Groundbreaking legislation. Political intrigue. Indecipherable regulations. If you get chills of excitement just thinking about these topics, this is the blog for you! Henry Meier is taking on the latest laws, regulations and political issues that impact New York credit unions, so read often and join the conversation!
Are we facing another subprime crisis, this time with auto lending? Are there steps the Legislature should take to clamp down on poor lending practices? Those were the basic questions considered by NYS’s Senate Banking Committee yesterday at a hearing dedicated to analyzing subprime auto lending trends. While legislation may not necessarily be imminent, some key Legislators and regulators are clearly growing concerned with what they are seeing, particularly when it comes to dealer practices.
First, the statistics certainly suggest that we are seeing the nascent signs of car lending abuses. For example, the New York Federal Reserve Bank reported that the dollar value of car loan originations to people with credit scores below 660 has roughly doubled since 2009, while originations for other credit score groups increased by only about half. In addition, a series of articles by the New York Times has highlighted both a growing demand for auto loan securitizations and the questionable practices of some dealers more interested in getting borrowers to agree to the most expensive loan possible with little regard to whether or not the consumer can actually repay the loan.
It was against this backdrop that DFS Superintendent Lawsky suggested that one step the Legislature could take to address these concerns is to allow the DFS to have more direct oversight over auto dealers. As he explained to the gathered Senators, the existing system allows the DFS to scrutinize loans once they are purchased by banks, but this provides little protection to the consumer who walks into the dealership in need of a car.
Another trend highlighted by the Superintendent is the growing securitization of car loans. Echoing sentiments similar to those expressed by the Association in its testimony, the Superintendent pointed out that securitization creates a misalignment of incentives, whereby a lender is more interested in originating a car loan for sale to Wall Street securitizers than it is in ensuring that the borrower can afford to make the car payments.
My sense is that we will not see the Legislature further regulate car lending practices in the near future. But unless, as evidence suggests, some of the abuses are being reigned in, expect legislation dealing with auto lending practices to be a priority next January. In the meantime, it is important for everyone to analyze the extent to which the trends that motivated the Legislature to hold this hearing are anecdotal incidents that reflect pent up demand for automobiles as the economy gradually improves or systemic defects in the auto lending process that legislation could fix.
New York City is about to impose restrictions on employers that will help answer this question.
Last Thursday the City Council passed by a 47-3 vote legislation that bars employees from requesting or using for employment purposes the consumer credit history of an applicant for employment or otherwise discriminating against an applicant or employee “with regard to hiring, compensation, or the terms, conditions or privileges of employment based on the consumer credit history of the applicant or employee “
“Surly there must be an exception for the financial services industry?” you say. After all we are talking about the capital of world finance where unethical financial gurus can hide billions of dollars easier than I misplace my cell phone.
Not really. The prohibition against credit reports does not apply to an “employee having signatory authority over third-party funds or assets valued at $10,000 or more; or that involves a fiduciary responsibility to the employer with the authority to enter financial agreements valued at $10,000 or more on behalf of the employer.”
Since there is no categorical exception for banks and credit unions those of you in the city seeking to utilize this exception will have to parse the quoted language on a case-by-case basis. I would suggest it is worth doing so only for the most senior positions with the most direct control over your credit union
Another exception applies to a position “with regular duties that allow the employee to modify digital security systems established to prevent the unauthorized use of the employers or client’s networks or databases.”
This does seem broad enough to cover a good portion of but not all of your I.T. staff but it is also vague enough to raise some troubling questions. For example, does the exception apply to persons whose duties authorize them to modify data security networks, or, more broadly, to individuals whose jobs enable them to access sensitive computer networks? If the narrower definition applies than you won’t be allowed to do credit checks on the Edward Snowden wannabes of the world who have no compunction against gaining unauthorized access to employer systems.
If you’re saying to yourself that, since you live outside of the Big Apple, you don’t have to worry about this measure you are wrong. Similar bills are already floating around the state legislature and the support for this measure will provide a real push to getting a similar measure approved on the state level.
Supporters of this proposal argue that credit checks don’t have any kind of direct relationship to a person’s competency. Over the last eight years many people have had their credit battered by flat wages and layoffs having nothing to do with how well they do their job. I get that. But at the end of the day, when you work for a bank or a credit union, you do take on an added obligation to handle money properly whether you are a teller, branch manager or a CEO. Credit unions should be able to decide for themselves what they need to know when evaluating applicants free of government micro managing. Here is a copy of the bill which is awaiting the Mayor’s signature. http://legistar.council.nyc.gov/LegislationDetail.aspx?ID=1709692&GUID=61CC4810-E9ED-4F16-A765-FD1D190CEE6C
Cyber Sharing Bill passes House
A strange thing is happening in the House of Representatives: It’s starting to pass substantive bills with bipartisan support. Is our long national nightmare of legislative ineptitude coming to an end?
