Posts filed under ‘Compliance’

How Square’s Purchase of Afterpay May Impact Your CU

The announcement that Square will purchase Afterpay for a mere $29 B is more than just another business story. Look under the hood and the transaction shows: how the payment space is fundamentally changing; the way transactions are executed; raises questions about the continued utility of the existing regulatory framework; and demonstrates yet again that financial institutions, which do nothing more than hold money and keep consumer’s income safe, are becoming increasingly minor cogs in consumer financial transactions.

First, what is Afterpay and what does it do? As I explained in this blog, Afterpay is an online payment platform started in Australia less than a decade ago which specializes in facilitating buy-now, pay-later transactions. Merchants agree to pay a fee to facilitate in-store purchases; consumers agree to repay the purchase with a limited number of payments; and Afterpay agrees to purchase the sales installment contract.

What’s so clever about this arrangement? Merchants get their money free and clear even if the fee they pay seems an awful lot like an interchange fee. What’s in it for the consumer? Apparently, Millennials really do hate debt. Good for them. The installment plans give them reasonable payment flexibility without using a credit card. Afterpay avoids the federal disclosure requirements mandated by the Truth In Lending Act (TILA) by limiting payment to four installments. A fifth installment would trigger TILA. The model also gives Afterpay a huge volume of retail installment contracts to buy and sell. You can easily imagine these things packaged into securities.

Square is a more traditional peer-to-peer payment platform started way back in the teens of this century. It specializes in giving merchants easy access to payment platforms and of course, getting a piece of each transaction.

The amazing thing about all these developments is how little these entities are regulated. Afterpay did enter into a consent decree with California in which it agreed to comply with state level license requirements for retail lending. But one states licensing requirements do not level the playing field.

One more thought.  Recently the Biden Administration announced it was going to take a more aggressive view of mergers under our antitrust laws. In reviewing this proposed purchase, I’m assuming the Justice Department will be asking itself whether the real purpose of this transaction by Square is to buy up a potential competitor in a payment space it ultimately hopes to monopolize, as opposed to helping consumers by bringing resources to a company whose unique payment model expands choices for consumers.  Call me cynical, but I have my doubts.

August 3, 2021 at 10:34 am Leave a comment

End Of CDC Protections Puts Focus Back On NY State

Standing on tenuous legal ground (second entry), the Biden administration announced Saturday that the CDC would no longer be extending the national eviction moratorium beyond July 31st. The announcement means that, absent highly unlikely federal legislation extending the moratorium, the action returns to the state level. Most importantly, with or without the federal moratorium, New York State’s eviction and foreclosure moratorium on most properties remains in effect until August 31st.

These FAQ’s on New York’s Department of Financial Services’ website remind New Yorkers of their rights under state law. The bottom line is, with or without the changes to federal law, August 31st remains the key date for foreclosure and eviction purposes in New York State.

September 1st also remains the key date for mortgage servicers who have to comply with the CFPB’s nuanced regulations intended to provide delinquent homeowners additional notice of forbearance options which may be available to them.

Looking at the big picture, the CFPB remains concerned that nationwide the coming weeks will witness a huge surge of evictions and foreclosure proceedings. It has put servicers on notice that it will be keeping a close eye on their conduct and you can bet that state regulators will be taking a similar approach.

August 2, 2021 at 9:31 am Leave a comment

What the CDC’s Announcement Means for Your Credit Union

The CDC’s announcement that it was altering its guidance to encourage vaccinated individuals to wear masks indoors in areas with substantial and high transmission rates may very well result in your credit union having to refine its workplace policies and procedures. The Governor issued a statement indicating that the state is reviewing the announcement. In the past the state has used CDC guidance to establish the baseline expectations for businesses in New York. Here is what we know for sure.

The state lifted its mask mandate for fully vaccinated individuals because, as of June 15th, 70% of New Yorkers had received at least one dose of the vaccine. What’s changed? The Delta variant of the virus has proven to be particularly tenacious and evidence is emerging that even fully vaccinated individuals can transmit the disease. Plus there are still a substantial number of individuals reluctant to get vaccinated. As can be seen from this map issued by the CDC, New York State has substantial numbers of new COVID cases.

