Posts filed under ‘Compliance’

The Most Important Development in DC Last Week

While the Supreme Court sucked-up all the oxygen in the political universe last week, there are a couple of important regulatory developments that I wanted to highlight for you. 

Most importantly, it appears that the CFPB might be putting on the breaks when it comes to imposing restrictions on overdraft fees.  As summarized by the Regulatory Report (which, by the way, is essential reading for those of us responsible for tracking regulatory developments), regulation of overdraft was not included in the CFPB’s Spring 2022 Unified Agenda of Regulatory and Deregulatory Actions.  This does not necessarily mean that we won’t see some action taken on the issue, but it does seem to signal that the CFPB is taking a much less aggressive posture than it did when it suggested overdrafts were junk fees just months ago.  Similarly, the NCUA did not include overdraft action on its list of agenda items.  Remember that with or without regulatory action in this area, overdraft litigation is alive and well. 

But not all the regulatory developments were this positive.  The CFPB has issued an Advanced Notice of Proposed Rule Making with which it will be collecting information about credit card late fees and whether adjustments have to be made to the current regulatory framework created by the CARD Act.  To give you a flavor of what is under consideration, the CFPB is asking “whether, and if so how, you determine that the late fee amount is proportionate or otherwise related to the cost you incur from a late payment”.

None of this means that changes are imminent, but you may want to refresh yourself about how your credit union determines what it is going to charge for late fees.

June 27, 2022 at 9:22 am Leave a comment

Apple Moves One Step Closer To Being Your Biggest Competitor

Last week, Apple took one small step into becoming a financial service provider which has big implications for the future of your credit union. 

On June 6th it announced that starting in September it would begin offering users of its Apple Pay electronic wallet the option of buying now and paying later (BNPL).  Specifically, consumers will now have the option of paying off purchases of up to $1,000 over a six-week period in no more than four installments.

Under BNPL systems, merchants enter into agreements to sell the outstanding consumer loan to the financer.  Apple will have to enter into merchant agreements, but I’m assuming most merchants that accept Apple Pay will opt into this new service.

Built into Apple Wallet and designed with users’ financial health in mind, Apple Pay Later makes it easy to view, track, and repay Apple Pay Later payments within Wallet. Users can apply for Apple Pay Later when they are checking out with Apple Pay, or in Wallet.”

There’s more going on here than meets the eye.  The cool kids from Cupertino are right to suggest that BNPL is an option that a debt-averse younger generation is looking for, but call me cynical, Apple has better things to do with its time than make $1,000 loans. 

Most importantly, the new product offering represents and incremental move into mainstream banking. Apple’s subsidiary is becoming a licensed lender in most states.  In addition, whereas Apple has previously partnered with Goldman Sachs to provide the back-office underwriting and operational processes that go along with credit cards, this time a newly created Apple subsidiary is going to be buying the purchases and bearing the risks of delinquent payments.  Apple is also going to be using its own technology to guard against identity theft, according to press reports. 

As I explained in this blog, the four-installment maximum is not arbitrary.  Four installments or less do not trigger Regulation Z so Apple can ease into consumer lending and compliance without having to worry about the complexities that go along with most consumer lending products.

One more thought. As a user of Apple Pay and its credit card, I can guarantee you its going to be slick, consumer friendly and so easy that even a middle-aged luddite like me can start using it within seconds. Can you imagine how easy Apple is going to make getting car loans some day?

June 13, 2022 at 10:05 am Leave a comment

The Good The Bad and The Ugly of NYs Legislative Session, Part 2

No one is ever going to accuse the NY Legislature of being hesitant to legislate.  Here is the second part of my end of session recap.    