Yesterday, the House passed HR 1560 which extends liability protections to businesses that voluntarily share cyber threat information. The legislation positions the government as a central clearinghouse for cyber threats.
The bill is consistent with a growing shift in emphasis away from cyber threat prevention and towards more quickly responding to cyber-attacks after they occur. (Your credit union will be subject to a data breach; the question is how quickly will you spot it?) The quicker a network of potential targets can talk to each other the quicker they can respond to data breaches. Here is a copy of the bill which has not yet been passed by the Senate. http://thomas.loc.gov/cgi-bin/query/F?c114:2:./temp/~c114VL7VIk:e2869:
Benjamin Lawsky, Superintendent of New York’s Department of Financial Services, said yesterday that he expects the State to unveil regulations mandating the licensing of virtual currency operators by the end of May, according to Banking Law 360. These regulations, which have been the subject of extensive analysis since they were proposed last July, are essentially the first draft of an attempt to regulate virtual currencies since neither the federal government nor any other state has moved to regulate them, the most prominent of which is the Bitcoin. It’s not surprising, then, that the Superintendent indicated that the regulations may be modified in response to coordinate enforcement with other states, including California.
As currently proposed, the regulations shouldn’t have a direct impact on established credit unions or banks. It exempts entities already licensed by the Banking Department provided they get permission from the Superintendent prior to engaging in the business of virtual currency. But the question of how best to regulate virtual currencies will have a profound impact on how finance is transacted in the coming years. Here is why.
Follow the money: although the Bitcoin has gained most of its notoriety in this country as a potential facilitator of illegal transactions — which is why the DFS is seeking to impose state level requirements on Bitcoin operators to report suspicious activities – investors are intrigued by the technological possibilities behind the currency. In March, the WSJ reported that “[a] Silicon Valley startup has persuaded some of the biggest names in venture capital to put $116 million behind its plan to turn the technology behind bitcoin into a mass-marketed phenomenon.”
Nor is the money coming exclusively from a bunch of wealthy libertarian California dreamers. The staid Swiss Banking Giant UBS also recently announced that it will be investing in virtual currency research in London and the British Government has coupled its own calls for increased regulation with the promise of an additional 10 million pounds ($15 million) for a research initiative that will look into the blockchain technology behind digital currencies.
Silicon Valley types are making these investments as the Federal Reserve is prodding the banking industry with increasing urgency to think about how the currency processing system should be updated for the 21st Century. One Fed researcher has even suggested the creation of a Fed Bitcoin. In addition, NATCHA is in the process of expediting its clearing processes, which brings us back to New York State’s regulations.
It wasn’t too long ago that the only thing most regulators and politicians knew about virtual currencies was that they were convenient tools for criminals. The discovery of a silk road website where visitors could buy and sell a laundry list of drug paraphernalia seemed to vindicate this concern.
But times are changing. Virtual currencies demonstrate just how antiquated the traditional negotiation of currency has become. Don’t get me wrong. I am not predicting that the Bitcoin is going to rival the dollar as a currency any time soon; but I am predicting that the dollar bill of tomorrow will look a heck of a lot like today’s Bitcoins. Those regulators that strike the proper balance between appropriate oversight of this technology and fostering an environment that allows for innovation will be positioning their states and their countries to reap untold riches in the coming years, not to mention enabling them to remain in the forefront of financial regulation.
New York’s foreclosure law is one of the most complicated and time consuming in the country. Not only was the state one of the first in the nation to impose 90 day pre-foreclosure requirements and judicially imposed settlement conferences that provided a model for the CFPB but, as the housing crisis worsened, some courts became more and more aggressive in interpreting these and other laws for the benefit of delinquent borrowers.
To supporters of New York’s laws these protections are necessary to insure that homeowners have the legal protections necessary to keep their homes. To critics, a group whose ranks I have become an increasingly fervent member, state and federal protections are, when judged in the aggregate, not so much good faith borrower protections as they are procedural trip wires which slow down the foreclosure process to such an extent that they make owning a home in New York more expensive and contribute to urban blight.
The latest example of New York’s approach to housing policy is a bill drafted by the Attorney General to deal with the proper maintenance of abandoned “Zombie” property that has not yet been foreclosed on but has been abandoned by the homeowner. I have written other blogs about the proposal before, but I recently took another look at the legislation after it was officially introduced (A.6932\S.4781) on April 10th.
