• Vulnerable Adult Abuse, Neglect and Exploitation Report
• Perfection of security interest
• Questions from our members
• Reconsideration of Value Q&As

By Pauli Loeffler

Vulnerable Adult Abuse, Neglect and Exploitation Report

In the September 2023 OBA Legal Briefs, I noted that Tit. 43A O.S. § 10-111.1 was added to the Oklahoma statutes in 2018 and amended Effective January 1, 2024 requiring the Office of the Attorney General to establish and maintain the Vulnerable Adult Abuse, Neglect and Exploitation Registry accessible to the public in an electronic format and updated quarterly, to include:

1. A procedure for recording individuals on the registry who have been found guilty by a court of law or entered a plea of guilty or nolo contendere to a charge of abuse, neglect, or exploitation of a vulnerable adult; and

2. Disclosure requirements for information that is accessible on the registry.

B. The Vulnerable Adult Abuse, Neglect and Exploitation Registry shall include, but not be limited to:

1. The full name of the individual;
2. Information necessary to identify the individual;
3. The disposition and other identifying case information regarding convictions or confessions of abuse, neglect, or exploitation in a court of law; and
4. The date the individual was convicted or pled guilty or nolo contendere.

The Registry is compiled by the Oklahoma State Bureau of Investigation (OSBI). You can click here to view the Registry or copy and paste the link below.

(https://oklahoma.gov/content/dam/ok/en/oag/documents/divisions/medicaid-fraud-control-unit/registry/2024-10-21%20-%20Elder%20Abuse%20Registry%20from%20OSBI%20for%20posting%20on%20MFCU%20website.pdf)

You may remember that under the Oklahoma Uniform Durable Power of Attorney Act, if the bank receives a properly executed power of attorney, e.g., signed by the principal and notarized, the bank must accept the DPOA unless one of 6 reasons for denial apply. One of those reasons is: The Bank itself has made or has actual knowledge that another person has made a report to Oklahoma Adult Protective Services stating a good-faith belief that the principal may be subject to physical or financial abuse, neglect, exploitation or abandonment by the agent or a person acting for or with the agent.

It isn’t uncommon for a banker to have a bad feeling about the Agent named in the DPOA, and the Attorney General’s public registry may be of use in such cases.

Perfection of security interest

Lien entries on vehicles, manufactured homes

Two bankers reached out to me last month on what they should do when title to a vehicle or a manufactured/mobile home has an existing lien, and the bank is making a loan to a borrower to purchase the vehicle or manufactured home. Since Oklahoma is a Title holding state, the current lender holds the title and will not release its lien until its loan is paid in full. What happens if the collateral is transferred to the new owner before the new lender has filed its lien entry?

Let’s start with a vehicle. Joe Blow is selling his truck to Bob Smith who has come to your bank for a loan to purchase Joe’s truck for $6,000. There’s a lien on the title filed by Mega Bank for $4,500, and as the secured party, it holds the title. Your bank is concerned that when you pay off pay off MegaBank and Joe receives the lien release, he will have clear title and sell the truck to someone other than Bob for a higher price. This leaves Bob with a loan but no truck, and your bank with a loan with no collateral securing it.

In a prior Legal Brief covering new advances secured by prior liens where the bank wants to “lend back up” to the amount of a paid down loan, I warned banks that this will not work unless the loan provides for mandatory future advances which is rare for a consumer loan. In such cases, the bank is advised to file another lien entry for the new money. As I recall there is a definite number of active lien entries permitted to filed on the same title, but I do not remember whether that number is four, five, or six.

In order to avoid the situation involved above, your bank can protect itself by filing a lien entry on the vehicle’s title as soon as the Bob signs the security agreement, and your lien will be reflected on the title. The lien will be subordinate to MegaBank’s until it is paid off, at which point MegaBank’s lien will be removed from the title at which point your bank will be the one holding the title. Your bank will pay Mega directly, and Mega must timely release its lien pursuant to Tit. 47 O.S. § 1110. Your bank’s lien on the truck will be first in priority and will maintain that priority until your lien the loan is paid in full.

Perfection of a security interest in a manufactured home with a certificate of title is likewise by lien entry, but it is not the same as for vehicles. You need to be aware of Tit. 47 Sec. 1110 E. (below). The manufactured home must be registered, and the certificate of title will show the lien. If the owner of the manufactured home owns the real estate, the lien on the title will prevent merger of title into the real estate unless there is compliance with 1110 E.

E. If a manufactured home is permanently affixed to real estate, an Oklahoma certificate of title may be surrendered to Service Oklahoma or a licensed operator for cancellation. When the document of title is surrendered, the owner shall provide the legal description or the appropriate tract or parcel number of the real estate and other information as may be required on a form provided by Service Oklahoma. Service Oklahoma may not cancel a document of title if a lien has been registered or recorded. Service Oklahoma or the licensed operator shall notify the owner and any lienholder that the title has been surrendered to Service Oklahoma and that Service Oklahoma may not cancel the title until the lien is released. Such notification shall include a description of the lien and such notification to the owner shall be accompanied by the return of title surrendered. Permanent attachment to real estate does not affect the validity of a lien recorded or registered with Service Oklahoma before the document of title is canceled pursuant to this section. The rights of a prior lienholder pursuant to a security agreement or the provisions of a credit transaction and the rights of the state pursuant to a tax lien are preserved…

If the certificate of title to the manufactured home has been surrendered, what happens if the owner of both the real estate and the manufactured home wants to sell the manufactured home to a new owner? §1110 E. provides:

The owner of a manufactured home upon which the document of title has been properly surrendered may apply to Service Oklahoma for issuance of a new original certificate of title upon submission of:

1. An attestation from the homeowner indicating ownership of the manufactured home and the nonexistence of any security interest or lien of record in the manufactured home; and

2. A title opinion by a licensed attorney, determining that the owner of the manufactured home has marketable title to the real property upon which the manufactured home is located and that no documents filed of record in the county clerk’s office concerning the real property contain a mortgage, recorded financial statement, judgment, or lien of record. Persons or entities to whom the title opinion is addressed may rely on the title opinion. A security interest in a manufactured home perfected pursuant to this section shall have priority over a conflicting interest of a mortgagee or other lien encumbrancer, or the owner of the real property upon which the manufactured home became affixed or otherwise permanently attached. The holder of the security interest in the manufactured home, upon default, may remove the manufactured home from such real property. The holder of the security interest in the manufactured home shall reimburse the owner of the real property who is not the debtor and who has not otherwise agreed to access the real property for the cost of repair of any physical injury to the real property, but shall not be liable for any diminution in value to the real property caused by the removal of the manufactured home, trespass, or any other damages caused by the removal. The debtor shall notify the holder of the security interest in the manufactured home of the street address, if any, and the legal description of the real property upon which the manufactured home is affixed or otherwise permanently attached and shall sign such other documents, including any appropriate mortgage, as may reasonably be requested by the holder of such security interest.

Note that if the mobile home is affixed to real estate that is not owned by the mobile home owner, the bank should obtain a waiver of landlord’s lien from the owner of the real estate in the event the bank needs to repossess the manufactured home.

Another observation is with regard to fixture filings when the mobile home is not owned by the same person that owns the real estate. Let’s say Cousin Lucy’s manufactured home has a certificate of title and is on Uncle Albert’s land which has no mortgage.

This is the case when a manufactured home is expected to be located on a property semi-permanently, but the lender is not taking a mortgage on the real estate.

In this situation, a borrower may intend to create a fairly elaborate set-up even if he does not own the land, and the loan officer perhaps can determine in advance that there will be substantial “fixtures” available for pledging. Some banks just have a standard policy of taking a UCC-1 in fixtures, to cover any substantial improvements that are external to the trailer, existing now or later.

A UCC-1 filing in fixtures will include external items that are at least semi-attached to the real estate, such as by bolts, nails, wires, or plumbing. “Fixtures” could include an elaborate deck built around the trailer, a semi-movable storage shed, greenhouse or carport, an above-ground pool, a boat dock, or a replacement heating/cooling unit installed on a concrete pad outside the trailer. Filing a UCC-1 in fixtures “carves away” the fixtures belonging to the borrower from the underlying landowner’s interest in the real estate.

