Posts filed under ‘General’

NCUA to Credit Unions:  Explore Distributed Ledger Technology, But Be Very, Very Careful

As I was reading NCUA’s industry guidance, giving credit unions the green light to explore the potential uses of Distributed Ledger Technology (DLT), I was  reminded of the scene in Young Frankenstein where Gene Wilder’s Dr. Frederick Frankenstein  and his assistant, Marty Feldman’s Igor, are about to go down to a dungeon from which they hear mysterious noises; Igor says “Master, it might be dangerous, you go first.” 

Now, don’t get me wrong.  I am not minimizing the importance of the letter and I think NCUA deserves credit for coming out with this opening guidance.  It accomplishes two main goals.  First, it ensures that credit unions can at least explore the potential uses of DLT without running afoul of their regulator.  Secondly, as explained by the Agency, “[t]his letter also signals to the broader financial and technology communities that credit unions are a market to consider when designing products, considering partnerships, or making investments.”  This is a particularly important announcement for an industry comprised of institutions who will almost all have to work with vendors. 

On the one hand, NCUA recognizes that credit unions have to feel free to consider using DLT, the problem is that no one knows precisely what those uses are going to be or how they may evolve.  As a result, NCUA’s letter is understandably simply a first step in what promises to be an increasingly complex regulatory process, and any credit union thinking seriously about integrating DLT should make sure they do so only after working with their regional regulators.   

Nevertheless, for those of you looking for specificity at this point, you will be disappointed.  Most notably, the memo does not provide a definition of DLT; instead, it includes a footnote providing further background information from other sources including information from the National Institute of Standards and Technology.  The information provided by these sources will create as many questions as answers for those of you in charge of evaluating this issue. 

As I have explained in this blog, virtual currencies may come and go quicker than Elon Musk can decide to buy Twitter and then announce he doesn’t want to buy Twitter, only to confirm that he does want to buy Twitter, but DLT is going to transform any industry that stores and transfers information.  It provides a mechanism for a network of computers to confirm and store proof of transactions without the need for third parties such as credit unions and banks.

Nothing else in the guidance should surprise you.  Similar to the letter released earlier this year authorizing credit unions to partner with third-party virtual currency vendors, the letter emphasizes the need for due diligence and compliance with all applicable state and federal law.  This means that even though this guidance applies to both federal and state-chartered institutions, state charters should also reach out to New York’s Department of Financial Services to clarify the conditions under which they can provide similar services. 

On that note, enjoy your three-day weekend.  Next week is the end of the State Legislative Session so stay tuned for any updates and recaps that the Association will be providing in the days ahead. 

May 27, 2022 at 9:26 am Leave a comment

Gone fishing… and to the beach!

Your faithful blogger has headed South for some fishing and beach fun!

I’ll be back again on Monday, April 25th to continue to share my thoughts on controversial legislation, complicated regulations or a groundbreaking lawsuit!

April 14, 2022 at 5:30 pm Leave a comment

Two Must Read Documents For Your Compliance Officer

Maybe it’s because I’m suffering from football withdrawal, but today’s topic has me thinking about points of emphasis when it comes to officiating football games. Every year the NFL tells its referees what rules it wants them to be doubly sure to enforce; presto you see penalties called throughout the season up until the Super Bowl at which point the teams magically do not commit any fouls.

Similarly, when the NCUA joins with other regulators in emphasizing the need to follow specific laws and regulations, some of which have been around for decades, it is a not to-subtle hint to your compliance department that it should double check how your Credit Union is compliant with the rules and laws in question.  In the last few days NCUA has put us all on notice that the erstwhile Equal Credit Opportunity Act is going to be a point of emphasis for examiners and regulators who view the ECOA as both a sword and shield when it comes to discouraging discriminatory conduct and encouraging lending activity targeted to assist   disadvantaged groups.

First let’s talk about the sword. Earlier this week the NCUA released this guidance about the ECOA with the reminder that the “ECOA requires the NCUA to refer certain violations to the U.S. Department of Justice”.  It provides a concise list of areas where Credit Unions may be at particular risk of violating the ECOA and it includes examples of the type of compliance issues of which Credit Unions should be aware. The categories highlighted by the NCUA include: Age, marital status, income consideration, redlining, and indirect lending.

Those Credit Unions that utilize indirect lending programs which allow car dealer ships broad discretion in marking up loans should make sure that they have appropriate oversight of dealership practices. According to the NCUA “Credit unions that permit discretionary markups should ensure their fair lending compliance management systems are sufficiently robust to enable the credit union to measure and address prohibited basis pricing disparities.”