First, the good news is that the bill may make it easier to more quickly foreclose on abandoned property by making vacancy a ground for foreclosure and establishing courts specifically for such foreclosures. If you are going to make lenders maintain property than it makes sense to give them legal title as quickly as possible. It’s clear that supporters of this bill have listened to the critics. Its much more reasonable than it could have been.
Now for the bad news. It would mandate the establishment of a statewide abandoned property registry. Lenders may still find themselves on the hook for maintaining property they don’t own.
In addition, a provision in the bill demonstrates that legislators and regulators continue to have an absolute fetish when it comes to imposing notice requirements on lenders dealing with delinquent homeowners. The law would require lenders to send a notice to a delinquent borrower that “You are allowed by New York state law to continue living in your home regardless of any collection methods we pursue or oral or written statements made during the collections process, including the foreclosure process, until such time as you are ordered by a court to leave your property.”
This notice shall be sent within 15 days of property becoming 90 days delinquent that means that the homeowner not only is entitled to a 90 day pre foreclosure notice but now will receive this additional notice. This is, of course, in addition to the erstwhile summons and complaint that for hundreds of years has put people on notice that they are being sued.
In addition to these state specific mandates CFPB imposed regulations now require mortgage servicers to make a good faith effort to establish contact by 36 days after a homeowner misses a payment and provide written notice no later than 45 days after delinquency providing information about loss mitigation and counseling options. And of course federal regulations now prohibit a foreclosure action from being filed until the borrower is more than 120 days delinquent.
What astounds me is that anyone can look at these protections and conclude that homeowners need more notices or that greater legal burdens need to be imposed on borrowers.
Let’s not forget that the primary problem is people purchased homes they can no longer afford.
I’m off my soapbox, Have a good day,
To its credit, for almost a decade now NCUA has been emphasizing the need for due diligence when entering into third party relationships. Unfortunately, based on what I have seen, the quality of credit union oversight varies widely with too many credit unions continuing to place too little emphasis on a properly drafted contract which commits vendors to upholding privacy standards and establishes a framework whereby your credit union monitors vendor performance.
So, I’m not surprised with the results of a survey released last week by New York’s Department of Financial Services. The Department surveyed 40 financial institutions about their vendor management activities. Its findings are likely to result in proposed state regulations outlining vendor relationship requirements. It concluded that:
- Nearly 1 in 3 (approximately 30 percent) of the banks surveyed do not require their third-party vendors to notify them in the event of an information security breach or other cyber security breach.
- Fewer than half of the banks surveyed conduct any on-site assessments of their third-party vendors.
- Approximately 1 in 5 banks surveyed do not require third-party vendors to represent that they have established minimum information security requirements. Additionally, only one-third of the banks require those information security requirements to be extended to subcontractors of the third-party vendors.
- Nearly half of the banks do not require a warranty of the integrity of the third-party vendor’s data or products (e.g., that the data and products are free of viruses).
As I see it, one of the biggest problems is that businesses think of the contract as one of those last second details to be addressed after a vendor has been selected. It doesn’t have to be this way. For your larger vendor contracts you should ask your finalists to provide you with copies of their base contracts. You have leverage you should use if you find that one vendor has better terms than another. Furthermore, if one vendor is more committed than another to insuring data security then you can and should take this into account when making your final decision. Finally, you are being penny wise and pound foolish if you don’t pay for an attorney who has experience with vendor contracts and who is aware of pertinent regulatory requirements. By the way, the Association is willing and able to provide these services.
Is the Fed Getting Cold Feet?
The recent spate of lack luster economic news may keep the Fed from raising interest rates when it meets in June, according to an interesting WSJ article today. If this reporting is correct, a consensus is emerging that with inflation still below its 2% target range and employment still lagging, it makes sense to wait until later in the year before deciding to pull the trigger on the first rate increase since the Fed placed short term interest rates near 0 in December 2008.
Two quick thoughts, this is another great example of the Groundhog Day economy we have been stuck in for some time now. Economists confidently predict every Fall that the economy is finally on solid footing only to back away from the predictions following tepid economic growth in the first quarter. For what it’s worth, this blogger still believes the Fed will raise rates ever so slightly in June, if only to shift the debate away from when interest rates will rise to how high they should go. Low interest rates have artificially inflated equities for several years now by making the market the only place to get an adequate return.
On that note, have a nice weekend.
