Posts filed under ‘Compliance’
This morning’s American Banker is reporting on a “novel” solution that banks are employing to deal with the compliance burden. It’s reporting that five community banks in Kansas are sharing the cost of hiring a compliance person. This is a great idea, but it’s not new. It’s one that the credit union industry has already been using for at least a decade. Your credit union may already be able to participate.
In New York, we have two compliance people who work with a group of credit unions to provide compliance services. One specialist is in Central New York; one is in the Western part of the State. We are currently interviewing for a third person who will work with credit unions in the Westchester-Rockland region. We got the idea from talking to our counterparts in Georgia and Texas, and I’m sure there are other states that have jumped on the bandwagon.
In New York, the Association facilitates discussions with a group of credit unions that are willing to share the cost of a compliance specialist. If there is enough interest, the Association hires a person in that region. Our compliance department is responsible for training the specialists and is always there as a backup to help with difficult questions and projects. The program provides a cost effective way for smaller credit unions to not just complain about the compliance burden but actually do something about it. It also provides larger credit unions the opportunity to use a compliance person to take on specific tasks.
Regular readers of this blog know that its purpose is not to plug credit union services. But I feel so strongly about this model that if your Association doesn’t offer to facilitate shared compliance services, you should ask it to look into it. It’s a win-win.
Big Day at the NCUA Today
Compliance specialists should be sure they have enough coffee because today could be a long one. The NCUA has scheduled a busy board meeting that will provide plenty of required reading. Most importantly, if all goes according to plan, the Board will finalize amendments to field-of-membership requirements for FCUs and have a board briefing on supplemental capital. Later today, NCUA will also be holding a budget hearing. I will try to find the best highlights for tomorrow’s blog. I bet you can’t wait.
Does the accounting firm retained to do your audit owe your credit union a fiduciary obligation? That was the question pondered by the Supreme Court of North Carolina. In a decision released in late September that state’s highest court said the answer is No. (CommScope Credit Union v. Butler & Burke, LLP, No. 5PA15, 2016 WL 5335250 (N.C. Sept. 23, 2016)
CommScope Credit Union sued Butler & Burke, LLP, the certified public accounting firm that the CU hired to conduct annual independent audits of its financial statements for its failure to find that the credit union’s manager had not filed an IRS Form 990 from 2001-09. The oversight resulted in IRS penalties of $374,000 and the credit union wanted the firm to pay. One of the arguments it made was that, in failing to inform the credit union about the missing forms the firm breached its fiduciary duty to the credit union. Hold on, said the accounting firm, auditors typically don’t owe a fiduciary obligation to the businesses they audit and credit unions are no exception.
(Although this argument involved an interpretation of North Carolina law the credit union’s argument resonated across the country as can be seen by the fact that the US Chamber of Commerce and the National Association of State Boards of Accountancy filed briefs).
What’s the big deal? As the court explained “All fiduciary relationships are characterized by “a heightened level of trust and the duty of the fiduciary to act in the best interests of the other party” The higher the duty the firm owed to the credit union the more responsible it becomes for the 990 mishap.
The credit union won at the appellate level and the firm appealed to North Carolina’s highest court. It successfully argued that audits are conducted in part for the benefit of the public to insure investors that they can trust the financial disclosures being made by businesses. This obligation to the public as well as the credit union means that an auditor doesn’t have the obligation of undivided loyalty that typifies fiduciary relationships.
The credit union could have created a fiduciary relationship with the auditor as part of its engagement agreement but did not do so. By agreeing to perform the audit consistent with accepted audit standards the firm “agreed to find internal control deficiencies only to the extent necessary to perform its audits. Because defendant did not agree to affirmatively search for deficiencies outside of the performance of its audits, it did not agree to do anything beyond what an independent auditor normally does.”
The case isn’t over yet. The credit union can still argue that the firm’s failure to spot the missing 990’s amounted to negligence. But no matter what the ultimate outcome the accounting industry notched an important victory.
Before your supervisory committee sends out its next engagement letter it might be worth it to review what you expect to get out of your audit and the language that you have been relying on to get you there. If you thought your auditor was a fiduciary responsible for noticing that basic forms haven’t been filed think again. Put your expectations in writing. At the very least, you will start a discussion with your auditor about precisely what you are getting when you pay for its services.
On Tuesday the CFPB announced an enforcement order against Navy Federal Credit Union for engaging in unfair and Deceptive collection practices against delinquent members whose accounts were delinquent. One of the violations cited by the Bureau raises questions about one of the most fundamental precepts of credit union law: The right to restrict services to members who have caused a loss.
According to the Bureau, Navy engaged in Unfair and Deceptive Practices by denying electronic account access and services for about 700,000 accounts after members became delinquent on a Navy Federal Credit Union credit product. As explained in the press release “ This meant delinquency on a loan could shut down a consumer’s debit card, ATM, and online access to the consumer’s checking account. The only account actions consumers could take online would be to make payments on delinquent or overdrawn accounts.”
