Posts filed under ‘Compliance’

New Requirements Finalized for Delinquent COVID-19 Homeowners

Hello Folks,

For those of you who do mortgage lending, your summer just got a little busier.  The CFPB has issued highly nuanced amendments to its existing regulations dealing with delinquent borrowers that have to be in place by August 31st.

For months the CFPB has expressed concern that as federal and state laws protecting individuals from foreclosure end, there will be a huge increase in foreclosures that will disproportionately impact minority communities. As originally proposed, the regulations put forward by the CFPB would have had the practical effect of preventing most foreclosures through the end of this year. These final regulations don’t go that far but they impose nuanced amendments for dealing with homeowners impacted by Covid-19 which your policies and procedures will have to reflect. Remember every box you don’t check off represents one more potential delay in a foreclosure.

I will be getting into the weeds in future blogs, but for now, among the most important things to keep in mind is that the regulations implement a streamline loan modification process under which mortgages that meet certain conditions can be evaluated for potential modifications by a servicer who has not received a completed application. Additionally, the regulations prescribe specific information which must be provided to delinquent borrowers. For instance, a servicer must inform a borrower that there are programs for individuals having difficulty making payments because of the Covid-19 emergency; list and describe the applicable programs and tell the borrower of at least one way they can find contact information for homeownership counseling services.

There is much more but for now, I want to make sure you start delving into this regulation if you haven’t done so already.

It’s Back!

New York Congresswoman Carolyn Maloney kicked off the holiday weekend by introducing the “Overdraft Protection Act of 2021.” If enacted, the bill would restrict overdraft fees by, among other things, requiring that such fees be “reasonable and proportional” to the cost of processing these transactions and limiting the number of overdraft fees that can be imposed on any one consumer. Expect an even bigger push to get the legislation done this year.

July 6, 2021 at 9:45 am 2 comments

Joint Agency Guidance Highlights BSA/AML Priorities

Good morning folks, on Wednesday, federal and state regulators, including the NCUA, took the first step to implement federal law intended to streamline the BSA framework for financial institutions when they issued a list of priorities to consider when monitoring financial activity. 

Last year’s defense authorization bill (H. R. 6395—1162) contained a provision intended to make the federal government better prioritize areas of BSA enforcement and better coordinate the activities of state and federal regulators and financial institutions.  The priorities announced yesterday are the first step in this process, the next step is for FinCEN to translate these priorities into specific regulations, nevertheless, in a joint statement the regulators explained that “in preparation for any new requirements when those final rules are published, banks may wish to start considering how they will incorporate the AML/CFT Priorities into their risk-based BSA compliance programs, such as by assessing the potential related risks associated with the products and services they offer, the customers they serve, and the geographic areas in which they operate.”

The list includes general categories such as countering corruption and terrorist financing, it also addresses more specific concerns such as cyber currencies and human trafficking.

Maybe I am getting jaded but as I review FinCEN announcements, I can’t help but think it’s foolish to impose the same regulatory framework on a $50 million credit union with a defined Field of Membership as Bank of America.  Hopefully this can be the first step in promulgating rules which make common sense distinctions between international money lenders and community based institutions.

Enjoy your 4th of July weekend.  For you Giants fans, remember, don’t do a JPP as you set off the fireworks. 

July 2, 2021 at 9:42 am Leave a comment

DFS Issues Ransomware Guidance

Good afternoon folks, if you are like yours truly you may physically be working but your mind is drifting away in anticipation of a three day weekend: Snap out of it!

Yesterday the DFS issued ransomware guidance; the guidance applies to state chartered credit unions and CUSO’s.  That being said, federally chartered credit unions would be well-advised to also take a look at what DFS has to say, because the Department has a disproportionate influence when it comes to establishing industry standards regarding cyber security.

First, the DFS wants to justifiably scare the heck out of any institution, large or small, that hasn’t taken the time to address the ransomware threat.  I don’t believe it is overstating the situation the financial industry faces when it says that “a major ransomware attack could cause the next great financial crisis.” 

