Posts filed under ‘Regulatory’
If Nixon can go to China, then I can darn well compliment the American Bankers’ Association when it makes a good point. That is what I am doing today. Besides, if the bankers succeed in getting a petition approved the Federal Communications Commission (FCC), credit unions will benefit as well.
We all know that identity and data theft prevention are all the rage. Suppose that you are approached by a vendor with a great new system that will send out automated voice messages to a member’s cell phone anytime there is an indication that fraudulent activity may be taking place. Given the volume of potential fraud alerts, as well as the speed at which hackers can do their damage, using automated voice messaging and texting is the quickest, most cost effective way of getting the word out. In addition, since the cell phone has become an adult umbilical cord, it makes perfect sense to send the message right to the smart phone, provided that a member has given the number to the financial institution.
However, these services have run up against a compliance speed trap. The Telephone Consumer Protection Act (TCPA) generally prohibits companies from calling cell phones using an automatic dialer telephone system or artificial pre-recorded voice unless the call is “made with the prior consent of the party called.” See 47 USC 227(b)(1).
The problem is that Congress never defined prior expressed consent. As a result, banks and businesses fear that using pre-recorded voices to notify cell phone users of problems with their accounts may result in class action litigation. They have a point. There has already been litigation in this area and even though I think the courts would ultimately rule that a person who has provided financial institutions with a cell phone number has consented to these notifications, nobody should have to go through litigation to find out.
To resolve this issue, the American Bankers’ Association submitted a petition to the FCC, which enforces the TCPA. In the petition they are asking for the authority to send the following messages using either automated phone calls or text messages to a cell phone:
- Fraud and Identity Theft Alerts;
- Data and Security Breach Notices;
- Money Transfer Notifications and notifications of actions needed to arrange for receipt of pending money transfers; and
- Messages informing consumers of “steps they can take to prevent or remedy harm caused by data security breaches.”
Presumably, if the bankers’ petition is successful, credit unions would have the same authority. So in reality, this is a win-win. The proposal makes good sense: we should all be able to reach out and touch someone when doing so protects their assets.
New York State’s Department of Financial Services issued a letter to all New York State chartered and licensed banking institutions yesterday informing them that cybersecurity will be an increased emphasis of the examination process. The Department’s head, Benjamin Lawsky said: “the Department encourages all institutions to view cybersecurity as an integral aspect of their overall risk management strategy rather than solely as a subset of information technology.”
The heightened examinations include:
- An analysis of an organization’s reporting structure for cybersecurity related issues;
- An organization’s management of cybersecurity issues including the interaction between information security and core business functions;
- An examination of information policies and procedures as well as assessing whether such policies are periodically reviewed in light of changing risks; and
- A requirement for protections against intrusion including the use of multi-factor authentication.
This list is by no means definitive and you should take a look at the entire letter.
Although the letter is applicable to all of New York State’s charges, its more detailed requirements are clearly geared to the largest institutions DFS regulates. An accompanying press release explains that “institutions will be examined as part of new, targeted DFS cybersecurity preparedness assessments.” Nevertheless, all New York State credit unions should be ready to demonstrate that they have cybersecurity policies commensurate with the risk posed with the services they provide and the vulnerability of their systems to cyber attacks. As I explained in a previous blog, cybersecurity preparedness has become a major point of emphasis for the DFS. Remember, hackers are demonstrating an increased interest in attacking small to medium sized financial institutions.
Since I am on the subject of cyber security here’s a post from the Motley Fool investment site that is worth a look. It explains what it thinks investors should expect banks to be investing in when it comes to building and maintaining a cyber infrastructure.
On that note, have a nice day.
If you were sitting around the Thanksgiving table struggling to come up with things to be thankful for, then here’s one for you, after the fact: be thankful you are not associated with the North Dade Community Development Federal Credit Union located in Miami, Florida.
The Tuesday before Thanksgiving the $4 million credit union was slapped with a $300,000 fine for significant Bank Secrecy Act (BSA) violations. According to FinCEN, from 2009-2014, the credit union had significant deficiencies in all aspects of its anti-money laundering (AML) program, even as it processed close to $2 billion in transactions for money service businesses (MSB). FinCEN’s fine follows a 2013 Cease and Desist order issued against the credit union by NCUA.
