Posts filed under ‘Legal Watch’
If Nixon can go to China, then I can darn well compliment the American Bankers’ Association when it makes a good point. That is what I am doing today. Besides, if the bankers succeed in getting a petition approved the Federal Communications Commission (FCC), credit unions will benefit as well.
We all know that identity and data theft prevention are all the rage. Suppose that you are approached by a vendor with a great new system that will send out automated voice messages to a member’s cell phone anytime there is an indication that fraudulent activity may be taking place. Given the volume of potential fraud alerts, as well as the speed at which hackers can do their damage, using automated voice messaging and texting is the quickest, most cost effective way of getting the word out. In addition, since the cell phone has become an adult umbilical cord, it makes perfect sense to send the message right to the smart phone, provided that a member has given the number to the financial institution.
However, these services have run up against a compliance speed trap. The Telephone Consumer Protection Act (TCPA) generally prohibits companies from calling cell phones using an automatic dialer telephone system or artificial pre-recorded voice unless the call is “made with the prior consent of the party called.” See 47 USC 227(b)(1).
The problem is that Congress never defined prior expressed consent. As a result, banks and businesses fear that using pre-recorded voices to notify cell phone users of problems with their accounts may result in class action litigation. They have a point. There has already been litigation in this area and even though I think the courts would ultimately rule that a person who has provided financial institutions with a cell phone number has consented to these notifications, nobody should have to go through litigation to find out.
To resolve this issue, the American Bankers’ Association submitted a petition to the FCC, which enforces the TCPA. In the petition they are asking for the authority to send the following messages using either automated phone calls or text messages to a cell phone:
- Fraud and Identity Theft Alerts;
- Data and Security Breach Notices;
- Money Transfer Notifications and notifications of actions needed to arrange for receipt of pending money transfers; and
- Messages informing consumers of “steps they can take to prevent or remedy harm caused by data security breaches.”
Presumably, if the bankers’ petition is successful, credit unions would have the same authority. So in reality, this is a win-win. The proposal makes good sense: we should all be able to reach out and touch someone when doing so protects their assets.
How bad was Cleveland Quarterback Johnny Manziell in his first game as a starting quarterback? My brother summed it up well: He was so bad me made Geno Smith of the Jets look like a good quarterback. …
The Supreme Court on Friday decided to take two nuts-and- bolts bankruptcy cases that could have an operational impact on your credit union. As explained by the Fifth Circuit “A debtor who is unwilling or unable to continue paying creditors under a Chapter 13 plan may convert his case to a Chapter 7 liquidation at any time.11 U.S.C. § 1307(a). Because of the differences between a Chapter 13 estate and a Chapter 7 estate, such a conversion raises an inevitable question: does the Chapter 7 estate include all property held by the debtor at the time of conversion, or does it include only the property held at the time of the original Chapter 13 filing?” In Bullard v. Hyde Park Savings Bank the Court will decide if money in the possession of a Chapter 13 trustee can be distributed by that trustee after the debtor has converted to a chapter 7 bankruptcy or must be returned to the debtor? At least one court in New York that has examined the issue has held that a trustee is free to distribute funds to creditors- In re Bell, 248 B.R. 236 W.D.N.Y. 2000)- but other courts have disagreed.
A second case, Vieglelahn-v.-Harris–13-50374–5th-Cir.-2014, will rule on whether a debtor has a right to appeal a court’s refusal to confirm a bankruptcy plan. The case involves an underwater homeowner who filed for bankruptcy protection. The homeowner proposed a repayment plan which would have reduced the secured value of the mortgage loan. Hyde Park Savings Bank understandably objected and the court refused to confirm the plan instead ordering our homeowner to come up with another plan within 30 days. The Homeowner is seeking to appeal the court’s refusal to confirm his plan. It seems to me that if the Court rules in favor of the homeowner we face the prospect of even longer delays in resolving disputes involving delinquent mortgages. Oh Boy!
Starting today the Credit Union Association of New York is the New York Credit Union Association. Henceforth anyone who refers to the Association as CUANY can be shot on sight. This is bad news for me because it takes me about six months to remember anyone’s name and I still refer to the Tampa Bay Rays as the Devil Rays….
Session not Lame for Banks
The banks did pretty well in the lame Duck session. The budget deal the Senate signed off on s Saturday waters down a swaps provision in Dodd Frank designed to prevent banks from gambling-I mean investing-with Insured deposits. Smaller bank holding companies will also benefit from legislation allowing those with $1 billion or less in assets more flexibility in the amount of debt they can take on before being subject to greater over site by the Federal Reserve .