Against this backdrop, it is issuing this guidance while putting everyone on notice that it may be making additional changes to its existing regulations.  Furthermore, the Department expects all institutions, irrespective of their size, to address these issues.  Among the precautions the Department expects institutions to implement if they haven’t done so already, are:

  • Email Filtering and Anti-Phishing Training
  • Vulnerability/Patch Management
  • Multi-Factor Authentication
  • Disable Remote Desktop Protocol Access
  • Password Management
  • Privileged Access Management
  • Monitoring and Response
  • Tested and Segregated Backups
  • Incident Response Plan

Nothing on this list should surprise you; the reality is however, that many of the most devastating ransomware attacks directly result from failing to take these basic steps.  That means that it is not enough to have pristine policies and procedures; you need to periodically test whether or not they are actually being put into practice.  For example, how soon after your credit union receives notice of a new patch update does it integrate the patch?  Every minute that goes by is one more minute hackers can take advantage of a programming defect that is now known to a large portion of the IT industry.

On that happy note, enjoy the rest of the afternoon.

July 1, 2021 at 2:40 pm Leave a comment

SC to Consumers: When It Comes To Suing in Federal Court – No Harm, No Foul

A decision by the Supreme Court last week, TransUnion, LLC v. Ramirez, has some very practical implications for credit unions large enough to be on the radar of class action attorneys anxious to sue in federal court over alleged violations of federal law.  In a nutshell, the Supreme Court made it more difficult for plaintiffs to sue your credit union in federal court.

In order to understand just how important this case may be, it’s important to understand just how bad a job TransUnion did complying with the FCRA. A majority of the court held that notwithstanding all these mistakes, only individuals that could show they were harmed by these mistakes in a concrete way had the right to sue the company in federal court. 

In the aftermath of 9/11, TransUnion offered financial institutions a feature which allowed them to more easily spot individuals subject to OFAC sanctions. Specifically, the service informed creditors when a person’s first and last name was the same as an individual on an OFAC list.  Needless to say, this service generated a lot of false positives. One of its victims was Sergio Ramirez.  When he and his wife went to buy a Nissan Maxima, he thought the deal was done only to be informed by the car dealership that it would not sell the car to him because when they ran a TransUnion credit report it indicated that his name was a match for an individual who was on the OFAC sanctions list (incidentally, in the finest tradition of car salesmen everywhere, the dealership closed the deal with the alleged terrorist’s wife).

Things got even worse in the weeks ahead. Mr. Ramirez called TransUnion and requested a copy of his credit file. In response he received the statutory summary of his rights which he is entitled to under the FCRA, but the file he received did not include the OFAC notice.

Mr. Ramirez brought a class action lawsuit on behalf of individuals whose credit reports wrongly identified them as OFAC miscreants. The “class” contained 8,185 members but only 1,853 of these individuals had their credit reports disseminated to potential creditors during the relevant period. He successfully won at trial since there was more than enough evidence to prove that TransUnion violated several key provisions of the FCRA by failing to follow reasonable procedures to insure the accuracy of its credit reports and failed to provide consumers with accurate credit files upon request. In addition, the FCRA explicitly gives individuals the right to sue for violations of its provisions.

As I talked about in this blog before, an individual seeking to sue in federal court has to show not only that they were subject to a violation of the law but that they were subject to an actual concrete harm. In this case, the Supreme Court ruled that even when Congress writes a statute such as the FCRA and gives a person the right to receive damages for violations of that act, plaintiffs must still show that they suffered injury “in fact” in order to access the federal courts. In this case, a majority of the court agreed that the 1,800 individuals whose credit report was disseminated to potential creditors suffered an injury in fact by effectively being defamed. But what makes this decision so potentially significant is that the court did not believe that an inaccurate credit report by itself injured individuals enough to give them access to the federal courts. As judge Cavanaugh pithily explained “no concrete harm, no standing.”

Why does this matter so much? First, because its rationale could easily be applied not only to cases involving violations of the FCRA but to other violations of federal consumer laws such as the Truth In Lending Act which allowed consumers to sue lenders simply because a statute has been violated irrespective of whether or not anyone was harmed by this violation. To be clear, states such as NY and California are free to have their own standards for determining when someone can sue in state court. The long term impact of this decision may simply be to empower state courts to exercise greater influence over the way consumer laws are interpreted. But in the short term, expect more disputes over whether or not creditors can be sued in federal court.

