detailing the basis of their reasonable beliefs. Failure to do so can get them sued by the AG. If this is valid, then an attorney could circumvent virtually all the law’s requirements by bulk mailing subpoenas with an accompanying certification cover page.
Nice try fellas, but I don’t think this is kosher. First, there is no provision in the statute allowing the certification requirement to be waived except for authorizing subpoenas to be sent electronically with the consent of the party to be served. It’s quite a stretch to suggest that the certified mail requirement can be waived for any other reason.
In addition, since a party receiving a valid information subpoena is obligated to respond, suggesting that their signature waives the certification requirement is awfully close to making an offer that can’t be refused. (“Either your blood or your signature is going to be on this contract” but – with apologies to those of you who haven’t watched The Godfather – I digress).
So what should you do if you receive one of these subpoenas? If you get a subpoena with this waiver request, I would cross out the offending sentence, initial the change and answer the subpoena subject to your amendment. Otherwise, you may be paving the way for bulk mailings of uncertified mail. In addition, remember the subpoena has to include the attorney’s good faith assertion, otherwise place it in the garbage. Last, but not least, send a copy of questionable subpoenas to the Association. My boss, Mike Lanotte, gets almost as fired up about protecting credit union advances in this area as he does about his Mets actually playing well, and if we see abuses taking place we will bring them to the attention of the right people.
Bond buying to end by October
Here are the minutes from the last Fed meeting. The big take away is that the bond buying program will be done by October.
See you Monday.
Republican Congressman Patrick McHenry’s asking questions that NCUA should have answered a long time ago in advocating for risk-based capital reform. According to our good friends at CUNA, the Republican Congressmen is asking NCUA to inform him of:
- Any cost-benefit analyses performed by the NCUA or that otherwise form part of the administrative record in this matter;
- The metrics used to determine what asset classifications required revisions;
- A justification for the revised weighing associated with each individual asset class; and
- An explanation of the extent to which NCUA examiners would be empowered to assess and make capital recommendations to credit unions that might deviate from the new RBC standards.
NCUA keeps on saying it is committed to a transparent rulemaking process when it comes to RBC reform but, aside from making the impact of the proposal on credit unions publicly available on its website, the proposal has been short on specific explanations about how NCUA settled on the specifics. When a rule of this importance is proposed, it is typically accompanied by a section by section analysis explaining in detail why an agency is proposing the specific change. I know everyone likes to bash the CFPB, but they do such a thorough job of explaining what it is they want to do and why that you know a tremendous amount of thought was put into any one of its proposals.
The same can’t be said for NCUA’s RBC proposal. If you are wondering why NCUA feels that CUSO investments should have a 250% risk weighting you won’t find much of an explanation as to how NCUA decided on this number when it developed its proposal. In fact, the preamble to the proposal contains no explanation as to why or how a magic 100 percent weighting for loans to CUSO’s was divined either. All we are told is that “A credit union may be adversely affected by the activities or condition of its CUSOs or other persons or entities with which it has significant business relationships, including concentrations of credit. . .” and that the repayment of loans is normally a high priority in the event of a CUSO’s liquidation. I’m all for brevity but more than a few lines should be devoted to proposals that could have a major impact on the industry.
But beyond the need for more information is the nettlesome problem that the law requires regulators to do a cost-benefit analysis of the proposed regulations. I hope we get to see NCUA’s response to the Congressman because NCUA’s cost-benefit analysis is, to put it euphemistically, lacking in substance. The Chairman has repeatedly defended the proposal with the mantra that the NCUA Board has the responsibility to safeguard the Share Insurance Fund. But considering that the vast majority of credit unions survived the worst economic downturn since the Great Depression and NCUA has already put in place justifiable reforms of the corporate system, this protection hardly serves as an explanation for why the burdens imposed by this regulation are outweighed by its benefits.
To be fair, risk-based capital is complicated stuff which is why the banking industry has literally spent decades refining its framework with very limited success. The vast majority of New York State credit unions support some type of risk-based capital reforms (I don’t see the need, but reasonable minds can differ). But what we can all agree on is that credit unions deserve to know that important proposals are competently vetted and analyzed by NCUA. On this score, NCUA has fallen woefully short. In fact, seeing NCUA push a sophisticated RBC framework has been about as nerve-racking as watching a five year old with matches. Very little good can come of it unless drastic changes are made and NCUA starts explaining itself in more detail.
As it stands, this proposal is bereft of detail and its rationale is far too simplistic. In fact, I’ve come to believe that NCUA’s RBC proposal isn’t so much a capital framework as it is an examiner wish list: let’s make it difficult for credit unions to do everything we don’t think they should do and the world will be a safer place. I hope I am wrong on this last point. A thorough response to the Congressman is a step toward proving I am.
