New York Proposes Disclosure Regulations For Small Business Financing

New York’s Department of Financial Services yesterday issued proposed regulations outlining disclosure requirements for non-bank entities that provide financing of up to $2.5M for businesses. The regulations are the final step in a two year effort by the Legislature designed in part to regulate the activities of third-party lending platforms.

The legislation generally mandates that providers of commercial credit provide TILA like disclosures when offering commercial financing. It applies to a broad range of financing activity including factoring as well as traditional open-ended lines of credit and close-end loans. The mandated disclosure requirements must be provided by the Providers of these loans. So the key to understanding its reach starts with understanding what a Provider is. The legislation defines a Provider as:

“…a person who extends a specific offer of commercial financing to a recipient. Unless otherwise exempt, “provider” also includes a person who solicits and presents specific offers of commercial financing on behalf of a third party. For the avoidance of doubt the extension of a specific offer or provision of disclosures for a commercial financing, in and of itself, shall not be construed to mean that a provider is originating, making, funding or providing  commercial  financing.”

Crucially, for our purposes, the legislation specifically excludes credit unions and banks from the definition of a Provider. Nevertheless, those credit unions that work with lending platforms will see the impact of this new requirement. Many credit unions are already working with internet based platforms that connect businesses and lenders but don’t actually make loans. As explained in this analysis of the bill in the Banking Law journal ”even if the entity that makes a commercial loan or other commercial financing transaction is exempt from the New York Law’s requirements, a typical online lending platform would still have to comply. As such, fintech companies operating commercial lending platforms are required to comply with the new law even if they rely on a bank partner arrangement and the bank is exempt”.

We will be reading the proposed regulations in the coming days, to make sure that they don’t impose any additional requirements on credit unions and we will keep you posted on what we find.

September 22, 2021 at 9:33 am Leave a comment

Just what is an “Item” anyway?

A former President got impeached after quibling over the definition of “is” and today CUS and banks are being sued over the definition of “item.”

That is one of the key questions confronting both credit unions and banks as they continue to make a handful of consumer plaintiff law firms wealthy because of inaccurate disclosures in their account agreements. On a practical level this means that you should review your account agreements to ensure that it actually defines what an item is. This is particularly true if your credit union is large enough to be targeted for class action litigation.

I’ve done blogs for several years now detailing how both credit unions and banks are being sued for inaccurately disclosing how account balances are determined for purposes of generating overdraft fees. For example, if your member has $50 in an account at the time she uses her debit card to pay for her Starbucks latte but 49 of those dollars are subject to pending transactions has your member been given adequate notice that an overdraft fee will be charged based on how the account balance is actually calculated?

A more recent permantation of this litigation has to do with the proper disclosure of NSF fees generated by repeated presentments for payments made by merchants using the NACHA network. Specifically, does your credit union charge a fee every time a merchant presents a transaction for payment and if so is this practice properly disclosed? In Richard v. Glens Falls National Bank, 2021 WL 810218, at *1 (N.D.N.Y., 2021,) the bank charged a separate fee every time a merchant represented an item for payment. The bank’s fee schedule disclosed that an NSF fee could be charged “per item” but did not define what an item was. As a result the account owner argued that the bank was only entitled to charge a single NSF fee irrespective of how many times a merchant presented an item for payment. 

The good news is that your credit union can avoid a similar fate by simply amending its account agreement. For example, the Navy federal credit union got a similar claim dismissed because its account agreement contained language defining what an item was and putting members on notice that they could be charged each time an item is presented for payment. Lambert v. Navy Federal Credit Union

Here is the punchline: your credit union should be having its account agreement periodically reviewed by an outside law firm, preferably one that specializes in defending against consumer class action lawsuits. Consider it an investment especially since I can guarantee you that your account agreement has been reviewed by attorneys looking to sue you over language which may comply with the latest regulations but does not reflect the latest case law. 

On that note, enjoy your day.

September 21, 2021 at 2:06 pm Leave a comment

Four Things You Need To Know To Start Your Credit Union Day

For the first time in a while, I am overflowing with news you need to know to start your credit union day. As long time readers know, what follows is a series of quick hits, any one of which would be worthy of its own blog on a quieter day.

