Are You Ready For NY’s Cyber Security Regs?

On the first day back from summer vacation my daughter has an assignment due for her Social Studies class and even though I’ve been asking her about it, I’m pretty sure there is much work that needs to be done. Summer time does not lend itself to working. Similarly, consider this blog just a friendly reminder of an impending compliance deadline. Specifically, on August 28, 2017, compliance with most parts of New York’s cyber security regulations kick in. The six month transition period is just about over. In fact, just last week the DFS opened up its cyber security portal that’ll help institutions comply with this mandate.

As I’ve highlighted in previous blogs, the regulation is applicable to covered entities which are defined as “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law.” New York clearly is trying to stretch the jurisdictional limits regarding what entities this applies to. If you haven’t done so already, your credit union should discuss the potential applicability of this regulation to its operations.

One final thought: Many, but by no means all, of the requirements outlined by the state make sense. Even if your credit union determines that the regulation doesn’t apply to your operations, it provides a handy codification of baseline expectations, particularly in relation to the encryption and storage of email and data.

On that happy note, have a great weekend. If all goes according to plan, yours truly will be headed to Jiminy Peak’s Alpine Slide for the second time this summer; only this time I will be wearing a long sleeve shirt.


August 18, 2017 at 9:10 am Leave a comment

NCUA Unveils Impressive List of Regulatory Reforms

It seems like every few months now, an agency is rolling out another list of regulatory reforms so you have to forgive yours truly for being more than a little skeptical when I saw the headline yesterday afternoon announcing that NCUA is seeking comments on a “sweeping regulatory reform plan.”

Perhaps it’s because I overslept this morning and feel particularly refreshed but I’m impressed by NCUA’s list of recommendations, some of which we have already seen and some of which make the type of subtle changes that can make everyone’s life a little easier.

Yesterday’s announcement and request for comment marks the public unveiling of work done by an internal NCUA task force which has been meeting since March. The task force was created in response to the President’s call for all agencies to: search out and replace, repeal or modify regulations that, among other things, eliminate jobs or inhibit job creation; are outdated or ineffective; impose costs that exceed benefits or “create a serious inconsistency” with other regulatory initiatives.

One of the things that I am most pleasantly surprised by is the emphasis NCUA is placing on addressing existing regulations related to loans and loan participation. For example, it wants to remove portfolio limits and waiver requirements for third-party servicing of indirect vehicle loans. And it also wants to combine most of the existing borrowing limits into one specific section of the regulations.

Another aspect of the proposals that intrigues me is how NCUA is continuing to push for greater flexibility in authorizing community credit union expansions, notwithstanding an ongoing lawsuit by the Banker’s Association challenging the regulations that NCUA has already approved.

Finally, NCUA also wants to consider extending the January 1, 2019 implementation date for risk based capital requirements. More importantly it is open to narrowing the applicability of the RBC requirements.


August 17, 2017 at 9:19 am 1 comment

TRID Changes Issued To Federal Register

Good morning! I just wanted to give everyone a quick head’s up that our good friends at the CFPB have officially issued in the Federal register, several highly technical changes to the TRID disclosure requirements. These changes take effect on October 10, 2017 with mandatory compliance by October 1, 2018.

When I went to the Mortgage Banker Association’s Legal and Compliance Conference earlier this year, there was hope that this round of TRID requirements would clarify some of the bigger issues still hanging out there. I don’t think this collection of highly technical changes is exactly what anyone was hoping for but if you provide mortgages should certainly take the time to understand  these amendments.

The changes cover a wide range of areas including, but not limited to, clarification of how to disclose home construction loans; the calculation of disclosure tolerances involving certain services provided by affiliates and a mandate for  TRID disclosures in co-op sales. Be sure to take an extra jolt of powerful java before delving into this one. That’s what I did.

New Board Members Not to Be Named for Several Months

The Credit Union Times reported yesterday that the Trump administration is unlikely to nominate replacements for NCUA’s Board any time soon. The term of board member Randy Metsger ended two weeks ago and the seat of departed former chairman Debbie Matz remains vacant.

August 16, 2017 at 9:30 am Leave a comment

CU’s Go HELOC Crazy

I had a sense that more credit unions were getting involved with HELOC’s but I didn’t know how big the trend was until I read this article in today’s American Banker. The paper reports that the growth in credit union HELOC lending combined with an overall decline in the number of HELOC accounts has sent the share of HELOC’s owned by credit unions soaring. In fact, credit unions now hold 13.16% of the HELOC market up from 9.63% in 2015. The graph accompanying today’s blog underscores just how big the increase has been.