If this were simply the story of one rogue credit union that let the income it was generating from MSBs blind it to its regulatory obligations, the story wouldn’t be worth a second look. But that’s not all that is going on here. Most importantly, regulators are increasingly concerned about credit unions that work with MSBs within their fields of membership. For instance, in January of this year, the NCUA listed oversight of credit union MSB relationships as one of its top regulatory priorities. In addition, a BSA Webinar hosted by the Office of Small Credit Union Initiatives emphasized the enhanced obligations that credit unions have when their membership includes MSBs. More generally, since 2005, regulators have stressed that when any financial institution provides services to an MSB, it takes on additional due diligence obligations.
But wait, there’s more. The credit union was also cited for its disregard of 314(a) FinCEN information requests. Under the Patriot Act, law enforcement officials at both the state and federal level are authorized to request that FinCEN forward the names of individuals about whom they are seeking information. These requests come out approximately once every two weeks. Credit unions are obligated to check their own accounts to see if they have any information FinCEN is seeking. This obligation is independent of a credit union’s responsibilities under OFAC (31 CFR 1010.520).
I’ve been quick to criticize financial regulators for their tepid approach to BSA enforcements. Don’t let the large fines fool you. Large institutions are able to get away with blatant BSA violations for years before anyone acknowledges that the inmates are running the asylum. But the fact that BSA may be enforced unfairly doesn’t change the fact that in today’s interconnected world a five person credit union that doesn’t follow through on its BSA obligations can pose a real and dramatic threat to the Country’s AML efforts.
Those of you who choose to take on more sophisticated accounts have an obligation to the entire industry to ensure that you conform with basic BSA requirements. This is one of those areas where the missteps of one credit union reflect on the industry as a whole.
Shoppers Not Feeling Jolly
If the initial press reports are any indication, Black Friday is loosing its appeal to shoppers. The National Retail Federation reported that 55.1% of consumers shopped between Thursday and Sunday. That is down from 58.7% last year. It also reported that total spending was $50.9 billion, a decrease of 11% from last year. The Meier family took its annual sojourn into the city and based on our experience the statistics matched the reality: the train ride from Manhasset on the LIRR was notably less crowded and the store fronts were not as jammed. On that note, have a nice day.
Statistics indicate that approximately half of all marriages end in divorce. What’s more, according to the Center for Disease Control in Atlanta, one hundred percent of your members are going to die someday. In spite of these facts, the procedures used by financial institution when dealing with a “successor in interest,” someone who obtains property by operation of law, varies widely. Some credit unions know that Mrs. Jones has been dead for years without trying to figure out who is making her mortgage payments, while others stop accepting payments once they hear of a member’s death.
The CFPB has heard these stories too and wants to waive its magic consumer wand to establish national standards that mortgage servicers must adhere to when dealing with successors in interest to real property. This proposal is just one of several substantive amendments the CFPB proposed last week with regard to the Servicing regulations that took effect last January. The successor in interest proposal is what I am most interested in because I think the general approach taken by the CFPB is a good one with or without additional regulations. You don’t have to wait until these amendments have been finalized to make sure you have policies in place that are consistent with existing law.
First of all, do you think the death of a borrower constitutes a default of the mortgage? If you said the answer is yes, think again. Since 1982, federal law has preempted mortgage contracts that apply “due on sale” provisions to property transfers that result from a bequest in a will, the death of a joint tenant, transfer to a relative upon death, or a transfer resulting from a divorce or legal separation agreement, among other things. A key component of the CFPB’s servicer regulations is to require lenders to provide delinquent borrowers with prompt information about loss mitigation possibilities. Even before its mortgage servicing rules took effect in 2014, the CFPB has been concerned about how its loss mitigation requirements would be applied to successors in interest. As a result, in October of 2013 it released a guidance to its final RESPA and mortgage servicing rules imposing procedures that servicers must maintain regarding the identification and communication with any successor in interest of a deceased borrower with respect to mortgage loans he or she held. The CFPB’s proposal released last week would extend this guidance to all types of successors in interest.
Most importantly, a new section, 1024.36(i), stipulates that when a financial institution receives a written request from a person that indicates that the person “may be a successor in interest,” a servicer is mandated to respond to this written notification “by providing the potential successor in interest with information regarding the documents the servicer requires to confirm the person’s identity and ownership interest in the property.”
As the English commentators on the Soccer matches I like to watch on Saturday mornings like to say, I think the CFPB is “spot on” on this one. By extending a servicer’s obligation to communicate with potential successors in interest, the regulations would empower financial institutions to communicate with ex-spouses and children, for example, without running afoul of privacy concerns. In addition, by making it clear to everyone what papers a person claiming to have an ownership interest in property must provide, the regulation will ideally facilitate the resolution of potentially complicated estate issues in a more expedient manner.
