Dodd-Frank Act Provides Changes to FDIC Insurance Coverage; TAG Program to Terminate 12/31/2010
Primer on Financial Privacy Issues
Compliance with Risk-Based Pricing Final Rule Mandatory January 1, 2011
National Flood Insurance Program Extended through September 30, 2011
Compliance Dates Roundup
Dodd-Frank Act Provides Changes to FDIC Insurance Coverage; TAG Program to Terminate 12/31/2010
There are three recent changes to FDIC insurance coverage that your bank should be aware of. First, one important provision of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the “Dodd-Frank Act”) is that it makes permanent the $250,000 per customer insurance coverage, which was previously set to expire on December 31, 2013. Second, Dodd-Frank provides temporary unlimited FDIC insurance coverage for noninterest-bearing transaction accounts for ALL banks effective December 31, 2010 through December 31, 2012. Third, in light of the temporary unlimited insurance offered by Dodd-Frank, the FDIC recently announced that it WILL NOT further extend the Transaction Account Guaranty (“TAG”) Program beyond its current expiration date of December 31, 2010. Despite the fact that Dodd-Frank will continue unlimited insurance coverage in certain instances, the insurance coverage provided under Dodd-Frank is not identical to the coverage provided under the TAG Program. Banks that are currently enrolled in and depend on the TAG Program should review these differences carefully.
Permanent Increase to $250,000
The Dodd-Frank Act was signed into law on July 22, 2010. Effective immediately, Section 335 of the Dodd-Frank provided a permanent increase in the standard maximum deposit insurance amount (SMDIA) from $100,000 to $250,000. The FDIC adopted a new final rule on August 12, 2010 to conform to this change in the law. Among the changes provided in the final rule are:
· It revises the FDIC’s deposit insurance regulations (found at 12 C.F.R. Part 300) to define the SMDIA as $250,000 and removes provisions that would have returned the SMDIA back to $100,000 on December 31, 2013.
· It revises the FDIC’s official sign for advertising deposit insurance coverage to reflect the permanent SMDIA. The change to the official sign is effective immediately.
· To ensure depositors are accurately informed of the permanent SMDIA change, banks should promptly obtain the new official signs and display them without delay. Signage must be changed out no later than January 3, 2011. Banks may order FDIC official signage at https://vcart.velocitypayment.com/fdic/. There is no charge for decals and counter signs provided by the FDIC.
· The FDIC’s deposit insurance coverage materials posted on its website have been update to reflect the permanent SMDIA of $250,000.
Temporary Unlimited FDIC Guaranty for Noninterest-Bearing Transaction Accounts
Section 343 of the Dodd-Frank Act amends the Federal Deposit Insurance Act to include noninterest-bearing transaction accounts as a new temporary deposit insurance category. All funds held in noninterest-bearing transaction accounts will be fully insured, without limit, from December 31, 2010, through December 31, 2012. Importantly, this temporary unlimited coverage is separate from, and in addition to, the SMDIA. Thus, any amounts held in a noninterest-bearing account will not count toward the $250,000 FDIC insurance limit held in interest-bearing accounts at the same institution. On September 27, 2010, the FDIC issued Financial Institution Letter 59-2010 (“FIL-59-2010”). This Letter both (i) announces a new proposed rule to implement Section 343 of the Dodd-Frank Act; and (ii) announces that the Transaction Account Guarantee (“TAG”) Program will not be extended beyond its current scheduled expiration date of December 31, 2010.
Once finalized, the proposed rule announced in FIL-59-2010 will revise the FDIC’s deposit insurance regulations to comply with Section 343 of the Dodd-Frank Act. The proposed rule follows the definition of a noninterest-bearing transaction account in the Dodd-Frank Act, which (unlike the TAG Program) does not include any interest-bearing accounts. The Dodd-Frank Act definition of noninterest-bearing transaction accounts includes only traditional, noninterest-bearing demand deposit (checking) accounts that allow for an unlimited number of deposits and withdrawals at any time. It includes accounts held by a business, individual or any other type of depositor. Importantly, the proposed rule expressly provides that low-interest NOW accounts and IOLTAs are not covered under the Dodd-Frank definition of noninterest-bearing transaction accounts and, thus, do not qualify for temporary unlimited coverage.