June 29, 2021 at 8:49 am 1 comment

What The End of New York’s State of Emergency Means For Your Credit Union

When you specialize in compliance, even good news can keep you up at night. So it goes with Governor Cuomo’s announcement that he was ending the state of emergency he imposed on March 7th 2020 in response to this thing called COVID-19.

On the one hand, this is of course great news; on the other hand almost immediately, the Association started receiving phone calls about what effect this would have on existing policy and procedures put in place during the pandemic. With the caveat that this is not intended as a definitive list, here is what we know so far:

The executive orders authorized notaries to notarize documents over the internet. This authority has ended. The Department of State issued this memo informing us that effective June 24th, this authority came to an end. Clearly this prohibition is intended to apply prospectively but for those of you who do mortgages don’t be surprised if title insurers raise questions about the validity of your notarizations. They are a nervous a lot. The good news is that the legislature passed a bill to permanently authorize remote notarization.  Perhaps this will spur quicker action on that bill.

An executive order had extended the expiration date of licenses. I know credit unions have relied on this authority when opening up new accounts for members. This authority also came to an end on June 24th 2021. You may want to put a note in your files so that future employees and examiners reviewing account documentation understand that appropriate procedures were used.

Lending was of course another area where the executive orders had a big impact. But many of those early executive orders issued by the Department of Financial Services have been superseded by laws passed by the Legislature. Most importantly § 9-X of the Banking Law which mandates loan forbearance periods for individuals impacted by COVID-19 applies between March 7th 2020 and the latter of December 31st 2021, or the end of the emergency orders. In addition, pursuant to law, New York’s foreclosure moratorium remains in effect until August 31st 2021.

Then there are of course the HR issues. You still have an obligation under both New York law and general OSHA standards to protect your employees against the spread of COVID. This means that you still have to address issues such as mask mandates and vaccination requirements.

All this means that, as my man Winston Churchill would say, “Now, this is not the end. It is not even the beginning of the end. But it is, perhaps, the end of the beginning.”

On that note, enjoy your day.

June 28, 2021 at 10:14 am Leave a comment

Juneteenth Creates Compliance Glitch For Mortgage Lenders

The passage of legislation making Juneteenth a national holiday resulted in a compliance glitch which the CFPB could, and hopefully will, fix as early as today.

This issue sent me back to the preamble to the 2013 final TRID regulations. As the CFPB explained, neither RESPA nor TILA defines the term “business day.” As a result, for reasons that have never been clear to me, Regulation X which implements RESPA and Regulation Z which implements TILA contain separate definitions of a business day.

Most importantly, Regulation Z applies a definition of business days which includes calendar days except Sunday and legal public holidays specified in § 5 USC 6103. This is the section of law amended by Congress last week. As a result, from a strict compliance standpoint, June 19th was a national holiday and not a business day for disclosure purposes. This means that your credit union runs the risk of making loans that are out of compliance with federal regulations.

Yours truly is hopeful that common sense will prevail. Hopefully the CFPB will issue guidance clarifying that for purposes of complying with federal regulations. Lenders will not be deemed to be out of compliance for counting Juneteenth as a business day in 2021.

NY to Release Diversity and Inclusion Document to State Regulated Institutions

The Department of Financial Services will shortly release a memorandum to state chartered institutions explaining the department’s expectations as it relates to diversity and inclusion in the workplace. This publication is similar to one issued last October related to climate change initiatives. Its purpose is not to impose specific mandates at this time but to begin a discussion about the requirements that should be imposed on banks, credit unions, and mortgage lenders. When it comes to the efforts they are making to bring more diversity to middle and upper management. Stay tuned.

June 21, 2021 at 9:33 am Leave a comment

Updated COVID Guidance To Which Your Credit Unions Should Pay Attention

On June 10th, OSHA published updated guidance called for by the Biden administration intended as general workplace recommendations for employers and industries not subject to specific OSHA mandates.

The most important line in the document is that “Unless otherwise required by federal, state, local, tribal, or territorial laws, rules, and regulations, most employers no longer need to take steps to protect their fully vaccinated workers who are not otherwise at-risk from COVID-19 exposure. This guidance focuses only on protecting unvaccinated or otherwise at-risk workers in their workplaces (or well-defined portions of workplaces).” In other words, you have a continuing obligation to protect individuals who are not vaccinated.

