Posts filed under ‘General’
Verizon came out with its annual report detailing compliance with voluntary Payment Card Industry(PCI) standards intended to make sure that merchants and financial service providers take steps to prevent data theft. The results are depressing with only 11 percent of surveyed companies fully PCI compliant. Despite the fact that PCI has been around for almost a decade the report concludes that the vast majority of organizations lack the ability to have a sustainable PCI protocol
In addition the report uses its bluntest language to date in acknowledging that many merchants aren’t doing enough to protect against data theft. Specifically the report acknowledges the complaints of critics who complain that only the largest merchants have to submit detailed annual compliance reports under the PCI protocols. As a result “while most merchants are striving to comply with (PCI compliance) in good faith” the lack of validation of these efforts “can be a problem.”
The system just isn’t working either because data theft is just too big a problem, or because voluntary compliance just doesn’t work or a combination of both.
Critics of congressional action on data protection correctly point out that codifying specific requirements could result in a system that doesn’t evolve quick enough to address emerging challenges. Conversely this report makes clear that voluntary efforts don’t go far enough. Merchants must be compelled to implement policies and procedures to identify and prevent data theft Just like credit unions. These policies would only have to be commensurate with a merchant’s size and sophistication.
There is no panacea but commonsense federal action would certainly be a step in the right direction.
Here is a copy of the report.
The incremental but inevitable evolution of banking away from the traditional branch model took another important step yesterday with the announcement that American Express will now be offering its Serve, prepaid, reloadable plastic card at WalMart stores nationwide. This means that people will be able to walk up to cash registers at WalMart and reload cards from which many basic banking services can be performed. They can do all these banking services without ever having to bother going into a credit union and American Express has so far introduced a model with surprisingly low fees compared to prepaid card competitors and many bank accounts.
News like this combined with the announcement that Facebook is moving more aggressively into electronic fund transfers demonstrates that traditional retail businesses as well as cutting edge, high tech companies have looked at the traditional financial services model and decided that there is a much better way of doing business. American Express is positioning its existing prepaid card, BlueBird, as the card for the “unhappily banked” and positioning its Serve card as the financial choice of the “unbanked.”
What makes AmEx’s announcement all the more important for credit unions is that it is coupling the expansion of its prepaid card network with an advertising campaign directed precisely at the type of people that credit unions have traditionally sought to serve. According to its press release, you will soon be seeing documentary style commercials in which American Express chronicles the travails of “a handful of hopeful Americans as they navigate their way through an antiquated financial system that can inhibit, rather than help people’s ability to access, move and manage money as well as save for the future.”
The tone of the commercial I watched on YouTube demonstrates just how far behind the times credit unions are when it comes to explaining why they are relevant to consumers. Why is American Express, once the unabashed embodiment of establishment stuffy, better able to articulate the angst felt by many middle and working class Americans and demonstrate how its financial offerings can help meet their needs while credit unions remain wedded to vacuous platitudes?
If I sound frustrated it is because I am, but only because I still think there is time for credit unions to position themselves in this new environment. For instance, prepaid cards might be convenient but a debit card offers a heck of a lot more convenience and safety. In addition, while I can see the convenience of prepaid cards for the parent sending their kid off to college, what concerns me about these products is that they encourage precisely those people who most need to establish credit to stay out of the traditional financial system. No one with financial difficulty is going to better their condition by living paycheck to paycheck.
American Express’s foray into prepaid cards demonstrates that there is still a huge market of unbanked consumers in desperate need of reasonably priced financial products. Credit unions are the most logical place for these consumers to go but unless the industry starts doing a better job of explaining how its services are better suited for them and updating its products to reflect the changing times, we risk losing one of the primary reasons for our existence.
Yesterday, the Today Show, which every morning fools millions of sleep-deprived Americans that they are being informed, aired a report on how a Swedish college student is marketing technology that allows people to make purchases using the palm of their hand. When making purchases at 15 stores in and around the student’s campus, customers don’t have to pull out plastic. Instead they simply type in four digits of their phone number and place a palm on the register to complete the transaction. The veins in the palm are apparently all unique-Who knew?- and this information authenticates the purchase.
Have we found the Holy Grail of consumer transactions that enables customers to quickly complete fraud-free purchases without the fear of forgetting their PIN or having to scribble on those lousy electronic signature lines? Don’t hold your breath, but the emergence of the technology is both noteworthy and instructive.