The proposed rule imposes three notice and disclosure requirements to ensure that insured depository institutions and depositors are aware of and understand what types of accounts will be covered by this temporary coverage. First, insured depository institutions must post a prescribed notice in their main office, each branch and on their Website (if applicable). Second, insured depository institutions currently participating in the TAG Program must notify NOW account and IOLTA depositors (who are currently protected under the TAG Program) that beginning January 1, 2011, their NOW accounts and IOLTAs will no longer be eligible for unlimited protection. Third, insured depository institutions must notify customers of any action they take to affect the deposit insurance coverage of funds held in noninterest-bearing transaction accounts. This notice requirement is intended primarily to apply when banks begin paying interest on demand deposit accounts when allowed under Section 627 of the Dodd-Frank Act (beginning July 22, 2011). This would also apply effective December 31, 2010 to “sweep accounts”, i.e., when funds are automatically transferred or swept from a noninterest-bearing account to another account that pays interest.
Unlike coverage under the TAG Program, coverage by the temporary unlimited insurance provisions of the Dodd-Frank Act cannot be opted into (or out of). All insured depository institutions will be covered by this temporary deposit coverage. Also, unlike the TAG Program, there will not be a separate assessment for the temporary insurance coverage provided by the Dodd-Frank Act. Thus, the FDIC will take into account the cost for this additional insurance coverage in determining the amount of the general assessment the FDIC charges depository institutions under its risk-based assessment system.
The proposed rule can be found at http://www.fdic.gov/news/board/10Sept27no8.pdf. Comments on the proposed rule must be submitted by October 15, 2010.
Termination of the TAG Program Effective December 31, 2010
As stated above, FIL-59-2010 also announces that the FDIC will not extend the TAG Program beyond its currently scheduled expiration date of December 31, 2010. Although the insurance coverage provided by the TAG Program and the Dodd-Frank Act are similar, as noted in the discussion above, they are not identical. Whereas the TAG Program defined “noninterest-bearing accounts” to include NOW accounts that bear interest at an annual rate of .50% or less (this amount was later further reduced to .25%), after December 31, 2010, “noninterest-bearing” will be quite literal.
One unfortunate consequence of the TAG Program has been that private excess deposit insurance has been largely forced out of the market. One area where this has a significant impact is for public deposits in Oklahoma. Oklahoma statutes dictate that public deposits must either be fully insured by the FDIC or fully collateralized by the bank. The TAG Program has provided a stop-gap for some banks handling public deposits by allowing them to pay a nominal amount of interest while providing full FDIC insurance protection. Banks who handle public deposits will need to carefully consider how to handle these deposits after December 31.
Primer on Financial Privacy Issues
When bankers speak in terms of financial privacy issues, we are generally referring to statutory provisions, both state and federal, that prohibit the dissemination of private account information to government actors. These statutory provisions will be principle focus of this article. However, in addition to statutory provisions, banks must continue to be cognizant of your customers’ expectations of privacy when it comes to their financial records. As a general rule, if you are not required to share a customer’s financial information, you should not.
There are two financial privacy laws that principally affect Oklahoma banks: 1) the Oklahoma Financial Privacy Act (“OFPA”) [6 Okla. Stat. §§ 2201, et seq.], and 2) the Federal Right to Financial Privacy Act (“FRFPA”) [12 U.S.C. § 3401, et seq.]. Knowing when to apply which statute is the first step. There are important differences in the application of these Acts. However, in both cases these acts prohibit (or allow) the dissemination to of private financial information to GOVERNMENT actors, as explained below.
The determining factor for whether the OFPA or the FRFPA applies is what government entity is requesting a customer’s financial information. The OFPA governs distribution of information to any division of Oklahoma state government (including a subpoena from an Oklahoma state court). The FRFPA applies to requests for information from the federal government (including subpoenas from federal courts). In most instances, these issues arise in relation to subpoenas from either a state or federal court.
Oklahoma Financial Privacy Act
The stated purpose of the Oklahoma Financial Privacy Act is “to maintain the privacy and confidentiality of the records of customers of financial institutions.” Like all statutory enactments, it is important to understand the definitions of terms used in the statutory language.