Now for the shield. Also this week the NCUA joined with other financial regulators in reminding financial institutions that regulation B and the ECOA do not prohibit the creation of so called Special Purpose Credit Programs. Whereas regulation B prohibits discrimination on the basis of protected characteristics it does not prohibit the use of such characteristics as requirements for specific financial products aimed at increasing economic access for disadvantaged groups. As the CPFPB explained in a 2021 guidance “If participants in a special purpose credit program are required to possess one or more common characteristics and if the program otherwise satisfies the applicable requirements of Regulation B, a creditor may request and consider information regarding the common characteristic(s) in determining the applicant’s eligibility for the program”.

As not -for- profit institutions with a statutory obligation to help individuals of modest means, many Credit Unions already offer these programs without labeling them as such. Still the second guidance is both a reminder and a nudge: Federal law permits programs targeted specifically to assist historically disadvantaged groups.

February 24, 2022 at 7:41 am Leave a comment

NCUA Dips Its Toes Into The cryptocurrency Waters

In late December, NCUA issued its most significant guidance to date on cryptocurrency, explaining in this letter to credit unions that federally insured credit unions can facilitate third-party relationships between cryptocurrency providers and their members pursuant to the incidental powers of federal credit unions. At the same time, however, it detailed some of the classic third-party considerations that credit unions must consider when establishing relationships offering non-depository financial products and reminded state-chartered institutions that NCUA’s green light is subject to state law.

In recent months, yours truly has used this space to urge NCUA to follow the lead of other financial regulators and detail the conditions upon which financial institutions can enter the cryptocurrency space. While a much more rigorous framework needs to be provided, this opinion letter clarifies that credit unions can start working with third parties who may be approaching them about marketing various cryptocurrency services. The good news is that credit unions can approach these discussions the same way they approach any other discussions with third parties, but the guidance makes clear that this is an area to handle with care. Credit unions are expected to adhere to a documented, rigorous third-party oversight process that demonstrates an awareness of the compliance and legal risks associated with cryptocurrency. 

Accordingly, I would pay special attention to these following reminders offered by NCUA:

When selling, advertising, or otherwise marketing uninsured digital assets to members, members should be informed that the products offered:

  • are not federally insured;
  • are not obligations of the FICU;
  • are not guaranteed by the FICU;
  • are or may be heavily speculative and volatile;
  • may have associated fees;
  • may not allow member recourse; and
  • are being offered by a third party.

One final note: Don’t be penny wise and pound foolish. Have an attorney involved in the contract drafting process and make sure the credit union is adequately protected in the event that the crypto craze ends up being the modern day equivalent of the Tulip Frenzy.

January 13, 2022 at 9:19 am Leave a comment

CFPB and Overdrafts: No More Mr. Nice Guy

Yesterday, the CFPB released two reports detailing the overdraft fee practices of both large and small banks and credit unions. While this in itself is not all that surprising, after all the CFPB has grumbled about overdraft fees since its inception, when coupled with the statements of Director Chopra, it’s clear that overdrafts are going to be a major focus of the Bureau in the coming months.

In fact, the Director sounded very much like a former member of the FTC, when on a conference call with reporters, he reportedly described the continued reliance of big banks and overdraft fees as a market failure which regulators had to address.

While it is not clear what steps the Bureau will take, institutions directly subject to the CFPB’s oversight can expect increased scrutiny. He even suggested that this scrutiny may extend to individual executives who approve practices.

A second noteworthy aspect of the Bureau’s announcement yesterday is a use of core processor data to analyze the practices of smaller banks and credit unions. Specifically, one of the reports is based on the settings used by banks and credit unions to trigger overdraft payments. This information was obtained not from financial institutions but from going directly to their core processors. 

The bottom line is that your credit union should continue to anticipate a world in which it must be less reliant on overdraft fees and in which disclosures accurately describe when overdraft fees will be triggered.

On that note, I am heading to Buffalo where I hope to talk to some of you at this evening’s chapter event.

December 2, 2021 at 9:47 am 1 comment

Why Executive Orders Don’t Apply To Your Credit Union

Since President Biden issued an executive order in September mandating that Executive Branch employees and their contractors get vaccinated against COVID-19 the industry has parsed the text with an intensity worthy of a Talmudic scholar, hoping to divine whether or not credit union employees are federal contractors for purposes of this mandate. After all, as drafted, an argument can be made that share insurance is a government contract to which credit unions are subject.

But the truth is much more straightforward: because credit unions are not subject to this or any other executive order issued by this or any other president. The NCUA, as an independent agency, is not an executive agency subject to the president’s executive orders. Instead, NCUA was created by congress to exercise independently of the president and make its own policy judgments. 