The surging virus has forced employers to reconsider legal options when it comes to keeping their workplace safe. For example, the Veterans Administration announced that it was mandating that some of its employees get vaccinated and New York City is taking similar steps. The shift to a more aggressive posture reflects the mounting number of administrative rulings and judicial decisions which have reinforced that employers can mandate employee vaccinations provided they are mindful of genuine and sincere religious objections as well as the need for ADA accommodations.

One bellwether case that the legal community is watching is Bridges v. Houston Methodist Hospital, 2021. The case involves a nurse who was fired by the hospital after refusing to get vaccinated. The case is one of the first in which a federal court has directly addressed an argument, popularized on the internet, which contends that since the vaccines were approved on an emergency basis by the Secretary of Health and Human services they can’t be mandated by employers. The plaintiff also contends that the status of the vaccines mandates that employers explain the potential benefits and risks of taking the vaccine.

The district court swiftly rejected this argument. According to the court, federal law permits the Secretary of Health and Human services to authorize the vaccines on an emergency basis. Crucially, according to the court, “it neither expands nor restricts the responsibilities of private employers; in fact, it does not apply at all to private employers like the hospital in this case.”  This case is currently up on appeal before the Fifth Circuit.  If this case doesn’t give employers confidence to mandate vaccinations, the Secretary of Health is expected to approve the vaccine on a non-emergency basis sometime in the fall.

In addition to this case, in May the EEOC issued guidance authorizing employers to mandate vaccinations consistent with Federal Civil Rights Law.

And then of course there is New York State’s Hero Act. At this point the law requires nothing more than for employers to have an infectious airborne disease plan in place by August 5th. The plan only needs to be activated in the event that the Commission of Health issues a declaration that an airborne infectious disease presents a serious risk of harm to the public health. No such announcement has been made but recent events underscore the need to make sure you are ready to comply with NY’s law.

July 28, 2021 at 9:40 am Leave a comment

NCUA to CUs: Don’t Forget About New CFPB Foreclosure Regs

Yours truly is back from a recent visit to God’s country (aka Long Island) and this morning I have credit cards, mortgage regulations and class action lawsuits on my mind.

The NCUA has sent out this letter to credit unions reminding them that new regulations have been issued by the CFPB requiring mortgage servicers to take additional steps to ensure that individuals impacted financially by COVID-19 are vetted for potential loan modifications. These new amendments take effect on August 31st. As I explained in a previous blog, among other things these new regulations apply to homeowners who suffer a financial hardship due, directly or indirectly to the national emergency for the COVID-19 pandemic declared on March 13th 2020.

This announcement got me thinking about one of my favorite topics: The interplay between compliance and litigation, particularly for you bigger guys out there.

NCUA’s announcement is more than just a reminder of what needs to be done on your compliance to-do-list; it is in fact a warning that when you go to foreclose on someone for years to come both borrower attorneys and class action lawyers will be scrutinizing your compliance with these regulations to argue that but for your credit union’s failure to properly comply with these regulations, your member would still own their house.

For example, this morning Law360 reported on how a federal judge in California has increased the number of persons eligible for settlement money from a lawsuit alleging that Wells Fargo failed to properly evaluate borrowers for eligibility in the HAMP program. You may recall that the federal government responded to the mortgage meltdown which started a little over a decade ago by creating the Home Affordable Modification Program (HAMP) under which delinquent borrowers could seek modifications of their mortgage loans. Wells Fargo used a computer program that miscalculated eligibility requirements leading to hundreds of persons either losing their homes or spending more money than they otherwise would have had to. In other words, this is a classic example of how a compliance failure leads to a litigation mess.

Where New Yorkers Stands With Credit Card Debt

Here’s an interesting factoid for you: New Yorkers have among the most sustainable credit card debt in the country with median credit card balances of $1,854 and a median income of $54,588 with which to pay off that debt. These are among the findings of this report issued by WalletHub Today.

See you tomorrow, enjoy your day.

July 27, 2021 at 9:32 am Leave a comment

Why This Week is an Important One For Your Credit Union

This is not your average July week, especially for those credit unions located in the great state of New York.