Important Definitions:
“Financial institution” includes any bank, savings bank, savings association or credit union. See Section 2202(a).
“Financial Record” is defined very broadly as “any record held by a financial institution, or any information derived therefrom, pertaining to a customer’s relationship with the financial institution.” See Section 2202(b). Read broadly, this definition would include the fact that the customer for whom information is sought is in fact a customer of the bank.
“Government authority” is defined as “any agency, board, commission or department of the State of Oklahoma, or any officer, employee representative, or agent thereof.” Obviously, this definition includes state agencies, such as requests from the Oklahoma State Bureau of Investigations. Not so obviously, this definition includes requests for information from Oklahoma courts. In this regard, the most frequently encountered application of government authority is subpoenas issued by private litigants in actions pending before Oklahoma courts. To understand this, it must be understood that when a litigant’s attorney issues a subpoena, he is doing so as an officer of the court, with authority granted by Oklahoma statutes (usually, the Oklahoma Civil Procedure Code). So, even in private litigation between two non-government parties, when a subpoena is issued by one of the attorneys, it is done by a government authority for purposes of the OFPA. This point was made in an Oklahoma Supreme Court decision, Alva State Bank and Trust Co. v. Dayton, 755 P.2d 635 (Okla. 1988).
The central requirement of the OFPA is found at 6 Okla. Stat. § 2203, which provides:
A financial institution is prohibited from giving, releasing or disclosing any financial record to any government authority unless:
(a) it has written consent from the customer for the specific record requested; or
(b) it has been served with a subpoena issued pursuant to [6 Okla. Stat. § 2204] for the specific record requested.
This provision generally requires that before a bank may release any financial record to any government authority, it must either have the written consent of its customer for the specific information requested, or the appropriate subpoena procedures must be followed.
Subpoena Procedures
According to Section 2204 of the OFPA, a copy of the subpoena must be served upon the customer or mailed to his last-known address on or before the date the subpoena is served on the financial institution. The bank’s customer must be given at least 14 days from the date the subpoena was served or mailed before the requested information can be provided by the bank. This time is to give the customer the opportunity to object to the production of information. Let’s note a couple of items here. First, it IS NOT the bank’s responsibility to provide the notice to its customer, it is the responsibility of the party issuing the subpoena. Second, it IS NOT sufficient for your customer to raise an objection with the bank. If the customer wishes to object, the statute contemplates that the customer must file a “motion to quash” the subpoena in the court within the 14 day period. Also, the statute specifically provides that during the 14 day period and if a motion to quash if filed, under the motion is ruled upon, the bank should make a copy of the records sought available to its customer and should preserve the records without alteration.
Exceptions to Subpoena Procedures
1. Party Exception. The most significant exception to the requirement that the written permission of the customer or the prescribed subpoena procedures must be followed relates to instances where the subpoena is issued for financial information for a customer that is a named party to the litigation (either criminal or civil) or in relation to an administrative subpoena in an administrative proceeding in which the customer is a party. See 6 Okla. Stat. § 2204(g). Thus, for example, in a divorce proceeding between John and Jane Smith, when John Smith’s attorney issues a subpoena for financial records of Jane Smith, the 14-day notice and waiting period does not apply.
A unique issue that arises in relation to the party exception relates to jointly-owned accounts. What happens if you receive a subpoena for financial records of John Smith in a lawsuit in which John Smith is a party, when you have accounts jointly owned by John Smith and Jane Smith? Must either the permission of Jane Smith be obtained or 14 days prior notice be given to Jane Smith before the records can be disclosed? There is no clear answer to this question. At least one commentator recently opined that in this instance, the privacy rights that are protected belong to both John and Jane Smith. See Paul R. Foster, Our Subpoena or Court Order for Those Bank Records May be Illegal (The Oklahoma Financial Privacy Act), 81 Okla. B. J. 1169, 1191 (May 15, 2010). According to this view, the government authority seeking the records must either obtain Jane Smith’s permission or give her the required 14-day notice and opportunity to object. Further, in this instance, the bank would not be allowed to reveal that the account is jointly owned by Jane Smith. This information itself is a protected financial record. (See discussion of what to do if request is not compliant, below).
