Posts filed under ‘Regulatory’
The blog is going on its summer hiatus. I could say that I am using the upcoming week to help get the kids ready for school, but the truth is that with two fantasy football drafts to prepare for I need to take a break from analyzing credit union news and regulations to ponder really important questions like: Who will Green Bay’s primary receiver be this year? Are there any running backs worth drafting in the first round? And just how many weeks will Tom Brady miss?
But before I get started I wanted to remind you of NCUA’s proposed MBL amendments and why they are even more important than they appear to be.
In case you missed it, NCUA is proposing to give credit unions greater flexibility in making MBL loans. It is moving to what it describes as a principles-based approach under which the existing detailed mandates will be replaced with a requirement that credit unions actively engaged in making MBL loans, or that are over $200 million in assets, design and implement a broad range of policies and procedures addressing MBL lending. For example, the existing requirement that a credit union have at least one person with two years of experience underwriting its MBL loans would be replaced with a requirement that staff have experience directly related to the specific types of commercial lending in which the credit union is engaged. This is including, but not limited to, demonstrated experience in conducting commercial credit analysis and evaluating the risk of a borrowing relationship using a credit risk rating system.
Credit unions will be evaluated on the basis of “supervisory guidance to examiners, which would be shared with credit unions, to provide more extensive discussion of expectations in relation to the revised rule.” Which brings me to why this proposal is even more important than meets the eye: it will give both credit unions and the NCUA the opportunity to hash out once and for all the difference between supervisory guidance and regulations. Based on my reading of the case law-and keeping in mind this is my opinion- from a compliance standpoint there is no practical distinction between an agency’s interpretation of its regulation and a regulation itself.
For example, earlier this year the Supreme Court upheld the right of the DOL to issue an interpretation making mortgage originators nonexempt employees eligible for overtime. (Perez v. Mortgage Bankers Ass’n, 135 S. Ct. 1199, 1212, 191 L. Ed. 2d 186 (2015). The mortgage bankers argued that this “interpretation” was an amendment to a rule which could only be changed after notice and comment. The Supreme Court said that a regulation is only amended when language is changed. As Justice Scalia commented in a concurring opinion “[a]gencies may now use these rules not just to advise the public, but also to bind them. After all, if an interpretive rule gets deference, the people are bound to obey it on pain of sanction, no less surely than they are bound to obey substantive rules, which are accorded similar deference. Interpretive rules that command deference do have the force of law.”
Also remember that even when an agency interpretation is intended to give a credit union greater flexibility that same guidance gives examiners greater flexibility to determine if a credit union is acting properly.
Now don’t get me wrong. I’m not saying that NCUA isn’t genuinely interested in giving CUs greater flexibility. It is, and it deserves a tremendous pat on the back for its willingness to do so. But because the new MBL framework will only be as useful as NCUA’s guidance and examiner oversight, an ongoing dialogue with the agency is crucial. Everyone needs to be on the same page.
That’s why industry stakeholders, including the New York Credit Union Association, are urging NCUA to submit its MBL guidance to a formal notice and comment period. Doing so will help everyone understand just how much additional flexibility they have to make MBL loans. In addition, everyone has to understand that there will be bumps along the road. Adults have to be willing to sit around a table and talk out their differences.
On that note – see you next Tuesday as the blog marks its fourth anniversary.
If at First You Don’t Succeed. . .
Visa and Target announced a settlement intended to compensate card issuers for the high profile data breach of the Minnesota retailer that compromised an estimated 40 million debit and credit cards. The price tag is reportedly $67 million. The agreement comes months after issuers, including credit unions, scuttled a proposed $19 million settlement with MasterCard. NAFCU’s Carrie Hunt is quoted in the WSJ: “This settlement is a step in the right direction, but it still may not make credit unions whole.”
Stay tuned. This will be an interesting issue to keep an eye on in the coming weeks as the specific terms are analyzed.
Foreclosures in New York: Alive and Well
NY’s foreclosure problems are far from resolved, especially in NYC’s suburban communities according to State Comptroller Thomas Dinapoli, who has the numbers to back it up. Between 2006 and 2009, the number of new foreclosure filings jumped 78%. They leveled off in 2011, hitting a low of 16,655, but shot up again. Filings climbed to 46,696 by 2013 before edging back to 43,868 in 2014, still well above pre-recession levels, according to the report.
By the end of 2015, there were over 91,000 pending foreclosures with Long Island and the Mid-Hudson accounting for a disproportionate share. The four counties with the highest foreclosure rates are all located downstate: Suffolk (2.82 percent, or one in every 35 housing units), Nassau (2.47 percent, or one in every 40 housing units), Rockland (2.26 percent, or one in every 44 housing units), and Putnam (2.10 percent, or one in every 48 housing units). Counties in Western New York and the Finger Lakes regions, in contrast, tended to have lower pending foreclosure rates and decreasing caseloads.