Governor Cuomo made it official yesterday: he held a bill signing ceremony to mark approval of legislation (A.6357-e) making New York the latest state in the nation legalizing the medical use of marijuana. Its use will be ramped up over the next 18 months as the state promulgates the necessary regulations.
Despite what I have seen in the blogosphere, it is not time to stack up on the munchies. Unlike states such as Washington and Colorado, which have legalized marijuana possession, and other states, such as California, that have legalized the “medical” use of marijuana, the legislation is drafted in a way that medical use of marijuana will be limited to people with designated illnesses and only available in forms prescribed by doctors.
The use of medical marijuana in New York will be highly regulated. According to the Governor’s memo, the law allows for five registered organizations that can each operate up to four dispensaries statewide. Registrations for organizations will be issued over the next 18 months unless DOH or the Superintendent of State Police certifies that the new program could not be implemented in accordance with public health and safety interests. Because it is so regulated, chances are your credit union won’t be asked to open up a business account for these organizations, and if it is the organizations are so highly regulated that much of your due diligence will be easily obtainable. This means that, at least in the short term, legalization of the drug won’t present financial institutions with the legal question of how to comply with federal laws banning the possession and sale of marijuana and bank secrecy act requirements mandating that credit unions and banks monitor their accounts for potentially illegal activity with state law declaring marijuana use to be legal.
This is not to say that your credit union won’t be impacted by this law. Under the legislation a certified caregiver or patient can’t be subject to any civil or disciplinary action by a business or licensing board solely because of their lawful use of marijuana. In addition, eligible users are classified as disabled under New York’s human rights law. At the very least, we now know that there are going to be employees legally entitled to be taking marijuana. So, if you have a policy of categorically prohibiting employee drug use, this is going to have to be modified.
Conversely, it doesn’t mean that an employee can come into work today and get stoned at lunch time. The state is going to have a registry of patients. The key is not to make changes tomorrow. If you heard the Governor speak yesterday, then you heard a person who is dead serious about making sure that this legislation truly is for medical purposes and not a backdoor means of legalizing pot smoking. The regulatory process will be a serious one and given the number of issues that need to be addressed, I’m sure the concerns of employers will be taken into account. In the meantime, it appears that New York financial institutions have avoided the legal quagmire that comes from a more unregulated approach.
There are some things that just make no sense to me. For example, why can’t a country of 270 million sports loving citizens, many of whom grew up playing soccer, find 23 people good enough to make us one of the best soccer teams in the world? I’m sorry, there’s only so much pride I can take in beating Ghana.
Another mystery of more practical concern is trying to figure out how great a risk resetting Home Equity Lines of Credit (HELOC) pose to financial institutions in particular and the economy as a whole. Since the start of the Great Recession, pundits have been predicting a second wave foreclosure crisis as the draw periods on HELOCS come to an end. With so many people still struggling and interest rates likely to rise, it seems logical to assume that problems are on the horizon. But, so far, the worst case scenarios haven’t materialized.
Nevertheless, if I was a regulator, I would be a little nervous, which is why I’m not surprised that a joint guidance was issued yesterday instructing financial institutions, including credit unions, to take steps to mitigate against the risks posed by HELOCS which are coming to the end of their draw periods. Among other things, examiners will generally be reviewing how cognizant your credit union is of its HELOC portfolio and the risks posed by pending repayment periods. The amount of scrutiny will vary depending on your credit union’s size, but examiners will be reviewing, among other things, if your credit union is:
- Developing a clear picture of scheduled end-of-draw period exposures;
- Ensuring a full understanding of end-of-draw contract provisions;
- Evaluating near-term risks;
- Contacting borrowers through outreach programs;
- Ensuring that refinancing, renewal, workout, and modification programs are consistent with regulatory guidance and expectations, including consumer protection laws and regulations;
- Establishing clear internal guidelines, criteria, and processes for end-of-draw actions and alternatives; and
- Documenting the link between ALLL methodologies and end-of-draw performance.
This is not a definitive list, but you get the idea.
Why are our regulatory overlords releasing this guidance now? For one thing, resets on HELOCS are expected to accelerate this year and peak between now and 2017, according to this article in National Mortgage News which warns that there is little the Government can do if the housing sector experiences a wave of second-lien induced foreclosures.
Then, of course, there is the fear that rising interest rates will squeeze consumers since most HELOC payments are tied to interest rates. Last, but not least, is the reality that people are again turning to HELOCS to tap equity in their homes. According to the WSJ, HELOCS are up 8% this year and “While that is still far below the peak of $113 billion during the third quarter of 2006, this year’s gains are the latest evidence that the tight credit conditions that have defined mortgage lending in recent years are starting to loosen. Some lenders are even reviving old loan products that haven’t been seen in years in an attempt to gain market share.” Oh, boy.
Is this yet more proof that consumers and many lenders didn’t learn a darn thing from the last seven years? You bet. Enjoy your Fourth. I will be back on Monday.