Posts filed under ‘General’
I had a longer commute than usual into work today (if I wanted to spend an hour and a half in the car on a Monday morning I would live in Long Island and not in suburban Albany, thank you), but it helped me decide what I should do my blog on this morning. Actually, the latest commercial from upstate’s ubiquitous car dealer bragging about how he once got credit for a dead person clinched it for me.
As I pointed out in a previous blog, there has been increasing concern that subprime auto lending is the next mortgage crisis in waiting. The argument goes that with larger banks increasingly securitizing auto loans, dealerships and banks, credit unions and financers they work with have a huge incentive to qualify even the most irresponsible borrowers.
Is the perception reality? An analysis performed by the Federal Reserve Bank of New York answers the question with a qualified yes. Looking at data from the Fed’s Quarterly Report on Household Debt and Credit, researchers point out that there has actually been a smaller percentage of auto loans being originated for borrowers with credit scores below 620. Currently, these borrowers represent 23% of all originated car loans, which is actually lower than the 25% to 30% witnessed in the years prior to 2007. So, is the conventional wisdom wrong? Not really. According to the researchers “the dollar value of originations to people with credit scores below 660 has roughly doubled since 2009.” What’s more, this gain in origination value reflects an increase in the average size of loans being made to these borrowers. In other words, larger loans are being made to people with bad credit and financial institutions are more than willing to spread out the length of repayments.
However, it’s important to differentiate between banks and credit unions — which the analysis groups together — and auto finance companies. Since the recession “ended” in 2009, finance companies have been the ones most aggressively catering to subprime borrowers while banks and credit unions have been lending to these borrowers at rates lower than historical trends. Interestingly, the report indicates that the auto loan 30-day delinquency rate for banks and credit unions has been about 1% in recent years, but about 2.5% for finance companies. Two take-aways from this report: one, it underscores the fact that Dodd-Frank missed the mark when it tied the hands of the CFPB to regulate car buying activity to the same extent it can regulate other consumer lending. It also serves as a warning that examiners should not let media reports about a new subprime lending bubble drive them into placing more scrutiny on credit union car lending than is actually justified by the numbers.
In his first State-of-the State address, Governor Cuomo criticized lax state oversight of the banking industry as one of the reasons for the recklessness that led to the Mortgage Meltdown. He proposed to combine the State’s Insurance and Banking Departments into a Department of Financial Services and put one of his top aides, a former federal prosecutor, in charge of running the new department. I would argue that there has been no area of public policy where the Governor has been better able to translate his vision into reality. A look at this morning’s news provides further proof for my case.
Yesterday, CFPB director Richard Cordray unveiled a consumer warning about virtual currencies. The CFPB isn’t telling people not to use bitcoins and other types of virtual currencies but … “Virtual currencies are not backed by any government or central bank, and at this point consumers are stepping into the Wild West when they engage in the market.” Oh boy, sign me up!
What’s the New York tie in? In a blog last week, I mentioned how New York’s DFS unveiled bitcoin regulations making it the first regulator in the country to propose a framework for the licensing of bitcoin activity. As surmised by this morning’s BankingLaw 360:
With the Consumer Financial Protection Bureau accepting complaints on bitcoin businesses and intimating that new rules for virtual currencies may be on the way, companies should expect increased federal scrutiny that will complement and strengthen regulations being developed in New York State. . .
Another Payday lending crackdown: Manhattan DA Cyrus Vance became the latest NY law enforcement official to crack down on payday lending. I haven’t seen a copy of the indictment, but media reports indicate that a Tennessee businessman is accused of establishing a network of companies with the ultimate goal of charging interest on loans in violation of the state’s usury laws at 25%. Both the AG and the DFS have already taken action against payday lenders, most notably companies associated with Indian tribes, which they accuse of violating New York Law.
BSA violations and foreign banks. If you look at the track record of BSA enforcement it seems clear that when it comes to the largest banks, the acronym is one letter too long. For years, behemoth banks have been able to ignore the BSA. In those rare instances where they got caught, they paid a fine large enough to get headlines without anything to prevent them from violating it again.