The good news is that these numbers most likely represent a backlog of delinquencies rather than a further deterioration of economic conditions. The Comptroller reports that there are fewer foreclosures at the beginning of the process while activity at the end of the process (notices of sale, notification that the property has been scheduled for public auction) is accelerating.
The backlog of foreclosures reflects not only the aftershocks of the Great Recession but also the inevitable result of a foreclosure process that is hopelessly byzantine and invites delay. Maybe there will be a grand bargain in which state policymakers take steps to expedite foreclosures in return for lenders having to comply with one of the nation’s most onerous and lengthy foreclosure processes. In the meantime, I’m curious if the trends persisting in New York began to spread nationally thanks to the adoption of New York style regulations on the national level. Here is a link to the report.
Time Extended for Two-Cents on Online Lenders
You have more time to sound off about the extent to which online marketplace lenders should be regulated if you are so inclined. The Treasury has extended until September 30th the deadline for responding to its Request for Information on the proper regulation of online lenders. The RFI asks a series of questions related to companies operating in three general categories of online lending: (1) balance sheet lenders that retain credit risk in their own portfolios and are typically funded by venture capital, hedge fund, or family office investments; (2) online platforms (formerly known as “peer-to-peer”) that, through the sale of securities such as member-dependent notes, obtain the financing to enable third parties to fund borrowers; and (3) bank-affiliated online lenders that are funded by a commercial bank, often a regional or community bank, originate loans and directly assume the credit risk.
Are these flash-in-the-pan industries that will fold with the next economic downturn or innovative disruptors of the banking model? If they are the later they may hit credit unions particularly hard. According to the Treasury, small businesses are already more likely than their larger peers to go online for their products and services. Online lending may provide them with a means to quickly access the cash that traditional lenders are reluctant to provide them during economic downturns.
That is the question that a tool released by the FFIEC, an organization of federal bank regulators including the NCUA, released late in June. It is currently available on NCUA’s website. I would strongly suggest your credit union go through the process for assessing its credit risk outlined by the FFIEC. When it comes to protecting against hackers, the areas the regulators want examined are areas you either have already examined or better start examining.
The FFIEC defines Cybersecurity as the process of protecting consumer and bank information by preventing, detecting, and responding to attacks. What the FFIEC is attempting to do with this assessment tool is prod institutions of all sizes into adopting a standardized approach to periodically reviewing the likelihood that they will be attacked and consider whether they have the appropriate level of resources to deter and defend against such an attack. It’s similar to what credit unions are already expected to do as part of assessing their BSA risks and the Red Flags of Identity Theft, only this assessment is intended to zero in specifically on Cybersecurity. The key is not only doing the assessment but making sure it is periodically reviewed. After all, cyber threats evolve almost as quickly as Donald Trump can find a new group of people to insult and your credit union is dealing with more and more technology.
How do you ascertain your credit union’s Inherent Risk Profile? By reviewing and ranking your credit union’s technologies and connection types (e.g. the number of Internet Service providers and third party connections); delivery channels (e.g. do you provide person to person transfers or do all cash transactions have to be facilitated by a teller?); its mobile and online products and services; organizational characteristics (e.g. how many direct employees and third party providers can access your IT system); and its external threats (e.g. the number of attempted and successful cyber-attacks). You then give each one of these categories a risk level ranging from lowest to highest risk faced by your credit union.
Once you create the risk profile, you assess your credit union’s “maturity” or sophistication in five areas of Cybersecurity. These areas are 1) Cyber Risk Management and Oversight; 2) Threat Intelligence and Collaboration; 3) Cybersecurity Controls; 4) External Dependency Management; and 5) Domain Cyber and Incident Management and Resilience.
According to the FFIEC, it is not concerned with an overall aggregate score. What it wants financial institutions to do is assess whether they are properly aligning their resources. For example, a credit union that is large enough to house its own technology doesn’t need as sophisticated a system for overseeing its “external dependency management” as does a credit union that outsources all its technology. In contrast, a credit union that oversees its own hardware needs a dedicated staff of IT professionals.
If you think your credit union is too small to worry about conducting this assessment, you are out of luck. The tool is intended for use by both big and small credit unions, a point underscored by NCUA’s Office of Small Credit Unions when it hosted a webinar on the basics of Cybersecurity that provided a preview of the tool and how credit unions could use it to strengthen their Cybersecurity.
