Three Things You Need To Know Heading Into a Holiday Weekend

Here are some recent happenings that I think you need to know about before my long weekend kicks in.

Another Day, Another Overdraft Lawsuit

The first thing I did this morning was read a decision released by a Federal District Court in Massachusetts yesterday denying a motion by Digital Federal Credit Union to dismiss a class-action lawsuit claiming that the credit union inadequately explains its account balance calculation methods to members who opt in to receiving overdraft protections for their debit card transactions. (BRANDI SALLS, individually, & on behalf of all others similarly situated Plaintiff, v. DIGITAL FEDERAL CREDIT UNION & DOES 1 through 100, Defendants., No. CV 18-11262-TSH, 2018 WL 5846820,  (D. Mass. Nov. 8, 2018)

I’m not going to spend too much time on this because I’ve already talked about the issue in previous blogs. But once again, a court has ruled that a credit union which uses the available balance method when determining if a member has adequate funds to pay an account debit wrongly assumed that a reasonable person couldn’t find their disclosures ambiguous. As for the argument that the credit union used forms promulgated by federal regulators, the judge joined with other courts in finding that the use of federally prescribed forms for providing disclosures under Regulation E only protects financial institutions against claims based on the form of the disclosure and not claims about its substance. The bottomline is you can use an available balance method but you must properly disclose what it is and how it works.

Another Day, Another Data Breach

Earlier this week it was reported that HSBC was victimized by a relatively small data breach. A mere 1.4 million consumers had their accounts compromised but like I always say, these numbers tend to grow as the weeks go by. Reading about the breach has educated me about a relatively crude but apparently increasingly common, hacking method in which the bad guys use software to bombard accounts with stolen passwords and other account information they have usually purchased from the “dark web” to see if they can gain access to consumer accounts. Remember, someone in your credit union should be responsible for knowing how vulnerable your institution is to this type of attack and what defenses the CU has in place.

Credential stuffing underscores why it is foolish for consumers to use the same login information on all their accounts as well as underscoring the utility of multi-factor authentication techniques. It also demonstrates how difficult it is to assess how damaging a breach of account information, such as those that occurred at Yahoo, really are the information stolen from these sites could be used to compromise a member’s security years after it was stolen. Here are some links that I found helpful: https://www.owasp.org/index.php/Credential_Stuffing_Prevention_Cheat_Sheet; https://www.techrepublic.com/article/how-to-avoid-credential-stuffing-attacks/

Another Fed Meeting

The Federal Reserve’s interest rate setting Open Market Committee released a statement yesterday in which it all but announced that there be another rate hike when it meets again in December. The statement explained that, “The Committee expects that further gradual increases in the target range for the federal funds rate will be consistent with sustained expansion of economic activity, strong labor market conditions, and inflation near the Committee’s symmetric 2 percent objective over the medium term.”

That’s enough for one day. Enjoy your weekend. I’ll be back on Tuesday.

 

 

November 9, 2018 at 8:48 am Leave a comment

Foreclosing in New York Just Gets More and More Difficult

One of the developments  that real estate lawyers are paying a lot of attention to these days has to do with New York’s six year statute of limitations for foreclosures  and how it interacts with agreements to modify an existing debt. I’ve seen many credit unions bend over backwards to try to help a delinquent homeowner but the way the law is being interpreted, if you don’t protect yourself properly you may find your credit union is unable to collect on a mortgage.

Fortunately, New York’s General Obligation Law 17-101 provides a mechanism to revive claims that otherwise would be time barred. For the statute to work its magic however, a debtor must acknowledge in writing that he owes a debt and make an unequivocal commitment to paying. As the courts have explained, there must be nothing in the document which is inconsistent with a debtor’s intention to pay.

Just how tough is that standard? Well, do you think this language is good enough? “My partnership owes you money for the first mortgage payment (after the date of modification). We haven’t received the Modification Agreement from you as yet, and I would appreciate it if you would forward it to me as soon as possible.” The court ruled that this statement did not constitute an acknowledgement of the debt because while the letter “arguably” acknowledged the existence of the debt, it was not coupled with an unconditional promise to pay. (Sichol v. Crocker, 177 A.D.2d 842, 842, 576 N.Y.S.2d 457, 458 (1991)).