To be clear, this practice was just one of a group of hardball collection practices some of which, if true, violated the Fair Debt Collections Practices Act. But the CFPB’s finding on Navy’s account practices is hard to square with one of the bedrock rules of credit union land. As the NCUA has explained in opinion letters over the years . “Long standing legal interpretation is that an FCU may limit services to a member who has caused a loss” so long as the member retains the right to vote at the annual meeting and maintain a share draft account.
Against this backdrop, If a member has caused Navy a loss then how is it unfair and deceptive to limit his use of electronic account services? Before yesterday I would have told you that electronic services are a privilege of membership, not a right.
If this is no longer the case then NCUA should put credit unions on notice of this fundamental policy shift. If the law hasn’t changed then NCUA should consult with the Bureau and explain how Navy’s actions are distinguishable from what other credit unions do and why. We need guidance…quickly.
The Bureau that never sleeps is at it again.
Yesterday it released final regulations extending basic account protections and to prepaid cards. The regulations take effect next October. The rule generally applies to general use reloadable prepaid cards. It is intended to provide card users with protections against loss and unauthorized use similar to those provided to credit card users.
Conceptually, Director Cordray has a point on this one. For an increasing number of Americans prepaid cards are their bank accounts. Right now these are the most unregulated consumer financial product in the country. It makes sense to ensure that they have the some of the basic rights and protections afforded to traditional account holders. As always. however, we wont know the regulation’s full impact until stakeholders have time to go over the 1,600 pages accompanying the final rule.
Incidentally in crafting the rule the CFPB spent a lot of time analyzing and discussing overdraft protections. For those of us who are convinced that it is only a matter of time before the Bureau enacts generally applicable regulations in this area you may want to look at an interesting discussion of overdrafts that begins on page 59 of the link I gave you. The Bureau points out that “Although Congress did not exempt overdraft services or similar programs offered in connection with deposit accounts when it enacted TILA, the Board in issuing Regulation Z in 1969 carved financial institutions’ overdraft programs (also then commonly known as “bounce protection programs”) out of the new regulation.” In other words the Bureau is well within its rights to impose further overdraft restrictions simply by amending Regulation Z.
Whether it should do this is of course another issue.
NCUA Issues Letter Detailing MLA Examinations
The NCUA released a letter to credit unions informing them that examiners will be expecting credit unions to make “reasonable and good faith efforts” to comply with the Military Lending Act now that the regulations have taken effect. This is the regulatory equivalent of giving an “A for effort “so long as a credit union is familiar with the regulation, is making an effort to implement it and has appropriate policies and procedures in place.
Remember your gumption might get you off the hook with NCUA but it doesn’t relieve you of your ongoing obligations to military personnel and their dependents.
Do You Pay Your Employee’s Properly?
First, the NYS Department of Labor has finalized long anticipated and haggled over regulations regarding permissible employer payment methods in New York State. The regulations just don’t touch on the use of payroll debit cards. They also deal with salary payments in cash, check, and direct deposits. In other words, these are regulations with which your HR person should be familiar, irrespective of how you pay your employees. It takes effect March 7, 2017.
For example, reading the regulation will remind you that you can’t require employees to receive wages through direct deposit. Furthermore, an employer that uses a payment method other than cash or check is required to provide his employee with a description of his or her payment options, a statement that he or she is not required to accept wages by payroll debit card or by direct deposit, and a statement that the employer may not be charged any fee for services that are necessary for the employee to access his or her wages.
By the way, is it just me or are new employees in NYS getting about as many disclosures as new homeowners at closing? This State truly is a bureaucratic mess.
The part of the regulation detailing the use of debit payroll cards goes into the category of better-late- than- never. I remember monitoring legislation on this issue while working in the state legislature approximately 15 years ago.
NCUA WINS ANOTHER LEGAL SETTLEMENT
The NCUA announced Tuesday that it will receive $1.1 billion to settle claims again Royal Bank of Scotland relating to its role in peddling and selling mortgage-backed securities to Western Corporate FCU and US Central Federal FCU that blew up quicker than a Galaxy 7. The bounty means that NCUA has now claw-backed $ 4.3 billion dollars from lawsuits alleging that RBS and others sold or underwrote mortgage back securities without fully disclosing the risks associated with these products.
The net proceeds from these settlements will be used to pay claims against the failed corporates and could ultimately lead to reimbursements of some credit union payments into the Temporary Corporate Credit Union Stabilization Fund. Remember, however, that we won’t know precisely how much money is available for credit unions until we find out how big a chunk of these settlements will go toward legal fees.
No matter what the ultimate amount is, NCUA deserves a tremendous about of credit. It brought this litigation when few, if any Financial Regulators were willing to take similar steps and skeptics like your faithful blogger questioned whether the litigation would succeed.