What’s even more interesting is the reason the article points to for the trend. While banks are still holding back the reigns with more conservative underwriting standards, credit unions are more comfortable with underwriting loans based in part on comfort with the member’s payment history. Ezra Becker, a senior Vice President at Trans Union Financial Service Business Unit points out, “credit unions do a good job working with member loyalty so they may be willing to make a loan that another institution may be unwilling to make.”

Now for a boring compliance reminder. This increased interest in HELOC’s is coming just as changes to HMDA regulations mean that any institution that makes more than 500 home equity loans a year as of January 1, 2018, and meets other compliance thresholds, will now have to report these loans.

OH, Canada!

The world is a bit more sensible this morning. As if things weren’t wacky enough, I noted in a recent blog that our level-headed friends to the North had banned credit unions from using the word banking in their advertising. Fortunately, it was recently announced that this ban will be put on hold pending further investigation.

Hampel Retires

Today, Bill Hampel, the credit union industry’s leading economist, is retiring after a mere 39 years of service.

In the immortal words of Charles de Gualle, “the graveyards of Europe are filled with indispensable men” but the void left by Hampel’s retirement will be a tough one for anyone to fill.  I only had the opportunity to meet Bill in passing a few times, but anyone who has tried to explain the impact of policies on credit unions to regulators, legislators, the general public or family members who still don’t understand that I don’t work for a union, owe a debt of gratitude to Bill. His economic analysis and ability to explain how the economy impacts credit union operations has been an invaluable resource that we are all going to miss.

August 15, 2017 at 8:44 am Leave a comment

Clarifying Board Expectations Is A Good Idea

A proposed guidance by the Federal Reserve on August 3, 2017 would narrow the scope of board responsibilities. It has gotten a lot of snarky reviews, with critics suggesting that it would result in the directors of the nation’s largest financial institutions having less responsibility instead of more. Critics argue that if the financial crisis taught us anything, it is that more board governance is needed, not less.

 This criticism misses the point. Not only is the Federal Reserve justified in clarifying the responsibilities of board members but, keeping in mind that the views expressed in this blog are mine and mine alone, NCUA should follow the Federal Reserve’s lead and provide greater clarity to boards detailing the proper division of labor between Boards of Directors and Senior Management.

 The Fed’s goal is to make sure that boards remain focused on five core responsibilities. These core responsibilities are to (1) Set clear, aligned and consistent direction; (2) Actively manage information flow and board discussions; (3) Hold senior management accountable; (4) Support the independence and stature of independent risk management and internal audit and (5) maintain a capable board composition and government structure.

 How would the focus on these five responsibilities impact board operations? The most controversial aspect of the Fed’s proposed guidance would indicate that the Federal Reserve expects to direct most Matters Requiring Immediate Attention and Matters Requiring Attention to senior management, not to the Board of Directors. Instead, matters would be directed only to the Board of Directors when the board needs to address corporate government’s responsibilities or when senior management has failed to take “appropriate remedial action.” Crucially, and this is the part that critics are not emphasizing enough, boards would still remain responsible for holding senior management responsible for addressing supervisory findings.

 Perhaps this model isn’t a perfect fit for the credit union industry but a clear explanation of board responsibilities is a discussion well worth having. Existing guidance doesn’t provide enough guidance to board members. And let’s face it, there are some boards that exercise too much power and some boards that exercise too little oversight. This is in no one’s interest.


August 14, 2017 at 8:43 am Leave a comment

TCPA Gets Even More Complicated

TCPA Gets Even More Complicated

The Court of Appeals for the 11th Circuit yesterday, revived a lawsuit by a consumer who claimed a bank violated the Telephone Consumer Protection Act by refusing her request that she not be called on her cell phone during work hours. This could be an operational nightmare.

First a quick refresher: The TCPA generally makes it unlawful for any business to make non-emergency calls using an automatic telephone dialing system without the receiving party’s prior consent. In recent years, Courts have ruled that consumers can orally revoke this consent. Schweitzer v. Comenity Bank addressed the issue of whether a consumer could partially revoke a bank’s authority to make automated phone calls.