The New York Privacy Act:  S6701-B Thomas

One of the issues I blog about frequently is data portability legislation such has already been passed in Virginia, Colorado and California.  Once again, the legislature gave consideration to S6701 which would impose a California style data privacy framework on New York businesses.  We continue to work on getting important changes to this bill including insuring that it does not create a duplicative regulatory framework.  Most importantly, the Legislature should follow the lead of Virginia and not impose these requirements on institutions that already have to protect member data pursuant to the Gramm-Leach-Bliley Act.

Overdraft Regulations: S7202-A Sanders / A9659  Fahy

The Legislature passed a bill requiring state-chartered institutions to provide members with overdraft payment information once every six months.  Specifically, the bill would require members to receive written notification of the dates and amounts of overdraft fees, the total amount charged, information on the customer’s ability to negotiate fees; and a telephone number and full contact information for a representative of the financial institution responsible for resolving any matter relating to such fee.

We opposed this bill since federal law already mandates that members be notified of their overdraft charges.  In addition, this is just one more mandate that would be imposed on institutions that choose to be chartered by New York state, as opposed to NCUA.

BDD Program Extended: S9152 Sanders / A9804  Jean-Pierre

The Legislature extended until 2029 the Banking Development District Program bill which allows financial institutions, including state and federal credit unions to receive public funds in return for opening branches in financially underserved areas.  I’ve talked to credit unions that are seriously examining the program and the Associations can help facilitate discussions with institutions that might want to consider this option.  The bill has not yet been sent to the Governor.

Power Of Attorney Clarification: S9209 Hoylman / A10234  Rules (Weinstein)

I haven’t done an official tally, but I would bet that the most frequent questions the Association receives on its Compliance Hotline have to do with the validity of Power of Attorney documents.  The issue was made even trickier because effective June 13, 2021 major new changes to New York’s POA took effect.  This bill stipulates that any Power of Attorney that was validly executed at the time it was made remains valid even if it is signed by the agent after June 13, 2021.  This bill has not yet been signed by the Governor.

Salary Ranges Made Publicly Available: S9427-A Ramos / A10477  Rules (Joyner)

The most important new HR legislation approved in the closing days of the session would mandate that any employer with four or more employees publish a job description and salary range any time it is posting for a job, promotion or transfer opportunity.  If the Governor signs this bill, the Department of Labor would be responsible for developing regulations.  This would apply to federally chartered credit unions. 

Grace Period For Credit Card Points Extended: S9121  Mayer / A10490  Rules (Rozic)

Last year the Legislature passed and the Governor signed into law a bill requiring consumers to be given at least 90 days to use reward points on credit card accounts that are being shut down.  The legislature passed a bill, supported by credit unions, which extends the effective date of this requirement until December 10, 2023.

June 9, 2022 at 10:53 am Leave a comment

CFPB’s Deceptively Important Guidance On “Black Box” Lending

The CFPB is issuing guidance at a hyperkinetic speed which means that it is easy to miss important statements that could impact standard operational practices.  The latest example of this trend is this circular explaining that the obligation of lenders to provide accurate reasons for the denial of credit to members extends to decisions based on complicated algorithms.  There’s more to this succinct interpretive ruling than meets the eye. 

One of the real interesting issues that I have blogged about in recent years involves the operational applicability of fair lending laws to increasingly complicated algorithms which rely on scores of data points to determine whether or not someone should get a loan.  On the one hand is the hope that integrating nontraditional data into lending decisions will increase the number of persons eligible for loans since it is often the poor or underserved who have the thinnest credit histories.  On the other hand, are those who argue that complex black box algorithms pose a threat to these borrowers by allowing lenders to deny credit based on algorithms which have the effect of discriminating against minority groups based on criteria that cannot be easily identified. In truth, we are nowhere near the point where we should be making definitive legislative or regulatory judgements on these issues, but that’s not stopping those on either side of the argument. 

Which brings us to the CFPB’s circular addressing so called “black box” lending.  It has three major implications which your credit union should keep in mind as it utilizes increasingly sophisticated algorithms. 

