Posts filed under ‘Regulatory’

Are You Ready For NY’s Cyber Security Regs?

On the first day back from summer vacation my daughter has an assignment due for her Social Studies class and even though I’ve been asking her about it, I’m pretty sure there is much work that needs to be done. Summer time does not lend itself to working. Similarly, consider this blog just a friendly reminder of an impending compliance deadline. Specifically, on August 28, 2017, compliance with most parts of New York’s cyber security regulations kick in. The six month transition period is just about over. In fact, just last week the DFS opened up its cyber security portal that’ll help institutions comply with this mandate.

As I’ve highlighted in previous blogs, the regulation is applicable to covered entities which are defined as “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law.” New York clearly is trying to stretch the jurisdictional limits regarding what entities this applies to. If you haven’t done so already, your credit union should discuss the potential applicability of this regulation to its operations.

One final thought: Many, but by no means all, of the requirements outlined by the state make sense. Even if your credit union determines that the regulation doesn’t apply to your operations, it provides a handy codification of baseline expectations, particularly in relation to the encryption and storage of email and data.

On that happy note, have a great weekend. If all goes according to plan, yours truly will be headed to Jiminy Peak’s Alpine Slide for the second time this summer; only this time I will be wearing a long sleeve shirt.


August 18, 2017 at 9:10 am Leave a comment

NCUA Unveils Impressive List of Regulatory Reforms

It seems like every few months now, an agency is rolling out another list of regulatory reforms so you have to forgive yours truly for being more than a little skeptical when I saw the headline yesterday afternoon announcing that NCUA is seeking comments on a “sweeping regulatory reform plan.”

Perhaps it’s because I overslept this morning and feel particularly refreshed but I’m impressed by NCUA’s list of recommendations, some of which we have already seen and some of which make the type of subtle changes that can make everyone’s life a little easier.

Yesterday’s announcement and request for comment marks the public unveiling of work done by an internal NCUA task force which has been meeting since March. The task force was created in response to the President’s call for all agencies to: search out and replace, repeal or modify regulations that, among other things, eliminate jobs or inhibit job creation; are outdated or ineffective; impose costs that exceed benefits or “create a serious inconsistency” with other regulatory initiatives.

One of the things that I am most pleasantly surprised by is the emphasis NCUA is placing on addressing existing regulations related to loans and loan participation. For example, it wants to remove portfolio limits and waiver requirements for third-party servicing of indirect vehicle loans. And it also wants to combine most of the existing borrowing limits into one specific section of the regulations.

Another aspect of the proposals that intrigues me is how NCUA is continuing to push for greater flexibility in authorizing community credit union expansions, notwithstanding an ongoing lawsuit by the Banker’s Association challenging the regulations that NCUA has already approved.

Finally, NCUA also wants to consider extending the January 1, 2019 implementation date for risk based capital requirements. More importantly it is open to narrowing the applicability of the RBC requirements.


August 17, 2017 at 9:19 am 1 comment

TRID Changes Issued To Federal Register

Good morning! I just wanted to give everyone a quick head’s up that our good friends at the CFPB have officially issued in the Federal register, several highly technical changes to the TRID disclosure requirements. These changes take effect on October 10, 2017 with mandatory compliance by October 1, 2018.

When I went to the Mortgage Banker Association’s Legal and Compliance Conference earlier this year, there was hope that this round of TRID requirements would clarify some of the bigger issues still hanging out there. I don’t think this collection of highly technical changes is exactly what anyone was hoping for but if you provide mortgages should certainly take the time to understand  these amendments.

The changes cover a wide range of areas including, but not limited to, clarification of how to disclose home construction loans; the calculation of disclosure tolerances involving certain services provided by affiliates and a mandate for  TRID disclosures in co-op sales. Be sure to take an extra jolt of powerful java before delving into this one. That’s what I did.

New Board Members Not to Be Named for Several Months

The Credit Union Times reported yesterday that the Trump administration is unlikely to nominate replacements for NCUA’s Board any time soon. The term of board member Randy Metsger ended two weeks ago and the seat of departed former chairman Debbie Matz remains vacant.

August 16, 2017 at 9:30 am Leave a comment

Clarifying Board Expectations Is A Good Idea

A proposed guidance by the Federal Reserve on August 3, 2017 would narrow the scope of board responsibilities. It has gotten a lot of snarky reviews, with critics suggesting that it would result in the directors of the nation’s largest financial institutions having less responsibility instead of more. Critics argue that if the financial crisis taught us anything, it is that more board governance is needed, not less.

 This criticism misses the point. Not only is the Federal Reserve justified in clarifying the responsibilities of board members but, keeping in mind that the views expressed in this blog are mine and mine alone, NCUA should follow the Federal Reserve’s lead and provide greater clarity to boards detailing the proper division of labor between Boards of Directors and Senior Management.

 The Fed’s goal is to make sure that boards remain focused on five core responsibilities. These core responsibilities are to (1) Set clear, aligned and consistent direction; (2) Actively manage information flow and board discussions; (3) Hold senior management accountable; (4) Support the independence and stature of independent risk management and internal audit and (5) maintain a capable board composition and government structure.

 How would the focus on these five responsibilities impact board operations? The most controversial aspect of the Fed’s proposed guidance would indicate that the Federal Reserve expects to direct most Matters Requiring Immediate Attention and Matters Requiring Attention to senior management, not to the Board of Directors. Instead, matters would be directed only to the Board of Directors when the board needs to address corporate government’s responsibilities or when senior management has failed to take “appropriate remedial action.” Crucially, and this is the part that critics are not emphasizing enough, boards would still remain responsible for holding senior management responsible for addressing supervisory findings.