Treasury Pushes For Expanded Reporting Responsibilities

Anyone who thought we were out of the woods after the House Ways and Means Committee approved a plan to pay for a $3.5 trillion spending package that did not include increased reporting requirements for banks and credit unions is mistaken. Treasury Secretary Janet Yellen and IRS Commissioner Charles Rettig have written letters urging Congress to include the proposal in the final budget package.

With the caveat that there has been no language officially proposed, the idea under consideration would mandate that financial institutions report gross report flows of income in and out of accounts that exceed $600.

Clearly this would impose an onerous new mandate on credit unions and alienate more than a few members. Stay tuned for more information from the Association.

How Was Your Examination Service?

The NCUA announced yesterday that federal credit unions will be asked to submit a post examination survey that will be administered by the NCUAs Ombudsman’s office as part of a pilot program.

If you have fantasies about using the survey to vent after a rough examination, you will be disappointed. The letter explains that “examination disagreements or reports of waste, fraud, or abuse should not be reported through the survey response.” At the risk of being branded a heretic, the industry spends way too much time obsessing over the examination process.  After all, disagreements are inevitable and it’s actually a sign the system is working.

FHFA Makes It Easier To Finance Investment Property

The Federal Housing Finance Administration and Treasury announced that they were suspending certain agreements entered into this past January which placed caps on the number of investment property mortgages that Fannie Mae and Freddie Mac could purchase. This is the latest in a series of moves by the new leadership at the FHFA to use the GSEs to more aggressively provide aid for homebuyers.

Acting Director Thomson discussed the changes at NAFCUs Congressional Caucus. In a closely related development, the FHFA is also proposing changes to the capital requirements for the GSEs.

Let The Redistricting Games Begin

Yesterday marked the first formal step in the once-a-decade political blood sport that is redistricting. By the time the process is complete, the Legislature will have approved new Congressional and Legislative Districts that will shape the direction of politics and policy for decades to come. This morning’s Times Union is reporting that the bipartisan commission designed to propose the initial redistricting plan has instead proposed two separate plans. One supported by Republicans, the other by Democrats. It boldly predicted that a partisan stalemate looms in New York redistricting, which is tantamount to Claude Rains’ character Captain Renault claiming to be shocked that gambling is taking place in a casino. 

September 16, 2021 at 10:14 am Leave a comment

Sonic Case Demonstrates How Merchants Put Consumer Privacy At Risk

For those of you in Washington this week, a recent decision in the Sonic data breach litigation underscores why merchants need to comply with baseline data breach prevention standards. On September 7th a group of credit unions survived Sonic’s motion to dismiss claims that its negligence facilitated yet another massive data breach resulting in credit unions costs, such as the need to reissue cards, for which Sonic should be responsible (SONIC CORP. CUSTOMER DATA SECURITY BREACH LITIGATION).  And let’s not forget the thousands of consumers who were inconvenienced as a result of Sonic’s alleged negligence. 

Between April and October of 2017, hackers used malware installed at 762 Sonic restaurants to steal transaction payment card data. Franchises generally were allowed to use two different types of processing systems. The hacks occurred in franchises that use the PAYS system to process transactions. Sonic facilitates payments by setting up a VPN to facilitate remote access to the system. The VPN system was set up so poorly that it allowed hackers to access unencrypted payment card data. The list of defects reads like a “What Not-To-Do List” when it comes to protecting customer data:

  • They did not use multi factor identification to authorize access to the system.
  • The stolen data was not always subject to end-to-end encryption.
  • Sonic even facilitated the storing of unencrypted data on business servers.

If a New York State bank or credit union treated data this way, it would be in violation of several provisions of New York State’s cyber security regulations which mandate that sensitive data be encrypted when it is in transit and that it be adequately protected when it is being held on its server. Furthermore, a failure to use multi factor identification has already resulted in fines under the framework. Even if you do not have the good fortune of living in New York, the Gramm Leach Bliley Act and a host of regulations outlaws this type of conduct for financial institutions. 