The alternative view for jointly-owned accounts is that each owner is entitled to receive all records of the account. Thus, where permission of one joint owner is obtained (actual consent), proper notice is given to one owner, or permission of one joint owner is not required, the financial records can be provided. Given that viable arguments can be made on both sides of this issue, this author’s recommendation is to err on the side of stopping a possible violation of the OFPA and protecting your customer’s financial privacy rights, i.e., do not provide the records without the permission or proper notice given to all joint account owners. Further, I can tell you this is the view that I have personally espoused as in-house legal counsel within an Oklahoma bank.
2. Informing State Agency of Possible Criminal Activity. Section 2205(c) specifies that the OFPA does not prohibit a bank from notifying a government authority (e.g., the local police) that the bank “has information that may be relevant to a possible violation of any statute or regulation.” Questions surrounding this exception come up fairly frequently. The central question is how much information can be revealed. This author’s opinion is that this exception should not be read as blanket authority to tell law enforcement details of a customer’s financial activities. I say this for two reasons. First, the language used here is fairly narrowly tailored, only specifically authorizing stating that it “has information”. It does not go further and explicitly authorize revealing what the information is. Second, there is a procedure available under Federal law that allows financial institutions to provide detailed information to law enforcement personnel: filing a Suspicious Activity Report (“SAR”). We frequently advise banks that when there is any doubt, a bank may file a SAR and further may let law enforcement know that it has done so. Further, the federal statute authorizing filing SARs specifically allows a financial institution to provide law enforcement with backup documentation related to its filing of a SAR, when requested. More importantly, the filing of a SAR and providing any backup information is a privileged communication that cannot be revealed to your customer. Thus, in this area, it is highly preferable to go through the procedure of filing a SAR, informing law enforcement that a SAR has been filed, and, once requested, providing backup documentation related to the SAR. This procedure will entirely avoid the sticky question of whether such information can be provided directly to government authority when it is not requested.
3. Multicounty Grand Jury. The notice and subpoena procedures do not apply to any court order or subpoena issued in connection with proceedings before a multicounty grand jury in Oklahoma. In addition, the court is specifically authorized to prohibit the financial institution from informing its customer of the existence of the subpoena or that information has been provided to the grand jury. See 6 Okla. Stat. § 2205(D).
4. Exception for Search Warrants. The OFPA authorizes the release of financial records when a search warrant is issued by an Oklahoma court in relation to a criminal investigation or proceeding. If a search warrant is delivered to your bank, you must be given at least 10 days to produce the records requested. Unlike a subpoena, a customer whose records are sought under a search warrant will likely not be advised immediately that a warrant for financial records has been issued. Rather, the statute provides that the government authority has up to 90 days to inform the customer of the existence of the search warrant.
Requirement of Certification of Compliance (6 Okla. Stat. § 2208)
A separate requirement that may be overlooked by banks receiving requests for financial records is the requirement of Section 2208(A), which states:
A financial institution shall not release the records of a customer until the government authority seeking the records certifies in writing that is has complied with the applicable provisions of the Financial Privacy Act.
Thus, in the case of a subpoena seeking financial records, a strict reading of the statute is that it is not sufficient if a certificate of service reflects that the proper 14 day notice period has been given to the customer. In addition, there must be a written certification that the person sending the subpoena “has complied with the applicable provisions of the [OFPA].” This could appear in the certificate of service or a separate writing, but it should be received. It should also be noted that the certification requirement applies in all cases, even where the customer does not have to consent or is not advised of the request for records.
What Should You Do When the Government Agency (or attorney) Hasn’t Done Their Job?
Based upon personal experience, I can tell you that many attorneys have never heard of the OFPA and do not realize that they have an obligation to comply with it. Thus, it is not an uncommon event for an Oklahoma bank to receive a state-court subpoena that clearly does not comply with the OFPA because (i) sufficient notice and opportunity to object is not given, (ii) the attorney has not certified compliance with the OFPA, or (iii) both. When your bank identifies that the OFPA is implicated but not complied with, the bank CANNOT simply ignore the subpoena or other request for documents. I normally recommend making a phone call to the attorney sending the subpoena and informing him that he has not complied with the OFPA and you cannot submit the information requested unless this is fixed. Most times, an attorney in this position will recognize that he has made a mistake and commit to fixing it. If this occurs, I always recommend putting something IN WRITING confirming that the attorney realizes there is a problem and will remedy it before the bank needs to respond. What if, however, the attorney doesn’t return you call or indicates that the bank still must provide the requested information? If you cannot reach the attorney, your bank should notify the attorney in writing of the issue. If you still do not receive a response or the attorney responds but refuses to acknowledge the necessity to comply with the OFPA, your bank should involve your attorney, who may need to file a motion for protective order in order to protect the bank.