This is not a radical pronouncement but simply a common sense application of prevailing law. Since Humphrey’s Ex’r v. U.S., 55 S.Ct. 869, 874, 295 U.S. 602, 629 (U.S. 1935) the Supreme Court has recognized the right of congress to create independent agencies specifically designed to be free of direct executive branch oversight. Furthermore, the court has taken a very narrow view of the president’s power to issue executive orders and apply them beyond the executive branch. As the court explained in Youngstown Sheet & Tube Co. v. Sawyer, 72 S.Ct. 863, 867, 343 U.S. 579, 587–88 (U.S. 1952) “The Constitution limits his functions in the lawmaking process to the recommending of laws he thinks wise and the vetoing of laws he thinks bad. And the Constitution is neither silent nor equivocal about who shall make laws which the President is to execute.” Congress.

Against this backdrop, there is a long line of examples of independent agencies pushing back against executive branch encroachments on their power. For example, the general counsel of the Securities and Exchange Commission once wrote a 24 page “Declaration of Independence” from a Carter administration proposal that regulations be submitted in plain English for public review, on the grounds that the order could set a precedent to undermine the agency’s independence

In short, a credit union can choose to follow an executive order’s mandates if it chooses to do so, but is not required to do so. In fact, an argument to the contrary has as much validity as suggesting that the credit union down the street can mandate what policies your credit union follows. 

One caveat: The exemption just applies if the only basis for complying is your connection to the NCUA. If your CU rents space from a federal agency for example, then you are a federal contractor.

November 22, 2021 at 10:00 am Leave a comment

Is Your Credit Union Impacted By New Security Standards?

I have some good news and some bad news for you this morning. The good news is that the regulation I’m about to talk about does not apply to your credit union. The bad news is that it might apply to your credit unions CUSO. 

Yesterday the Federal Trade Commission (FTC) finalized regulations imposing enhanced requirements on financial institutions under its jurisdiction to implement information security programs. For example, the new regulations require, among other things, that entities designate an individual responsible for implementing and overseeing its data security program; develop procedures to ensure that the board of directors is periodically informed about data security developments; perform risk assessments that identify the entities’ data security vulnerabilities; implements dual-factor identification; and perform penetration testing to guard against third party intrusions. 

Nothing in these new requirements should come as a surprise to anyone reasonably aware of existing industry standards for data security, particularly if you are an entity subject to New York’s cybersecurity regulations. In fact, the really shocking thing is how many businesses are not currently subject to these baseline requirements. This is why both CUNA and NAFCU were generally supportive of these proposals. 

But your compliance team is not completely out of the woods. There are some CUSOs such as mortgage bankers which are subject to these requirements. And NCUA is likely to expand the type of activity in which CUSOs could engage. This is important because while federal law explicitly exempts the subsidiaries of national banks from the FTC’s oversight, no such provision is explicitly made for credit union CUSOs. As a result, you should review these regulations, assess the extent to which they could impact your CUSO, and update your policies and procedures accordingly.  

On that note, enjoy your weekend and I’ll be back on Monday. 

October 29, 2021 at 9:17 am Leave a comment

Climate Change is Bad: Now What?

As yours truly read through the Financial Stability Oversight Council’s (FSOC) climate risk report yesterday, I was bracing for a series of absurd mandates in which credit unions would have to join larger more sophisticated institutions in complying with a host of new requirements, and yet another loss by the New York Giants. I was pleasantly surprised on both counts. The report is an exercise in bureaucratic reasonableness, which gives NCUA plenty of flexibility to respond appropriately and not hysterically to the threats posed by climate change to the credit union industry.

The FSOC is comprised of 10 voting members, including the NCUA, and five non-voting members representing interested stakeholders such as state regulators. Its goal is to identify emerging risks within the financial system. At the time of its creation, there was a debate as to whether or not credit unions should even be included in a group which represented investment banks, the largest depository institutions in the world and the Securities and Exchange Commission.

When I heard that it was going to come out with a climate change risk report mandated by an executive order, I expected to see the outline of new regulations which would impose new reporting requirements on credit unions of all shapes and sizes. The report got the headline it was looking for when it proclaimed that climate change is an emerging and increasing threat to financial stability. But, the resulting action items included the following language:

“As part of their supervisory activities, the depository institution regulators expect to review within traditional prudential risk categories, as relevant, how effectively institutions incorporate climate-related financial risks into their risk management systems and frameworks, appropriate to their size, complexity, risk profile, and location.”

The biggest action item in the report is for bank regulators to augment their existing staff and develop greater expertise when it comes to assessing climate change risk. 

For its part, NCUA explained how it has established a series of working groups to address climate change. Its “ultimate goal” is to ensure that the system remains resilient in the face of climate related risk.