- In the aftermath of the Target data breach there are calls for merchants to finally make the transition to EMV technology and there should be. This technology, which has been widely used in many other countries for years now, replaces the magnetic strip on the back of cards with computer chips. Whereas the information on strips is static, information on computer chips can be changed making it more difficult for hackers to break into payment systems.
- The problem is, as this report demonstrates, that this technology is already outdated. If history is any guide, without a push from policymakers by the time merchants adopt biometric security measures my grandkids will be flying around in helicopters and scientists will have figured out what to do with Ted Williams cryogenically preserved head. In the meantime, credit unions and banks will continue to have to pick up the tab for preventable fraud.
- Biometrics is not something that is decades away. It is already being used. Just last week Samsung introduced its latest Smartphone, the Galaxy 5S. The new bells and whistles designed to make you want to trash your existing Smartphone include fingerprint authentication of PayPal transactions. Similar technology is also available on the latest Apple Smartphone.
- As someone who has been known to leave his wallet on the dresser and who is fed up with the number of passwords permeating my existence, the idea of scrapping all those passwords for an electronic handshake makes me about as happy as a tic on a hog, but no matter which technology is ultimately used to facilitate merchant transactions, bad guys will find a way to break whatever roadblocks are put in their way. For example, it took hackers four days to demonstrate how to foil Samsung’s fingerprint technology by making a replica of a person’s fingerprint. And, unlike good old-fashioned passwords that can be changed if compromised, a customer can’t change his or her palm print unless of course we encourage people to chop off compromised hands and replace them now that it’s so easy to make embryos.
- Data protection will always involve a trade-off between protection and convenience. If Congress or legislatures imposed obligations on merchants to take commercially reasonable efforts to guard against data theft then the courts could impose reasonable standards that evolve with technology. This is exactly the obligation the Court of Appeals for the First Circuit imposed on banks to protect business accounts under Article 4A of the UCC in Patco Construction Co. v. People’s United Bank.
On April 17, 1978, the Wall Street Journal wrote a seemingly obscure article in its Money Matters column describing a trend in which an increasing number of investors were using “so-called personal computers” to model investments in what the paper described as a movement of professional money managers to utilize quantitative measures when making investment decisions.
Fast forward to today and computers are now basically doing the investing for the money managers and investment banks are investing billions of dollars to ensure that they can feed the latest data to their computers before everyone else does. Times change.
Often it is the obscure event that ends up having the biggest consequences, so for me the most intriguing article so far this week was published in the Financial Times on Sunday. It reported that Facebook will soon be obtaining an e-banking license from the Irish government which will allow it to transfer money on its Facebook platform. No one knows for sure what precisely Facebook is planning to do, but when you consider that about one out of every six people in the world use the social network, it has the potential to implement a cooperative financial structure on an industrial scale.
For instance, let’s just say that Facebook simply wants to get a piece of the international remittance system. The World Bank estimates that in 2011 alone there were $350 billion in remittances to developing countries. Imagine how much money Facebook could make if it became the platform of choice for making these electronic payments? The model is already being used. In a previous blog, I talked about a mobile phone payments network, which is booming in Africa called M-PSA, which allows individuals to create electronic bank accounts on their phone and then transfer these funds. Its use has exploded in the developing world. It also enables individuals on the M-PSA network to make micro-loans to fellow network users.
Let’s speculate a little more. Your credit union does nothing more than act as a conduit for people who want to save money and people who want to borrow it. Which brings me to the second most intriguing article I read this week, courtesy of my wife. The article was about an 18-year-old woman who is starting a line of bras for young tweens and teens. She obtained the money for her new business not by going to a credit union, or bank for that matter, but by going to a cite called Kickstarter — a crowd funding organization — and with the help of a video she quickly raised $42,000 that she used to launch her line.
When Europe started the cooperative financial movement in the 19th Century, the idea of poor people leveraging their wealth outside of the traditional financial structure was a radical innovation. While the cooperative structure still has many benefits, society is now connected in one big network. Those credit unions that recognize that they are competing against not only banks but businesses, and have the willingness and foressight to organize and leverage that network are going to be around 36 years from now. In contrast, those of you who stubbornly refuse to recognize just how interconnected finance has become won’t be. In practical terms, this means the industry needs more cooperative ventures such as shared branching networks, not less. It also means that since everyone is already in a cooperative, albeit an electronically created one, maintaining the credit union brand is crucial if we are going to get the next generation to borrow money from a credit union instead of a social network platform.