  • Most importantly, regardless of how sophisticated your lending criteria becomes, Regulation B still applies.  This means that you have to be able to provide your members with the principal reasons why credit was denied. 
  • Currently, most lenders meet their notice requirements by providing forms from Appendix C of Regulation B.  However, this guidance stresses that “… while Appendix C of Regulation B includes sample forms intended for use in notifying an applicant that adverse action has been taken, “[i]f the reasons listed on the forms are not the factors actually used, a creditor will not satisfy the notice requirement by simply checking the closest identifiable factor listed.””  In other words, don’t assume the existing Appendix provides you a safe harbor against legal and regulatory actions.
  • Based on these previous two points, the CFPB is basically saying that some algorithms may be too complicated for your credit union to use.  Not only that, but it also basically invites lawsuits to be brought against institutions that dare to engage with this sophisticated new technology by stating that “A creditor’s lack of understanding of its own methods is therefore not a cognizable defense against liability for violating ECOA and Regulation B’s requirements.”

Let’s hope that the CFPB plans to do more than issue this letter in addressing this core issue.  Rather than simply discourage innovative lending, let’s hope the CFPB is planning on finding the time to propose amendments to Regulation B and its accompanying Appendix C so we can have a truly thoughtful discussion about the proper role that artificial intelligence can play in the modern financial ecosystem. 

June 1, 2022 at 9:57 am Leave a comment

What CFPB Guidance Means For New York

Last week the CFPB issued an interpretive ruling clarifying the power that state regulators and attorneys general have to enforce provisions of the Consumer Financial Protection Act (CFPA) against both state and federally chartered institutions.  It could have important implications for those of us living in states such as New York with an aggressive enforcement approach to consumer protections. 

12 USC § 5552 is one of the most important provisions of the CFPA.  Prior to the Act, federal bank regulators, most notably the OCC, had aggressively preempted state law which they argued interfered with the federal bank charter.  NCUA was pulled in a similar direction but has never interpreted preemption as aggressively as its banking counterparts.  This section, entitled “Preservation of enforcement powers of States” was designed to reverse this trend.  Most importantly, for our purposes, it gives states the authority to bring legal actions against both state and federally chartered institutions for violations of regulations enforced by the CFPB.

The law hasn’t been amended in more than a decade and regulators such as New York’s Superintendent Adrienne Harris, who helped promulgate the initial regulations are certainly aware of this provision.  So why the need for this interpretation?  First, it underscores that the CFPB is encouraging states to take a more active role in enforcement.  (The problem is that those of us who live in the states most likely to be inspired by this encouragement don’t feel that additional encouragement is necessary.) 

The most important aspect of this guidance is that it explains that states not only have the authority to enforce specific regulations but that they also have the authority to utilize the CFPB’s unfair, deceptive, or abusive acts or practices (UDAAP) powers as part of their enforcement efforts [see section 1036(a)(1)(B)].  This is a big deal.  New York’s DFS does not currently have UDAP powers as a matter of state law.  The CFPB just clarified that it has this more flexible enforcement tool when it comes to enforcing key federal consumer protections. 

May 26, 2022 at 7:00 am Leave a comment

Why CUs Should Support NCUAs Oversight of Third-Party Providers

At a mark-up earlier this week, the House Financial Services Committee voted in favor of H.R. 7022, the “Strengthening Cybersecurity for the Financial Sector Act of 2022” sponsored by Illinois Congressman Bill Foster. With the reminder that the opinions expressed in this blog are mine and mine alone, I am here to respectfully tell the industry that it is time to stop opposing legislation that would do nothing more than give NCUA the same rights to oversee the practices of third-party service providers working with credit unions as other banking regulators already have.  This is one area where additional regulation would be a good thing; here’s why.