One thing to keep in mind: whether or not a person is a valid successor in interest, the mortgage lien that your credit union has on the property remains valid and enforceable. As a result, just because a deceased mother legally transferred ownership of her home to her son doesn’t mean that any delinquencies owing on the mortgage are wiped out. All this regulation does is help ensure that there are procedures in place to help clarify what parties ultimately remain responsible for a mortgage.
President Obama’s decision to grant resident status to more than 4 million undocumented aliens may well have a direct impact on your credit union’s operations and procedures. Specifically, you may want to take a look at your credit union’s BSA customer identification policies and procedures.
The ability of credit unions and banks to open accounts for undocumented aliens is one of the few compliance issues that gets the non-compliance geek fired up. Read this 2007 article from the Wall Street Journal and you’ll see what I mean. Under existing customer identification program requirements, credit unions must have policies and procedures in place to verify a customer’s identity. As explained in a FinCEN guidance, the CIP regulations do not provide a definitive list of the type of documents that banks and credit unions must use to verify the identity of an account holder. Instead, the ultimate requirement is that whatever forms of identification your credit union uses enables it to “form a reasonable belief that it knows the true identity of the customer.” The regulation provides that for a non-U.S Citizen an acceptable form of identification could include a government issued document evidencing nationality or residence so long as it has a photograph. See 31 CFR 1020.220. This flexibility in the regulation is what makes it acceptable for some financial institutions to accept consular identification cards while others do not. My guess is that with the President’s Executive Order you will see many states pass laws requiring financial institutions to accept specific types of identification.
The second stumbling block to opening accounts for undocumented persons involves tax-payer identification numbers. The regulations are unequivocal in requiring that persons opening accounts must either have or be applying for a tax-payer identification number. 31 CFR 1020.220. Since many undocumented aliens work off the books, this has been one of the biggest challenges to opening an account. The President’s Executive Order will allow qualifying individuals to legally have jobs and start paying taxes. I would hope that FinCEN will provide guidance to financial institutions explaining the type of documentation that may be available to individuals eligible for legal protections under the President’s Executive Action.
Whether or not you agree with the President’s Executive Action it is not the role of your credit union to get involved with the immigration debate. If you disagree with what the President did last night, write your Congressman, but don’t make it more difficult than it has to be for a person to go into a credit union and open an account. As for the argument that doing so is aiding lawbreakers, let’s make a common sense distinction between individuals who come into the country to earn a living and individuals who earn a living by breaking the law.
The CFPB continued its incredibly frenzied pace yesterday. In the same day, it proposed federal regulations on prepaid cards and fined Franklin Loan Corporartion, a California-based mortgage banker for illegally compensating its loan originators. In the pre-Dodd-Frank days, either one of these would have been among the biggest news of the year for one of our federal regulators. But for our good friends at the Bureau that Never Sleeps, it’s all in a day’s work.
First, let’s talk about the illegal compensation settlement. In 2010, the Federal Reserve Board imposed restrictions on the way loan originators could be compensated. Specifically, the Federal Reserve Board promulgated regulations prohibiting compensating originators based on a term or condition of a mortgage loan. The CFPB is now responsible for enforcing this provision and to avoid making this discussion any more complicated than it has to be, my references are to the re-codified regulation. Before the Board’s prohibition, Franklin had a straightforward compensation system in which originators would get a percentage of each mortgage loan they closed. The compensation would be based on the total cost of the loan, which included an originating fee, discount points and the retained cash rebate associated with the loan. As a result, loans with higher interest rates generated higher commissions. After the Board passed it prohibition in 2010, Franklin instituted a new system. All loan officers were given an upfront commission for each loan they closed. However, on a quarterly basis, they would receive the difference, if any, between the adjusted total commission, which was based in part on the interest rate of the mortgage, and the upfront commission. In other words, the higher the interest rate the more a Franklin originator would be compensated.
The originator clearly crossed the line with its compensation structure. But remember, the regulation isn’t as clear cut as it first appears. Take a look at the official staff commentary accompanying 12 CFR 1026.36(d)(1)(I):
- Permissible methods of compensation. Compensation based on the following factors is not compensation based on a term of a transaction or a proxy for a term of a transaction:
- The loan originator’s overall dollar volume (i.e., total dollar amount of credit extended or total number of transactions originated), delivered to the creditor. See comment 36(d)(1)–9 discussing variations of compensation based on the amount of credit extended.
- The long-term performance of the originator’s loans.