Is NCUA and, by extension, the credit union industry important enough to have a seat at the table when it comes to deciding issues that impact the financial structure of the Country? Now, even if I didn’t get paid by the industry, I would still say the answer is yes. Credit unions represent more than 90 million account holders and influence the banking industry as a whole by providing needed competition to the for-profit banking model.
Nevertheless, yesterday, the Washington-based Bipartisan Policy Center released a report detailing recommended changes to the financial industry. The report, the outgrowth of a Task Force co-chaired by former New York State Banking Superintendent Richard Neiman, contains some ideas that should be seriously considered. It argues correctly that Dodd-Frank represents a missed opportunity for needed financial reform in this Country. It also argues that the Country should consolidate financial regulations and examiner training. The really good news is that this Task Force, unlike so many others, recognizes that credit unions are unique financial institutions and that NCUA should continue to exist to oversee their regulation.
Now for the part of the report that irks me. In lieu of calling for the creation of a single regulator, Dodd-Frank created a Financial Stability Oversight Council (FSOC). The purpose of the council is to create a framework for financial regulators to identify risk posed not only by large banks but by non-banks as well (think AIG before the meltdown). NCUA was given a seat on the council as a voting member. The Task Force recommends that this power be taken away from NCUA. It explains that “credit unions are an important part of the U.S. financial system, but they generally are small and do not figure into macro-prudential discussions. To the extent they do a credit union voice will still be represented on the FSOC, though without a vote.” This is bureaucratese for patting credit unions on the head and sending them to the corner with crayons while the adults do all the important work.
Since the Bipartisan Policy Center is dedicated to getting knowledgeable people together to come up with serious recommendations about serious problems facing the nation, its ideas have absolutely no chance of getting anywhere in today’s Washington. Nevertheless, this recommendation is irksome for several reasons. First, credit unions may not be as big as the behemoth banks that have the ability to bring the Country to its knees, but they certainly are impacted by the conduct of these institutions. Making credit unions comply with almost all of the Dodd-Frank inspired regulations but not giving them any ability to influence the conduct of the institutions responsible for Dodd-Frank in the first place is a lot like telling a teenager to get a driver’s license but then not letting him drive. More importantly, the proposal reflects the continued arrogance of the banking elite. Even after the masters of the universe engaged in policies and practices that have caused millions of people to lose their jobs and homes, we are still told that only a relative handful of self-proclaimed geniuses truly have the skills and knowledge necessary to oversee the Country’s financial system. What hubris.
Have a good weekend, I will be off Monday enjoying what I hope will be spectacular weather, but back Tuesday.
Yesterday the FFIEC, the regulatory body comprised of all the major federal financial regulators including the NCUA, issued two guidances related to the expected risk-mitigation efforts to be taken by financial institutions regarding automated teller machine (ATM) card authorization schemes and distributed denial of service attacks (DDoS). Don’t toss these statements into the bin on the corner of the desk. Efforts taken by financial institutions to mitigate cyber attacks are a point of emphasis for all examiners, including the NCUA.
The Joint Statement on cyber attacks on ATM card authorization systems is particularly noteworthy. Under an increasingly popular form of cyber theft called “unlimited operations,” crooks use basic phishing techniques to gain access to employee passwords. Over time, hackers are able to infiltrate a financial institution’s debit card authorization system. With this knowledge, they eliminate limits placed on the amount of money that can be taken from debit and pre-paid debit cards. In one scam highlighted by federal prosecutors in New York, cyber criminals distributed debit card information to co-conspirators in several countries who pulled more than $40 million from customer accounts.
Denial of service attacks have gotten a lot of attention lately because of the increasing evidence that they are being used by countries and cyber terrorists to disrupt the online services of major financial institutions. But these attacks designed to disrupt services are also commonly used to mask good, old-fashioned cyber crime. As explained by security analyst Avivah Litan:
“Once the DDoS is underway, this attack involves takeover of the payment switch (e.g. wire application) itself via a privileged user account that has access to it. Now, instead of having to get into one customer account at a time, the criminals can simply control the master payment switch and move as much money from as many accounts as they can get away with until their actions are noticed.”