Democracy is working better in some countries than in others. Conservative Japanese Prime Minister Shinzoe Abe scored a decisive victory in parliamentary elections he called just days after his country slipped back into recession. That’s right he won a decisive election weeks after it was confirmed that the world’s third largest economy is still in the tank. Why should you care? Because Abe is a proponent of quantitative easing and is likely to put off taxes meant to reduce Japan’s National debt in order to emphasize economic growth. In contrast the US is cutting back its government spending and ending quantitative easing on the assumption that the economy doesn’t need the stimulus. If our policymakers are wrong the economy is in for another five years of anemic economic growth even as corporate profits continue to grow
To political junkies Massachusetts Attorney General Martha Coakley is best known as the Democrat with an uncanny knack for snaring defeat from the jaws of victory. First she lost to Republican Scott Brown in an election to fill the Senate seat that was open following the death of liberal icon Ted Kennedy and this past November she lost in her race to become Governor of a state that has been overseen by two- term Democrat Deval L Patrick-So much for AG standing for Aspiring Governor. But Coakley has aggressively pursued data breaches and what Massachusetts does in this area is worth paying attention to.
This brings me to the subject of today’s blog: Yesterday she announced an $825,000 settlement against TD Bank for failing to promptly notify her office of a March 2012 data security incident until October 2012. The settlement stemmed from a courier’s loss of account backup information. According to the press release, when TD found out that data backups it believed it had entrusted to couriers had not arrive at its storage facility it conducted an internal investigation and found no evidence of fraud or unauthorized access or use of the personal information involved in the incident.
The National Conference of State Legislators tells us New York is one of forty-seven states that have a data breach notification law. But these laws ostensibly leave much room for determining when notification requirements kick in, For instance, NY provides:
“Any person or business which conducts business in New York state, and which owns or licenses computerized data which includes private information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the system to any resident of New York state whose private information was, or is reasonably believed to have been, acquired by a person without valid authorization….. N.Y. Gen. Bus. Law § 899-aa (McKinney)
Personal information includes Social security numbers, account numbers, drivers licenses, and credit or debit card numbers in combination with any required security code.
What the Massachusetts settlement underscores for me is that you don’t have as much flexibility in deciding when the statute is triggered as you might think you do. For instance New York’s law applies when a data breach results in a “reasonable belief” that the breached data fell into the hands of an unauthorized person which is usually going to mean a third-party . I’m reading between the lines of the Massachusetts settlement but it appears that the bank was slow in reporting the breach in part because it concluded that the data loss did not compromise anyone’s privacy. It did an investigation, saw no indication that the misplaced data was misused, surmised it was misplaced by its vendor and moved on.
This is a good legal argument since it had no evidence that anyone other than an authorized vendor or a bank employee accessed the information.
But don’t put yourself in the position of having to make this argument. When it doubt follow the statute’s requirements. Consumers are sensitive to data breaches and AG’s are getting more and more sensitive to the issue.
Is the tide turning in data breach cases? Can Captain Ahab really retire? Inquiring minds want to know.
Earlier this week, a federal district court in Minnesota ruled that a group of financial institutions including at least one credit union could go forward with its claim that Target was negligent in letting hackers steal credit and debit card information from more than 110 million consumers last year. (In re Target Corp. Customer Data Sec. Breach Litig., No. MDL 14-2522 PAM/JJK, 2014 WL 6775314, at *4 (D. Minn. Dec. 2, 2014)). The case follows a decision by the Court of Appeals for the Fifth Circuit to allow financial institutions to go forward with a similar claim against Heartland Payment Systems, which they allege negligently stored plastic card information also stolen by third-party hackers. (Lone Star Nat. Bank, N.A. v. Heartland Payment Sys., Inc., 729 F.3d 421, 426 (5th Cir. 2013)).
Both of these cases are welcome developments for credit unions. The industry has correctly argued for years now that there is too little responsibility placed on merchants when it comes to protecting against data breaches. However, these developments also underscore just how important it is to couple legal action with a multi-pronged push to achieve data breach protections on both the state and federal level.
Most importantly, any litigation in this area will ultimately depend on the interpretation of individual state laws and legal standards. For instance, Target is incorporated in Minnesota, which I believe was the first state in the nation to pass legislation imposing liability on merchants that negligently store debit and credit card information. In refusing to dismiss the case against Target, the district court noted that the claim of the financial institutions was “bolstered” by the statute, which underscored the state’s policy of expecting merchants to protect against data breaches. In the Hartland case, the circuit courts decision to allow the financial institutions to go forward was based on its interpretation of New Jersey case law.