For many of us the last year has been a crash course in OSHA regulations. Federal law requires all employers to provide workers with a safe and healthy workplace “free from recognized hazards that are causing or likely to cause death or serious physical harm.”  The pandemic falls into this category. Some industries, such as healthcare, are subject to specific health and safety regulations implemented by OSHA. The guidance to which I am referring is a generic guidance issued for the benefit of all industries not subject to those more specific requirements.

For example, it stresses that “employers should take steps to protect unvaccinated or otherwise at risk workers in their workplaces from the continuing risk posed by COVID. Such steps may include but are not limited to measures we are all very familiar with at this point such as granting paid time off for vaccinations, which is a legal requirement in NYS, and implementing physical distancing for unvaccinated workers in all communal work areas.

The issuance of this regulation raises further questions as to the need for a new law passed in New York which requires employers to adopt workplace health and safety standards for protections against airborne infectious diseases. Employers will have the option of adopting sample policies to be provided by NYS. It’s not clear to me how these policies will be much different than the suggested OSHA guidelines. Then again, New York’s law has a lower standard for imposing legal liability against employers who violate these policies and requires that employers with 10 or more employees give their employees the option of creating workplace safety committees.

On that note, enjoy your weekend. If you’re looking for something to do this morning I will be hosting a webinar looking back at some of the key legislation passed in the recently concluded legislative session.

June 18, 2021 at 9:18 am Leave a comment

NY’s POA Changes Have Taken Effect: Now What?

The changes to New York’s Power Of Attorney laws officially took effect on June 13th marking one of the most important operational changes that NY credit unions have seen in a number of years. In my previous blogs on the subject I have emphasized the fact that the changes are designed to encourage acceptance of POAs. This goal is accomplished by mandating that institutions accept POAs that “substantially conform” to New York State Law and allowing courts to award attorney fees to individuals who have to go to court to prove that a POA is valid. In this blog yours truly wants to point out that there are still steps you can take to protect both the credit union and your members.

Under the old Power Of Attorney, certain banking transactions could only be carried out by an agent if a POA was accompanied by a Statutory Gift Rider. Remember that this rule still applies to POAs created before June 13th. The amendments eliminate the requirement that POAs contain a separate SGR form. But, when it comes to making changes to existing accounts such as changing the title on the account or adding a new joint tenant, the authority to makes these changes has to be included in the modifications section of the new form. In other words, the modification requirements are being used in much the same way as the SGR requirement previously was (NY general obligation law section 5-1502D).

Let’s say a relative of one of your members comes in with a POA they pulled off the internet. Under the new law a person that is asked to accept an acknowledged Power Of Attorney may request “an opinion of counsel as to any matter of law concerning the power of attorney if the person making the request provides in a writing or other record the reason for the request.”

And remember, even with these changes there are still grounds for denying a POA. A list of examples in New York State Law where such reasonable grounds would exist includes the refusal to provide the credit union with an original Power Of Attorney document or certified document and a good faith referral of the principal and the agent to the local adult protective services unit [New York general obligation law 5-1504(2)].

The bottom line is that your credit union still has the ability to assure itself that a POA is a valid document. That being said, given the changes to the law and the increased risk of noncompliance, decisions on whether or not to accept POAs should not be made by frontline staff.  They should instead reflect a uniform application of your updated Policies and Procedures.

June 15, 2021 at 9:18 am Leave a comment

Are You Prepared for the New POA requirements?

This is not the most exciting question in the world but the sense I get is that for many of you the answer to this question is at best “not quite” and at worst “what changes?” This is concerning because big changes are coming.  For purposes of this blog, I am assuming that your credit union is being presented with a POA where there are no issues regarding potential financial elder abuse.

On a daily basis every credit union in NYS has to decide whether or not to accept and act on a power of attorney document. In today’s blog I am going to discuss the most basic consequences for your credit unions when confronted with a Power Of Attorney starting June 13th. In subsequent blogs, I will discuss other aspects of these changes. If I panic you into taking further action the Association has a webinar on the subject and you can always give our trusty compliance gurus a call on our compliance hotline.