Under existing law, banking regulators have the authority to examine the activities of third-party service providers such as core processors.  As vendors become even more important in a financial ecosystem that has to react quicker and quicker to changing products and services, particularly in the digital sphere, the activity of vendors can have a direct, negative impact on individual credit unions and the industry as a whole.  Despite the importance of third-party providers, many credit unions, through no fault of their own, lack the size and leverage they need to adequately monitor vendor activities.  Only NCUA can provide the appropriate counterbalance. 

Nowhere is this disparity on greater display than when it comes to core processors.  Every week I hear stories about ridiculously long contract lengths, costs that increase with virtually any addition to a credit union’s products and services, and termination clauses that make it more difficult to break up with your core provider than your spouse.  This is a direct result of an industry that is so large and so concentrated that its lawyers can engage in the Don Corleone School of Negotiation by simply giving your average size credit union an offer it can’t refuse and implicitly threatening to litigate any suggested changes.  

Only NCUA has the power and authority to scrutinize these activities.  Furthermore, there are real and growing safety and soundness concerns.  For instance, data breaches are a threat to everyone, but credit unions lack the ability to mandate appropriate ongoing due diligence over many companies that deal with personally identifiable information.

Critics of the proposal argue that many third-party providers are CUSOs, many of which are owned in part by credit unions which are already subject to NCUAs examination.  But such oversight is not as comprehensive as it could or should be.  For instance, with the rise of platform lending, credit unions have increased access to loan participations but lack the ability to appropriately monitor these platforms for potential fair lending issues.  Besides, we are the Credit Union Industry, not the Credit Union Service Organization Industry. 

As credit unions prepared for Y2K, NCUA was temporarily given the authority it is now seeking.  The reality is that the threat posed by this lack of oversight is as real as the potential threat which regulators addressed leading up to the year 2000.  NCUA, the GAO, and the Congressman are right.

May 20, 2022 at 9:06 am Leave a comment

Just When Does The Equal Credit Opportunity Act Apply?

The CFPB waded even further into a legal dispute which has direct implications for your day-to-day compliance obligations, by issuing an advisory opinion concluding that the Equal Credit Opportunity Act and its implementing Regulation B applies even after an applicant has been granted credit.  If the CFPB is right, you are all going to be sending out more notices. 

As I know most readers of this blog know, taken as a whole, the ECOA and Regulation B prohibit lending policies and practices which have the purpose or effect of discriminating against individuals on the basis of race, sex and other characteristics.  This is why an individual denied credit is entitled to a written explanation of the reasons for the denial.  Everything I just said is settled law.  In recent years, however, there has been an increase in litigation across the country seeking to sue lenders for actions taken after a loan has been approved. 

For example, in Tewinkle v. Capital One, N.A., 2019 WL 8918731 (W.D.N.Y., 2019), a Western New York resident, sued Capital One after it discontinued his line of credit.  Although he received notice of the closure as specified in his account agreement, he did not receive an explanation as to why the line was shut down.  Many financial institutions have taken similar steps in recent years, particularly following the Great Recession and Mortgage Meltdown.  The district court sided with the bank.  Similar cases are now being appealed.

Enter the CFPB.  In its advisory opinion, the Bureau stated the Tewinkle court as well as others that have reached similar conclusions have got it all wrong.  The Bureau argues as a matter of statutory history and (implicitly) the deference due to regulators interpreting ambiguous statutes that consumers like Mr. Tewinkle should receive full disclosures under Regulation B.  To be fair, other courts have agreed with the Bureau’s analysis, which means this is going to be a hotly debated issue in the federal courts, that could ultimately be decided by the Supremes.

This is an area where it is extremely important that people understand precisely what is being debated.  With or without the ECOA, lenders cannot discriminate against individuals at any point in the lending process.  For example, if a lending institution reduced credit just to African-American consumers, this would be a blatant violation of both state and federal law. 