Readers of this blog know that many credit unions dodged a bullet when the New York State legislature imposed requirements on larger financial institutions to maintain abandoned property. It is important to understand, however that it still imposed new, and I would argue, onerous and untimely counterproductive requirements on all institutions dealing with delinquent residential property. These changes take effect on December 20, 2016. Merry Christmas.
For instance, right now you don’t have to send out a 90 day pre-foreclosure notice to a borrower more than once over a 12-month period. Starting in December you will have to send out this increasingly nettlesome tripwire anytime a borrower cures a delinquency only to go delinquent again.
Then there is New York’s pre-foreclosure settlement conference framework mandated by Section 3408 of the Civil Practice Law and Rules. It currently requires lenders and borrowers to attend pre-foreclosure settlement conferences where they must make a judicially overseen “good faith effort” to reach settlements short of a foreclosure. The new and improved 3408 provides examples of potential resolutions including, but not limited to, a loan modification, short sale, deed in lieu of foreclosure, or any other loss mitigation option. Does the legislature really believe that these options were not being considered?
Furthermore, while existing law already requires the parties to come to settlement conferences authorized to make deals, the amendment describes in much more detail, precisely what documents need to be brought to the table, including, but by no means limited to a summary of the status of the lenders or servicing agents evaluating eligibility for home loan modification programs or other loss mitigation options. This actually makes some sense, but we will have to see how it is used.
But wait there’s more. There has always been an obligation to negotiate in good faith but the courts have struggled to explain precisely what that means. The new and improved statute explains that this determination should be based on a totality of the circumstances review of the negotiations , taking into account compliance with the requirements of this rule; compliance with applicable servicing rules and regulations and consideration of loss mitigation standards or options as well as “conduct consistent with efforts to reach a mutually agreeable resolution.” Where a lender acts in bad faith a must “at a minimum” freeze the accumulation and collection of interest, costs, and fees during any undue delay caused by the lender.
The good news is that the failure of either party to make or accept an offer is not sufficient to establish a failure to negotiate in good faith. But, by specifically listing out some of the options lenders are expected to consider and giving judges greater power to make bad faith Determinations, the statue is clearly designed to bring about more settlements.
So why do I think that all this is ultimately going to do more harm than good? For one thing, encouraging parties not to turn to foreclosure sounds nice but in a lot of instances it is often the equivalent of negotiating a travel itinerary for the Titanic. Keeping people in homes that they can no longer afford to live in doesn’t help anyone in the long run. Furthermore, New York already has one of the longest foreclosure processes in the country and the existing settlement conferences are in part to blame; imposing more legal requirements into this framework will not make them more orderly and efficient it will simply make them more litigious and time-consuming.
See you tomorrow.
Updated-Because of a technical glitch(i.e. I forgot to press the send button) today’s post was never sent out. Here it is; better late than never .
With a special shout-out to those of you who attended the Legal & Compliance Conference at the beautiful Turning Stone Casino, good morning.
In case you missed it, on Tuesday, New York State made big news when Governor Cuomo announced that the state was imposing Cyber Security Requirements on Financial Service Businesses. This is just a proposal but it is the culmination of years of work by the DFS in this area. Those of you affected will only have six months to get up to speed, so pay attention.
First, the real basic stuff. The regulation would apply to any person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the banking law, the insurance law or the financial services law. A “person” means any individual, partnership, corporation, association or any other entity. A carve out from many, but not all, of its requirements is made for entities with fewer than 1,000 customers in each of the last three calendar years, less than $5,000,000 in gross annual revenue in each of the last three fiscal years, and less than $10,000,000 in year-end total assets.
What are the requirements? Institutions would be required to have a cybersecurity program that addresses six major functions, including: the identification of cybersecurity threats based on the sensitivity of the nonpublic information stored by the institution; an infrastructure for defending against cyberattacks; the ability to detect cyberattacks; the ability to respond to and mitigate attacks; plans for recovering from attacks; and procedures for meeting new regulatory reporting obligations.
It’s really hard to argue with the general thrust of this proposal. There is very little being suggested that you shouldn’t already be doing. In fact, I would like to see the DFS clarify the extent to which procedures that financial institutions already have in place can be used to satisfy many of these requirements. For example, both state and federal credit unions are already required to have policies that implement “administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of member information.” (12 C.F.R. § Pt. 748, App. A).
Stay tuned and feel free to give me feedback as the Association ponders what comments it should make to the DFS.
If Wells Fargo thought it was out of the woods by firing over 5,000 low level employees and giving a $124 million “sorry we had to fire you” severance to a departing executive, it may have miscalculated. The WSJ is reporting that Federal Prosecutors are in the early stages of investigating possible criminal malfeasance on the part of the bank.