On the other hand, a manufactured home located in an ordinary trailer park it is unlikely to have extra ground space nor any intention of locating fixtures outside the trailer. A UCC-1 covering “fixtures” belonging to the borrower will not have much benefit to the bank.

In contrast to fixtures included in a mortgage (perfected for the life of the mortgage), a UCC-1 filing that covers fixtures will normally lapse five years after the date of filing, unless a continuation statement is filed, etc. However, for UCC-1 filings in connection with a mobile home loan, a little-known UCC “exception” seems to provide a way that a lender can obtain a perfection period substantially longer than five years. § 1-9-515(b) of the UCC states that an initial financing statement will be effective “for a period of 30 years after the date of filing” if filed in connection with a “manufactured home transaction.” To achieve a 30-year period of effectiveness, the financing statement must indicate that it is filed in connection with a “manufactured home transaction.”

§ 1-9-102(a)(54) of the UCC, a “manufactured home transaction” is a secured transaction (not involving a dealer’s inventory) that either (A) “creates a purchase-money security interest in a manufactured home,” or (B) is one “in which a manufactured home . . . is the primary collateral.” This does not state that the manufactured home must be listed on the UCC-1 (which would not be effective in Oklahoma anyway). It just says the loan has to be for the purpose of purchasing the trailer, or has to be mainly secured by the trailer. In this situation, any UCC-1 filed on lesser categories of personal property collateral, taken as part of a mobile home loan, could apparently be perfected for a period of 30 years if the UCC-1 states that it is filed “in connection with a manufactured-home transaction.” Apparently both a UCC-1 on fixtures, filed in the local county, and a UCC-1 filed centrally in additional categories of collateral pledged in connection with a manufactured-home loan (such as “equipment” or “household furnishings,” or “consumer goods”) could fit the requirements.

Semi-trailers

If registration of title is required under Oklahoma law (Title 47, statutes below), then perfection is by lien entry, and a UCC filing accomplishes nothing. If registration is optional (may be registered to show ownership, e.g., horse trailers, farm trailers, boat trailers, etc.) perfection is by UCC filing, and a lien entry does nothing, See IN RE: JENNIFER LYNN JACKSON, Debtor. SUSAN MANCHESTER, Trustee, Plaintiff, v. ARVEST BANK, Defendant. CERTIFIED QUESTION OF LAW. 287 P.3d 986 (2012)

¶18 The modified certified question presented by the United States Bankruptcy Court for the Western District of Oklahoma is answered with specific explanations relevant to the case at bar. Title may be properly issued by the Oklahoma Tax Commission to non-required trailers for the convenience of showing ownership. The use of title beyond this single purpose for non-required vehicles would be contrary to the general scheme and purposes of the Uniform Commercial Code as adopted in Oklahoma. The proper method for perfecting a security interest in collateral that is not required to be titled (but may be titled at the discretion of the owner) still is, and has been by the filing of a UCC-1 financing statement.

Title 47 O.S. § 1105

B. The owner of every vehicle in this state shall possess a certificate of title as proof of ownership of such vehicle, except those vehicles registered pursuant to Section 1120 of this title and trailers registered pursuant to Section 1133 of this title, previously titled by anyone in another state and engaged in interstate commerce, and except as provided in subsection M of this section. Except for owners that possess an agricultural exemption permit pursuant to Section 1358.1 of Title 68 of the Oklahoma Statutes, the owner of an all-terrain vehicle or a motorcycle used exclusively off roads or highways in this state which is purchased or the ownership of which is transferred on or after July 1, 2005, and the owner of a utility vehicle used exclusively off roads and highways in this state which is purchased or the ownership of which is transferred on or after July 1, 2008, shall possess a certificate of title as proof of ownership. Any person possessing an agricultural exemption permit and owning an all-terrain vehicle or a motorcycle used exclusively off roads or highways in this state which is purchased or the ownership of which is transferred on or after July 1, 2008, shall possess a certificate of title as proof of ownership. Upon receipt of proper application information by such owner, the Oklahoma Tax Commission shall issue an original or transfer certificate of title. Until July 1, 2008, any security interest in an all-terrain vehicle that attached and was perfected before July 1, 2005, and that has not otherwise terminated shall remain perfected, and shall take priority over any subsequently perfected security interest in the same all-terrain vehicle, notwithstanding that a certificate of title may have been issued with respect to the same all-terrain vehicle on or after July 1, 2005, and that a lien may have been recorded on said certificate of title.

Title 47 O.S. § 1102

As used in the Oklahoma Vehicle License and Registration Act:

6. “Commercial trailer” means any trailer, as defined in Section 1-180 of this title, or semitrailer, as defined in Section 1-162 of this title, when such trailer or semitrailer is used primarily for business or commercial purposes…

29. “Recreational vehicle” means every vehicle which is built on or permanently attached to a self-propelled motor chassis or chassis cab which becomes an integral part of the completed vehicle and is capable of being operated on the highways. In order to qualify as a recreational vehicle pursuant to this paragraph such vehicle shall be permanently constructed and equipped for human habitation, having its own sleeping and kitchen facilities, including permanently affixed cooking facilities, water tanks and holding tank with permanent toilet facilities. Recreational vehicle shall not include manufactured homes or any vehicle with portable sleeping, toilet and kitchen facilities which are designed to be removed from such vehicle. Recreational vehicle shall include park model recreational vehicles as defined in this section…

Purchase Money Security Interest, blanket filing

A recent email from a banker asked whether it would have a valid UCC if it states: Purchase Money Security Interest in All Equipment, Livestock, etc. if they don’t list any specific pieces of collateral for a valid blanket filing.

In this case, the answer is found in Tit. 12 O.S. Sec. 1-9-324:

PRIORITY OF PURCHASE-MONEY SECURITY INTERESTS

(a) Except as otherwise provided in subsection (g) of this section, a perfected purchase-money security interest in goods other than inventory or livestock has priority over a conflicting security interest in the same goods, and, except as otherwise provided in Section 1-9-327 of this title, a perfected security interest in its identifiable proceeds also has priority, if the purchase-money security interest is perfected when the debtor receives possession of the collateral or within twenty (20) days thereafter.

(b) Subject to subsection (c) of this section and except as otherwise provided in subsection (g) of this section, a perfected purchase-money security interest in inventory has priority over a conflicting security interest in the same inventory, has priority over a conflicting security interest in chattel paper or an instrument constituting proceeds of the inventory and in proceeds of the chattel paper, if so provided in Section 1-9-330 of this title, and, except as otherwise provided in Section 1-9-327 of this title, also has priority in identifiable cash proceeds of the inventory to the extent the identifiable cash proceeds are received on or before the delivery of the inventory to a buyer, if:

(1) the purchase-money security interest is perfected when the debtor receives possession of the inventory;

(2) the purchase-money secured party sends a signed notification to the holder of the conflicting security interest;

(3) the holder of the conflicting security interest receives the notification within five (5) years before the debtor receives possession of the inventory; and

(4) the notification states that the person sending the notification has or expects to acquire a purchase-money security interest in inventory of the debtor and describes the inventory.

(c) Paragraphs (2) through (4) of subsection (b) of this section apply only if the holder of the conflicting security interest had filed a financing statement covering the same types of inventory:

(1) if the purchase-money security interest is perfected by filing, before the date of the filing; or

(2) if the purchase-money security interest is temporarily perfected without filing or possession under subsection (f) of Section 1-9-312 of this title, before the beginning of the twenty-day period thereunder.

(d) Subject to subsection (e) of this section and except as otherwise provided in subsection (g) of this section, a perfected purchase-money security interest in livestock that are farm products has priority over a conflicting security interest in the same livestock, and, except as otherwise provided in Section 1-9-327 of this title, a perfected security interest in their identifiable proceeds and identifiable products in their unmanufactured states also has priority, if:

(1) the purchase-money security interest is perfected when the debtor receives possession of the livestock;

(2) the purchase-money secured party sends a signed notification to the holder of the conflicting security interest;

(3) the holder of the conflicting security interest receives the notification within six (6) months before the debtor receives possession of the livestock; and

(4) the notification states that the person sending the notification has or expects to acquire a purchase-money security interest in livestock of the debtor and describes the livestock.