Yesterday’s statements also underscore the need for all institutions, irrespective of asset size, to take steps to guard against cyber assault. In fact, the guidance on ATM takeovers notes that unlimited operations specifically target web-based controls used by small and medium sized financial institutions.
Also, keep in mind that while these statements are new, the need for credit unions to take appropriate steps consistent with their size and sophistication to guard against cyber crime is not new. You should periodically be taking a look, at 12 CFR 748 to make sure that your credit union is implementing an appropriate program of loss mitigation.
While all institutions should be required to make reasonable, good faith efforts regarding cyber crime, let’s face it, this is a high-tech game of Whack-A-Mole. Any successful efforts to mitigate a certain type of security breach will quickly be circumvented by hackers with the brains and the financial motivation to take other people’s money.
The federal government has to take the lead in developing an appropriate cyber defense scheme in this country. But with Congress unable or unwilling to impose basic security measures on merchants, this is about as likely to happen as the Yankees winning the World Series this year . . .that’s right after just two games I am willing to say that’s an awfully expensive mediocre team. On that note, enjoy your day.
Late Monday, Legislators and sleep-deprived staffers put the finishing touches on the 2014-2015 New York State Budget. For credit unions, the two most important take aways I have deal with title insurance and state tax policy.
As for title insurance, the Legislature agreed to the Governor’s proposal, which I talked about in a previous blog, to establish licensing requirements for title insurers. For those of you who want to take a closer look, you can find the relevant language in Part V in S.6537-D. In addition to establishing title insurer licensing requirements, the legislation imposes new disclosure requirements whenever lenders suggests using a title insurer with whom they are affiliated.
As a result, this bill will have its largest impact on the relative handful of credit unions that have mortgage lending CUSOs that provide title insurance services. The legislation is also significant because it gives the Department of Financial Services the authority it was seeking to more directly regulate title insurers by, for example, establishing minimum standards for the profession.
A second part of the budget that doesn’t directly impact credit unions but could be helpful in seeking needed reforms has to do with corporate tax reform. Specifically, the Legislature agreed to the Governor’s proposal to scrap Article 32 of the Tax Law, which imposed a tax specifically on banks. As a result, banks will be subject to the same tax treatment as other corporations in New York State. The proposal was perhaps the most controversial of the Governor’s Tax Package since some groups argued that it was essentially a tax cut for banks when New York is still suffering the effects of the Great Recession. However, this argument overlooks the fact that New York may be the capital of the banking industry, but is not guaranteed to remain so. The bank tax is a vestige of the time when banks simply didn’t have the ability to shift from state to state the way they do today.
Besides, the tax indirectly benefits credit unions. How’s that, you say? Because credit unions are also seeking authority to help New York’s economy grow by allowing municipalities to invest their funds in credit unions. Frankly, the argument that credit unions are somehow less deserving of these funds because they don’t pay corporate taxes rings all the more hollow now that the banks have successfully argued for their own tax breaks.
One generic point, Governor Cuomo and the Legislature deserve a tremendous amount of credit for four on-time budgets. But the Governor and all future Governors should give a big thank you to former Governor Pataki. It was his administration that laid the groundwork for these on-time budgets by successfully arguing that the Legislature could not amend the Executive’s Budget proposal without the Governor’s consent. On a practical level this means that the Governor has a tremendous amount of leverage since the legislature must ultimately choose between accepting the Governor’s recommendations or shutting down the Goverrnment. Simply put, the legislature doesn’t have as much leverage as they used to have in budget negotiations.
As readers of this blog will know, there are days when the amount of news is so great that I do away with my normal commentary to highlight the latest developments. This is one of those days.
Most importantly, NCUA announced late last evening that it would modify its Risk Based Capital proposal to both accommodate credit union concerns for greater flexibility and NCUA concerns about protecting the all important Share Insurance Fund. NCUA has decided to scrap its proposed placement of credit union assets into ten risk-rated categories. Instead, all assets held by credit unions will be given asset ratings of 1250%. This means that all credit unions will have to back up all their loans with 100% collateral.
For example, if you want to make a $100,000 member business loan, the member will have to provide you with collateral equal to 100% of the loan. Chairman Matz pointed out that the new system will make the SIF the safest of all bank insurance systems in the world. In addition, whereas the initial proposal effectively penalized credit unions for holding concentrations of residential mortgages and investing in CUSOs, the new system doesn’t discriminate against any type of lending activity. When asked how credit unions could survive under this new regime, Matz responded that “the key is going to be volume, lots and lots of volume.”