Federal Right to Financial Privacy Act
As stated above, the FRFPA applies to requests for information, including subpoenas, from the federal government. This includes subpoenas from federal courts located in Oklahoma.
There are significant differences between the application of the FRFPA and the OFPA. One such difference is the basic application of the FRFPA to “customers” of a financial institution. While “customer” includes any bank customer under the OFPA, under the FRFPA, corporations and partnerships of six of more individuals ARE NOT considered customers for purposes of the Act.
Basic Requirements
To obtain a customer’s financial records, a U.S. government authority must obtain one of the following: (i) a signed and dated authorization from the customer, that identifies the records, the reasons for the request for the records and the customer’s rights under the FRFPA; (ii) an administrative subpoena or summons; (iii) a search warrant; (iv) a judicial subpoena; or (v) a formal written request by a government agency (this applies only in instances where no administrative summons or subpoena authority is available). In addition, like the OFPA, the FRFPA contains a requirement that a bank may not release the financial records until the government authority certifies in writing that it has complied with the applicable provisions of the Act.
In cases where production is pursuant to a customer’s written authorization, a bank is required to maintain a record of all such instances, including the date, the name of the government authority, and the identification of the records disclosed. Thus customer has the right to inspect these records.
Exceptions to Notice and Certification Requirements
The FRFPA provides exceptions to both the notice and certification requirements under the act for what are generally considered to be routine banking business or regulatory requirements. These exceptions include records (i) requested by a bank’s regulatory agencies pertinent to regulatory functions; (ii) sought in accordance with procedures authorized by the Internal Revenue Code; (iii) required to be reported by any federal statute or regulation promulgated under federal law. Also, the FRFPA contains exceptions for notice and certification in conjunctions with proceedings before a federal grand jury and where requested by a government authority in a lawsuit involving the bank customer.
Like the OFPA, the FRFPA authorizes a bank to notify law enforcement officials that it has information relevant to a violation of the law. Again, banks should be very careful when relying on this exception. As mentioned above, I would encourage banks to go through the procedure of (i) filing a SAR, (ii) notifying law enforcement a SAR has been filed; and (iii) when requested, providing backup documentation for the SAR.
Civil Liability
One major difference between the OFPA and the FRFPA is that the FRFPA provides that a bank (or government agency) that violates the Act can be held civilly liable to its customer. In this regard, the customer may recover (i) actual damages caused by the disclosure; (ii) $100 (regardless of the volume of records involved); (iii) court costs and reasonable attorney’s fees; and (iv) punitive damages for willful or intentional violations. However, a financial institution that relies in good faith on a federal agency’s certification of compliance with the FRFPA may not be held liable to a customer for the disclosure of records.
Compliance with Risk-Based Pricing Final Rule Mandatory January 1, 2011
The Fair and Accurate Credit Transactions Act of 2003 (the “FACT Act”) amends the Fair Credit Reporting Act (“FCRA”). The last regulatory change adopted under the FACT Act was adopted jointly by the Federal Reserve Board and the Federal Trade Commission on January 15, 2010 (the “Final Rule”). The Final Rule adds a new Subpart H to Reg V [12 C.F.R. §§ 222.70 – 222.75]. It requires a creditor to provide a “risk-based pricing notice” when the creditor uses a consumer report for purposes of risk-based pricing for consumer transactions. Compliance with the Final Rule is mandatory as of January 1, 2011.
Section 311 of the FACT Act added a new section 615(h) to the FCRA to address risk-based pricing. In general, risk-based pricing refers to the practice of setting or adjusting the price and other terms of credit offered or extended to a particular customer to reflect the risk of nonpayment by the customer. Information from a consumer credit report is often used to evaluate the risk posed by the consumer. Creditors that engage in risk-based pricing may choose to offer more favorable terms to consumers with good credit histories and less favorable terms to consumers with poor credit histories.