The issue is becoming increasingly important to foreclosure cases in which six years has passed since a foreclosure was initially filed and homeowners s argue that a purported agreement to modify a loan or voluntarily stop the foreclosure clock from running did not actually constitute an acknowledgment of debt sufficient to reset the foreclosure clock. For example, take a look at U.S. Bank, Nat’l Ass’n v. Kess, 159 A.D.3d 767, 767–68, 71 N.Y.S.3d 635 (N.Y. App. Div. 2018) and Yadegar v. Deutsche Bank Nat’l Tr. Co., 164 A.D.3d 945, 946, 83 N.Y.S.3d 173, 174 (N.Y. App. Div. 2018) to get a sense of how strictly the acknowledgment requirements are being interpreted.

This litigation underscores that agreements dealing with delinquent mortgages can’t be explicit enough. Personally, I would always include language in which the debtor acknowledges that she owes the lender an existing debt of _____________ and is hereby making an unconditional commitment to paying such debt. Of course run this language by your attorney. This is just my opinion.

On that happy note, get to work.

November 8, 2018 at 9:22 am Leave a comment

How Last Night’s Elections Impacted NY CU’s

Good morning folks. Here are some quick takeaways from last night’s elections.

  • Will the last New York state Senate Republican please turn out the lights? It’s taken about a decade longer than it probably should have but New York State had its very own blue wave last night and my guess is you will never see a Senate Republican majority again. According to this morning’s New York Post, Democrats will now be in control of the chamber with at least 40 votes to the Republican’s 23. The margin is so big that any speculation about  Republicans cobbling together a working majority as they have done for the last decade is out the window. This is historic. Except for a brief period in the 1960’s. Senate Republicans controlled the chamber since the end of WWII. Not only do the Democrats have control of the Senate but barring a historic meltdown, Democrats will have complete control of all the levers of power when redrawing of the maps begins in 2020.
  • What this means for credit unions? Frankly any change is good news for credit unions which can make arguments for common sense reforms such as municipal deposits to a fresh set of legislators and staff members. Get ready to go to Albany.
  • Are New York Republican Congressmen an endangered species? Three of the pickups which helped Democrats take control of the House of Representatives came courtesy of New York State. My old boss John Faso lost his Hudson Valley seat after just one term to political newcomer and unabashed progressive, Antonio Delgado. And in two of the biggest surprises of the night – for me anyway – Claudia Tenney has probably lost her reelection bid to Assemblyman Anthony Brindisi but has not conceded and Congressman and former District Attorney Dan Donovan lost his reelection bid to Max Rose. Neither of these were high on the prognosticator hit-list and they show just how divided the nation has become. If there were two districts in New York that would benefit from Donald Trump’s high profile campaigning leading up to the midterms, these two districts would have been at the top of the list.
  • What this means for credit unions? Congresswoman Tenney and her staff had an open door policy when it came to New York credit unions which was all the more useful because she was given a seat on the House Financial Services Committee. We will have to get to know the new members and keep in mind that given their more liberal leanings, they may expect more, not less of credit unions. Time will tell.
  • Marijuana banking will be legalized once and for all. The only unequivocal prediction I will make today is that within the next two years  marijuana banking will be legal as a matter of federal law in those states that choose to legalize it. Last night three states Michigan, Missouri and Utah approved referendums legalizing marijuana use in some form. But the really important thing to keep in mind that all three of these states were states that voted for Trump in 2016. I believe that marijuana legalization is one of the few issues that a progressive Democratic majority in the House and a coalition of state’s rights Conservatives in the Senate will be able to agree on.
  • What this means for credit union? For those of you who are interested in marijuana banking, now is the time to start researching how you’re going to design your compliance programs and ultimately determining whether the costs of providing these services are outweighed by the potential benefits.
  • As for the national level, CUNA and NAFCU better get moving quickly because if anything meaningful is going to be passed it is going to be well before the epic battle for the 2020 Presidency begins.

November 7, 2018 at 8:38 am 2 comments

Are You Providing Health Insurance To Board Members The Right Way?