“Besides,” she explained, “NCUA’s ultimate responsibility is to protect the Share Insurance Fund, not credit unions.”
Following up on a ground-breaking speech yesterday in which she tried to convince people that the Federal Reserve Board really does care about Joe Six Pack when it artificially depresses interest rates that could otherwise be used to help fund retirements and help credit unions and community banks make more mortgages, Chairman Yellen announced that she would be converting the Federal Reserve Banks to credit unions. She explained that credit unions really do care about their local communities and if they modeled the Fed after the credit union corporate system, what could possbily go wrong? If the conversion goes through, it will reflect a trend where banks are converting to credit unions by the thousands to take advantage of the credit unions’ tax exempt status. Once the conversion is finalized, Yellen will be stepping down and her job will be taken over by credit union expert Keith Leggett. I have a soft-spot for Keith since he’s one of the few people I am certain consistently read this blog. His new job as head of the credit unions will enable him to take advantage of the low rates and great service offered by credit unions without being fired by the Bankers’ Association.
Speaking of new jobs, CUNA has responded to the clear, decisive guidance of credit unions by publicly announcing the criteria it will be using to recruit a new CEO. Specifically, CUNA has been tasked with finding someone who’s a cross between Mother Teresa and Karl Rove. Rumor has it that CUNA already reached out to Pope Francis about taking the job, but he declined explaining that Popes cannot resign. Another early candidate was Oprah Winfrey but she declined as one of the few candidates for whom the CUNA job would represent a pay cut.
Yesterday was the drop dead deadline for the American public to sign up for health insurance or be required to pay a fine — I mean tax, sorry Judge Roberts – for refusing to purchase health insurance. But if you haven’t signed up yet, don’t worry. The Department of Health and Human Services is expected to announce later today new regulations under which only the politically popular parts of Obamacare will take effect and the public can ignore those aspects it doesn’t like. The HHS explained that while the regulation may seem broad, it is perfectly consistent with the President’s power to do whatever he wants to do when Congress refuses to go along with his proposals.
Speaking of Congress, House Republicans reacted with anger to Chairman Yellen’s speech yesterday. They announced their own policies to increase employment highlighted by a bill to do away with all unemployment benefits. They explained that by completely eliminating government handouts people will have to go out and finally get a job.
Finally, New York State passed an on time budget for the fourth year in a row late last night. This is no joke, although if I said this just a few years ago, it would have been. The truth is your erstwhile blogger can remember sitting around the Capitol on Easter Sundays watching the Ten Commandments while Legislative leaders tried to hammer out a budget.
On that note, enjoy your April Fools Day.
One charge that makes the Lords of Finance angrier than Chris Brown in an anger management class is the suggestion that Too-Big-to-Fail (TBTF) banks enjoy an unfair advantage over their smaller financial counterparts because they can make more aggressive loans and investments secure in the knowledge that in a worse case scenario, they will be bailed out by the American taxpayer.
The latest evidence for this hypothesis was released recently by that bastion of left-wing extremism – the Federal Reserve Bank of New York. Specifically, a paper by two of its researchers concludes that “Too-Big-to-Fail banks engage in riskier activities by taking advantage of the likelihood that they’ll receive government aid.”
In previous work, the same researchers demonstrated that T-B-T-F Banks have lower borrowing costs because people know that, the protestations of the political class notwithstanding, if these mega-behemoths can’t pay their bills the federal government will.
It’s one thing to have advantages because of your economy of scale – Capitalism is supposed to work that way – it’s quite another to be so big that the free market can’t discipline a bank’s conduct and the political class is too dependent on campaign contributions and too nervous about tanking the economy to step into the breach by building real firewalls.
Credit unions should be calling for the breakup of the banks too, not because there is any chance of this happening anytime soon, but because it underscores how hypocritical it is for the banking industry to call for the end of the credit union tax exemption while getting as much if not more government protection as any industry in America.
A less dramatic but also informative piece of research comes from the CFPB, which released a report on Wednesday analyzing a year’s worth of data on payday loans. The findings are hardly surprising but they provide a good indication of where the Bureau is headed as it gets ready to propose national payday lending regulations.