(e) Paragraphs (2) through (4) of subsection (d) of this section applies only if the holder of the conflicting security interest had filed a financing statement covering the same types of livestock:

(1) if the purchase-money security interest is perfected by filing, before the date of the filing; or

(2) if the purchase-money security interest is temporarily perfected without filing or possession under subsection (f) of Section 1-9-312 of this title, before the beginning of the twenty-day period thereunder.

(f) Except as otherwise provided in subsection (g) of this section, a perfected purchase-money security interest in software has priority over a conflicting security interest in the same collateral, and, except as otherwise provided in Section 1-9-327 of this title, a perfected security interest in its identifiable proceeds also has priority, to the extent that the purchase-money security interest in the goods in which the software was acquired for use has priority in the goods and proceeds of the goods under this section.

(g) If more than one security interest qualifies for priority in the same collateral under subsection (a), (b), (d), or (f) of this section:

(1) a security interest securing an obligation incurred as all or part of the price of the collateral has priority over a security interest securing an obligation incurred for value given to enable the debtor to acquire rights in or the use of collateral; and

(2) in all other cases, subsection (a) of Section 1-9-322 of this title applies to the qualifying security interests.

Questions from our members

Reg E

Q. I have a customer filing fraud on their sons account with his debit card. He is 19 and the primary account holder. She does not have a debit card in her name. This is the only card on the account in his name. Can I still dispute this transaction if the cardholder did not issue this case? I have tried calling and leaving voice messages to the primary account holder. I have also restricted his debit card. Is there anything in Reg E about this? I can’t seem to find anything involving this.

A. Reg E permits either owner to assert that an electronic funds transfer error occurred regardless of any VISA/Mastercard requirements to obtain a signed letter from the cardholder.

You can either attempt to investigate outside of the chargeback process by contacting the merchant directly or attempting a retrieval request (to which the merchant may or may not respond) or try contacting the cardholder and requesting that they provide the requested disputed letter to utilize the chargeback process (if available.)

LLC documentation

Q. The documentation we require to open a LLC business account include:

• Articles of Organization
• Resolution of LLC
• And verification of identities
• Beneficial ownership form

If the business does not supply the bank with the articles of organization, can we substitute the Certificate of LLC. The certificate actually states: “Whereas, the Articles of Organization of XYZ Dream Catcher OK LLC, an Oklahoma limited liability company has been filed in the office of the Secretary of State as provided by the laws of the State of Oklahoma?”

A. The reason I recommend the bank obtain the Articles of Organization is that they might state the Term of Existence as something other than Perpetual.

Follow-up question: Sometimes customers do not bring the bank the Articles of Organization, could the Bank utilize the one supplied on the Secretary of State’s website?

Response: The information on the SOS website confirms that the LLC is in existence and has not been suspended for non-payment of franchise tax, however it doesn’t give you information as to whether its existence is perpetual or for a set number of years which is why I recommend obtaining the Articles of Organization.

Initial ARM Notice

Q. When calculating the Initial ARM Notice of delivery timing requirement? According to 12 CFR 1026.20(d) the disclosure shall be provided to consumer at least 210, but no more than 240, days before the first payment at the adjusted level is due.

A. The notice under 1026.20(c) does not have to be given if there is no change in the interest rate that results in no corresponding change in the payment amount. However, 1026.20(d) is written totally differently. The early notice is only an estimate of what might happen in the future. I see no exception in 1026.20(d) like there is in 1026.20(c).

(c) Rate adjustments with a corresponding change in payment. The creditor, assignee, or servicer of an adjustable-rate mortgage shall provide consumers with disclosures, as described in this paragraph (c), in connection with the adjustment of interest rates pursuant to the loan contract that results in a corresponding adjustment to the payment.

(d) Initial rate adjustment. The creditor, assignee, or servicer of an adjustable-rate mortgage shall provide consumers with disclosures, as described in this paragraph (d), in connection with the initial interest rate adjustment pursuant to the loan contract.

Reconsideration of Value Q&As

Q. I am finalizing procedures for this rule. I was stumped by a comment from a lender stating that the rule applies only to loans secured by a single 1-4 family home; taking it to mean only one property can secure the loan. Is the lender correct? Does this not apply to real estate loans secured by more than one dwelling such as bridge loans. These are generally secured by equity in the borrower’s existing loan and the home being purchased. Could the borrower not question the value received on their existing home?

A. If the loan is secured by more than one 1-4 single family home, the borrower may request ROV on either property or both securing the loan, but each would be a separate ROV.

Q. Do ROV rules apply to commercial Loans secured by 1 to 4 family single residential dwellings? We have a commercial builder who has requested a reconsideration of the value of a spec home. We also have many commercial loans secured by 1-4 family dwellings, I would appreciate guidance on this matter.

A. In reviewing the July 2024 Interagency Guidance on Reconsiderations of Value of Residential Real Estate Valuations at this link: (https://www.federalreserve.gov/supervisionreg/srletters/SR2403a1.pdf ), it appears that the guidance only applies to consumers.

Q. Must the initial ROV Disclosure be provided during the application process prior to the applicant submitting the application, like the ARM/HELOC Disclosure, or can it be provided within 3 days of application? I am confused by the what is stated in the FreddieMac Selling Guide and FannieMae’s FAQs.

A. Your timing for the ROV disclosure will be the same as for the Loan Estimate (LE) and the Appraisal Notice under Sec. 1002.14. You will also have to provide the ROV disclosure at the same time you provide a copy of the appraisal.

• 2024 Oklahoma Legislation – Part III (UCC)
• FAQs regarding account documentation

2024 Oklahoma Legislation – Part III

Uniform Commercial Code Amendments

By Pauli Loeffler

Last legislative session saw the enactment of four Uniform Acts promulgated by the Uniform Law Commission (“ULC”), also known as the National Conference of Commissioners on Uniform State Laws. In the August OBA Legal briefs, I covered the Uniform Special Deposits Act found in the Banking Code. Last month I covered the Oklahoma Uniform Directed Trust Act of 2024 codified in Title 60 O.S. §§ 1201A – et seq. as well as the 2024 amendments to Oklahoma Trust Act which is likewise found in Title 60 O.S. §§ 175.01 – 175.57. This month I will cover the amendments to the Uniform Commercial Code (“UCC”).

Before going into the changes of this last uniform act, I need to plug OBA products we have available to members that will help with all the changes. The OBA has produced both the 2024 Deskbook on Estates & Trusts and the 2024 Uniform Commercial Code. Just click Products and Services on the OBA’s webpage, and it will take you to the order forms.

The Uniform Commercial Credit Code was first adopted in Oklahoma in 1961. It is codified in Title 12A and divided into Articles.

Article 1 contains definitions and general provisions applicable as default rules to transactions covered under other articles of the UCC. It was revised in 2001, and Oklahoma adopted revisions in 2005 that were effective January 2006.

Article 2 governs the sale of goods. Although this article was covered in one of my law school classes, I don’t think I have ever received a question from a banker dealing with this Article. The ULC amended this Article and the 1991 version remains in effect.

Article 2A has provisions regarding leases and leased goods. Like Article 2, it was enacted in 1988 and the ULC amended it. The 1991 version remains in effect. to do with leases. It was enacted in 1988.

While Articles 2 and 2A have little, if any, impact on financial institutions, Article 3 is important. This UCC article covers Negotiable Instruments such as drafts (including checks) and promissory notes that have their own value because their negotiability. An instrument is negotiable if it can be transferred to another person and remain enforceable against the person who made the promise to pay. Article 3 was revised in 1990. It does not apply to money, to payment orders governed by Article 4A of this title, or to securities governed by Article 8 of this title. If there is conflict between Article 3 and Article 4 or 9, Articles 4 and 9 govern. The vast majority of UCC questions I receive involve Articles 3, 4, and 9.

Article 4 of the Uniform Commercial Code governs bank deposits and collections. This Article provides rules for check processing and automated inter-bank collections. Article 4 was completely revised in 1990 and amended in 2002.