Using this tool makes sense. An online survey conducted by NCUA as part of the Cybersecurity webinar revealed that only 52% of the participating credit unions had a cyber-security policy. It’s time to put one in place and this assessment can help. If your credit union already has a Cybersecurity protocol than answering the questions being posed by the regulators should not be that difficult.
In her recent appearance before Congress, Chairman Matz was asked which regulations she gets the most complaints about from credit unions. Her answer was the Bank Secrecy Act.
I think there are two reasons for this. First, most people have better things to do with their time than memorize the regulatory alphabet. So when they are asked by a regulator what regulations most harm their credit union, the one everyone seems to remember is the BSA acronym. A second, more substantial reason, is that smaller credit unions don’t see the value in imposing the same regulatory framework on their smaller operations as are imposed on the largest banks and credit unions.
The second point has a certain facial appeal, but the reality is that technology has blurred the line between big and small financial institutions. When it comes to BSA, there really are no small credit unions. Those of you who think I am overstating the case should pay attention to a case brought by the U.S. Attorney for the Southern District of New York. It demonstrates why small financial institutions are becoming increasingly attractive and vulnerable targets to tech savvy criminals seeking a place to hide their criminal activity. Plus, it actually reads like a pretty good movie script.
In 2013, bank accounts were opened in the name of the Collectables Club. It claimed to be a members-only association of collectable and trading enthusiasts dedicated to discussing collectible items such as cars, coins and stamps. A small fee was charged to everyone who wanted to join. In fact, the Collectables Club was a front for an illegal Bitcoin exchange called Coin.Mix, which facilitated the exchange of money for Bitcoins. This was illegal both because it was operating as an unlicensed Bitcoin exchange and because its operators knew that the exchange was being used to launder criminal proceeds. For example, one customer who wanted to transfer $100,000 into the account was told to stop the transfer and instead wire most of the money to an account in Bulgaria. An email quoted by the complaint explained that “we hope you understand the concerns. If the US wasn’t so damned screwed up about this stuff, we wouldn’t have to deal with this.”
Remember that the Bitcoin is particularly attractive to criminals because it is almost impossible to trace. Electronic “coins” are transferred computer to computer over the Internet. According to the complaint, thousands of incoming deposits in varying amounts used these accounts to make payments in Bitcoins.
Business was apparently going well. In late 2014, the creators of the illegal exchange took control of a 107 member credit union in New Jersey with no full time employees in order to process ACH transactions. The complaint’s not clear as to how this control was achieved, but the Bitcoin operators took control of the board. When the NCUA learned that this low-income credit union was suddenly engaged in a high volume of ACH processing, specifically $30 million in transfers a month, it became suspicious and stopped the credit union from continuing to offer these services. It also required the credit union to remove the new board members.
A couple of quick points. Press reports have highlighted the fact that the exchange controlled a credit union. The facts, however, demonstrate that the criminals were able to utilize both a traditional bank account and a credit union to facilitate its illegal activity. Secondly, the system worked. NCUA recognized the red flags and took actions to shut down the operation. Thirdly, some credit unions have turned to money service businesses as an attractive source of income. When they do so, they must understand that they take on heightened due diligence responsibilities. When one credit union is used for money laundering, the reputation of the entire industry can suffer. Finally, there is no such thing as a small credit union when it comes to money laundering. It is now easier for criminals to plug into the financial system using a credit union in New Jersey or a bank account in Florida as it is to open a bank account in mid-town Manhattan.
A recent GAO report points out that a “key challenge” of the Dodd-Frank Act mortgage regulations is to balance the goals of increasing borrower protections while not decreasing access to credit. How are regulators doing so far?
A report released by the Commerce Department yesterday demonstrates just how much homeownership rates have tumbled over the last decade. The national home ownership rate stood at 64.4 in the fourth quarter of 1992 and reached its zenith of 68.4% in the first quarter of 2007. According to the numbers released yesterday, the homeownership rate now stands at 63.4%. The decline is even more dramatic for minorities. In the third quarter of 2006, the homeownership rate for African-Americans was 48% and 49.7% for Hispanics. Today those rates stand at 43% for African= Americans and 45.4% for Hispanics.
Do these declines reflect inevitable retrenchment following a housing bubble, as I would suggest, bad public policy, or racial bias in lending? This is going to be the most important and hotly debated public policy question over the next decade (surpassed in importance to the American public only by whether or not Tom Brady received a just punishment for his deflated balls?). How it is answered will impact your credit unions’ operations for years to come.
For example, with the Supreme Court upholding the use of disparate impact analysis, I guarantee you that judges will one day have to decide if the CFPB’s QM rules have a disparate impact on minorities. Given how aggressively the CFPB is utilizing disparate impact analysis, it’s even possible that the CFPB may one day make mortgage amendments based on its own findings about the impact QM rules are having on homeownership for minorities.