Image result for doctor12 USC 1761 (c) seems simple enough. It gives federal credit unions the authority to provide board and committee members “reasonable health, accident,{or} similar insurance protection” notwithstanding the general rule against compensating all but one board member at a federal credit union.

But while the concept is simple, it is a deceptively poorly drafted statute which has necessitated about as much guidance from the NCUA’s counsel’s office over the years as any provision of the Federal Credit Union Act. The issue is all the more relevant today because in early October, New York State’s Department of Financial Services used its wildcard powers to authorize state charters to provide board member health insurance. But what exactly does NCUA permit credit unions to do anyway? Here is a look at that question with some of the pertinent legal opinions NCUA has issued over the years.

Most importantly, NCUA has consistently explained that credit unions can provide board members   health insurance so long as  that “health insurance must be reasonable in coverage amount and terminate immediately upon the individuals leaving office excluding any pending clams.”

Can a credit union simply reimburse a board member? NCUA’s legal eagles have further explained that, “An FCU may provide reasonable health insurance to its officials by either directly purchasing insurance coverage or by reimbursing officials for their actual costs in obtaining coverage facts.” This seems clear enough but you have to make sure that you are only providing health insurance reimbursement to board members who are actually going to use it. In other words, this can’t be a windfall for a board member who already has insurance. This is one of the main reasons why you have to have policies in place explaining your approach to board member health insurance.

The authority to provide health insurance generally    does not extend to the family of board members but in this opinion letter, NCUA opined that this general prohibition does not extend to certain employee assistance programs such as those offering a variety of counseling sessions targeting mental or emotional health issues. Read this opinion letter closely though. There are several caveats including the fact that each participant, whether an employee, volunteer or immediate family member paid a ten-dollar fee for each counseling session. Remember also that even with this program, family members are not allowed to participate in the larger health insurance program.

Here’s one to put my compliance brethren at ease. Read 701.33. It limits its coverage as follows; “insurance protection must exclude life insurance; must be limited to areas of risk, including accidental death and dismemberment, to which the official is exposed by reason of carrying out the duties or responsibilities of the official’s credit union position.” Say what? What exactly are the risks entailed in being a volunteer board member beyond the aggravation and potential lawsuit? Would a credit union have to show, for example, that it does an offsite team building exercise in which its board members must climb one of New York’s high peaks together?

NCUA has basically thrown up its hands when it comes to explaining what exactly this language means. It has explained that it would “likely be impossible to limit health insurance only to credit union activity.”

There’s so much more I could say but I’m running out of space and time for today’s blog. One more important point to keep in mind is that all these letter are predicated on the assumption that your credit union has laid out in policy what exactly its health insurance practices are when it comes to board members.

On that note, don’t forget to vote. I’ll talk politics tomorrow and try not to get too fired up.

November 6, 2018 at 9:18 am 2 comments

Four Legal Pitfalls to Avoid This Holiday Season

Maybe it’s because I’ve seen so many Christmas commercials already that I wouldn’t be surprised if Macy’s announces it is moving its parade from Thanksgiving Day to Halloween Day. Or maybe it’s because I felt the need to tell my wife that she shouldn’t expect a gift- wrapped Mercedes Benz waiting for her in the driveway Christmas morning but here is one man’s opinion as to how to handle some of the unique issues that arise each holiday season. Remember, these are simply my opinions and not a substitute for consulting with your attorney on these matters should they arise.