Article 4A covers funds transfers and provides a comprehensive body of law on the rights and obligations with regard to such transactions. It was added to the UCC in 1989 and enacted in Oklahoma in 1991. Uniform Commercial Code Article 4A provides a comprehensive body of law on the rights and obligations connected with fund transfers. 2012 Amendments to Section 108 of Uniform Commercial Code Article 4A provide that Article 4A applies to a remittance transfer that is not an electronic funds transfer under the Federal Electronic Funds Transfer Act (EFTA). The amendment was necessary to conform the UCC with the federal law and associated r

Article 5 of the Uniform Commercial Code Article 5 governs letters of credit, which are typically issued by a bank or other financial institution to its business customers in order to facilitate trade. Oklahoma enacted Article 5 in 1961. The ULC updated the Article in 1995 to address advances in technology and modern business practices, and Oklahoma amended the Article 5 effective Jan 1, 1997. I only get a question with regard to letters of credit once or twice a year which always makes me go re-read Article 5’s provisions.

Article 6 which covered bulk transfers was repealed in 1990. Considering that we never covered this when I was in law school (1979-1982), I am not the only one who doesn’t miss it.

Article 7 of the Uniform Commercial Code covers documents of title for personal property, including warehouse receipts, bills of lading, and other documents typically used for commercial trade. Revised Article 7, approved in 2003, updates the original version to provide a framework for the further development of electronic documents of title, and to update the article in light of state, federal and international legal developments. Oklahoma adopted revised Article 7 effective January 1, 2006. Article 7 wasn’t covered in law school Commercial Law classes, and I have never had a question regarding warehouse receipts or bills of lading.

Uniform Commercial Code Article 8 provides a modern legal structure for the system of holding securities through intermediaries. Oklahoma adopted UCC Article 8 in 1961. ULC revised the Article 8 in 1994 revision sets forth rules concerning the system through which securities are held, specifying the mechanisms by which ownership and other interests in securities are recorded and changed, and setting out some of the rights and duties of the parties who participate in the securities holding system. Oklahoma last amended this Article effective February 1, 1996.

Article 9 covers secured transactions. The last major revision occurred effective July 1, 2001. Former OBA General Counsel Charles Cheatham covered the amendments in a series of Legal Briefs: November 2000, January 2001, February 2001, March 2001, May 2001, June 2001, July 2001, August 2001, December 2001. Those Legal Briefs are not available online, but I do have copies of them in what Jeremy Cowan and I call the Way Back files.

Further revisions were made to Article 9 by the UCL in 2010. Legislation was introduced to adopt the 2010 revisions several times, but for various reasons, bills introduced to adopt the revisions were not passed. It wasn’t until the 2015 legislative session that much needed revisions regarding the proper debtor’s name were enacted in Oklahoma. I covered those revisions with an effective date of November 1, 2015 in the August and October 2015 OBA Legal Briefs which are available online.

Article 12 is the 2022 amendment to the UCC. It is an entirely new Article addressing emerging technologies, providing updated rules for commercial transactions involving virtual currencies, distributed ledger technologies (including blockchain), artificial intelligence, and other technological developments. The amendments span almost every article of the UCC. Article 12 addresses certain types of digital assets defined as “Controllable Electronic Records” (CERs). The amendments provide new default rules to govern transactions involving these new technologies and clarify the UCC’s applicability to mixed transactions involving both goods and services. The amendments also contain some miscellaneous revisions unrelated to technological developments but providing needed clarification. I will note that Article 12 has been enacted in 25 states unlike the Uniform Special Deposit Act which has only been enacted in four states and the Uniform Directed Trust Act which has been enacted by 16 states.

Lastly, we have a new Article A containing transitional provisions under for the UCC 2024 Amendments.

FAQs regarding account documentation.

We get questions what is needed to set in order to set up certain specialized deposit accounts. Here are few account types and what is needed to open them.

Insurance Premium Trust Accounts: Checks for premiums will be made payable to the insurance company rather than the agent. The account itself will use the TIN (Tax Identification Number) of the agent or the insurance agency followed by name of insurer Premium Trust. For example, John Brown Insurance Agency, State Farm Premium Trust Account. In the a garnishment is received against John Brown or John Brown Insurance Agency, it won’t attach to the Premium Trust Account. You will also want a copy of the contract with State Farm. A separate account for the operating expenses of the agent or agency should be set up for commissions paid by the insurer. If John Brown is an independent agent for more than one insurer, a separate premium trust account should be set up for each one.

Property Management Security Deposit Accounts: Landlord-tenant statutes require trust accounts to be set up for security deposits. You need a copy of the agreement between the property owner and the management company regarding maintenance of the required account. The account will be set up in the name of the property management company using its EIN but will be denominated Security Deposit Trust Account to prevent the account being subject to levies or garnishments against the property management company.

Medicaid Income Pension Trust: An MIPT is a bona fide trust, and you set the account as you would any other trust. It is irrevocable, but it is one of the exceptions to the general rule that an irrevocable trust has to have its own EIN. You use the SSN of the settlor/beneficiary and title the account “Sally Jones, Medicaid Income Pension Trust.” The settlor/beneficiary cannot be the trustee for this type of trust, so it has to be some other individual. The trustee cannot add an authorized signer, and the account cannot have a POD. The bank has no increased duty to monitor the account. Upon the death of the settlor/beneficiary, the Oklahoma Health Care Authority will send a letter to the trustee requesting the amount of Medicaid expended on behalf of the beneficiary. It will send a copy of the letter to the bank as well. If there are any funds left after payment to OHCA, the funds may be distributed to the beneficiary’s heirs using the Banking Code Sec. 906 Affidavit of Heirs. If the beneficiary has a will, it may be possible to use the Probate Code Sec. 393 Affidavit to disburse the funds without a probate.

Oklahoma Lottery Account: The LLC must provide paperwork from the Oklahoma Lottery Commission, and the account is set up in the form, “ABC LLC, ITF The Oklahoma Lottery Commission.” Your customer is the LLC, and you will complete your CIP and Beneficial Ownership routines on the LLC. The LLC designates the authorized signer(s) on the account. The LLC’s TIN is used on the account.

Part of the packet of Lottery info will be an authorization for the Lottery Commission to periodically charge and credit the account via ACH. Because state law permits tickets sales only for cash or via debit card purchase (no credit cards, no checks), you should not see any checks deposited to the account, other than checks drawn on the customer’s operating account. The lottery account cannot be linked for online transfers to or from that operating account (the lottery account should be “view only” if online access is provided).

Funeral home/burial trust accounts: These accounts generally use the name and EIN of the Funeral Home, Burial Trust, and the garnishment will not be subject to creditors of the funeral home. Most funeral homes use a single trust account, but sometimes the funeral home will set up individual Burial Trust accounts, If the bank receives a garnishment against the individual. If this happens, contact the funeral home, and it will respond to the garnishment and claim the exemption on behalf of the individual.

• 2024 Oklahoma Legislation – Part II
• More Deceased Customer Q&As

2024 Oklahoma Legislation – Part II

Oklahoma Uniform Directed Trust Act of 2024
Oklahoma Trust Act (Amended) – Title 60 O.S. §§ 175.01 – 175.57 (Effective 11/1/2024)
Registration and Pre-Registration – Transfer of License Plates – Contracts and Agreements for Electronic System – Title 47 O.S. § 1111.2 (Effective 9/1/2024)

By Pauli Loeffler

Oklahoma Uniform Directed Trust Act of 2024.

The Oklahoma’s legislators passed the “Oklahoma Uniform Directed Trust Act of 2024” during the last legislative session. I will refer to this Act as the “2024 Uniform Trust Act” or 2024 UTA. Like the Uniform Special Deposits Act that I covered in the August 2024 Legal Briefs, this is another Act promulgated by the Uniform Laws Committee. The 2024 UTA is found in Title 60 O.S. §§ 1201A – 1217. Its provisions take effect November 1, 2024. Note that the Oklahoma Trust Act (“OK Trust Act” or “OTA”) is also in Title 60 O.S. §§ 175.01 – 175.57. This Act still exists, but certain sections have been repealed or amended. The legislature also passed the Oklahoma Qualified Dispositions into Trust Act codified in Title 60 O.S. §§ 1301-1390 effective November 1, 2024, which I will not cover. I will note new § 1401 in Title 60 Trusts – Non Application of Rules Against Perpetuities is effective November 1, 2024. Inasmuch as all attorneys groan at the mere mention of the Rules Against Perpetuities, I will only mention the statute and leave it to an estate planner or your bank counsel to explain. Another new statute is Title 60 O.S. § 1402 – Trustee and Qualified Beneficiaries – Binding Nonjudicial Settlement Agreement – Validity – Matters that May be Resolved – Request of Approval from Court.