The DFS is changing this cycle by inserting itself into BSA investigations and threatening banks with the loss of their authority to conduct business in New York. The latest example that this aggressive approach is paying dividends comes from this article, which is reporting that the British bank Standard Chartered, which has already paid $670 million to state and federal regulators, is reviewing millions of transactions to insure it is not violating Bank Secrecy Act regulations yet again. A monitor installed by the DFS as part of the earlier settlement has apparently raised some red flags about some of the bank’s compliance practices.
As a result of the latest problem, Standard Chartered is once again under scrutiny from the DFS, the bank disclosed when announcing its earnings last week. A penalty of more than $100 million and an extension of the monitorship is possible beyond its anticipated end in early 2015.
The news that Robin Williams, my favorite comedian, committed suicide yesterday got me thinking about some of the funniest appearances I ever saw on TV. Williams often teamed up with Johnathan Winters on either Johnny Carson’s or David Letterman’s late night shows. Here’s a sample from YouTube of one such appearance.
For those of you who think that golf is about as exciting as going to knitting class with your grandmother, you obviously didn’t watch the final round of the PGA Championship in Valhalla, Kentucky yesterday. In a scene worthy of Bill Murray in Caddyshack, the tournament wasn’t decided until 25 year old Rory McIlroy from Northern Ireland two-putted against the backdrop of a wrath-of-God sky that made seeing the ball impossible. In fact, the announcers all suggested that the smart play was for McIlroy to finish the game this morning. But when you’re 25, two putting in the dark to beat out a generational icon by the name of Phil Mickelson is no big deal.
So what does this have to do with credit unions? Plenty. As anyone who reads this blog knows, I’m in the change or die school when it comes to the future of the credit union movement. Technology and demographics are fundamentally changing the way financial services are provided and the way consumers approach financial institutions, including credit unions. You can take false comfort in the fact that credit unions now have approximately 100 million members, that your relatively old membership base isn’t clamoring for the newest technology and that succession planning isn’t all that important since it’s all but impossible to attract volunteers to serve on credit union boards anyway.
The problem with this thinking is that by the time your credit union realizes how misguided it is, it will be too late. The example I keep thinking about is Kodak. It can be forgiven for not recognizing that the smart phone was going to put it out of business, but ten years from now those credit unions that don’t recognize that Apple and Amazon are going to change the way financial services are provided will be guilty of a fundamental lack of foresight.
Which brings us back to Rory. With his fourth major and more to come, Rory is already one of the all time greats of the game worthy of being mentioned with Jack Nicklaus and Tiger Woods. But remember, this past April his golf game was so bad, he was actually beaten in one round at the Masters by an amateur whose job it was to round out the field. In fact, it looked as if a generational shift away from Tiger and Phil might not come after all. This morning, such speculation is foolish.
I hope that your credit union is changing to meet changing times before it is too late.
Incidentally, here is a great article from the Harvard Business Review about the impact that the pace of change is having on corporate decision making.
FDIC Provides NYS Snapshot
On Friday, the FDIC released a state-by-state snapshot of banking activity. The report provides a useful baseline for comparison for credit unions in the tri-state area.
Keeping in mind that you have an obligation to monitor potential red flags of identity theft and mitigate evolving risks, here is some news worth reaching out to your IT vendor about. The NY Times reported earlier this week that “A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses. . .” What’s more, according to the security firm that uncovered the scheme, since the goal of the hackers was to steal password credentials as opposed to stealing from the compromised companies the hackers were targeting businesses of all shapes and sizes. Given the scope of the operation, you can bet a credit union or two or three is among the institutions that are being informed their websites have been compromised. As usual, an excellent source of additional information is this post from Krebs on Security.
First, on a purely practical note, this news showed me why it’s so dumb to use the same password for everything. The only reason this treasure trove of lifted passwords is valuable is because they can be used to access multiple online accounts and services.
The more I think about this news the angrier I am at our government. It may be ideologically edifying for some of our elected representatives to stand in the way of any government action, but there are some things that only the government can do. Cybersecurity should be a top national priority right now. In fact, Preet Bharara has correctly argued that cyber-attacks are this century’s Pearl Harbor. But our government is unable and or unwilling to pass meaningful legislation and make the investment necessary to have a truly robust defense against cyber-attacks.