  1. Better off being Grinch when it comes to the Board. Many credit unions use this time of year to thank their Supervisory and Board of Directors for all the hard work they do. NCUA has consistently opined that only gifts of nominal value can be provided to board members without providing all that much guidance as to what nominal actually means. According to the trusty Merriam Webster Online Dictionary, nominal is defined as something “trifling or insignificant.” My rule of thumb is that when it comes to holiday gift giving, if the gift is something that would entice someone to be a member of your board, don’t do it.
  2. Festivus for the rest of us. This is always a good time of year to brush up on the rules governing religious discrimination. For example, if you let employees take time off for Christmas Eve, you sure as heck better allow employees who don’t celebrate Christmas to take time off for their religious holidays as well. An exception to this rule applies if the employer would suffer a true hardship by permitting the time off. A misapplication of this rule got Comfort Inn Ocean Front sued by the EEOC for religious discrimination. These protections apply to individuals with sincerely held religious beliefs. As the EEOC explains in this useful Q&A, religion extends far beyond the traditional faith. It includes “religious beliefs that are new, uncommon, not part of a formal church or sect, only subscribed to by a small number of people, or that seem illogical or unreasonable to others. An employee’s belief or practice can be “religious” under Title VII even if the employee is affiliated with a religious group that does not espouse or recognize that individual’s belief or practice, or if few – or no – other people adhere to it.”As a result, we aren’t far from the day when employees make legitimate claims that they want to have Festivus off. You are better off just having a set number of floating days set aside for religious observance. If you find yourself delving into the merits of an employee’s beliefs, you are making a big mistake.
  3. The time of year to trust but verify. Both state and federal regulators emphasize the need to make employees in sensitive positions take continuous time off so that the credit union has the ability and time to identify maleficence. While both NCUA’s examination guide (Section 4-6 Examiners Guide) and New York’s Department of Financial Services strongly suggest two consecutive weeks must be taken off, anecdotally it seems that only state examiners occasionally are sticklers about the two week requirement. Incidentally, I have reason to believe that the state will be issuing guidance on this issue in the near future. In the meantime, make sure your policy in place mandating at least five days off for your key employees. What’s the holiday tie-in? Because with the end of the year right around the corner you should put those employees who haven’t complied with this requirement on notice that they are expected to do so.
  4. The morning after: Handle the office Christmas party with care. Let’s face it, the only thing more boring than going to a dry wedding reception is going to a dry office holiday party. After all, at the office party there are no family members celebrating the joyous event. New York’s Dram Shop Law actually pretty narrowly describes the circumstances when persons serving alcohol can be liable for subsequent accidents. In addition, New York Courts have been hesitant to impose liability on employers for accidents caused by their drunk employees. But obviously this does not mean that it’s party time. For what it’s worth, if I was organizing an office Christmas party I would (1) have it off the building’s premises so as to remove the threat of host liability (2) I would ask for volunteer spotters who agree to stay sober and make sure things don’t get out of control and (3) I would utilize Uber to offer free rides home to anyone who wants one.There is of course the ever-present danger of sexual harassment. There is no Christmas party exception to its prohibition which is why you can find scores of cases detailing office parties gone wild. In addition, keep in mind that New York law has removed any ambiguity with regard to your credit union’s liability for the acts of third-parties such as your favorite vendor during these get-togethers.

November 5, 2018 at 9:35 am Leave a comment

CU BSA Practices Under The Microscope Again

The Wall Street Journal is the best paper in America but if all you did was read the Journal, you could be forgiven for thinking that credit unions, as opposed to the megabanks which simply ignore BSA requirements and then pay large fines, are the biggest weakness in the country’s anti-money laundering framework.

The latest CU to find itself in the WSJ’s crosshairs is $24 billion PenFed Credit Union. According to the article in the WSJ, in 2016 and 2017 staff members at the credit union were concerned enough about inadequacies in the credit union’s AML compliance framework that they raised their concerns with senior staff and regulators. Specifically, the Journal reports that concerns were raised about “understaffing, gaps in reporting of potentially suspicious transactions to the government, insufficient monitoring of wire transfers, a lack of anti-money-laundering training for senior leaders and inadequate scrutiny of potentially high-risk customers.” The Journal points out that many of these concerns are raised during a time of fast growth by the credit union which is the third largest in the country.

Buried a little deeper in the article we find out that PenFed’s program was subject to a document of resolution and there is no suggestion that the problems highlighted in the article haven’t been addressed or resulted in money laundering activities.

I’m talking about this article for two reasons. First, when issues get public attention they tend to get the attention of your examiners so, as always, make sure your AML/BSA framework is as good as it can be.

I would argue that the single biggest cause of credit union liquidations is the lack of adequate internal controls to identify serious problems and to get those problems addressed. To be sure, at $24 billion, PenFed should be held to a much higher standard than other credit unions but all credit unions should ask themselves not only if they have a compliance system that looks good on paper but one that allows people to identify mistakes so that they can actually be addressed and minimized. In some ways, with the caveat that we don’t know all the facts and obviously mistakes were made, it appears that PenFed’s system, worked exactly the way you want a compliance system to work. Employees identified concerns and had the confidence to make sure senior executives and regulators were made aware of these problems.