What exactly am I talking about? Late last year the legislature passed and the governor signed into law legislation and a chapter amendment championed by the bar association designed to make it easier to draft POAs. For our purposes it’s important to remember that one of the primary reasons for these changes was frustration on the part of lawyers that banks and credit unions often refused to accept POAs because of what they contend were immaterial drafting defects.    

Specifically, under existing law to be valid a POA must contain “the exact wording” contained in the general obligation law. This gave credit unions and banks a tremendous amount of flexibility in determining whether or not to accept POAs and over the years many went so far as to mandate their own forms.

Starting on June 13th this standard is changing. Specifically, POAs are now valid provided they “substantially conform” to New York law. In other words minor discrepancies between the exact language of NY law and the POA your front line staff is reviewing no longer provides a basis for refusing to honor the POA. 

Furthermore, there are now financial consequences if your credit union refuses to honor a valid POA. Under existing law, all an attorney can do is commence a summary proceeding to order your credit union to honor the POA. When this new law kicks in, if a judge finds that your credit union refused to honor a valid POA, it could be on the hook for damages and attorney costs.

There are also important changes made to the actual form.  Most importantly, Statutory Gift Riders are no longer required and instead certain powers must be noted in a modification section on the POA itself.

Here’s where it gets a little complicated.  For POAs drafted before June 13th to be valid they still must comply with the exact wording standard as well as the existing Gift Rider requirements. But, starting June 13th, you can still face litigation for refusing to honor valid POAs drafted before June 13th.

The bottom line is that your credit union should be updating its procedures to make sure that frontline staff is aware of these new changes and has clear guidance, such as a checklist, detailing the circumstances under which it will and will not accept a POA.

May 28, 2021 at 10:04 am Leave a comment

Gov Approves HERO’s Act

Good morning folks, with a special shout out to those of you who work in the great state of New York.

The Governor has approved the HERO Act, legislation which mandates that all businesses in NYS implement policies addressing a wide range of issues related to airborne illnesses, such as COVID. For those of you with ten or more employees, you also must give your employees the option of creating committees to address work place health related issues on an ongoing basis.

The bill is phased-in over a six month period with the first requirements taking effect in 30 days. Adopting an approach similar to what we saw when the state passed sexual harassment legislation, the state will be providing sample policies that your credit union can adopt.

One other piece of good news is a reminder that this law applies to both federal- and state-chartered credit unions.

Stay tuned, the Association will be hosting a webinar next Wednesday to take a first look at this important new mandate.

Remote Notarization Hearing Today

At 10 o’clock today, the Assembly will be holding a virtual hearing to analyze issues related to authorizing remote notarization on a permanent basis in New York. Remote notarization refers to the ability of a notary to verify the authenticity of a signature without the signer being physically present. Lisa Morris from Hudson Valley Credit Union will be testifying for the Association.

He’s Back!

The former Benign Dictator of Consumer Finance is back. Ricard Cordray has been given a high profile job at the U.S. Department of Education from which he will oversee issues related to the federal student loan program.  Not coincidentally, his portfolio gives him a high-level platform to address one of the key issues the Biden administration is being pressured to address — whether to forgive or not to forgive all of those student loans — while not being so high as to require Senate confirmation.

California Chimes In

California joined  Illinois’s  financial regulator in prohibiting lending platform Chime from implying in its advertisements and websites that it was a bank as opposed to a lending platform that passes through loans. The state’s actions come as federal and state regulators continue to grapple with the issue of when FinTechs should be classified as banks with the accompanying regulatory requirements that this classification would impose.

Earlier this week the Federal Reserve board issued proposed guidance for the Federal Reserve banks to consider when deciding whether or not FinTechs should be given access to the Federal Reserve System. Don’t underestimate this power: remember it was a Federal Reserve Bank which blocked Colorado from starting a state-level bank to provide marijuana banking services.

Captain obvious here: this is an issue that Congress needs to address sooner rather than later.

On that note, enjoy your weekend. If all goes according to plan, yours truly will be gathering with a group of vaccinated middle age men to play his first round of in-person poker in more than a year.

May 7, 2021 at 9:35 am Leave a comment

Older Posts Newer Posts


Authored By:

Henry Meier, Esq., Senior Vice President, General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 741 other followers

Archives