Verizon recently came out with its annual analysis of Data Breach Incidents Reports and it is a much read for at least one employee at every credit union. (http://www.verizonenterprise.com/DBIR/2015/?&keyword=p6922139308&gclid=CJXf_83Z-sQCFQqOaQodiIwAyw).
How effectively you deal with data breaches is an increasingly important factor in determining your credit union’s bottom-line. Verizon’s report is the best I have seen when it comes to providing an objective analysis of data breach trends. Here are my takeaways from the report:
Is greater information sharing the answer? One of the best ways to mitigate the negative consequences of data breaches is to get the word out about compromises as quickly as possible. We need more sharing of information. But rather than facilitating sharing within a given industry, the report concludes that greater emphasis has to be placed on sharing between industries that share common characteristics. In fact, it concludes that “our standard practice of organizing information-sharing groups and activities according to broad industries is less than optimal. It might even be counterproductive.” Greater inter-industry coordination is the type of mission that only government can facilitate and it’s fraught with a host of privacy issues. We are talking about sharing information about members over an array of businesses and industries inconceivable when Gramm–Leach–Bliley was passed.
Just how much are all of these data breaches costing us? The report attempts to quantify how much data breaches cost. It estimates that the average loss for a breach of 1,000 records is between $52,000 and $87,000. However, estimates vary widely based on the size of the breach, so the report also provides a chart on page 30 of the report providing a range of estimated costs based on the size of the breach.
Think of how valuable this information is and could be, particularly as the estimates get more accurate. For example, is it worth switching to EMV technology? Maybe, maybe not, depending on the scope and size of your potential data breach exposure. At least no one has to be groping around completely in the dark when making these decisions.
Is there anything that you can cost effectively do to help prevent or mitigate breaches? Here is some good news. Despite all the technological sophistication that goes into carrying out and preventing data breaches, a tremendous amount of data breach protection can be achieved by educating your own workforce and being as careful as you can be about who has access to information that could facilitate data breaches. For example, the report estimates that 55% of incidents stemmed from “privilege abuse.” In addition, employees aren’t all that quick when it comes to reporting data breaches. Perhaps it’s time for those “welcome to the new job” overviews HR gives to the new hires to include a talk about reporting potential phishing attacks. Another interesting factoid is that many data breaches involve compromises of software for which patches were available but not installed.
Currently, New York law not only prohibits municipalities from depositing their funds in credit unions, it also prohibits these funds from being deposited in savings banks and savings and loan associations. To me, it’s obvious that municipalities should be able to place their tax dollars wherever they get the best return. For several years now, the Association has advocated for municipalities to be able to deposit their funds not only in credit unions but in these thrifts, as well.
Unfortunately, the banking lobby is so dogmatically opposed to municipal choice that it would rather prohibit some of its own members from accepting municipal deposits than give municipalities the option of depositing funds in credit unions. The latest example of this short-sighted and wasteful viewpoint was revealed in an article in the American Banker last week, in which banking lobbyists proudly proclaimed that they are opposed to legislation once again introduced this session to permit all thrifts and credit unions to accept municipal deposits.
In fact, John Witkowski, President and Chief Executive of the Independent Bankers Association of New York State, sounded a bit paranoid when he explained to the American Banker that “we really have to defend ourselves against what credit unions are trying to do, to expand into the community banking territories geographically and business-wise.” As for the members of his Association harmed by this stance, he explained that “you can’t please everybody,” i.e. let them eat cake. These comments drew a retort from CUNA’s Jim Nussle, who explained that it’s unfortunate that banks put protecting themselves from competition ahead of increasing alternatives to municipalities and households.
It’s easy to get jaded around politics. After all, there are times when the best defense is a good offense. If I worked for the Bankers, I would have no choice but to argue that the big, bad credit unions are using their tax-exempt status to destroy banking as we know it. But, as jaded and cynical as I can get about politics, the most positive thing I will continue to say about it is that the person with the best argument will ultimately win the debate. It’s just a question of how long the battle will take.
It simply makes no sense to prohibit municipalities from placing funds in credit unions. They are federally insured, just like banks. Twenty-five states already give municipalities similar freedom, it would save taxpayers money by ensuring they get the best return on their tax dollars, and when a municipality places money in a credit union, it is assured that its money is being reinvested within its local community for the benefit of its residents and employees. Oh, and one more thing, credit unions do pay taxes. They simply don’t pay corporate taxes.
By the way, since we’re talking about taxes, I wonder how many banks taking in municipal deposits are structured as S-Corporations precisely because this corporate structure allows them to avoid being taxed at the corporate level?