The importance of state law and regulation to the outcome of these cases demonstrates that in this area more than others a coordinated attempt to pass data breach legislation on both the state and federal level is paramount for the industry. Every time financial institutions bring one of these cases it puts more pressure on merchants to consider coming to the negotiating table and agree to uniform data storage requirements. In addition, it’s impossible to predict what Congress will do in this area, but both the Hartland and Target decisions demonstrate that much could be done on the state level regardless of what machinations take place in D.C. The cases also raise an important issue for the industry to consider as it continues to push for data breach requirements. My guess is that the merchants will ultimately agree to data protection requirements in return for preemption of state laws. If the lawsuits continue to trend in favor of financial institutions, we may reach a point where the value of federal data breach standards is outweighed by the value of state-imposed liability.
Keith Leggett to Retire
Dr. Keith Leggett, Senior Vice President at the American Bankers Association and self-problaimed Captain Ahab to the credit union industry’s white whale, announced that he will be retiring early next year. Keith is a professional gad-fly to the credit union industry best known to many of you for writing his Credit Union Watch blog. He reportedly will continue to write this blog even in retirement, so we aren’t quite done with his cogent barbs.
I have a soft spot for anyone who reads my blog and a special soft spot for anyone who takes the time to respond to one of my tirades, even if they disagree with everything I’ve said. I’ve gotten to know Keith a little as a result of comments to my blogs. He even has been nice enough to give me the heads up on a typo or two. So Keith, I hope you have a better retirement than Captain Ahab and thanks for the input.
With snow coming the Meier family has decided to head over the river and through the woods to Grand Ma’s house on Long Island a little earlier than originally planned (I can hear someone in Buffalo saying “Snow! They call six inches Snow!”). There is a fair amount I want to tell you about before my hiatus so here goes.
Will NCUA approve a pot CU?
Now that Colorado has approved a state charter for a credit union dedicated to providing financing for the state’s nascent marijuana industry NCUA will have to decide whether or not to federally insure the institution. I’ve written several blogs about the legal difficulties of providing pot financing. Marijuana remains illegal as a matter of federal law and even though federal prosecutors have indicated that they would turn a blind eye to institutions providing banking services in states where pot use is legal, finding financial institutions willing to open up businesses for ganja related businesses has proven to be difficult.
I have no idea what NCUA’s ultimate decision will be but I would love to see it deny federal insurance for credit unions created to circumvent federal law.
There is a huge disconnect going on here. Heroin use is on the rise and a culture that glorifies pot use inevitably contributes to that rise by making drug use that much more acceptable. To those who extol pot’s medical benefits I would point out that few of the states that have legalized pot limit its possession to medical uses and one that has ostensibly done so-California-has made a mockery of these limits (Maybe New York will be the exception).
Let’s be honest, national groundswells for improved healthcare don’t catch fire just because some people want better healthcare-if they did than President Obama would be the most popular President in history.
To my peers who think that pot use is no big deal I say grow up and think about your kids. College is over. Here is a link to a’s CU Times article and some previous blogs I’ve done on the subject.
New York classifies application of it sub prime loan statute
In 2013 the Federal Housing Finance Administration changed its policies to mandate that insurance premiums on FHA insured loans be collected over for the entire length of a mortgage. This change meant that some loans would be considered subprime loans under New York law making them all but impossible to sell in the secondary market. Legislation signed by the governor establishes a separate formula for calculating sub- prime loans insured by the FHA. The law is an important amendment for mortgage lenders but it does mean that there is now an additional formula that has to be calculated when determining how a mortgage loan should be classified under the state and federal Law. Chapter 469 of 2014 takes effect immediately.
Speaking of New York laws, in the same batch of legislation the Governor also approved a bill clarifying the authority of parents guardians to request that credit reporting agencies preemptively place security freezes on the credit reports of persons 16 years or younger. Most importantly the bill authorizes parents to request that a freeze be placed on a child’s credit information even if the child has no file. This means that it will be more difficult for identity thieves to use a stolen social security card to create an alternate identity with which they can take out loans and sign up for credit cards for example. The legislation is Chapter 441 of 2014.
FHFA maintains Confirming loan limits
The FHFA, which oversees Fannie Mae and Freddie Mac announced yesterday that it was maintaining confirming loan limit at $417,000. The confirming loan limit is the maximum price above which a residential property will not be purchased by the GSE’s. For my downstate brethren who think that this is a pretty low number remember that conforming house values are higher in certain parts of the country, including much of the downstate area. Here is a link to the announcement and a link to a list of conforming value limits.
Statistics indicate that approximately half of all marriages end in divorce. What’s more, according to the Center for Disease Control in Atlanta, one hundred percent of your members are going to die someday. In spite of these facts, the procedures used by financial institution when dealing with a “successor in interest,” someone who obtains property by operation of law, varies widely. Some credit unions know that Mrs. Jones has been dead for years without trying to figure out who is making her mortgage payments, while others stop accepting payments once they hear of a member’s death.