What we are left with is a bunch of well-meaning but ultimately impotent attempts by regulators to do their part to help protect consumers. For example, earlier this year the FFEIC highlighted the need for smaller institutions to guard against cyber-attacks. As part of this effort, it’s conducting pilot cyber assessments and has held a Webinar geared towards community banks and credit unions. I just reviewed the slides and it has some good advice such as suggesting depository institutions ask themselves:
How is my organization identifying and monitoring cyber-threats and attacks both to my institution and to the sector as a whole? How is this information used to inform my risk assessment process?
Such well-meaning advice is tantamount to reminding kids not to play with guns in the middle of a war zone. Without a concerted national commitment, all but the largest businesses in America will find it increasingly impossible to offer cost effective cyber services. You are all being subject to a virtual shakedown and the only institution with the resources to effectively do anything about it is the federal government. Unfortunately, this is the same government that can’t pass meaningful cyber reforms such as imposing risk assessment obligations on merchants.
In the meantime, the nation is furious that the Government isn’t doing more to stop kids who are rushing to the nation’s borders for a better life. Why isn’t it furious that foreign criminals are making billions by ripping off businesses and consumers?
On that note, have a nice day.
I’m here to tell you this morning that you will be breached and if you have been already, you will be again. Cybercriminals are chameleons and they have the money to quickly adjust to the latest techniques meant to stop them.
For example, remember when “dual authentication” of your customer accounts was all the rage in IT security circles? The FFEIC even came out with a guidance mandating that depository institutions implement systems that demonstrate two forms of identification. It was originally updated in 2005 and updated again in 2012 to emphasize the need to “layer” your IT security.
To what do I owe my gloomy morning forecast? Two informative posts, one by the CU Times and the other by the Information Technology Website underscored just how fast moving the game of cyber security cat and mouse is and unfortunately the bad guys win fairly often. Specifically, hackers have broken into 34 banks in Asia and Europe by bypassing a dual authentication system developed by Android and used for online banking. Check with your IT people to get the technical details, but the basic idea is that they used email requests to lure customers to a fake website. Marks opened the door to hackers by opening the email and going to the site through which the hackers could steal all the information they needed to get by the dual authentication system. What is astounding the experts is that the banks used SMS technology, which requires a customer to enter a new password every time they access an account. This is above and beyond what most U.S. credit unions and banks require.
So, is there anything you can do to mitigate the risk beyond making sure that you have a good computer person on speed dial? In looking at cases examining the liability of financial institutions for data breaches, here are some of the points I would keep in mind. Although many of them are most relevant to those of you who offer business accounts, NCUA regulations require all of you to identify and monitor the “red flags” of identity theft on an ongoing basis.
- Member and staff education is key. Your security is only as effective as your most careless employee or technologically “savvy” member.
- In assessing commercial reasonableness of online business accounts, which are regulated by Article 4A of the UCC, courts consider (1) security measures that the credit union and customer agree to implement, and (2) security measures that the credit union offers to the customer but the customer declines. Make sure this is in writing and, if possible, attached to the contract.
- You must respond to changing threats by offering new mitigation techniques. For example, remember now that hackers can electronically impersonate an employee, dual control and not dual authentication is becoming the baseline standard. This way, hackers have to obtain the login information for two employees before transferring money.
- Here is the good news. Commercially reasonable and regulatory standards vary depending the size and sophistication of your credit union. However, this means that the policies and procedures you adopt must be unique to your credit union based on its resources and risk profile. This is one area where cutting and pasting a colleague’s policies the day before the examiner comes calling won’t cut it in the long run.
- Similarly, the vendor contract really matters. Most of you will use vendors to implement your cyber banking. How much must the vendor indemnify you if its negligence causes a breach? Are both parties legally obligated to monitor developments in cybercrime and update protocols when appropriate? Are these changes integrated into your security procedures? These are all questions that, if asked, can help mitigate losses and maintain member confidence in your electronic banking.