Those Who Don’t Learn the Lessons of History are Bound to Repeat It…

This is one of my favorite quotes, which I just found out courtesy of a Google search is credited to George Santayana – I bet you didn’t know that reading this blog helps win Jeopardy. Anyway, this quote came to mind this morning as I read a summary of a proposed regulation by the Federal Reserve, FDIC and the OCC which would introduce more flexible capital requirements for banks with $100 billion or more assets depending on the type of activities they engage in. Specifically banks with $100 billion or more assets, could be subject to less stringent capital requirements based on the risk of activities they engage in such as short-term wholesale funding, cross jurisdiction activity, and the amount of exposure they have to non-bank assets.

Strip away the fancy language and a mere ten years after the greatest economic meltdown since the Great Depression, regulators believe that they have a good sense of what banks and what activities pose a systemic risk to the banking system. I know I’m cynical but I find this hard to believe.

November 1, 2018 at 9:17 am 1 comment

Why We Need Federal Data Protection Standards

A recent decision by a federal district court in Colorado (BELLWETHER COMMUNITY CREDIT UNION, v. CHIPOTLE MEXICAN GRILL, INC., Defendant., No. 17-CV-1102-WJM-STV, 2018 WL 5279468, Oct. 24, 2018)) dismissing most of the claims brought by a credit union against Chipotle is the latest and best example of why we need federal data standards for all institutions coupled with a clear private right of action for both consumers and businesses harmed by data breaches. And it is not just because I am more of a Panera guy myself.

If you step outside this morning to get a cup of coffee and get hit by a speeding car, you will be able to sue the driver because she owes you a common-law duty to drive with reasonable care. Now, let’s say you return safely from your coffee run only to find out that there has been another massive retailer data breach in which the retailer clearly was negligent in the way it protected personally identifiable information obtained from  point-of-sale transactions. The retailer accepts VISA and many of your members are demanding that the VISA credit cards you issued be replaced. All this costs money. But unlike the driver, there’s a good chance that your credit union won’t be able to bring a negligence claim against the negligent retailer even though there are real costs involved, not to mention the reputational harm done to your credit union. Let’s face it, people expect financial institutions to protect their information. 

 Unfortunately many courts,  including New York’s,  bar tort claims brought by companies for purely economic loss. This is the way a federal court in New York recently described this standard. Under the economic loss doctrine “a defendant is not liable for purely economic loss unless the plaintiff demonstrates that the defendant owed a duty” arising from a special duty such as the obligation of a fiduciary (Ambac Assurance Corp. v. U.S. Bank Nat’l Ass’n, 328 F. Supp. 3d 141 (S.D.N.Y. 2018). Why is this the rule?

Because the law wants to encourage companies that want to deal with each other to enter into contracts specifying what obligations they owe to each other. In the case of Chipotle for example, it agreed to abide by its credit card contract and issuers such as your credit union are also subject to those terms. Beyond that, merchants and issuers have no obligation to each other.

At least consumers can sue retailers for data breach harm but the challenge faced by many consumers is proving not only that their information has been compromised but that they have been harmed as a result of this happening. All this leads to a legal framework which makes it extremely difficult for financial institutions and consumers to recover for the harms caused by data breaches. This also means that, aside from the desire to avoid bad publicity, retailers don’t have as much of a financial incentive to guard against data breaches as would otherwise be the case. The result is that unless we enact minimum federal standards and remedies for violating those standards, this situation is not going to change. And that’s not only bad for credit unions. It’s also bad for their members.

Incidentally, I’ve had this discussion with credit union people who point out that credit unions could find themselves subject to the same types of lawsuits which I am arguing we should be able to bring against companies: True enough. But remember, credit unions are already paying for data breaches. In addition,  well drafted legislation would provide defenses for institutions which comply with data breach security standards like those with which banks and credit unions have had to comply for more than a decade.

 

October 31, 2018 at 9:07 am Leave a comment

Older Posts


Authored By:

Henry Meier, Esq., General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 535 other followers

Archives