 Perhaps this model isn’t a perfect fit for the credit union industry but a clear explanation of board responsibilities is a discussion well worth having. Existing guidance doesn’t provide enough guidance to board members. And let’s face it, there are some boards that exercise too much power and some boards that exercise too little oversight. This is in no one’s interest.


August 14, 2017 at 8:43 am Leave a comment

Overdraft Overkill: The CFPB Gets Ready To Strike Again

Those tricky little devils at the CFPB are at it again. Last week they unveiled prototypes for updated disclosures informing consumers of the right to opt out of overdraft protections for ATM and debit transactions. These aren’t binding but proposed regulations probably aren’t far away.

This is a perfect example of a remedy in search of an illness. The only institution of which I am aware that really thinks the existing opt-out notices need to be updated is the CFPB which has been charged by Congress with investigating overdraft practices.

I’ve always been paranoid when it comes to the CFPB’s overdraft analysis. We have to allow for the possibility that the ultimate goal of the Bureau is to require the affirmative consent of consumers before extending any overdraft protections to them at all.

Call me paranoid but I don’t think these prototypes are much of an improvement over the existing forms in the appendix to Regulation E, unless your goal is to conflate ATM overdraft protection with more general overdraft protections.

The prototypes were released in conjunction with the Bureau’s annual analysis of overdraft activity. The report reveals what it always does, which is that a relatively small group of users disproportionately use overdraft services.

If you have faith in the aggregate commonsense of the American public, this demonstrates that some people choose to use overdrafts because they like to know that their mortgage is going to be paid or that they won’t be embarrassed when they go to pay at Starbucks. To others, this is another example of a predatory financial system taking advantage of a vulnerable population.  After all, if the average financial consumer was as smart as the people running the CFPB, they would never avail themselves of overdraft protections.




August 8, 2017 at 9:53 am Leave a comment

Industry Talks the Talk and Walks the Walk

The credit union industry’s long, national nightmare dealing with the fallout from the mortgage meltdown is not quite over, but, NCUA, by laying out its roadmap for a post-crisis framework and giving some money to credit unions in the process, has taken an important step in ongoing efforts to move beyond the crisis once and for all.

For those of you who haven’t seen the news yet, the agency announced several important steps yesterday. It announced that it would be shutting down the Temporary Corporate Credit Union Stabilization Fund which has been in existence since 2009. In addition, it wants to raise the Share Insurance Fund equity ratio to 1.39% of insured credit union assets from 1.30%. If all goes according to plan, credit unions will be getting some money back.
While it’s too early to comment on the specifics – which is a fancy way of saying I need to get a lot more comfortable with the proposal’s intricacies before I start blogging about them – I’ve said it before and I will say it again: the credit union industry writ large should be proud of how it has conducted itself over the last several years. It demonstrated that it not only talks-the-talk but walks-the-walk when it comes to the shared benefits and responsibilities that come with being part of a cooperative system.
• It repaid its debts without costing the American taxpayer a cent.
• All institutions contributed and sacrificed to get the job done.
• Credit unions working jointly with NCUA scaled back the size of the corporate system and limited its powers, doing more to address systemic risk than the banking industry, which created this mess in the first place.
• The agency’s aggressive and innovative use of the legal system to recover funds from some of these banks not only saved credit unions money but has provided a model that all regulators will use in the future to save taxpayer money.
That is a record to be proud of. Had the banking industry and its regulators conducted themselves with the same level of competency and accountability, the American public wouldn’t be quite as cynical as it is today.

July 21, 2017 at 9:12 am Leave a comment

CFPB Proposes More Exemptions From HMDA

Not all the news that came out of the CFPB last week made me want to pull the remaining strains of hair out of my head. Most importantly, the Bureau proposed to  raise the threshold for HMDA reporting of Home Equity Lines of Credit.   The increased threshold would be effective until 2020.

In its 2015 amendments to Regulation C implementing HMDA, the Bureau established two distinct reporting thresholds which take effect on January 1st. First HMDA reporting is required for  institutions that originated at  least 25 covered closed-end mortgages in each of the preceding two years. This is a shift away from basing reporting requirements on an institution’s asset size. Secondly,  Institutions which originated at least  100 open-end lines of credit in each of the two preceding years have  to report this data.  HELOC reporting used to be  optional.

As the Bureau explained last week in the preamble to its most recent proposal “Under this proposal, for calendar years 2018 and 2019, a financial institution that originates between 100 and 499 open-end lines of credit in either of the two preceding calendar years would not be required to collect, report, and disclose data on open-end lines of credit. Absent further amendments by the Bureau, beginning in calendar year 2020, such a financial institution would be required to do so.”

There are other exceptions as well so remember to take a look at the new 1003.3  to  see how it impacts your credit union.

While it’s always good to see a willingness to compromise this is the type of half step that typifies the Bureau’s approach to its mandate relief authority. Why is the Bureau requiring HELOC’s to be reported by credit unions and smaller community banks  in the first place?  After all HELOC’s did not have to be reported under HMDA until the Bureau changed the regulations in 2015.  The purpose of HMDA is to spot discriminatory  lending practices that keep qualified persons from getting a home on fair terms.  Do we really need to start developing an additional legal framework for open-ended lines of credit that are used to finance everything from a college tuition to a new roof for the house?

July 17, 2017 at 8:48 am 1 comment

Older Posts

Authored By:

Henry Meier, Esq., General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 446 other followers