You can recognize climate change for the threat it is while also questioning the value of imposing additional mandates on depository institutions which do not engage in the type of activity that can mitigate climate change’s worst effects on a systemic level. If the FSOC’s report represents the approach ultimately taken by the NCUA and other depository regulators, we can all breathe a sigh of relief.

October 25, 2021 at 8:54 am Leave a comment

Are Fintech Lenders Less Biased?

To its supporters, technology has the ability to further egalitize the lending process by using unconventional data to assess the credit worthiness of underserved communities and removing human bias from lending decisions. To its critics, overly complex lending algorithms could further complicate the efforts of regulators to identify and clamp down on bias lending criteria. This debate is likely to have an increasingly large impact on credit unions, banks, and Fintechs as policy makers integrate 21st century technology into 20th century regulations. Recently released research underscores just how volatile this debate is destined to become.

The PPP program is a treasure trove for researchers of potential bias in lending decisions. Since the loans were guaranteed by the federal government, it is easier to evaluate what other factors led to businesses getting loans. Recently, a group of researchers at New York University concluded that: Fintech lenders were responsible for 53.6% of PPP loans to black owned businesses. According to the researchers “black owned businesses exhibit by far the most striking disparity among lender types when it comes to choosing Fintechs”.

In contrast, community banks with $2B or less in assets performed the worst when compared to all other financial institutions including CDFIs, credit unions and the largest banks.  In fact, the researchers conclude that larger banks demonstrated the least lender bias, underscoring their belief that automation contributed to more minority loans. Not surprisingly, this research has already drawn a heated response from community bankers who argue among other things that the research is flawed because it is based on assumptions about the race of borrowers.

Still, yours truly has been watching a lot of baseball recently and it seems to me that every game demonstrates that computer generated strike zones do a better job of calling balls and strikes than do umpires. As much as we like to extol the human element in decision making, common sense tells me that more automation not less can lead to an even fairer system for making lending judgements.

Chart depicting the proportion of PPP loans given to Black-Owned businesses  originated by financial institutions and Fintechs

October 19, 2021 at 10:40 am Leave a comment

What The Postal Service Could Learn From Google

Even as the world was struggling to survive several hours yesterday untethered to social media, the postal system was making a big splash with news of a small pilot program which could be the first step in reintroducing postal banking. While the post office was dabbling with banking, Google was quietly announcing that it was pulling the plug on its plan announced two years ago to work with banks and credit unions to provide google bank accounts. The two announcements have more in common than you might think. The announcements also contain important warnings for the credit union industry as it tries to navigate an uncertain future.

An article in the American Prospect reported that four postal branches in Washington D.C, Baltimore, Falls Church, Virginia, and the Bronx, NY were now allowing individuals to convert business or payroll checks of $500 or less onto a single-use gift card for a $5.95 purchase fee. The announcement was lauded by, among others, New York Senator Kirsten Gillibrand, a prominent supporter of postal banking.

It’s easy to dismiss the proposal. After all, it’s somewhat laughable to think that a business which cannot cost-effectively provide its core service to the American public, even though it has enjoyed a virtual monopoly for much of the country’s existence, will find its niche in cost effectively providing banking services.

This is where Google comes in. Your faithful blogger continues to believe that today’s Fintechs are tomorrow’s banks but in pulling the plug on its banking project Google discovered what many other Fintech wunderkinds have also discovered; providing cost-effective consumer financial services in a heavily regulated, highly competitive financial system is not easy. It takes a level of skill and knowledge that you don’t learn simply by attending business school or delivering the mail.

Just as Fintechs think they can easily handle the banking part of things, there are those, predominantly in the progressive wing of the Democratic party, who think that banking is as easy as setting up a branch and allowing individuals with no training as tellers to cost effectively provide banking services in a way which protects union jobs.

Common sense and history tells you that this is simply not the case. Postal banking is not a radical new concept but an idea that has been seriously debated since the 1800’s. In fact, between 1911 and 1966 Americans could open up postal banking accounts and at its height an estimated 10% of deposits were held in the postal system. But, as banking options became more widely available, and federal insurance stabilized the banking system, the system was put out of its misery by President Johnson in 1966. While I don’t think we have much to fear from postal banking, I do think that the industry has to recognize that proposals such as these are the result of frustration among some policy makers that the financial system has not done enough to help people of modest means. We must do a better job of telling our story and making sure our elected officials realize that the way to increase financial inclusion is not to get the government more involved in banking but to allow credit unions to provide more services to a larger group of people.

October 5, 2021 at 9:35 am Leave a comment

Older Posts

Authored By:

Henry Meier, Esq., Senior Vice President, General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 775 other followers