In contrast, there is no corresponding regulatory framework for businesses like Sonic; the only way to hold Sonic and similar companies accountable is through lawsuits. The problem is that not all states give financial institutions the right to sue merchants for purely economic harm. In short, we continue to have a hodge-podge of regulatory enforcement which incentivizes merchants to under-invest in their cybersecurity infrastructure.

September 15, 2021 at 9:15 am Leave a comment

Key Week for CUs and Congress

This may be the week when we find out if the Democrats’ spending plan will come to fruition or is destined to be the legislative equivalent of Novak Djokovic’s attempt to achieve the Grand Slam: a historic undertaking which crashed and burned.  Either way, the outcome could have important practical implications for your credit union.

For weeks now the Democrats have been touting the benefits of a $3.5 trillion spending plan and a closely related $1.5 trillion package of infrastructure upgrades. Telling people how you plan to spend money is the fun part of legislating; explaining to constituents whom among them is going to pay for the spending spree is quite another matter. Massachusetts Congressman Richard Neal, who chairs the Ways and Means committee was refreshingly honest in explaining over the weekend that he was reluctant to get too specific about paying for the proposals before getting a sense of what legislation could pass. House Democrats only have a three seat majority and he certainly does not want to be the person who makes vulnerable Democrats support controversial legislation which does not become law. This task became even more complicated when Senator Joe Manchin of West Virginia doubled down on his opposition to the size of the Democrat spending plan.

Nevertheless, several papers are reporting this morning that the Congressman has released a four page outline of legislation to pay for the plan so we are likely to see more specifics in the coming days.

According to CUNA, one proposal under consideration would help the IRS collect more taxes by imposing increased reporting requirements on financial institutions. Specifically, the IRS form 1099-INT would be expanded to include a report on the gross inflows and outflows of accounts and increase scrutiny of cash transactions. At this point, nothing has been formally put in writing but the proposal certainly sounds like one that would impose extensive new mandates on credit unions of all shapes and sizes. Imagine how much fun it would be parsing through proposed regulations in this area. Stay tuned.

Another budget issue under review this week involves increased funding for community development financial institutions.

David Baumann is reporting that today the House Financial Services Committee will be marking up legislation that would provide $10 billion to CDFIs to build or preserve more than one hundred and seventy thousand affordable homes.

September 13, 2021 at 9:34 am Leave a comment

Will Biden’s Executive Order Apply to Credit Unions?

Yesterday, President Biden took his most aggressive action yet to combat the spread of COVID-19.  First, he ordered the Department of Labor’s Occupational Safety and Health Administration (OSHA) to issue an emergency temporary standard that will “require all employers with 100 or more employees to ensure their workforce is fully vaccinated or require any workers who remain unvaccinated to produce a negative test result on at least a weekly basis before coming to work” and must give employees paid time off to get the vaccine and paid time off to recover from any side effects.  Secondly, the President is ordering the establishment of guidelines mandating that federal contractors be vaccinated.  The precise impact of these orders on your credit union’s operations remains to be seen.

With the exception of certain industries, OSHA has not promulgated federal workplace safety standards in relation to COVID-19.  This is why New York felt the need to fill this gap by passing the HERO Act.  As I explained in a recent blog, New York’s Commissioner of Health has declared COVID to be a highly infectious disease which means that all New York employers must now have health screening protocols in place.  We will have to wait for the OSHA standards to see precisely what is going to be required of larger employers beyond the state mandates.

Another tricky issue that needs to be clarified is whether or not financial institutions are going to be considered federal contractors for purposes of the President’s vaccine mandate.  The President’s Executive Order technically does not mandate vaccinations, but instead mandates that guidance be issued defining precisely who is to be considered a federal contractor.  However, the President’s order stipulates that the definition of a federal contractor will be based on regulations being promulgated by the Department of Labor mandating that contractors provide a $15 minimum wage to their employees.  In addition, there must be a regulatory finding that the President’s actions will advance efficiency in the federal government’s procurement processes.  This last point is particularly important since the inevitable legal challenges to the President’s announcement yesterday will most likely be based on challenging the regulatory authority of the executive to issue these mandates. 