The risk-based pricing notice requirement is designed to complement the existing adverse action notice provisions of the FCRA by alerting consumer to the existence of negative information on their consumer reports so that consumers can check their credit reports for accuracy and correct inaccurate information. For example, where a creditor does not reject an applicant because of negative credit history, but rather offers credit on less favorable terms, the creditor would not be required to provide the consumer with an adverse action notice. With this new requirement, creditors will be required to alert the consumer in circumstances where the consumer’s negative credit history has caused them to be offered less attractive terms.
Under section 615(h) of the FCRA, a risk-based pricing notice must be provided to consumers under certain circumstances. As described below, a creditor must provide a risk-based pricing notice to a consumer when the creditor uses a consumer report in connection with an extension of credit, when based in whole or in part on the consumer report, the extension of credit is made on terms that are materially less favorable than the most favorable terms available to a substantial proportion of consumers from the same creditor.
Important Definitions
The most important definition contained in the Final Rule is “material term,” found at Section 222.71(n). Usually, “material term” will translate to the APR. As it relates to credit cards, it will refer to a purchase APR, excluding promotional or penalty rates. In cases where there is no APR (e.g., a charge card), or where the APR is not based on the consumer report, then the term that has the greatest effect upon the consumer will be a material term. An example of this includes an annual fee.
Another important definition is that of “consumer report.” It is defined as “any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer’s eligibility for … credit or insurance to be used primarily for personal, family, or household purposes…” See 12 C.F.R. § 222.71(f); 15 U.S.C. § 1681a(d).
General Requirements for Risk-Based Pricing Notice (12 C.F.R. § 222.72)
With certain exceptions, a creditor must provide a risk-based pricing notice if (i) the creditor uses a consumer report in connection with the extension of credit that is primarily for personal, family or household purposes; and (ii) based in whole or in part on the consumer report, the credit extended to the consumer is on “material terms that are materially less favorable than the most favorable material terms available to a substantial proportion of consumers from or through that [creditor].” A risk-based pricing notice will also be required in instances where a creditor changes a material term of an existing account based upon its review of a consumer report.
The general rule is that a creditor should compare the material terms offered to each consumer and the material terms offered to others for the “specific type” of credit product. Examples of specific types of credit products mentioned in the Final Rule include student loans, unsecured credit cards, secured credit cards, new automobile loans, used automobile loans, fixed-rate mortgage loans, and variable-rate mortgage loans. The problem with this analysis is that it must be done on a case-by-case basis. Further, the term “materially less favorable” is defined in the Final Rule, but itself is a highly subjective definition (i.e., incapable of quantification). As a result, it may be preferable to adopt one of the alternatives offered to this general analysis requirement.
The Final Rule offers several alternatives to the general case-by-case comparison requirement described in the previous paragraph. The advantage to these alternatives is that they are more amenable to quantification, and therefore certainty. These alternatives described below include (i) the credit score proxy method, (ii) the tiered pricing notice, (iii) a special notice for credit cards, and (iv) a credit score disclosure exception.
Credit Score Proxy Method (12 C.F.R. § 222.72(b)(1))
If a creditor uses a credit score to determine the APR or other material term, it will comply if it determines the credit score that corresponds to the upper 40% of consumers to whom they have extended credit, and provides notice to everyone who has a credit score below that credit score cutoff. Thus, if 40% of consumers to whom credit is extended have a credit score higher than X, then all consumers with a credit score of less than X will receive a risk-based pricing notice.
Alternatively, the creditor may determine the credit score that historically corresponds to extensions of credit on the most favorable terms (usually the lowest APR). If more than 40 percent of consumers received the most favorable terms, the bank may set the cutoff credit score based on that credit score.
In instances where the creditor is a new entrant to the type of credit offered (and thus has no previous history as to the specific type of credit), the creditor may determine the appropriate cut-off for credit scores based upon market research. In the instance of a creditor who acquires a credit portfolio from another creditor, the creditor may use information from the party who previously held the portfolio.