Second Quarter GDP Growth Stronger Than Expected
A few minutes ago, news came out that second quarter GDP growth grew at a 4% rate, beating the expectations of economists. In addition, the Government is reporting that household spending increased by 2.5%.
There are some issues that are hanging over the industry like a sword of Damocles. This morning an article in the Wall Street Journal provides further evidence for those who feel that the CFPB should do more to regulate overdraft fees.
According to a survey conducted by the paper, hundreds of small, regional banks, and credit unions are “clinging to the practice” of processing checks on a high to low basis. The paper’s survey revealed that smaller depository institutions are continuing this practice even as larger institutions are backing away from it.
What exactly to do about overdraft fees has been debated for more than a decade now. In 2010, the Federal Reserve promulgated regulations requiring that members opt in to bank payment on debit card overdrafts. I was silly enough to think that this would put the issue to a close, but it hasn’t. For example, in a statement accompanying a 2013 report on overdraft processing, CFPB warned that if “policies and practices do not protect consumers in accordance with consumer protection law, it will use it authorities to provide such protection.”
The more I look at the issue, the more I feel that overdraft fees are the most misunderstood practices engaged in by depository institutions. Do they represent an important source of income for many banks and credit unions? Absolutely, but I bet if you asked your average consumer if they are willing to pay more to make sure that their mortgage or car payment doesn’t bounce, they’d agree. In other words, overdraft fees are a product that some consumers want and need.
I’ve been AWOL for a couple of days and based the volume of work that regulators pumped out over the last week it’s obvious that many of our regulatory overlords intend on being AWOL for most of August. Here are a couple of regulatory proposals to review in preparation for Fall.
CFPB’s HMDA Proposal Empowered by the Dodd-Frank Act , the Bureau that never sleeps is proposing revisions to the Home Mortgage Disclosure Act. It may not sound like a page turner, but for those credit unions that have to comply with it, properly reporting mortgage loan information can be one of the great compliance headaches. If the regulation goes forward as proposed the types of mortgages subject to reporting requirements will be expanded to include “all mortgage loans secured by a dwelling, regardless of the purpose of the loan” including HELOCS and commercial loans secured by a home. Here is a link.
NYS moves to regulate Bitcoin New York State’s Department of Financial Services is rushing ahead of federal and state regulators by proposing licensing requirements and a comprehensive regulatory framework for institutions that buy, sell, transfer or store virtual currencies. Here’s a link to NYS’s proposal.
I have a potpourri of newsworthy tidbits to start your credit union day.
Viva Las Vegas – I would have gladly wagered money yesterday that NCUA Chairwoman Debbie Matz could get nothing more than polite applause out of the attendees of NAFCU’s annual convention, but that was before I knew that the Chairwoman would be using her appearance to outline some regulatory relief proposals that NCUA plans to propose at its July meeting. According to the Chairwoman, NCUA will propose “effectively eliminating” the fixed asset rule. Currently, NCUA regulation caps at 5% of a credit union’s shares and returned earnings the amount that can be spent on fixed assets absent a waiver from NCUA. As CUNA pointed out in a comment letter last year advocating for scrapping the cap “The rule restricts investments not only in real property, but also in technology and systems that are increasingly central to the success of all financial institutions. Overly restricting investments in these items—or subjecting the relevant decisions to a slow and unpredictable process — does not facilitate credit unions’ use of online and mobile banking technologies even though the utilization of such technologies is more important now than ever.”
Two other mandate relief proposals will deal with member business lending and updating appraisal provisions. The proposals aren’t out yet and the devil is in the details; but it’s nice to be able to compliment NCUA again. It wasn’t all that long ago that it was aggressively pushing mandate relief reforms such as the streamlining of low-income credit union designations. Maybe the Chairman should spend more time in Sin City.