July 15th is the target date for eligible members to start receiving child tax credits under the American Rescue Plan (ARP). That means that your credit union may already see federal government ACH payments being sent to your member’s accounts. This also means that your credit union has to decide both operationally and on a policy level how it is going to handle these payments.

In March, President Biden signed the American Rescue Plan. The Act increased the child tax credit from $2,000 to 3,000 and raised the age limit from 16 to 17. This year the tax credits will come in the form of advance monthly payments. Unlike the previous round of stimulus funding, Congress passed this measure using budget reconciliation and could not exempt these funds from Levy and restraint as a matter of federal law.

In March, New York State passed a law (S5923-A) that exempted federal stimulus check payments as well as tax refunds, recovery rebates, refundable tax credits, and any advances of tax credits for under the ARP from Levy and restraint under NYS law. The law does not protect child support payments. The language is intentionally written broad enough to include the tax credits that some of your members are going to begin to receive this week. In addition, the law prohibits state chartered financial institutions from the right of set off against these funds.

Against this backdrop, neither federal nor state credit unions have the legal authority to Levi or restrain these funds on behalf of third parties. In addition, state chartered credit unions don’t have the authority to set off these funds to satisfy delinquencies. Since federal credit unions have explicit authority under federal law to exercise a right of set off then they can set off these funds. Whether it’s smart to do so is an entirely different question.

The anticipated payments also underscore NACHA’s concern with the availability of payments under its existing rules. As I explained in this recent blog, financial institutions frequently receive ACH credits days before the sending entity wants the credits posted for payments. Right now, however, there are no penalties imposed against receiving institutions which make money immediately available to account holders. Later this week comments are due to NACHA about whether or not the existing regulations should be changed. The association would love to get your feedback on this issue.  

July 12, 2021 at 9:56 am Leave a comment

New Requirements Finalized for Delinquent COVID-19 Homeowners

Hello Folks,

For those of you who do mortgage lending, your summer just got a little busier.  The CFPB has issued highly nuanced amendments to its existing regulations dealing with delinquent borrowers that have to be in place by August 31st.

For months the CFPB has expressed concern that as federal and state laws protecting individuals from foreclosure end, there will be a huge increase in foreclosures that will disproportionately impact minority communities. As originally proposed, the regulations put forward by the CFPB would have had the practical effect of preventing most foreclosures through the end of this year. These final regulations don’t go that far but they impose nuanced amendments for dealing with homeowners impacted by Covid-19 which your policies and procedures will have to reflect. Remember every box you don’t check off represents one more potential delay in a foreclosure.

I will be getting into the weeds in future blogs, but for now, among the most important things to keep in mind is that the regulations implement a streamline loan modification process under which mortgages that meet certain conditions can be evaluated for potential modifications by a servicer who has not received a completed application. Additionally, the regulations prescribe specific information which must be provided to delinquent borrowers. For instance, a servicer must inform a borrower that there are programs for individuals having difficulty making payments because of the Covid-19 emergency; list and describe the applicable programs and tell the borrower of at least one way they can find contact information for homeownership counseling services.

There is much more but for now, I want to make sure you start delving into this regulation if you haven’t done so already.

It’s Back!

New York Congresswoman Carolyn Maloney kicked off the holiday weekend by introducing the “Overdraft Protection Act of 2021.” If enacted, the bill would restrict overdraft fees by, among other things, requiring that such fees be “reasonable and proportional” to the cost of processing these transactions and limiting the number of overdraft fees that can be imposed on any one consumer. Expect an even bigger push to get the legislation done this year.

July 6, 2021 at 9:45 am 2 comments

Joint Agency Guidance Highlights BSA/AML Priorities

Good morning folks, on Wednesday, federal and state regulators, including the NCUA, took the first step to implement federal law intended to streamline the BSA framework for financial institutions when they issued a list of priorities to consider when monitoring financial activity. 