Let’s say you believe that all borrowers are being victimized by bad policy, irrespective of race. Is the key to increase legal protections provided to lenders so that the cost of lengthy loss mitigation regimes and foreclosures don’t get backed into home purchase prices? Maybe we need a more vibrant secondary market? If so, should we scrap Fannie and Freddie and have a single entity bundle mortgage loans or should the government get out of the secondary market all together?
All of these are legitimate questions and, even in Washington, facts matter. Fortunately, we are in the beginning of the QM experiment and policymakers can develop statistical models to help answer them.
This is why the GAO report released the other day should serve as a wakeup call to industry stakeholders, Congressmen and regulators regardless of what side you take in the housing debate. The GAO concluded that it is still too soon to determine what impact Dodd-Frank was having on the housing market but that regulators, including the CFPB, still have not adequately prepared for effective “retrospective reviews” of Dodd-Frank’s impact. It recommends that all the relevant federal agencies, including the CFPB, finalize plans to conduct such reviews.
To me this seems like a commonsense suggestion.
As for that other burning issue of the day, I too am outraged by the NFL’s decision to uphold its four-game ban against Tom Brady for his role in deflating footballs used in a playoff game against the Colts last season. There’s something distinctly un-American when multi-millionaires can’t break rules with impunity and destroy incriminating evidence. If the NFL’s approach to law enforcement was implemented in the banking world, where would investment banking be today?
On Thursday, the NCUA finalized regulations eliminating the 5% aggregate limit on fixed assets for federal credit unions. It also established a single time period of six years from the date of a property’s purchase for an FCU to at least partially occupy the premises. These changes would have been important enough on their own, but there is even more going on here than meets the eye.
When NCUA first proposed doing away with its fixed asset rules for FCUs, it proposed replacing them with a requirement that credit unions implement a fixed asset management program (FAM). Commenters , including the Association, welcomed NCUA’s willingness to do away with the nettlesome fixed asset cap but expressed concern that the FAM requirement would end up being almost as burdensome to credit unions as the existing regulation.
In an example of the impact that comment letters can have, particularly when a three-member board is divided, NCUA eventually agreed to not only do away with the fixed asset cap but to eliminate the FAM requirement. This might sound like incredibly dry stuff, but it is yet another indication that NCUA is fundamentally re-examining its regulatory approach away from prescription towards greater flexibility in complying with safety and soundness mandates. The preamble states that the amendments reflect the Board’s recognition that it should give credit unions relief from a prescriptive limit on fixed assets but it stressed that investments in fixed assets “are, and will continue to be, subject to supervisory review.”
NCUA will attempt to achieve a balance between oversight and flexibility by issuing more guidance. Are we simply replacing one set of prescriptive rules with another that gives examiners more flexibility to decide what constitutes safety and soundness? This is the part of the preamble that I find so important. .
In response to these concerns, NCUA explains that the purpose of supervisory guidance and other interpretive rules is to advise the public of the Agency’s construction of statutes and rules that it administers” It further explains that “supervisory guidance regarding FCU ownership of fixed assets is not intended to supplant FCU’s business decisions or to impose rigid and prescriptive requirements on FCUs on the management of their investment in fixed assets.”
The rationale in the preamble is similar to NCUA’s rationale for radically altering the MBL regulations. It may take some getting used to for those of you who have grown used to complying with very specific mandates. As for those of you who are looking forward to increased flexibility, be prepared for thorough discussions with your examiner explaining why an approach taken by your credit union satisfies safety and soundness concerns.
It is an experiment well worth trying. Its success will depend not only on examiners but on the willingness and ability of credit unions to create individualized compliance programs Here is the final regulation.
NY’s Criminal Exacta
With Saratoga opening this past Friday maybe it’s only fitting that federal prosecutors secured an exacta last week First, Deputy Senate Majority Leader Tom Libous of Binghamton was convicted of lying to federal investigators about his efforts to obtain work for his son from lobbying firms. On Friday, State Senator John Sampson of Brooklyn, who once held the position of the Senate’s top Democrat, was convicted of Obstruction of justice charges. Both Senators automatically lose their seats.
With Republicans holding a one seat majority in the State Senate-Not including the Independent Democratic Conference- and the Governor apparently committed to pushing hard for democrats to win the Libous seat when a special election is called, the political class is looking forward to the first major election since John Flanagan was named Majority leader following the indictment of Dean Skelos on corruption charges earlier this year. Cuomo was quick to praise Barbara Fiala, the former Department of Motor Vehicles commissioner who has announced that she will be seeking the Democrat nomination.