If a credit score is not available for a particular consumer, this method requires that the disclosure be given. Also, creditors must revisit their calculation of cut-off levels at least every two years.
Tiered Pricing Method (12 C.F.R. § 222.72(b)(2))
If a creditor uses pricing tiers based upon a consumer report, the creditor may used the tiered pricing method. Under this method, if there are fewer than four tiers, the credit must give the notice to all consumers who are not in the top tier. If there are five or more tiers, the creditor must give notice to all consumers that are not in the top two tiers (it is possible to exclude more than the top two tiers in certain instances).
Credit Card Method (12 C.F.R. § 222.72(c))
In addition to the credit score proxy method, and the tiered pricing method, credit card issuers have one additional option available. Under this method, if the consumer is only offered one APR, no notice is required. However, if a credit card offer contains more than one APR and a consumer report is used to determine the actual APR, all consumers who do not receive the lowest APR must get a notice.
Exceptions to Risk-Based Pricing Notice Requirements (12 C.F.R. § 222.74)
Some transactions are excepted from the risk-based pricing requirements. For example, no notice is required if an adverse action notice is provided to the consumer. Also no notice is required if the consumer has applied for and received specific terms, unless the terms were specified by the creditor after reviewing a consumer report. Further, pre-screened solicitations from a creditor are also excepted.
Perhaps the most significant exception is the “credit score disclosure exception.” This exception does not require a creditor to distinguish among consumers, as the notice is provided to all consumers to whom credit is extended. Under this exception, each consumer must receive notice that a consumer report was used in making the credit decision and must contain the consumer’s credit score. The notice must also contain a bar or statement that explains where the consumer ranks among other consumers, as well as a statement that the consumer is entitled to receive an annual free credit report. This alternative may be attractive to creditors because it does not require any statement that the consumer did not receive the best terms.
Timing of Notices
Where a risk-based pricing notice is required, it must be given after the credit decision is reached, but before consummation of the loan. In instances where the creditor used the credit score disclosure exception described above, the credit score notice should be provided “as soon as reasonably practicable” after the credit score has been obtained. For credit score notices related to mortgage loans, the notice must be provided at the same time as FCRA required disclosures (Section 609(g) of the FCRA), and in any event prior to consummation of the loan.
For notice required because of account reviews on existing accounts, the risk-based pricing notice must be provided at the time the change in APR is communicated to the consumer. If no advance notice of the APR is provided, it must be provided within 5 days of the APR change.
Content of Notices
The Final Rule provides model forms for the risk-based pricing notice at Appendix H to Reg V.
National Flood Insurance Program Extended through September 30, 2011
Congress has done a poor job of keeping the National Flood Insurance Program (“NFIP”) funded over the last many months. This has caused banks some uncertainty and has required that regulators issue guidance on the subject of what should be done during a period in which the NFIP lapses. See, e.g., June 2010 Legal Update. On July 2, 2010, President Obama signed a law providing the last extension of the NFIP through September 30, 2010.
Congress again let the clock tick to the last minute. On September 30, 2010, President Obama signed the National Flood Insurance Program Reextension Act of 2010. This Act authorizes the flood policies under the NFIP through September 30, 2011.
Compliance Dates Roundup
10/1/2010 – Deadline to Escrow for HPML Loans on Manufactured Housing (See September 2009 Legal Update)
10/1/2010 – Deadline to Adopt Policies and Procedures Required for Compliance with the S.A.F.E. Act (See August 2010 Legal Update)
11/1/2010 – Fees Banks May Charge for Compliance with Oklahoma Subpoenas Increase (See August 2010 Legal Update)
12/31/2010 – FDIC TAG Program Expires (for banks that did not opt out in April 2010) (See October 2010 Legal Update)
1/1/2011 – Deadline to Comply with New Final Rule for Notice of Transfer of Mortgage (See September 2010 Legal Update)
1/1/2011 – Deadline to Comply with Final Rule on Risk-Based Pricing (See October 2010 Legal Update)
1/3/2011 – Deadline to Display Update FDIC Insurance Signage (See October 2010 Legal Update)
1/30/2011 – Deadline to Comply with New Reg Z Disclosures (§ 226.18 (s) and (t)) (See September 2010 Legal Update)