Most importantly, the Bureau confirmed that payday loans are typically not used as an isolated financial tool to help consumers through unexpected rough spots, but rather can best be seen as high-priced, medium-term loans that are great at getting people further in debt. According to the Bureau’s research, 82% of all payday loans are renewed within 14 days.
As Director Richard Cordray concluded in a speech accompanying the report’s release:
“Our research confirms that too many borrowers get caught up in the debt traps these products can become. The stress of having to re-borrow the same dollars after already paying substantial fees is a heavy yoke that impairs a consumer’s financial freedom.”
The question is what can be done about it? Even if the Bureau has the authority to establish national payday lending standards that apply not only to states but to Indian reservations, the reality is that loan sharking is the world’s second oldest profession. If payday loans are made too restrictive they simply won’t be cost-effective enough for many credit unions or other lending institutions to offer; if the restrictions are too lenient then we could end up with a classic race to the bottom with institutions having to choose between foregoing needed revenue and taking a stand against loans that are in no consumer’s long-term interest.
Let’s continue to outlaw these predatory loans but recognize that for better or worse people need short-term loan options. A good place to start would be with NCUA’s own “short-term, small-amount lending program.” I would love to see the program fine-tuned to attract more credit unions.
Call me wacky, but I don’t think a convicted arsonist should be able to collect insurance for burning down his house.
If you agree, you’ll understand why I am a little uneasy about an announcement last evening of a settlement of more than $9 billion between Bank of America (BoA) and the Federal Housing Finance Administration (FHFA). This puts to bed claims that Countrywide and Merrill Lynch duped Fannie Mae and Freddie Mac into purchasing mortgage-backed securities that crashed, causing billions of dollars in losses and contributing to the eventual bankruptcy of the GSE’s.
I’m a bit more impressed, however, by a related announcement. New York’s Attorney General Eric Schneiderman was able to get former BoA CEO Ken Lewis to contribute $10 million to a settlement of claims that BoA deceived shareholders as part of the bank’s efforts to acquire the aforementioned Merrill Lynch and Countrywide. The AG’s settlement represents the first that I am aware of in which a CEO is taking personal responsibility for his actions during the mortgage crisis. What a concept! Lewis also accepted a three-year ban from serving as an officer or director of any public company.
Let’s take a trip down memory lane. As late as 2008, Fannie and Freddie were private corporations that specialized in buying mortgages and packaging them as mortgage-backed securities. Many of our largest private banks, including Countrywide and Merrill Lynch, also purchased mortgages from banks and credit unions and packaged them as so-called private label securities for sale in the secondary market.
One of the great myths is that Fannie and Freddie caused the mortgage meltdown. They didn’t. Banks like Countrywide bought and sold poorly underwritten mortgages because they were making gobs of money. If Fannie and Freddie didn’t exist, they still would have made the same loans and bundled the same securities, they would have simply made more money. That being said, government policies promulgated under the Clinton Administration to expand home ownership combined with Fannie and Freddie’s desire to maximize their own profits made the GSE’s willing co-conspirators in the mortgage mess and it was the insolvency of these two institutions that triggered the cascade of events leading the Great Recession.
Remember that when the crisis hit, the government was scrambling to save as many institutions as it could. That’s why it strongly encouraged a few healthy banks, including BoA to purchase Merrill Lynch and Countrywide in the first place, This brings us back to yesterday’s settlement. The idea that somehow Fannie and Freddie, institutions that specialized in bundling mortgages into securities, were fooled into buying securities of poorly underwritten mortgages is a convenient legal myth. There were no institutions in the world better positioned to do their own due diligence, nor any institutions more cognizant of the state of the housing market. So when the history of the last seven years is written, let’s not let the government off the hook.
Why should credit unions care? Because there are no lenders that need a well-functioning secondary market more than credit unions. Just as home buyers should be held accountable for the terms of their mortgage, institutions that sell to the secondary market should sell these mortgages secure in the knowledge that they are no longer responsible for them. unfortunately, the secondary market has developed as a system of “seller beware.” The more liability that companies face for mortgages that they sell, the more expensive it will be to sell mortgages to the secondary market. Ultimately, your members will pay for yesterday’s settlement. As part of housing reform, the laws have to be strengthened to limit the ability of any secondary-market participant to hold others responsible for arm-length purchases.