Comments are due today on proposed regulations implementing one of the most important provisions of the Biggert-Waters Act. This is an example of a regulation that may be a wolf in sheep’s clothing.
Here is why. The federal law is designed to spur the growth of a truly competitive flood insurance market by allowing insurance companies to sell their own flood insurance directly to the consumer. Since 1993, insurance companies have been allowed to effectively act as agents for the program by selling National Flood Insurance Program policies. Federal law now mandates that lenders must accept private flood insurance so long as the insurance meets NFIP standards. The question is who is going to be responsible for making the determination that policies meet the necessary requirements? And who is going to be on the hook in the event that such policies do not? Which brings us to the regulations that are currently being considered.
The final mandate should include a “Safe Harbor” lobbied for by the industry. Under this approach, insurance companies would certify to lenders that their policies meet federal requirements and insurance companies would be on the only ones on the hook when an irate member calls after experiencing a natural disaster and finds out that their coverage is inadequate.
Regulators are squeamish about this approach; instead, they want to provide lenders a “compliance aid.” The regulations would give credit unions the option of mandating that a private flood insurance policy includes a written summary that demonstrates how the policy meets NFIP’s requirements by identifying the relevant provisions. They could also mandate the inclusion of a “provision or endorsement” that the policy meets the definition of flood insurance. Unfortunately the regulations also require that credit unions verify in writing that the identified provisions satisfy the definition of flood insurance. This qualifier, if it remains, in the regulation, means that your credit union will have to have the expertise to independently verify that a policy meets the National Flood Insurance criteria.
In other words, in order to expand the use of truly private flood insurance regulators are proposing that lenders be placed in a Heads I win Tells you Lose situation: They will face heavy fines for refusing to accept valid flood insurance and face the possibility of lawsuits in the event that they accept flood insurance which ultimately doesn’t meet the criteria as mandated by the NFIP.
In fairness to the regulators, NFIP insurance is a very unique animal. Almost all insurance is regulated on a state-by-state basis. In contrast the NFIP has always been administered by the federal government. But this very unique aspect of the program doesn’t explain why regulators aren’t willing to give lenders a complete Safe Harbor to the extent that they rely in good faith on insurance companies’ representations. After all, insurance companies and the federal government are the experts when it comes to this insurance, not lenders.
The effort to legalize marijuana on the federal level received a high level push in December when Massachusetts Senator Elizabeth Warren joined a group of senators in a letter to FinCEN. Her celebrity status has triggered another round of media coverage; After all, she is already being mentioned as a potential nominee for president with the next election only four years away and she likes to tweet which is a core prerequisite for the office.
By joining the most recent letter writing campaign she has once again put the spotlight on the Alice in Wonderland world of legalized pot. It makes perfect sense for the senator to join the push for legalizing cannabis. In November, Massachusetts voters approved a referendum to legalize marijuana for recreational purposes. There are now 29 states, including New York, which legalize the possession of marijuana to some extent.
What drives me nuts is that Warren and her fellow senators once again chose to badger FinCEN to approve additional guidance clarifying that banks and credit unions can provide banking services to pot businesses in states in which they are legal. To be clear, I believe that the federal government should legalize the sale and distribution of marijuana in those states where it is legal. I also believe that banks and credit unions should be able to provide services to these legitimate businesses. The senators correctly point out that even though FinCEN issued a 2014 guidance detailing the conditions under which it would allow them to do so fewer than three percent of the nation’s banks and credit unions are willing to serve this industry.
However at the risk of being accused of banging my head against the wall, the way to get this accomplished is not to require more guidance from FinCEN. Federal law and regulation makes pot illegal and there is nothing that FinCEN can do to change that. it is not the DEA. Furthermore even if FinCEN could entice banks and credit unions to more actively engage in servicing this industry the reality is that the continued legal cloud over the industry raises a host of issues, over which FinCEN has no control,. These issues range from the enforceability of contracts to the legality of bankruptcy cases involving marijuana businesses.
It is time for all interested parties to confront the real issues once and for all.
I am asking this question because of an article in the WSJ last week. The article highlighted the ease with which accounts overseen by lawyers can be used to facilitate money laundering activities. Keeping in mind that credit unions can now offer Interest on Lawyer Trust Accounts (IOLTA), this is one area of compliance that could impact your credit union in the future.
First, a refresher: Lawyers often take funds from clients for short-term purposes. Refundable retainers and money for real estate closings are two good examples. IOLTAs permit lawyers to place these funds in single trust accounts. As many of you probably know, it wasn’t until 2014 that credit unions were given the same rights as banks to establish these and other similar type of accounts.
In December, the Financial Action Task Force (FATF), an independent international body tasked with assessing international efforts to combat Money Laundering, concluded that the U.S. has to do more to clamp down on supervision of funds by lawyers, accountants and real estate agents. They complained that these professions are not subject to comprehensive AML requirements and are not systematically performing due diligence over account activities. The result is that they pose a “very significant risk” of money laundering.