All this means we are weeks, and maybe months away from any additional vaccine mandates.  In the meantime, an increasing number of employers are mandating that their employees be vaccinated.  Of course, check with your attorney, but they are on solid legal ground in doing so, and your credit union would be as well. 

September 10, 2021 at 10:59 am Leave a comment

Can You Answer These Questions?

Just like there are people out there who read the obituaries, taking silent satisfaction from the fact that they are not the ones being written about, let’s face it, there are those of us who are silently relieved when they read the latest blogs and trade press and confirm that their credit union has not been victimized in a way that makes the news. 

Recently there has been a lot of talk in credit union land about the fired credit union employee who plead guilty to taking revenge on her former employer by destroying sensitive information maintained on the credit union’s computer network. The credit union apparently had the right procedures in place but the employee’s access to the computer network was not turned off, resulting in $10,000 in recovery costs.

While you may be relieved that your credit union is not the victim, the incident underscores that, irrespective of your credit union’s size, it is incumbent to know precisely where your information is, and who has access to it. By the way, this is important not only to guard against an employee going mad but because federal and state law will increasingly make it essential for your financial institution to know who has access to what information and why as well as to accommodate the requests of your member’s to transfer or delete information.

With that long winded lead-in, how would you answer these questions?

  • Does your computer network allow you to make distinctions between the level(s) of access provided to employees?
  • Assuming it does, who decides what person(s) get access to the different parts of the network?
  • In your vendor contracts, do you require that vendors only have access to the computer network that they need to perform their job?
  • That vendors will only use the information for the purposes for which they have contracted?
  • That they have protocols in place to ensure that access to your network is terminated when employees leave or the job is done?
  • Do you require your employees to use multi factor identification to access the computer network?
  • Do you hold employees accountable for repeatedly failing to comply with basic cyber security protocols such as repeatedly clicking on suspicious links?
  • Most importantly, do you think Toronto is going to pass the Yankees or the Red Sox to get a wild card spot? I asked that last question to see how many of you were still paying attention.

The point I’m trying to make with all these questions is that your credit union must design safety protocols which limit network access to employees that need the access; that allow you to track where your information is located and that allow you to quickly access this information. No one is capable of anticipating or guarding against all of the wacky ways your network may be attacked, but proper compartmentalization of data will help minimize damage and help prepare you for data portability standards.

September 9, 2021 at 9:57 am Leave a comment

Time To Activate Your Infectious Disease Safety Plan

On September 6th, New York’s Commissioner of Health triggered increased employee protections by classifying COVID-19 as a communicable disease that presents a “serious risk of harm to the public health in New York State.” This means that all New York State credit unions should review and activate their workplace safety plans. Remember, failure to do so is a violation of the law.

As readers of this blog know, former Governor Cuomo signed legislation mandating that the State’s Department of Labor, in consultation with the Department of Health, promulgate model standards describing the minimum steps employers must take to protect their employees in the event of an outbreak of an airborne infectious disease. Under the law, all employers had to have these policies and procedures in place by August 5th. However, since the Commissioner of Health had not formally designated COVID-19 as an infectious disease under the statute the policies and standards were not in effect. The Department of Health’s announcement changes all that.

Now that the designation has been made, your credit union should be reviewing its policy and implementing its provisions. I’m assuming that for many of you, this won’t be difficult as many of your practices already complied with steps that have been taken to mitigate the spread of COVID, such as rearranging work spaces and having appropriate PPE. However, for those of you who need to take additional steps, or worse yet, have not gotten around to adopting a policy and standard, you should do so now.

In activating these policies remember that one of the primary purposes of the law was to provide employees increased protections in the event that adequate workplace safety procedures are not being implemented or complied with. Your employees are protected against retaliation in the event they bring alleged violations to your attention and your credit union could be fined and sued for violating the law.  Remember, this applies to you whether you are a state or federal credit union. 

September 8, 2021 at 9:27 am 1 comment

Can Big Data Increase Home Ownership?