In addition, as pointed out in Tewinkle the ECOA would have applied in this case had our disgruntled homeowner Tewinkle sought reconsideration or applied for renewal of the line of credit.  At this point, he would have been seeking new credit and been entitled to an explanation if he did not receive it;  but that is not what happened in this case. Capital One followed the terms of its account agreement in closing down a line of credit, something it and other lenders should be allowed to do in a fair, efficient manner. 

Stay tuned. This is a debate which is far from over. By the way, I hope to see some of you at tonight’s Southern Tier Chapter event at McGirk’s Irish Pub in Binghamton.

May 11, 2022 at 9:45 am Leave a comment

Required Reading for the Compliance Geek

Yours truly is always a little ambivalent when someone gives me a reading suggestion; on the one hand, I love a good recommendation, on the other, there’s an implicit pressure that comes with the suggestion lest you have to sheepishly explain why you haven’t gotten to the book the next time you run into the recommender.  
So, with apologies to those of you who already have a list of compliance material piling up in your virtual in-box, there are two recent publications that all good compliance people should take the time to peruse. 

Most importantly, the CFPB released its Quarterly Compendium Of Supervisory Highlights which it uses to put financial institutions on notice as to its areas of regulatory emphasis in the coming months.  The Spring issue includes many topics with which I have seen credit unions grapple in the past, including mandatory re-evaluation of increased credit card interest rates under the Credit Card Accountability Responsibility and Disclosure Act of 2009 (Credit CARD Act) and continued concerns about the reporting practices of financial institutions under the Fair Credit Reporting Act.  But the issue that the CFPB decided to highlight that I think credit unions would be well advised to look at most closely has to do with GAP car insurance and the refund of excess payments.  This has already been the subject of lawsuits and if the issue is highlighted by the CFPB you can bet it’s one that class action lawyers will continue to scrutinize.   

A second document you should review is one of my personal favorites.  A new Consumer Compliance Outlook report has been issued by the Philadelphia Federal Reserve.  This issue provides you with a comprehensive overview of CDFIs and how to become one.  I know this is an area that many a credit union has been examining and, as usual, the report is concise and useful. 

On that surprisingly upbeat note, enjoy your day.  For the five of you who care about hockey out there in the blogosphere, I am predicting a Tampa Bay-Calgary Stanley Cup but was unfortunately not able to get this certified as acceptable collateral, as my hockey predictions are even worse than those for other sports. 

May 3, 2022 at 9:02 am Leave a comment

New York State Issues Important Guidance on Virtual Currency and BSA Requirements

New York’s Department of Financial Services issued guidance yesterday emphasizing the unique BSA concerns raised by virtual currency.  While this guidance only applies to entities subject to the Department’s virtual currency license requirements as well as certain trust companies, categories which do not include credit unions, I would suggest anyone responsible for integrating virtual currency oversight into your credit unions compliance framework would be well advised to analyze New York State’s missive. 

In today’s blog, yours truly is not going to summarize the guidance but instead provide some context as to the considerations that regulators and financial institutions should take into account as they begin to dip their virtual toes into the virtual currency space.  In doing so I want to illustrate why I think the DFS guidance is important. 

What virtual currencies such as Bitcoin and Ether have in common is that they allow individuals to transfer these currencies between computers so long as the sender and receiver have set-up virtual wallets.  The key to this arrangement is Distributed-Ledger-Technology (DLT). 

With apologies to the technologically savvy out there, every time a request is made to send or receive “currency” from, or to, a wallet and the transaction is confirmed as valid, a notation is added to a computer program called a block-chain.  This technology is the key to the whole process since it provides a virtual ledger confirming the transfer of debits and credits. 

This means that without the use of a financial institution, any two individuals, using fictitious names, can transfer money.  Needless to say, since the emergence of the Bitcoin, there have been concerns raised about the utility of this technology to facilitate money laundering and other illicit activities (since we’re on the subject of money laundering, my wife and I have started binge watching Ozarks, which is the best show I’ve seen since I binged Breaking Bad, but I digress). 