The FATF has a point. Under the FFIEC’s Anti-Money Laundering Examination Manual, my bible for all things BSA, financial institutions are required to do due diligence on attorneys seeking to open an IOLTA account. But since credit unions often have no direct relationship with the clients whose funds are being combined in these accounts, it is the lawyer and not the financial institution that is best positioned to prevent money laundering. The legal profession has however steadfastly resisted attempts to impose AML requirements on attorneys administering IOLTA accounts. After all, there are legitimate confidentiality issues.
How big of a loophole is this? Think of it this way. While your credit union may be facilitating the business activities of a small law firm, major law firms that are international in scope can oversee billions of dollars.
This loophole has existed for decades and it’s possible that the scrutiny it is currently receiving may not result in additional mandates. But if it does, BSA requirements tend to flow downhill. I wouldn’t be surprised to see regulations inspired by the questionable conduct of large institutional players resulting in mandates with which even the smallest credit unions must comply.
On December 28th, New York’s Department of Financial Services reissued its proposed Cybersecurity Program Requirements which are to be phased in starting in March.
Although the amendments are designed to clarify that entities covered by these regulations (a category that would include state chartered credit unions and CUSOS incorporated pursuant to State Law) can develop policies that reflect individual risk assessments, it remains to be seen whether these changes will go far enough to assuage the concerns of insurance companies, banks and credit unions that will have to comply with these “First in the Nation “requirements. Remember these regulations only apply to state chartered institutions, but may very well provide a template for other states across the nation.
First the good news. The exemption from these regulations (proposed section 500.19) has been expanded; it now includes an organization with fewer than 10 employees or less than $ 5,000,000 in gross revenue in the last three years. The previous exemption only applied to entities with fewer than 1,000 customers in each of the last three calendar years.
The proposed regulation has also been amended to clarify that an organization’s policies and programs are to be based on its risk assessment. While this helps, the Department refused to clarify the extent to which compliance with federal standards can satisfy these regulations.
The amendments also clarify that a covered entity can satisfy these regulations by using an affiliate’s cybersecurity program. In other words, a state charter with a CUSO can use a single program so long as it applies to both entities.
A huge issue, particularly for larger institutions, is the state’s proposals requiring institutions to encrypt nonpublic information that is not being transmitted. I have conversed with a couple of techies about this. They argue that when information is being stored on a secured system it shouldn’t be subjected to the same encryption requirements as data being transmitted. Show revised section 500.15 to your IT people and see if the proposed changes go far enough to address these concerns. Yours truly is by no means an IT expert, nor does he play one on TV.
There is still plenty in here to make institutions moan. For example, covered entities will still have to have to undergo cybersecurity training.
Happy New Year!
Yours truly is going on vacation starting tomorrow. I’m preparing for my feats of strength. so I wanted to give you a list of things to ponder in the event you need a break from all the merriment.
Your lucky number is… With a big assist from the inimitable Joan Lannon in our compliance department, I can now tell you that tucked away on the New York DFS website is the total number of residential real property mortgages originated in New York in 2015. The number is 212,646. As readers of this blog know, under the zombie property regulations, credit unions will use this number to find out whether they originated or serviced less than 3/10 of 1% of the total loans in the state during the calendar year of 2015. (This equates to 636 mortgages, but please do the calculations for your credit union). If your credit union did less than 636 in 2015, you are exempt from the property maintenance requirements of the regulation. You are not exempt from the obligation to report abandoned property to the state.
Are you ready for global warming? One of the goals of the Biggert-Waters Act was to introduce more private sector involvement into the federal flood insurance system. Comments are due on January 6 on a joint agency proposal which explains when “private flood insurance,’’ will satisfy federal flood insurance requirements. Since it is the lender who will be responsible for deciding if the borrower’s insurance is adequate, this is one to take a look at.
Cyber Security Regulations: A work in progress? Speaking of regulations, New York’s Department of Financial Services is still considering how best to implement its “first in the nation” cybersecurity regulations. Even if you are not from New York or you are a federal charter these are important to you. They will provide a template for other states that decide they can’t wait for the federal government to get its act together on this issue. We may seem some changes proposed, perhaps as early as next week.
UPDATE A friend, neighbor and blog reader just passed along this article indicating that the implementation of the regulation will be delayed.
How much is a pay raise worth? The last time the Legislature got a pay raise Governor Pataki got the legislature to approve charter schools. Everybody wants a pay raise before the end of the 2015-16 legislative Session. So with a week left in the year there is plenty of speculation about what, if anything, will be agreed to that would get legislators back in town next week. Stay tuned.
Eight is enough: Yesterday, both the Association and CUNA filed briefs with the U.S. Supreme Court in the Expressions Hair Design case. The case involves an appeal of a ruling by the Court of Appeals for the Second Circuit upholding Section 518 of the General Business Law. This law makes it illegal for merchants to charge more than the headline price for credit card purchases. Arguments are scheduled for January 10th.