- An hourly rate of pay to compensate the originator for the actual number of hours worked.
- Whether the consumer is an existing customer of the creditor or a new customer,
Whether or not the way you compensate your originators is acceptable is a fact-specific analysis. The bottom line is this: in trying to comply with this prohibition it is best to keep in mind what the CFPB is seeking to prevent. It doesn’t want to create an incentive for originators to provide mortgages with higher interest rates and transaction costs than a member needs to pay in order to get an appropriate mortgage.
As for the CFPB’s proposed regulation of prepaid cards, in concept anyway, this is a proposal that is long overdue. More than a decade ago, legislation was introduced in the NYS Assembly that placed restrictions on prepaid cards which were increasingly being used by employers. At the time, one of the primary arguments against the proposal was that regulation of prepaid cards should be done on the federal and not the state level. Prepaid cards are increasingly being used as de facto bank accounts, particularly for the poor and young. It makes sense both from a competition standpoint and from a consumer protection standpoint that consumers that choose to use these cards get basic protections. I will undoubtedly have more to say about this regulation as a I read through its specific provisions. I know you can’t wait.
In the meantime, have a great weekend.
Last Friday, the Supreme Court granted an appeal in the case of King v. Burwell. This move has gotten a lot of attention because if the Court rules against the Administration, Obamacare is gutted. Let’s face it, healthcare has joined politics and religion as a subject you don’t discuss at dinner parties – unless, of course, you’re really bored and want to liven things up a bit. So maybe it’s not surprising that lost in all the media coverage is the fact that whether you support or oppose Obamacare, the case is directly relevant to any institution subject to federal regulation.
The case will give the Court the opportunity to delineate precisely how much flexibility agencies have when making regulations intended to implement federal legislation. I know that doesn’t sound quite as interesting as saying the case could gut Obamacare, but it means that this case is much more likely to impact the regulatory environment in which credit unions operate than the first challenge to Obamacare upheld in 2012. The GAO estimates that the federal government promulgates between 2,500 and 4,500 regulations on an annual basis. Any time the Supreme Court weighs in on how much power agencies have to promulgate these rules, it’s worth paying attention to.
A core component of the Affordable Care Act (ACA) is the establishment of exchanges through which individuals can purchase health insurance. Section 1311 provides that “each state shall, not later than January 1, 2014, establish an American Health Benefit Exchange.” However, a subsequent section provides that if a state chooses not to establish an exchange, the Secretary of Health and Human Services is required to establish an exchange within that state. Only 16 states, including New York, and the District of Columbia established health care exchanges.
Crucially, tax credits are provided for millions of individuals to help offset the cost of health insurance purchased through the exchanges. Specifically, the Act provided that such subsidies are available to a tax payer enrolled in a health plan “through an exchange established by the State.” The IRS was given responsibility for implementing this provision. It decided that the statute was designed to make health care subsidies available to all eligible individuals who purchased health insurance through an exchange regardless of whether that exchange was run by the federal or state government. The issue in this case is how much flexibility the IRS had to interpret the pertinent language as applying to both federal and state exchanges.
This is the part of the debate relevant to credit unions. As we are all too aware, Congress routinely passes huge statutes with vague language. How much flexibility agencies have in interpreting these provisions is governed by a well-established judicial framework. Where a statute is clear, agencies are responsible for implementing its plain meaning. However, where a statute is susceptible to more than one interpretation, courts defer to the agency’s interpretation so long as it is reasonable. This is the reason, for example, why the Court of Appeals for the District of Columbia Circuit ruled that the Federal Reserve acted within its power when it determine the criteria to be used when establishing the debit interchange cap. Critics of so-called Chevron deference argue that this approach gives agencies too much flexibility. This case gives the Court’s conservative wing a high profile case in which to criticize or limit an agency’s discretion in writing statutes.
Why does all this matter? Because every day credit unions and their associations lobby Congress and make good faith efforts to comply with regulations spawned by Congressional enactments. The less flexibility regulators have, the more important the legislative process becomes. Conversely, the more flexibility agencies have then the more the legislation passed by Congress is simply the first stage of an increasingly convoluted law making process.
Speaking of court cases, the NCUA has filed another lawsuit seeking to recoup losses to the Share Insurance Fund stemming from the purchase of mortgage-backed securities. This lawsuit is against Deutsche Bank National Trust Company. It alleges that the company failed to properly exercise oversight over the purchase of mortgage-backed securities purchased by U.S Central, WesCorp, Members United, Southwest and Constitution between 2004 and 2007.