The case involved a consumer who was delinquent on her credit card payments. When she got the card, she consented to allow Comenity Bank to call her cell phone. Normally I try to summarize these cases as briefly as possible but I can’t resist transcribing a chunk of the dialogue between the bank’s employee and our delinquent card holder. He couldn’t have teed this up any better for litigation if he was a law school professor. When she fell behind on her credit card payment, the bank called her on her cell phone and asked her to make a $35.00 payment. The following exchange took place:

Schweitzer said the following:

Unfortunately I can’t afford to pay [my past due payment] right now. And if you guys cannot call me, like, in the morning and during the work day, because I’m working, and I can’t really be talking about these things while I’m at work. My phone’s ringing off the hook with you guys calling me.

The employee replied that “[i]t’s a phone system. When it’s reporting two payments past due, it’s a computer that dials. We can’t stop the phone calls like that.”

The trial level court that reviewed the case dismissed the consumer’s lawsuit because she had clearly consented to the bank’s use of her cell phone. Furthermore, while the TCPA permits consumers to withdraw their consent, the rule of thumb has been that such withdrawals have to be complete. In this case, our consumer did not request that she no longer receive any phone calls, just that she not receive phone calls at specified times.

However, the 11th Circuit ruled that banks and other creditors should have the operational ability to know when a consumer has partially restricted their phone calls. I hope you can see now why this ruling is so potentially troubling. Currently, it is only directly binding on those of you who do work in states under the jurisdiction of the 11th Circuit but this decision is persuasive authority that could be adopted by other courts and is certainly something of which your collections people should be aware.

More Bad News on Taxi Medallions

This goes into the “don’t shoot the messenger” category but if your credit union is involved with taxi medallions, you should all take a look at the credit union watch blog’s latest analysis of the medallion industry available at: The news is not good and Keith’s analysis of industry trends has been spot-on.

August 11, 2017 at 9:06 am Leave a comment

Four Things You Should Know This Morning

Camden Fine, the President of the Independent Community Bankers of America is one of the best provocateurs in the financial industry. He has really landed a good punch this week with a letter expressing outrage over the one billion dollars in legal fees, paid to the law firms which secured settlements against some of the largest banks in the world on behalf of credit unions. He even suggests that the episode demonstrates that “NCUA is in over its head in overseeing an increasingly complex and concentrated industry.” While I have a soft spot for bomb throwers – it’s time to set the record straight before this argument gains any more traction. For me, Chairman McWatters’ halfhearted defense of the agency’s decision to litigate, in which he throws previous board members under the bus, doesn’t go quite far enough.

Rather than be so outraged at the allegedly exorbitant fees paid by NCUA, why isn’t Mr. Fine outraged that the OCC and the FDIC didn’t come up with the idea of taking similar actions on behalf of those small community banks that suffered so much as a result of the excessive risks taken by the world’s largest financial institutions? Surely, they could have used 3.8 billion dollars in settlement money.

And I’m not going to concede that the fees paid by NCUA are out of line. This litigation is the legal equivalent of experimental brain surgery. It is high stakes and extremely expensive. Simply put, it’s not the type of litigation for which you can simply call up one of those guys or gals who slapped their faces on the back of buses.

Finally, when Mr. Fines talks about the one billion dollars in fees, he should be honest enough to admit that the billion dollar investment in holding investment banks accountable will save American tax payers money in the future. Next time the bankers need another massive bailout – and history tells us that there will be a next time – expect the OCC and the FDIC to use the example provided by the agency allegedly in over its head to get money back from the institutions responsible for creating the mess.

VANTIV Purchases Wordplay Group for 10.4 Billion

Further proof that payment processors are the new cool kids on the block, comes this morning with news that Vantiv has agreed to buy payment processor Wordplay Group for 10.4 Billion. This morning’s American Banker quotes Wordplay CEO Philip Jansen as saying that “The combination of scale, innovation, technology and global presence will mean that we can offer more payment solutions to businesses large, small, global or local.”

JP Morgan Chase to Stop Issuing Replacement Debit Cards

This bit of news is surprising to me. JP Morgan Chase has decided to cancel its program that it has had in place since 2012 that allows customers to instantly replace lost debit cards at many of its 5,300 branches. The decision is reportedly a reaction to an uptick in fraud.

Why does this surprise me? Because it seems that many of the potential fraud issues can be mitigated with proper identification procedures. And the ability to quickly replace lost debit card seems like it would be a real selling point to consumers.

One final note. Am I the only one a little scared that two megalomaniacal narcissists with access to nuclear weapons who have demonstrated a lifelong aversion to compromise are now busy yelling at each other?

August 10, 2017 at 8:59 am Leave a comment

Older Posts

Authored By:

Henry Meier, Esq., General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 446 other followers