Mama mia! Although some of us apparently believe in the fantasy of Fortress America, reality has a nasty way of intruding. International events impact your credit union’s bottom line. One of the biggest potential obstacles to growth in 2017 could be the Italian banking system, in particular, and the European banking industry, in general. Just a few hours ago the Italian Government approved a bailout of its oldest bank. In a worse-case scenario, Italy’s banking problems spread over Europe as politicians, spooked by the rise of nationalist parties, are unable to agree on a continent-wide response.
I will be back next year with my batteries recharged and one of the most fascinating periods of American history about to start. Until then, I’m signing off. Happy holidays and thanks for reading.
Tomorrow, NY’s abandoned property regulations take effect. This blog is intended as a guide to help you understand your credit union’s obligations. It is not intended as a substitute for reading the regulation.
3 NYCRR 422 has two components that are of major concern to you if your credit union does mortgages. First, there is the requirement to maintain abandoned property upon which you hold a mortgage lien even if you have not yet foreclosed on it. As finalized , the vast majority of credit unions will be exempt from the maintenance requirements BUT
Your credit union must apply for the exemption based on numbers provided by the state. The state will tell everyone the total number of residential real property mortgages originated in the State during 2014. Take a look at the exact formula, but the basic idea is you will divide that number by the number of mortgages issued in the state by your credit union during that calendar year. Only credit unions and banks that originated serviced and\or maintained or serviced more than three-tenths of one percent of the mortgages originated in the state must comply with the maintenance requirements. It is up to your credit union to submit a form-to be provided by DFS-explaining why your credit union is exempt. The final regulations pushed back the deadline until Feb 28 which is a good thing because the exemption numbers haven’t been released yet.
There is a second mandate that applies to all credit unions. The new 3 NYCRR 422.4 requires that, effective tomorrow, Within twenty-one business days of when a mortgagee or mortgage loan servicer of a property learns, or should have learned, that a property is vacant and abandoned, the mortgagee or mortgage loan servicer shall submit information including the location of abandoned property to the DFS. The information will be used to update the State’s abandoned property registry. No one is exempt from this reporting requirement BUT only credit unions and banks that have to maintain abandoned property must provide a quarterly report to the DFS.
If you are not exempt from the maintenance requirements than get ready to report to DFS on a quarterly basis the number of loans you hold that are 90 days or more delinquent and the steps you have taken to identify the property as vacant or abandoned. Hopefully the state will provide a little more guidance and clarify that institutions only have to report on houses that are or could be abandoned as opposed to report on all loans that are ninety days delinquent . The two are not synonymous.
On that note enjoy your day.
Good Morning from the great Northeast where the only things lower than the temperature are Chris Christie’s poll numbers. Suffice it to say that this is one of those day that makes those of us who don’t ski or skate wonder why the heck we live here.
I can feel my fingers now so it’s on with the blog.
Yesterday FinCen imposed a $500,000 fine against Bethex Federal Credit Union for “significant violations of anti-money laundering (AML) regulations.” This is an understatement.
The fine is a reminder of the dangers of working with Money Service Businesses. Mishandled programs pose real risks. After all, Bethex no longer exists.
Bethex was a low-income credit union in NYC that did some really great work in the community. Starting in 2011, however, it began servicing MSBs. (Businesses such as check cashers and money transmitters). By 2012 it had established relationships with over 70 money transmitters and check cashing companies. Its transaction volume increased from $657 million in 2010, all of which were domestic, to over $4 billion in domestic and international transactions processed in 2012.
Of course, credit unions can and do service these businesses provided they are within their fields of membership. But, as NCUA has correctly warned, these relationships pose heightened compliance risks of which credit unions have to be aware and account for.
Remember that MSB’s are transferring cash funds for customers who may not have any relationship to your field of membership For example, according to FINCen many of the MSBs the credit union worked with were located in high-risk jurisdictions outside New York and engaged in high-risk activity, including wiring millions of dollars per month to foreign jurisdictions at risk for money laundering.
It’s incumbent on credit unions that service these businesses to have adequate oversight in place to make sure that MSBs are performing customer due diligence before transferring large amounts of cash. Bethex farmed out oversight to third-party vendors and failed to improve its BSA program despite being repeatedly put on notice by NCUA to do so. The result was that the credit union grew fast but it participated in money transfers to over thirty countries without basic BSA controls.
Don’t be surprised to see your examiners taking a hard look at vendor relationships in general and any MSB relationships in particular. Just make sure that you can show you understand how to construct and implement a BSA compliance program that is adequate to account for the risks to which the your credit union is exposed. Remember, too, that third-party vendors don’t relieve you of the ultimate responsibility to know what you are doing.
I know all of this is much easier said than done. The bottom line for me is that is that not all credit unions or banks for that matter should be working with MSB’s. I know the transaction growth can be tempting but at the end of the day a mishandled MSB relationship just isn’t worth it.