Last year’s defense authorization bill (H. R. 6395—1162) contained a provision intended to make the federal government better prioritize areas of BSA enforcement and better coordinate the activities of state and federal regulators and financial institutions.  The priorities announced yesterday are the first step in this process, the next step is for FinCEN to translate these priorities into specific regulations, nevertheless, in a joint statement the regulators explained that “in preparation for any new requirements when those final rules are published, banks may wish to start considering how they will incorporate the AML/CFT Priorities into their risk-based BSA compliance programs, such as by assessing the potential related risks associated with the products and services they offer, the customers they serve, and the geographic areas in which they operate.”

The list includes general categories such as countering corruption and terrorist financing, it also addresses more specific concerns such as cyber currencies and human trafficking.

Maybe I am getting jaded but as I review FinCEN announcements, I can’t help but think it’s foolish to impose the same regulatory framework on a $50 million credit union with a defined Field of Membership as Bank of America.  Hopefully this can be the first step in promulgating rules which make common sense distinctions between international money lenders and community based institutions.

Enjoy your 4th of July weekend.  For you Giants fans, remember, don’t do a JPP as you set off the fireworks. 

July 2, 2021 at 9:42 am Leave a comment

DFS Issues Ransomware Guidance

Good afternoon folks, if you are like yours truly you may physically be working but your mind is drifting away in anticipation of a three day weekend: Snap out of it!

Yesterday the DFS issued ransomware guidance; the guidance applies to state chartered credit unions and CUSO’s.  That being said, federally chartered credit unions would be well-advised to also take a look at what DFS has to say, because the Department has a disproportionate influence when it comes to establishing industry standards regarding cyber security.

First, the DFS wants to justifiably scare the heck out of any institution, large or small, that hasn’t taken the time to address the ransomware threat.  I don’t believe it is overstating the situation the financial industry faces when it says that “a major ransomware attack could cause the next great financial crisis.” 

Against this backdrop, it is issuing this guidance while putting everyone on notice that it may be making additional changes to its existing regulations.  Furthermore, the Department expects all institutions, irrespective of their size, to address these issues.  Among the precautions the Department expects institutions to implement if they haven’t done so already, are:

  • Email Filtering and Anti-Phishing Training
  • Vulnerability/Patch Management
  • Multi-Factor Authentication
  • Disable Remote Desktop Protocol Access
  • Password Management
  • Privileged Access Management
  • Monitoring and Response
  • Tested and Segregated Backups
  • Incident Response Plan

Nothing on this list should surprise you; the reality is however, that many of the most devastating ransomware attacks directly result from failing to take these basic steps.  That means that it is not enough to have pristine policies and procedures; you need to periodically test whether or not they are actually being put into practice.  For example, how soon after your credit union receives notice of a new patch update does it integrate the patch?  Every minute that goes by is one more minute hackers can take advantage of a programming defect that is now known to a large portion of the IT industry.

On that happy note, enjoy the rest of the afternoon.

July 1, 2021 at 2:40 pm Leave a comment

SC to Consumers: When It Comes To Suing in Federal Court – No Harm, No Foul

A decision by the Supreme Court last week, TransUnion, LLC v. Ramirez, has some very practical implications for credit unions large enough to be on the radar of class action attorneys anxious to sue in federal court over alleged violations of federal law.  In a nutshell, the Supreme Court made it more difficult for plaintiffs to sue your credit union in federal court.

In order to understand just how important this case may be, it’s important to understand just how bad a job TransUnion did complying with the FCRA. A majority of the court held that notwithstanding all these mistakes, only individuals that could show they were harmed by these mistakes in a concrete way had the right to sue the company in federal court. 

In the aftermath of 9/11, TransUnion offered financial institutions a feature which allowed them to more easily spot individuals subject to OFAC sanctions. Specifically, the service informed creditors when a person’s first and last name was the same as an individual on an OFAC list.  Needless to say, this service generated a lot of false positives. One of its victims was Sergio Ramirez.  When he and his wife went to buy a Nissan Maxima, he thought the deal was done only to be informed by the car dealership that it would not sell the car to him because when they ran a TransUnion credit report it indicated that his name was a match for an individual who was on the OFAC sanctions list (incidentally, in the finest tradition of car salesmen everywhere, the dealership closed the deal with the alleged terrorist’s wife).