The CFPB has heard these stories too and wants to waive its magic consumer wand to establish national standards that mortgage servicers must adhere to when dealing with successors in interest to real property. This proposal is just one of several substantive amendments the CFPB proposed last week with regard to the Servicing regulations that took effect last January. The successor in interest proposal is what I am most interested in because I think the general approach taken by the CFPB is a good one with or without additional regulations. You don’t have to wait until these amendments have been finalized to make sure you have policies in place that are consistent with existing law.
First of all, do you think the death of a borrower constitutes a default of the mortgage? If you said the answer is yes, think again. Since 1982, federal law has preempted mortgage contracts that apply “due on sale” provisions to property transfers that result from a bequest in a will, the death of a joint tenant, transfer to a relative upon death, or a transfer resulting from a divorce or legal separation agreement, among other things. A key component of the CFPB’s servicer regulations is to require lenders to provide delinquent borrowers with prompt information about loss mitigation possibilities. Even before its mortgage servicing rules took effect in 2014, the CFPB has been concerned about how its loss mitigation requirements would be applied to successors in interest. As a result, in October of 2013 it released a guidance to its final RESPA and mortgage servicing rules imposing procedures that servicers must maintain regarding the identification and communication with any successor in interest of a deceased borrower with respect to mortgage loans he or she held. The CFPB’s proposal released last week would extend this guidance to all types of successors in interest.
Most importantly, a new section, 1024.36(i), stipulates that when a financial institution receives a written request from a person that indicates that the person “may be a successor in interest,” a servicer is mandated to respond to this written notification “by providing the potential successor in interest with information regarding the documents the servicer requires to confirm the person’s identity and ownership interest in the property.”
As the English commentators on the Soccer matches I like to watch on Saturday mornings like to say, I think the CFPB is “spot on” on this one. By extending a servicer’s obligation to communicate with potential successors in interest, the regulations would empower financial institutions to communicate with ex-spouses and children, for example, without running afoul of privacy concerns. In addition, by making it clear to everyone what papers a person claiming to have an ownership interest in property must provide, the regulation will ideally facilitate the resolution of potentially complicated estate issues in a more expedient manner.
One thing to keep in mind: whether or not a person is a valid successor in interest, the mortgage lien that your credit union has on the property remains valid and enforceable. As a result, just because a deceased mother legally transferred ownership of her home to her son doesn’t mean that any delinquencies owing on the mortgage are wiped out. All this regulation does is help ensure that there are procedures in place to help clarify what parties ultimately remain responsible for a mortgage.
President Obama’s decision to grant resident status to more than 4 million undocumented aliens may well have a direct impact on your credit union’s operations and procedures. Specifically, you may want to take a look at your credit union’s BSA customer identification policies and procedures.
The ability of credit unions and banks to open accounts for undocumented aliens is one of the few compliance issues that gets the non-compliance geek fired up. Read this 2007 article from the Wall Street Journal and you’ll see what I mean. Under existing customer identification program requirements, credit unions must have policies and procedures in place to verify a customer’s identity. As explained in a FinCEN guidance, the CIP regulations do not provide a definitive list of the type of documents that banks and credit unions must use to verify the identity of an account holder. Instead, the ultimate requirement is that whatever forms of identification your credit union uses enables it to “form a reasonable belief that it knows the true identity of the customer.” The regulation provides that for a non-U.S Citizen an acceptable form of identification could include a government issued document evidencing nationality or residence so long as it has a photograph. See 31 CFR 1020.220. This flexibility in the regulation is what makes it acceptable for some financial institutions to accept consular identification cards while others do not. My guess is that with the President’s Executive Order you will see many states pass laws requiring financial institutions to accept specific types of identification.
The second stumbling block to opening accounts for undocumented persons involves tax-payer identification numbers. The regulations are unequivocal in requiring that persons opening accounts must either have or be applying for a tax-payer identification number. 31 CFR 1020.220. Since many undocumented aliens work off the books, this has been one of the biggest challenges to opening an account. The President’s Executive Order will allow qualifying individuals to legally have jobs and start paying taxes. I would hope that FinCEN will provide guidance to financial institutions explaining the type of documentation that may be available to individuals eligible for legal protections under the President’s Executive Action.
Whether or not you agree with the President’s Executive Action it is not the role of your credit union to get involved with the immigration debate. If you disagree with what the President did last night, write your Congressman, but don’t make it more difficult than it has to be for a person to go into a credit union and open an account. As for the argument that doing so is aiding lawbreakers, let’s make a common sense distinction between individuals who come into the country to earn a living and individuals who earn a living by breaking the law.