Let’s start with the 2024 UTA. I strongly suggest making a strong pot of coffee to keep you awake as we explore this Act.

Section 1202 provides definitions of terms used under the 2024 UTA. “Breach of trust” means a violation by a trust director or trustee of a duty imposed on that director or trustee by the terms of trust, the 2024 UTA, or laws of this state other than the 2024 UTA.

I read at least a couple of trusts each week sent by bankers who have questions regarding trusts provided by customers. The 2024 UTA has definitions that I have not encountered before: “Directed trust,” “Directed trustee, and “Power of direction.” The definition for the first term means “a trust for which the terms of the trust grant a power of direction; the second term means a trustee that is subject to a trust director’s power of direction; and the third term means a power over a trust granted by the terms of the trust to the extent the power is exercisable while the person is NOT serving as trustee. It includes a power over investment, management, or distribution of trust property or trust administration.

Section 1203 provides that the 2024 UTA applies to a trust whenever created that has its principal place of administration in Oklahoma if the trust is created before November 1, 2024, provided the decision or action occurs on or after the Act’s effective date, and 2) if the principal place of administration is changed to Oklahoma on or after the effective date the 2024 UTA applies only to a decision or action occurs on or after the date of change. In other words, we are talking about an existing trust.

Section 1205 defines “power of appointment” as a power that enables a person acting in a nonfiduciary capacity, e.g., a non-trustee, to designate a recipient of an ownership interest in or another power of appointment over trust property. The 2024 UTA does not apply to a power of appointment, a power to appoint or remove a trustee or trust director, power of a settlor over a trust with the power to revoke the trust. A power to designate a recipient of an ownership interest in power of appointment over trust property while not a trustee is a power of appointment rather than a power of direction.

Section 1206 permits a trust to grant a power of direction to a trust director and a trust director may exercise or nonexercise a power of direction. Under the 2024 UTA, Trust directors with joint powers must act by majority decision. I know bankers aren’t going to be thrilled with this provision. Of course, the trust could include language allowing trust co-directors to act independently if more than one trust director is named, and this would negate the Act’s requirement. I note § 175.17 of the OTA in subsection C. specifically allows a current co-trustee to execute a power of attorney naming another current co-trustee to act on his or her behalf. You will find a Template on the OBA Legal Links web page under Templates, Forms, and Charts under the subheading “Trusts.” Even though § 1208 of the 2024 UTA states that trust directors have the same fiduciary duty and liability as a trustee, I am unsure whether the co-trustee POA under the OTA can be used.

Section 1208 provides that a trust director has the same fiduciary duty and liability as a trustee. Section 1210 requires a trust director to provide a trustee or another trust director with information.

Under § 1211, unless required by terms in the trust, a trustee has no duty to monitor a trust director, inform or give advice to a settlor, beneficiary, trustee or trust director.

Oklahoma Trust Act.

Turning now to the OK Trust Act § 175.24 – Powers of Trustees – Bond – Payment from Trust – Legal Proceedings – Attorney-Client Relationship was amended effective November 1, 2024. Most of the changes are minor, dealing with gender neutrality such as the use of spouse rather than husband or wife. However, Subsection B. is new.

1. In the exercise of its authority under paragraph 9 of subsection A of this section, a trustee may pay, from the assets of the trust, reasonable compensation and costs incurred in connection with employment of attorneys, accountants, agents, and brokers reasonably necessary in the administration of the trust estate.

2. In the event of any legal proceeding regarding the trust, a trustee may pay the costs or attorney fees incurred in any proceeding from the assets of the trust without the approval of any person and without court authorization unless otherwise ordered by the court in such legal proceeding.

3. Unless expressly provided otherwise in a written employment agreement, the creation of an attorney-client relationship between an attorney and a person serving as a fiduciary shall not impose upon the attorney any duties or obligations to other persons interested in the estate, trust estate, or other fiduciary property, even though fiduciary funds may be used to compensate the attorney for legal services rendered to the fiduciary. This paragraph is intended to be declaratory of the common law and governs relationships in existence between attorneys and persons serving as fiduciaries and any such relationship hereafter created.

4. Whenever an attorney-client relationship exists between an attorney and a fiduciary, communications between the attorney and the fiduciary shall be subject to attorney-client privilege unless waived by the fiduciary, even though fiduciary funds may be used to compensate the attorney for legal services rendered to the fiduciary. The existence of a fiduciary relationship between a fiduciary and a beneficiary does not constitute or give rise to any waiver of the privilege for communications between the attorney and the fiduciary.

C. The following rules of administration shall be applicable to all express trusts but such rules shall not be exclusive of those otherwise imposed by law unless contrary to these rules:

1. Where a trustee is authorized to sell or dispose of land, such authority shall include the right to sell or dispose of part thereof, whether the division is horizontal, vertical, or made in any other way, or undivided interests therein;

2. Where a trustee is authorized by the trust agreement creating the trust or by law to pay or apply capital money subject to the trust for any purpose or in any manner, the trustee shall have and shall be deemed always to have had power to raise the money required by selling, converting, calling in, or mortgaging or otherwise encumbering all or any part of the trust property for the time being in possession;

3. A trustee shall have a lien and may be reimbursed with interest for, or pay or discharge out of the trust property, either principal or income or both, all advances made for the benefit or protection of the trust or its property and all expenses, losses, and liabilities, not resulting from the negligence of the trustee, incurred in or about the execution or protection of the trust or because of the trustee holding or ownership of any property subject thereto; and

4. When the happening of any event, including marriage, divorce, attainment of a certain age, performance of educational requirements, death, or any other event, affects distribution of income or principal of trust estates, the trustees shall not be liable for mistakes of fact prior to the actual knowledge or written notice of such fact.

D. The powers, duties, and responsibilities stated in the Oklahoma Trust Act or the Oklahoma Uniform Prudent Investor Act shall not be deemed to exclude other implied powers, duties, or responsibilities not inconsistent herewith.

E. The trustee shall pay all taxes and assessments levied or assessed against the trust estate or the trustee by governmental taxing or assessing agencies.

F. No trustee shall be required to give bond unless the instrument creating the trust, or a court of competent jurisdiction in its discretion upon the application of an interested party, requires a bond to be given.

Section 175.47 – Duration of Trust is amended with regard to Subsection C. effective November 1, 2024, with regard to the Rule Against Perpetuities in line with § 1401, discussed above:

C. Except as provided in this section, the common law rule against perpetuities shall not apply to a trust subject to the trust laws of this state.

Section 175.57 – Breach of Trust – Accounting and Approval

A. A violation by a trustee of a duty the trustee owes a beneficiary is a breach of trust.
B. To remedy a breach of trust that has occurred or may occur, the court may:

1. Compel the trustee to perform the trustee’s duties;
2. Enjoin the trustee from committing a breach of trust;
3. Compel the trustee to redress a breach of trust by payment of money or otherwise;
4. Order a trustee to account;
5. Appoint a receiver or temporary trustee to take possession of the trust property and administer the trust;
6. Suspend or remove the trustee;
7. Reduce or deny compensation to the trustee;
8. Subject to subsection I of this section, void an act of the trustee, impose an equitable lien or a constructive trust on trust property, or trace trust property wrongfully disposed of and recover the property or its proceeds; or
9. Grant any other appropriate remedy.

C. A beneficiary may charge a trustee who commits a breach of trust with the amount required to restore the value of the trust property and trust distributions to what they would have been had the breach not occurred, or, if greater, the profit that the trustee made by reason of the breach.

D. In a judicial proceeding involving a trust, the court may in its discretion, as justice and equity may require, award costs and expenses, including reasonable attorney fees, to any party, to be paid by another party or from the trust which is the subject of the controversy.