Things got even worse in the weeks ahead. Mr. Ramirez called TransUnion and requested a copy of his credit file. In response he received the statutory summary of his rights which he is entitled to under the FCRA, but the file he received did not include the OFAC notice.

Mr. Ramirez brought a class action lawsuit on behalf of individuals whose credit reports wrongly identified them as OFAC miscreants. The “class” contained 8,185 members but only 1,853 of these individuals had their credit reports disseminated to potential creditors during the relevant period. He successfully won at trial since there was more than enough evidence to prove that TransUnion violated several key provisions of the FCRA by failing to follow reasonable procedures to insure the accuracy of its credit reports and failed to provide consumers with accurate credit files upon request. In addition, the FCRA explicitly gives individuals the right to sue for violations of its provisions.

As I talked about in this blog before, an individual seeking to sue in federal court has to show not only that they were subject to a violation of the law but that they were subject to an actual concrete harm. In this case, the Supreme Court ruled that even when Congress writes a statute such as the FCRA and gives a person the right to receive damages for violations of that act, plaintiffs must still show that they suffered injury “in fact” in order to access the federal courts. In this case, a majority of the court agreed that the 1,800 individuals whose credit report was disseminated to potential creditors suffered an injury in fact by effectively being defamed. But what makes this decision so potentially significant is that the court did not believe that an inaccurate credit report by itself injured individuals enough to give them access to the federal courts. As judge Cavanaugh pithily explained “no concrete harm, no standing.”

Why does this matter so much? First, because its rationale could easily be applied not only to cases involving violations of the FCRA but to other violations of federal consumer laws such as the Truth In Lending Act which allowed consumers to sue lenders simply because a statute has been violated irrespective of whether or not anyone was harmed by this violation. To be clear, states such as NY and California are free to have their own standards for determining when someone can sue in state court. The long term impact of this decision may simply be to empower state courts to exercise greater influence over the way consumer laws are interpreted. But in the short term, expect more disputes over whether or not creditors can be sued in federal court.

June 29, 2021 at 8:49 am 1 comment

What The End of New York’s State of Emergency Means For Your Credit Union

When you specialize in compliance, even good news can keep you up at night. So it goes with Governor Cuomo’s announcement that he was ending the state of emergency he imposed on March 7th 2020 in response to this thing called COVID-19.

On the one hand, this is of course great news; on the other hand almost immediately, the Association started receiving phone calls about what effect this would have on existing policy and procedures put in place during the pandemic. With the caveat that this is not intended as a definitive list, here is what we know so far:

The executive orders authorized notaries to notarize documents over the internet. This authority has ended. The Department of State issued this memo informing us that effective June 24th, this authority came to an end. Clearly this prohibition is intended to apply prospectively but for those of you who do mortgages don’t be surprised if title insurers raise questions about the validity of your notarizations. They are a nervous a lot. The good news is that the legislature passed a bill to permanently authorize remote notarization.  Perhaps this will spur quicker action on that bill.

An executive order had extended the expiration date of licenses. I know credit unions have relied on this authority when opening up new accounts for members. This authority also came to an end on June 24th 2021. You may want to put a note in your files so that future employees and examiners reviewing account documentation understand that appropriate procedures were used.

Lending was of course another area where the executive orders had a big impact. But many of those early executive orders issued by the Department of Financial Services have been superseded by laws passed by the Legislature. Most importantly § 9-X of the Banking Law which mandates loan forbearance periods for individuals impacted by COVID-19 applies between March 7th 2020 and the latter of December 31st 2021, or the end of the emergency orders. In addition, pursuant to law, New York’s foreclosure moratorium remains in effect until August 31st 2021.

Then there are of course the HR issues. You still have an obligation under both New York law and general OSHA standards to protect your employees against the spread of COVID. This means that you still have to address issues such as mask mandates and vaccination requirements.

All this means that, as my man Winston Churchill would say, “Now, this is not the end. It is not even the beginning of the end. But it is, perhaps, the end of the beginning.”

On that note, enjoy your day.

June 28, 2021 at 10:14 am Leave a comment

Older Posts Newer Posts


Authored By:

Henry Meier, Esq., Senior Vice President, General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 739 other followers

Archives