Good Morning, folks. The summer slumber is over and in case you missed it, the regulatory development that most intrigues me is Fannie Mae’s announcement that in a little more than a week from now it will start using a mortgage applicants’ history of consistently making rent payments to qualify first time home buyers for a mortgage.

Under the guidelines announced by the GSE on August 30th, borrowers must be able to document their rent payment history for the last 12 months. Acceptable documentation includes cancelled checks, bank statements, copies of money orders or other reasonable methods to document the timely payment of rent.

So why does this announcement intrigue me so much? One of the key emerging issues percolating in the Fintech/ banking industry is the extent to which the increasing availability of non-traditional data can and should be used to qualify lenders. A second key issue is what role the conserved GSE’s should play in the housing market?  This announcement has implications for both of these issues.

In announcing the use of the new criteria, Hugh Frater, Fannie Mae’s CEO, opined that this step would help address housing inequalities by making more African Americans eligible for home ownership. According to Frater approximately 20% of the US population has little or no credit history and the use of rent payment history is a safe and sound way of helping to address this issue. After all, as I have been told by many credit union underwriters, there are often members who are good lending risks even though their credit scores would indicate otherwise.

It remains to be seen just how positive an impact this expanded use of data will have. For example, should a member’s non-payment of rent be counted against her?

Furthermore, anytime new data is used to qualify borrowers there are of course new challenges to the application of fair lending laws. I hope that Fannie Mae keeps us updated on the impact that this change is having on the housing market.

September 7, 2021 at 9:23 am Leave a comment

The Day After Tomorrow is Here, Now What?

Wednesday’s dramatic and tragic flash floods in the New York City Metropolitan area are the latest example that man-made climate change is here and will continue to impact the business climate in which credit unions operate. If I had told you a week ago that New York State had to start preparing for the consequences of hurricanes slamming into the Gulf Coast you would have told me to go look at a map. This morning businesses and policy makers would be nuts not too.

In 2018 the Union of Concerned Scientists issued a report in which it claimed that more than 300,000 of today’s coastal homes with a market value of about $117.5 billion were at risk of “chronic inundation by flooding” by the year 2045. They pointed out that this could impact the value of homes underwritten for 30 year mortgages.  After Wednesday night’s storm, I’m wondering if they underestimated the problem; perhaps we should also be concerned about the value of 15 year mortgages?

Even as we are hopefully done debating whether or not climate change is a real and growing problem, the tough part is deciding what to do about it. Contrary to popular belief, confronting climate change will require large disruptions to certain parts of the economy and a huge amount of investment. Simply put, dreams of a green economy won’t come fast enough for the coal miner in West Virginia and we need massive investments in our energy infrastructure in order to reconfigure our energy system.

So what does all this have to do with credit unions?  Most importantly, we need to engage with policymakers and regulators using certain key principles as our guide posts.  For example, even as no one questions the need to address climate change, there has to be a recognition that costs and benefits should be taken into account.  Secondly, as institutions dedicated to helping persons of modest means we are uniquely positioned to warn against proposals which disproportionately impact poorer individuals.  Thirdly, we should point out that this is a national problem for which we need national solutions.

What would be the tangible consequences of these principles?  We need to make sure that common sense distinctions are made between banks which provide lines of credit to energy companies and credit unions struggling to make cost effective loans to small businesses. This is not the time for one size fits all mandates which weigh down the economy while providing no real benefit.

Secondly, as an industry dedicated to helping persons of modest needs, we have to be willing to point out that improperly implemented climate change policies can have a disproportionately negative impact on the poor and underserved communities. For example, the wealthier you are the more you can afford paying higher premiums for flood insurance.

Finally, with the usual caveat that I speak for no one but myself when I write this blog, as an industry, credit unions should be in favor of dramatic infrastructure investments on a national scale which expedite infrastructure improvements needed in response to climate change while minimizing the need for additional mandates on small lenders. On that note, enjoy your weekend.

September 3, 2021 at 10:01 am 1 comment

Older Posts


Authored By:

Henry Meier, Esq., Senior Vice President, General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 739 other followers

Archives