E. 1. For purposes of this subsection, “accounting” means any interim or final report or other statement provided by a trustee reflecting all transactions, receipts, and disbursements during the reporting period and a list of assets as of the end of the period covered by the report or statement.

2. For any trust that is before a district court under subsection A of Section 175.23 of this title, the trustee may submit an accounting and seek approval of the accounting by the court. Such accounting and the final approval by a district court, whether or not such accounting is contested, shall be conclusive against all persons interested in the trust, and the trustee, absent fraud, intentional misrepresentation, or material omission, shall be released and discharged from any and all liability as to all matters set forth in the accounting.

3. If a trust is not before a district court under subsection A of Section 175.23 of this title and if no objection has been made by a beneficiary who is an eligible distributee or permissible distributee of the trust’s income or principal within one hundred eighty (180) days after a copy of the trustee’s accounting has been provided to such beneficiaries together with written notice of the provisions of this section, the distribution beneficiary is deemed to have approved such accounting of the trustee, and the trustee, absent fraud, intentional misrepresentation, or material omission, shall be released and discharged from any and all liability to all beneficiaries of the trust as to all matters set forth in such accounting.

4. If paragraphs 2 and 3 of this subsection do not apply, absent fraud, intentional misrepresentation, or material omission, an action to recover for breach of trust against a trustee who is a resident of this state or who has its principal place of business in this state, or an officer, director, or employee of such trustee may be commenced only within two (2) years of a trustee’s accounting for the period of the breach. In the case of fraud, intentional misrepresentation, or material omission, the limitation period shall not commence until discovery of the breach of trust.

5. For the purpose of this subsection, a beneficiary is deemed to have received a report or other statement:

a. in the case of an adult, if it is received by the adult personally, or if the adult lacks capacity, if it is received by the adult’s conservator, guardian, or agent with authority, or
b. in the case of a minor, if it is received by the minor’s guardian or conservator or, if the minor does not have a guardian or conservator, if it is received by a parent of the minor who does not have a conflict of interest.

6. Except as otherwise provided by the terms of a trust, while the trust is revocable and the settlor has capacity to revoke, the rights of the beneficiaries are held by, and the duties of the trustee are owed exclusively to, the settlor; the rights to be held by and owed to the beneficiaries arise only upon the settlor’s death or incapacity. The trustee may follow a written direction of the settlor, even if contrary to the terms of the trust. The holder of a presently exercisable power of withdrawal or a testamentary general power of appointment has the rights of a settlor of a revocable trust under this section to the extent of the property subject to the power.

F. 1. A term of the trust relieving a trustee of liability for breach of trust is unenforceable to the extent that it:

a. relieves a trustee of liability for breach of trust committed in bad faith or with reckless indifference to the purposes of the trust or the interest of the beneficiaries, or

b. was inserted as the result of an abuse by the trustee of a fiduciary or confidential relationship to the settlor.

2. An exculpatory term drafted by or on behalf of the trustee is presumed to have been inserted as a result of an abuse of a fiduciary or confidential relationship unless the trustee proves that the exculpatory term is fair under the circumstances and that its existence and contents were adequately communicated to the settlor.

G. A beneficiary may not hold a trustee liable for a breach of trust if the beneficiary, while having capacity, consented to the conduct constituting the breach, released the trustee from liability for the breach, or ratified the transaction constituting the breach, unless:

1. The beneficiary at the time of the consent, release, or ratification did not know of the beneficiary’s rights and of the material facts that the trustee knew, or with the exercise of reasonable inquiry, the beneficiary should have known, and that the trustee did not reasonably believe that the beneficiary knew; or

2. The consent, release, or ratification of the beneficiary was induced by improper conduct of the trustee.

H. 1. Except as otherwise agreed, a trustee is not personally liable on a contract properly entered into in the trustee’s fiduciary capacity in the course of administration of the trust if the trustee in the contract discloses the fiduciary capacity.

2. A trustee is personally liable for obligations arising from ownership or control of trust property, or for torts committed in the course of administering a trust, only if the trustee is personally at fault, whether negligently or intentionally.

3. A trustee who does not join in exercising a power held by three or more trustees is not liable to third persons for the consequences of the exercise of the power. A dissenting trustee who joins in an action at the direction of the majority co-trustees is not liable to third persons for the action if the dissenting trustee expressed the dissent in writing to any other co-trustee at or before the time the action was taken.

4. A claim based on a contract entered into by a trustee in the trustee’s fiduciary capacity, on an obligation arising from ownership or control of trust property, or on a tort committed in the course of administering a trust, may be asserted against the trust in a judicial proceeding against the trustee in the trustee’s fiduciary capacity, whether or not the trustee is personally liable on the claim.

I. 1. A person who in good faith assists a trustee or who in good faith and for value deals with a trustee without knowledge that the trustee is exceeding or improperly exercising the trustee’s powers is protected from liability as if the trustee properly exercised the power.

2. Dealing in good faith with another person with knowledge that the other person is a trustee does not place a third person on notice to inquire into the extent of the trustee’s powers or the propriety of their his or her exercise.

3. A person who in good faith deals with another person with knowledge that the other person is a trustee is not solely on that account placed on notice to inquire into the extent of the trustee’s powers or the propriety of their his or her exercise or to see to the proper application of assets of the trust paid or delivered to a trustee.

4. A person who in good faith assists a former trustee or who for value and in good faith deals with a former trustee without knowledge that the person is no longer a trustee is protected from liability as if the former trustee were still a trustee.

5. The protection provided by this section to persons assisting or dealing with a trustee is secondary to that provided under comparable provisions of other laws relating to commercial transactions or to the transfer of securities by fiduciaries.

You will note that I have highlighted Subsection E. 6. The reason for the emphasis it that this provision allows the settlor of the trust to indorse a check payable to the Trust and deposit the check into an account owned by the settlor that is not under the trust. It also allows the settlor to name a non-trustee as an authorized signer on the Trust account or add a deputy to a safe deposit box leased by the Trust. You will find a template for adding a non-trustee authorized signer to a Trust account as well as one to add a deputy to a safe deposit box on the Legal Links web page noted above.

Title 47 O.S. § 1111.2 Registration and Pre-Registration – Effective September 1, 2024.

A. The license plate and certificate of registration shall be issued to, and remain in the name of, the owner of the vehicle registered and the license plates shall not be transferable between motor vehicle owners. When a vehicle is sold or transferred in the state, the following registration procedures shall apply:

1. When a current and valid Oklahoma motor vehicle license plate has been obtained for use on a motor vehicle and the vehicle has been sold or otherwise transferred to a new owner, the license plate shall be removed from the vehicle and retained by the original plate owner;

2. In the event an owner purchases, trades, exchanges, or otherwise acquires another vehicle of the same license registration classification, Service Oklahoma shall authorize the transfer of the current and valid license plate previously obtained by the owner to the replacement vehicle for the remainder of the current registration period. In the event the owner acquires a vehicle requiring payment of additional registration fees, the owner shall request a transfer of the license plate to the newly acquired vehicle and pay the difference in registration fees. The fee shall be calculated on a monthly prorated basis. The owner shall not be entitled to a refund:

a. when the registration fee for the vehicle to which the plate(s) is to be assigned is less than the registration fee for that vehicle to which the license plate(s) was last assigned, or

b. if the owner does not have or does not acquire another vehicle to which the license plate may be transferred;

4. When a lender or lender’s agent repossesses a vehicle and the license plate has not been removed in accordance with this section, the lender or lender’s agent shall not be subject to the provisions of this section and the license plate shall be considered removable personal property and may be reclaimed from the repossessed vehicle…

6. a. Within two (2) business days of the date of sale or transfer of the motor vehicle, either the seller or the purchaser of the motor vehicle shall complete the pre-registration of the vehicle by submitting documentation to Service Oklahoma or a licensed operator identifying the motor vehicle subject to the sale or transfer, purchaser information, and any associated state-issued license plate on the vehicle. Pre-registration may be accomplished either in person at Service Oklahoma or a licensed operator location or by means of an electronic transaction or online system established by Service Oklahoma in accordance with Section 1132B of this title.

B. 1. The new owner of a motor vehicle shall, within two (2) months from the date of vehicle purchase or acquisition, make application to record the registration of the vehicle with Service Oklahoma or the licensed operator and shall pay all taxes and fees provided by law.