Having “The Talk” – What’s the single most uncomfortable talk that parents have with their kids? It’s not about the Birds and the Bees, it’s about money. Great article in MarketWatch reporting that a recent survey indicates that “[p]arents in their 50s and 60s think they’ve done a bang-up job talking with their adult kids about their estate and retirement plans. Their kids think just the opposite. It’s the new Generation Gap. Specifically, nearly two-thirds of parents and adult kids (64%) disagree on the best time to start talking about things like wills, estate planning, eldercare and covering retirement expenses. Many credit unions do a great job providing financial education to their members and this might be one more area to highlight. Making sure everyone is on the same page when it comes to maximizing retirement assets can save a lot of heart ache down the road and is a great way of stretching those retirement savings. Besides, like the World’s Most Interesting Man, you really can give your father The Talk.
Just where does all that settlement money go anyway? Billion dollar settlements with major banks are becoming about as commonplace as low scoring baseball games. (Maybe they really are laying off the steroids after all). This morning’s article from Reuters paints a not too flattering picture of how at least some of the money – which is ostensibly sought for mortgage and foreclosure relief – is actually being spent by state and federal officials. Reuters reports that since May alone there has been $18.5 billion in settlements – $5 billion of which goes to New York. It suggests that the guidelines on how this money is to be allocated are so broad that at least some people are concerned that there are perverse incentives to drive up the size of settlements. Personally, any incentive Government has to crack down on blatantly illegal activity is OK with me.
That’s the question posed by the New York Times in an article yesterday in which it seeks to sound the alarm: in a nutshell it argues that, just like the mortgage meltdown, major banks are loosening lending standards in an effort to ensure they have enough automobiles to meet Wall Street’s growing demand for securities comprised of auto loan pools. This is one of those times where I am glad that credit unions aren’t mentioned alongside the banks.
This is the type of article that gets regulators thinking that more needs to be done, so you may want to take a quick look to see how appropriate your underwriting standards are for auto lending. Here are some things to keep in mind.
The NCUA deserves credit for raising concerns about indirect auto lending long before it was trendy. The banks highlighted in the article are accused of hiding behind dealer practices when asked about questionable sales techniques and underwriting standards. But remember “the dealer made me do it” is no defense. This is particularly true for credit unions that have the added requirement of ensuring that any person taking out a car loan is a qualified member. As summarized succinctly in this indirect lending guidance from the NCUA from 2011:
Indirect lending standards should be consistent with the credit union’s direct (internal) loan underwriting standards. The standards should be reviewed at least annually or more often if risk levels increase or if negative trends begin to surface. Exceptions to the indirect loan policy should be infrequent. All exceptions should be approved by credit union personnel responsible for administering the indirect lending program and reported to the board of directors for their review.
One other quick point about the article. Not all securitization is bad. Financial institutions, and especially smaller ones, need a vibrant secondary market to sell off loans and make new ones to members. The Times is right to highlight the negative influence that demand for higher yielding securities may be having on auto lending standards, but I just hope that regulators don’t overreact and throw the baby out with the bath water.
I’ve done this blog long enough now that every so often I feel like Steve Martin in The Lonely Guy. When the new phone book is delivered, he runs down the street yelling: I’m in the book, I’m in the book. I was excited to find out this morning that the Annual Review of SAR Filings had been published by FinCEN. California and New York lead the way when it comes to depository institutions filing Suspicious Activity Reports.
On that note, have a nice day.
Those wacky kids at the CFPB are out it again. This time they want to go Wiki leaks with consumer complaints. They are proposing that the CFPB’s consumer complaint database be expanded to include consumer narratives of complaints consumers agree to publicize. The allegedly offending company would be given the option of responding with its own competing narrative. According to the CFPB, publishing narratives would “be impactful by making the complaint data personal (the powerful first person voice of the consumer talking about their experience), local (the ability for local stakeholders to highlight consumer experiences in their community), and empowering (by encouraging similarly situated consumers to speak up and be heard)” Let Freedom Ring!
Cut through the hyperbole and what you are left with is a debate about the value of empowerment of which I am proudly on the losing side. Amazon just celebrated its twentieth anniversary and, in addition to providing us books and consumer goods with great service at a lower price, it gave us the consumer narrative review. I have never used one of the narratives to buy anything of value. Given the choice I will look at Consumer Reports before I buy a TV or read a book review written by an expert when deciding what to read next. To me these are more reliable than on someone so enamored or annoyed about a product or service that they actually took the time to sit down and write a review. The internet indeed can “empower” anyone to think they are an expert but that doesn’t make them one..