These concerns have been partially vindicated since ransomware attacks typically include a demand for payment in Bitcoin.  But that may be changing.  Law enforcement is beginning to understand DLT.  For example, the ransomware attack on the Colonial Pipeline understandably got a lot of attention last year, but as significant as the attack itself, is the fact that the FBI was able to track down at least some of the culprits and retrieve much of the ransomed funds. 

Now, I’m not suggesting that credit unions or vendors need to be as savvy as the FBI in order to ensure compliance with BSA and AML requirements, but in the old days it was thought that the only way of deterring illicit activity was to make it as difficult as possible to convert Bitcoin and its prodigies into cold hard cash.  The DFS guidance emphasizes that even now there are basic steps that financial institutions can take as they begin to consider how to integrate virtual currency offerings into their lines of products or working with third party vendors as already permitted by the NCUA.  Besides, as virtual currencies become more widely accepted, there will be less and less need to convert them into fiat currency, but that’s a blog for another day.

April 29, 2022 at 10:20 am Leave a comment

Getting Ready For The Legislature’s Stretch Run

Yours truly is back from his Carolina vacation and has caught up with enough e-mail to finally post again.  While there is a lot I want to get off my chest – there is only so much my wife wants to hear about the banking industry during an eight-hour car ride – I think I will start with a description of some of the key legislative and regulatory issues that will be impacting New York state credit unions in the coming weeks. 

Not only is this an election year, but it is an election year following the redrawing of the election map, meaning that the legislature will want to get out of town as quickly as possible, especially with primaries scheduled for June. 

One of the most important issues we are dealing with is a bill that would retroactively impose strict new requirements on lenders foreclosing on property (S5473D Sanders).  As many of our members have already explained to their representatives during our state GAC, as currently drafted, the retroactive application of this bill and the ambiguity regarding the right of lenders and borrowers to negotiate modifications without running out of time to foreclose on property will actually make it more difficult to work with delinquent borrowers.

We are also continuing to advocate for changes to a proposed data portability and privacy bill which does not currently exempt financial institutions (S6701A Thomas / A680B Rosenthal) as well as continuing to express a strong opposition to state level anti-trust legislation (S933A Gianaris) which could negatively impact the ability of credit unions to help provide communities banking services, particularly in underserved areas. 

All this is taking place as New York’s highest court hears an appeal of a case challenging the legality of New York’s redrawn Congressional map which could allow Democrats to pick up four additional seats as they struggle to keep their majority.  Expect a decision to come down shortly.

As for the federal level, there is an interesting article in today’s WSJ reporting that privacy legislation may finally be getting traction in Congress.  This is potentially good news, provided the legislation does not impose additional requirements on credit unions and the legislation preempts state law.  But I still remain skeptical that Congress will be able to get legislation done this year.  Hopefully, I am wrong.

On the regulatory front, we are still waiting to see what will come out of the CFPB’s initiative against so-called “junk fees”.  The president of the American Bankers Association has already taken to publicly accusing the Bureau of going rouge.  My bet is that we are going to be hearing a lot about overdraft fees in the coming months. 

Last, but not least, let’s hope that the NCUA is going to be following up on its reach-out to credit unions by providing additional guidance as credit unions begin to explore the banking issues raised by distributed-ledger technologies and cyber currencies.  On May 11th yours truly will be discussing the state of regulation in this area and how it is going to impact your credit union as part of the Southern Tier’s Spring Chapter Event in Binghamton.  I noticed it’s at an Irish pub, so let’s share a half-and-half as we ruminate on how technology is once again upending the way banking is done.

Full disclosure, my wife and kids won’t be attending.  They already heard enough about how the NCUA needs to move more quickly and provide additional guidance in this area.  It was one of my favorite topics as we drove around North Carolina.

April 27, 2022 at 9:57 am Leave a comment

Older Posts


Authored By:

Henry Meier, Esq., Senior Vice President, General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 775 other followers

Archives