2. Any person failing to register a motor vehicle by timely transferring the license plate as provided by this section shall pay the penalty levied in Section 1132 of this title.

C. A surviving spouse, desiring to operate a vehicle devolving from a deceased spouse, shall present an application for certificate of title to Service Oklahoma or the licensed operator in his or her name within two (2) months of obtaining ownership. Service Oklahoma or the licensed operator shall then transfer the license plate to the surviving spouse.

More Deceased Customer Q&As

By Pauli Loeffler

Distributions after probate has closed.

Q. Sole account owner is deceased. The husband brings in the “Decree of Settlement of Final Account, Adjudication of Heirship and Distribution of Estate” that lists him as the estate’s personal representative and the beneficiary of the estate.
Hypothetically, if he never set up an estate account for his wife, could he indorse the check made payable to the estate as personal representative and convert it to a check made payable to himself?
This isn’t happening. This is just a discussion that our bank officers were having.

A. If the probate has been settled and the husband brings in the document you described, the bank now has documentation of the accountholder’s death and of the husband’s authority to claim the account for the estate. The bank can issue its cashier’s check payable to “Estate of [decedent’s name], [husband’s name], Personal Representative,” and he can indorse it as it is issued, add his own personal indorsement, and exchange it for a check payable to himself.
The bank would want to retain a copy of the court order.

Safe deposit box, no probate

Q. We have a deceased safe deposit box customer. There are four living children. There is a will but no probate. Is there a way all others can allow just one of them to enter the safe deposit box without them?
A. The heirs will all need to sign the § 906. A.2 affidavit of heirs which is available on the OBA Legal Links web page under Templates, Forms, and Charts. All heirs under the will must either be present when the box is opened or designate an agent to act for them. You will find a Template for Appointment of Agent on the Legal Links web page as well. The § 906 A. 2 affidavit is the appropriate affidavit to use, and it will need to be signed by whoever is/are the residuary heir(s) under the will. If a trust is the residuary heir under the will, the only person who must sign the Affidavit would be the current trustee.

In this issue:

• 2024 Oklahoma Legislation – Part I
• A potpourri of deceased customer Q&As
• Still more on the FDIC’s revisions to part 328

2024 Oklahoma Legislation – Part I

By Pauli D. Loeffler

Uniform Special Deposits Act – Tit. 6 O.S. § 910 et seq.

This is an entirely new Act that has only been adopted in the states of Oklahoma,
Colorado, and Washington and has been introduced in three other states: West
Virginia, Rhode Island, and Delaware.

There is no requirement that a bank offer accounts subject to the Special Deposit Act.

First, in order to be a “special deposit,” the deposit must be designated as “special” in
an account agreement. Second, the account must be for the benefit of at least two
beneficiaries. One or more of the beneficiaries may be the depositor. It must be
denominated in money defined as a medium of exchange authorized by a domestic or
foreign government for a permissible purpose, meaning a governmental, regulatory,
commercial, charitable, or testamentary objective. Finally, the account must be subject
to a contingency specified in the account agreement that is not certain to occur but if it
does, it creates the bank’s obligation to pay a beneficiary.

Quite frankly, the bank already has certain deposit accounts which are essentially
“special deposits.” For instance, funeral homes and cemeteries which sell plots and pre-
need funeral policies under Title 36 O.S. Sec. 7103 and Sec. 7126 the of the Oklahoma
Statutes would meet the definition of a special deposit. Another example are CDs
required by the Oklahoma Corporation Commission as bond for plugging wells. A third
example is under the Residential Landlord Tenant Act requiring the establishment of an
escrow account for security deposits of the tenant. These and similar relationships such
as those mentioned above will continue as they are.

The Act clarifies what a “special deposit” is. A special deposit must be (i) designated as
“special deposit” in an account agreement governing the deposit at a bank, (ii) for the
benefit of at least two beneficiaries (one or more of which may be a depositor), (iii)
denominated in money, (iv) for a permissible purpose identified in the account
agreement, and (v) subject to a contingency specified in the account agreement that is
not certain to occur, but if it does occur, creates the bank’s obligation to pay a
beneficiary. The examples I mentioned above meet all the criteria EXCEPT for being
designated a “special deposit” in the account agreement.

Inasmuch as only three states have adopted this Uniform Act, whether your current
deposit software provider will produce a specific form or add a check box to the existing
forms to designate the account as subject to the Special Deposit Act is a question I cannot answer. If a customer provides his own “Special Account” agreement, you need to discuss this with bank counsel.

I will add that the Uniform Laws Committee that promulgated the Uniform Special
Deposit Account Act has produced a one hour video I viewed and that you may access
via this link.

Title 19 O.S. § 298 – Change in margin size for recording with County Clerk

The margins for deeds, mortgages, releases, etc., presented to the county clerk for
recording on and after November 1, 2024, are changing. The top margin is increasing
from at least one inch to at least two inches, and all other margins are increasing from
at least one-half (1/2) inch to one inch. I would note that by increasing the size of the
margins, the number of pages being recorded may also increase. Banks will need to
keep the change in mind when providing cost disclosures for consumer loans.

B.
…

The top margin of all documents shall be at least two (2) inches and all other
margins shall be at least one (1) inch.

C. Despite any provision in this section to the contrary, the county clerk shall accept for
filing any document that fails to meet the requirements of subsection B of this section if:

1. The document is an original or a certified copy of an original;
2. The document is legible without the aid of magnification or other enhancement
of the text;
3. The document is xerographically reproducible by the copying equipment in use
by the county clerk;
4. The document meets all other statutory requirements for recordation; and
5. The person offering the instrument for recording pays the additional fee
provided in Section 32 of Title 28 of the Oklahoma Statutes for nonconforming
documents.

If the bank does not comply with the new margin requirements, there will be an
additional fee under § 32 of Title 28:

13. For recording the first page of deeds, mortgages, and any other instruments
which are nonconforming pursuant to subsection C of Section 298 of Title 19 of
the Oklahoma Statutes – $25.00
14. For recording each additional page of an instrument which is nonconforming
pursuant to subsection C of Section 298 of Title 19 of the Oklahoma Statutes –
$10.00

A potpourri of deceased customer Q&As

By Pauli D. Loeffler

The OBA Legal and Compliance Team receives a lot of questions regarding deceased
customers. Here are just a few of the many we received in the last month.

Finding the POD

Q. We have a checking account that has a POD beneficiary named and the customer
has passed away. However, it is an older account and all we have is a name with no
other identifying information for the beneficiary, not even a phone number. To
complicate matters further, the beneficiary is not one of the customer’s children. One of
the customer’s sons has been named special administrator of the estate. However,
since the account had a POD named it doesn’t become part of the estate. Can we tell
the son that the account has a POD beneficiary, and he is not it? Is there anything he
can do or provide to us that would require us to share who the POD beneficiary is?

A. The son appointed as Special Administrator of the estate stands in the shoes of the
deceased customer and can have any and all information regarding the account
including the signature card naming the POD. Perhaps the son may be able to provide
information regarding the POD. You will have to advise him that the funds are not part
of the estate, and if the bank cannot locate the POD, the funds will be escheated as
unclaimed property for the POD to claim.

Minors as PODs

Q. The owner passed away in March of 2021 leaving two CDs. One of the CDs has his
granddaughter, age 17, listed as his beneficiary, and the other has his grandson, age
14, listed. We have made numerous attempts to have the father of the grandchildren,
who was also a representative for the estate, come and close the accounts for the
benefit of his children. He will not come. We can only speculate on the reasons why.
The money is now due to be sent as unclaimed property to the state. We really do not
want to do that to these kids. Can we make checks payable directly to children and
bypass the father? Do we have other options? I do have a way to contact the
granddaughter directly. She was informed that she has funds here.