But I am a dinosaur . More and more people are as likely to get their news from Facebook as from the New York Times. The whole idea of an information hierarchy is viewed with suspicion. What is the big deal they say? After all if someone doesn’t find an internet review-or an association blog for that matter -credible than they can just ignore it. They can just ignore a complaint they find on the CFPB’s website.
The problem is that the mere fact the complaint is on a government database is going to be giving complaints much more credence than they deserve. I was against the CFPB granting public access to its credit card complaint data base because I believe that the CFPB has an obligation to investigate complaints before throwing them out to the general public. Unsubstantiated allegations can do a lot more harm than good. A Government website isn’t a free market place of ideas. Unlike those reviews on Amazon it has the government’s imprimatur.
Not to worry says the CFPB; the accused company will always have the right to respond. But responding takes time and resources and the mere fact that a response is made to an allegation doesn’t mean that the damage is undone. For instance let’s say someone accuses XYZ credit union of discrimination after being denied a car loan. Publishing a response that the member was subject to the same race neutral criteria as everyone else won’t undue the seriousness of the allegation.
CFPB should pull the plug on this idea but it won’t. Here is a compromise: Lets recognize that not all financial institutions have the time to respond to a consumer narrative or the resources it takes to martial an effective PR campaign against serious but unsubstantiated allegations. Let’s establish a threshold for company size below which the narrative won’t be made public. It will still be sent to the CFPB which can investigate it; it will still be sent to the institution for a response and the consumer will still have all the legal rights and remedies he has today but smaller institutions won’t have to choose between letting an allegation fester or engaging in a public dispute with a disgruntled consumer at the same time they are trying to run a business. Here is a link to the proposal Institutions have 30 days after publication to respond.
See you Monday
Governor Cuomo made it official yesterday: he held a bill signing ceremony to mark approval of legislation (A.6357-e) making New York the latest state in the nation legalizing the medical use of marijuana. Its use will be ramped up over the next 18 months as the state promulgates the necessary regulations.
Despite what I have seen in the blogosphere, it is not time to stack up on the munchies. Unlike states such as Washington and Colorado, which have legalized marijuana possession, and other states, such as California, that have legalized the “medical” use of marijuana, the legislation is drafted in a way that medical use of marijuana will be limited to people with designated illnesses and only available in forms prescribed by doctors.
The use of medical marijuana in New York will be highly regulated. According to the Governor’s memo, the law allows for five registered organizations that can each operate up to four dispensaries statewide. Registrations for organizations will be issued over the next 18 months unless DOH or the Superintendent of State Police certifies that the new program could not be implemented in accordance with public health and safety interests. Because it is so regulated, chances are your credit union won’t be asked to open up a business account for these organizations, and if it is the organizations are so highly regulated that much of your due diligence will be easily obtainable. This means that, at least in the short term, legalization of the drug won’t present financial institutions with the legal question of how to comply with federal laws banning the possession and sale of marijuana and bank secrecy act requirements mandating that credit unions and banks monitor their accounts for potentially illegal activity with state law declaring marijuana use to be legal.
This is not to say that your credit union won’t be impacted by this law. Under the legislation a certified caregiver or patient can’t be subject to any civil or disciplinary action by a business or licensing board solely because of their lawful use of marijuana. In addition, eligible users are classified as disabled under New York’s human rights law. At the very least, we now know that there are going to be employees legally entitled to be taking marijuana. So, if you have a policy of categorically prohibiting employee drug use, this is going to have to be modified.
Conversely, it doesn’t mean that an employee can come into work today and get stoned at lunch time. The state is going to have a registry of patients. The key is not to make changes tomorrow. If you heard the Governor speak yesterday, then you heard a person who is dead serious about making sure that this legislation truly is for medical purposes and not a backdoor means of legalizing pot smoking. The regulatory process will be a serious one and given the number of issues that need to be addressed, I’m sure the concerns of employers will be taken into account. In the meantime, it appears that New York financial institutions have avoided the legal quagmire that comes from a more unregulated approach.