A. First, we are talking about CDs that I presume automatically renew. These have a
much longer period before reporting and remitting to the Oklahoma Treasurer as
unclaimed property:

Tit. 60 O.S. Sec. 652

D. Automatically renewable time deposits shall be subject to this section, except that
automatically renewable time deposits shall be presumed abandoned fifteen (15) years
following the expiration of the initial time period of the time deposit unless, during that
period the owner has:

1. Increased or decreased the amount of the deposit;

2. Communicated in writing with the banking or financial organization concerning
the property;

3. Otherwise indicated an interest in the property as evidenced by a
memorandum or other record on file prepared by an employee of the banking or
financial organization; or

4. Had another relationship with the banking or financial organization concerning
which the owner has:

a. communicated in writing with the banking or financial organization, or
b. otherwise indicated an interest as evidenced by a memorandum or
other record on file prepared by an employee of the banking or financial
organization and if the banking or financial organization communicates in
writing with the owner with regard to the property that would otherwise be
presumed abandoned under this section at the address to which
communications regarding the other relationship are regularly sent.
…
Upon presumed abandonment of the automatically renewable time
deposit, the holder shall report the presumed abandonment to the State
Treasurer and may, at the holders option, either retain the property or pay
or deliver it to the State Treasurer.

In other words, the CDs may not yet be due for reporting as Unclaimed Property. Even if
the CDs are required to be reported by the bank, it has the option to retain the CDs.
There is also the possibility that the grandchildren were named in the will, and there
may have been custodians named to manage those funds, in which case, the bank can
make the checks payable to the custodians.

Still more on the FDIC’s revisions to part 328

By John S. Burnett

In the June and July 2024 issues of Legal Briefs, I analyzed first the effects of the
FDIC’s Part 328 revisions on an insured depository institution’s (IDI’s) ATMs and other
digital deposit-and like devices (June 2024 Legal Briefs), and then other significant
changes to the regulation (July 2024 Legal Briefs). So, what else is there to discuss?

First, we learned in mid-July that the ABA, the Bank Policy Institute, and the Consumer
Bankers Association had written to the FDIC to ask that it “continue to work with
member institutions and other industry stakeholders to determine those aspects of the
final rule where comprehensive and clarifying implementation guidance is necessary for
institutions to be able to properly implement the rule, and this guidance, which could
take the form of FAQs, for example, be published by the end of 2024.” The letter went
on to request that the FDIC extend the compliance deadline by 12 months to January 1,
2026, to “provide institutions with sufficient time to comply with the rule, as clarified by
the guidance.”

Whether or not the FDIC will extend the compliance deadline is unknown. At the time
this Legal Briefs article was written, the deadline was still January 1, 2025.

Clarification and guidance in a Q&A document

The FDIC has posted “Questions and Answers related to the FDIC’s Part 328 Final
Rule,” [https://www.fdic.gov/resources/deposit-insurance/questions-and-answers-
related-to-the-fdics-part-328-final-rule.html]. The Q&A may be updated from time to
time. Make note of the “Last Updated” date (currently August 16, 2024) to see if there’s
anything added since your last review of the webpage.

What follows is taken from the FDIC’s responses in the July 16, 2024, Q&As; the
“Observations” are mine

FDIC Official Sign
Q1. Does the rule require the current FDIC official sign to be posted at new accounts
desk?

A. If a banker at a new accounts desk “usually and normally” receives and processes
deposits (e.g., processes a check deposit at the new accounts desk), then the official
sign must be posted at the new accounts desk. In a scenario where the banker at the
new accounts desk always walks the initial deposit over to the teller line, then the teller
is “receiving” the deposit and the official sign posted at the teller window is sufficient;
therefore, in that situation, an official sign would not be required at the new accounts
desk.

Observation: This is not new information. Apparently, bankers continue to ask the
question, however, so including it in this Q&A is helpful.

Q2. Are insured depository institutions (IDIs) required to provide any initial disclosures
about FDIC insurance coverage, either orally or in writing, before opening an account?

A. No. Part 328 does not require IDIs to provide “initial disclosures” about FDIC
coverage before account opening.

Observation: This is also not new information.

Q3. Is the FDIC official sign required at night drop facilities?

A. No. The official sign is required wherever deposits are usually and normally received.
FDIC staff does not view that deposits are usually and normally received by the IDI
when placed in a night depository.

Observation: Again, not new, but some banks have posted the FDIC official sign at
their night depositories. That is not prohibited, but it is unnecessary.

Q4. The new FDIC official digital sign is generally required to be displayed in the colors
navy blue and black. Does the final rule modify the physical official sign color
requirements?

A. No. The final rule does not modify color requirements for the physical FDIC official
sign. The rule continues to require use of the standard, in-branch official FDIC sign,
which is …. [the response continues with a description of the physical sign, using the
wording of section 238.3(b)(4) of the rule].

Non-Deposit Sign

Q1. Is the non-deposit sign required to be displayed in the individual offices within IDIs
where non-deposit products are offered?

A. Yes. Under 12 CFR § 328.3(c)(2), an IDI must continuously, clearly, and
conspicuously display the required non-deposit signage at each location within the
premises where non-deposit products are offered. If non-deposit products are offered in
individual offices, the non-deposit sign should be visible in those offices.

Placement and Display of Official Digital Sign

Q1. Are IDIs’ websites considered deposit-taking channels for purposes of the digital
signage requirements?

A. Under part 328, the FDIC official digital sign must be displayed on “digital deposit
taking channels,” which includes IDIs’ “websites and web-based or mobile applications
that offer the ability to make deposits electronically and provide access to deposits at
insured depository institutions.” 12 CFR § 328.5(a). If an IDI’s website is purely
informational, with no ability to make deposits or access deposits, it would not be
a digital deposit-taking channel.

Observation: And if it is not a digital deposit-taking channel, you are not required to use
the FDIC official digital sign. But don’t forget, if you promote deposit accounts on the
site, you will need to comply with new § 328.6 (Official advertising statement
requirements), as you probably have been all along.

Q2. Can the official digital sign appear only on the IDI’s “home page” and not on the
other web pages that make up the website?

A. No. The FDIC official digital sign must be displayed on the (1) initial or homepage of
the IDI’s website or application, (2) landing or login pages, and (3) pages where a
customer may transact with deposits. For example, the FDIC official digital sign should
be displayed where a mobile application allows customers to deposit checks remotely,
because this electronic space is in effect a digital teller window. 12 CFR § 328.5(d).

Q3. Where are we required to place the official digital sign on a bank webpage or app to
ensure compliance with the “clear,” “continuous,” and “conspicuous” placement of the
digital sign?

A. In general, the FDIC would expect to see official digital signs displayed on the
applicable pages in a manner that is clearly legible to all consumers to ensure they can
read it easily. The official digital sign could be displayed above the IDI’s name, to the
right of the IDI’s name or below the IDI’s name, but under all circumstances, the official
digital sign continuously displayed near the top of the relevant page or screen and in
close proximity to the IDI’s name would meet the clear and conspicuous standard under
the rule.

Here is an example:

Q4. Can the official digital sign be dismissed once a customer logs in?

A. No. The final rule requires that the official digital sign be displayed “in a continuous
manner,” which means it must remain visible on the (1) initial page or homepage of the
website or application, (2) landing or login pages, and (3) pages where the customer
may transact with deposits. 12 CFR § 328.5(d). The final rule, however, does not require the official digital sign to continue to follow the user as they scroll up or down the
screen.

Q5. Does the official digital sign need to be linked to the FDIC’s website?

A. No. Part 328 does not require the official digital sign to be linked to the FDIC’s
website. However, it may be helpful to consumers if IDIs link the official digital sign to
the FDIC’s optional online BankFind tool, so that consumers can more easily confirm
that the bank is FDIC-insured. This would help consumers better differentiate IDIs from
non-banks. Optional, downloadable versions of the FDIC official digital sign are
accessible to, and available for, bankers on FDICconnect, a secure website operated by
the FDIC that FDIC-insured institutions can use to exchange information with the FDIC.

Observation: Customers may or may not find the BankFind tool useful. Linking to it is
completely optional.

Q6. How should IDIs display the FDIC official digital sign on mobile devices with screen
resolutions that do not support the ability to display the entirety of the digital sign on one
line?

A. Generally, the FDIC official digital sign should be displayed as presented (shown
below) in the final rule at 12 CFR § 328.5(b), with no alteration to the text except for
color variation as noted in the regulation text.

However, if the image does not fit a particular device or screen, the official digital sign
can be scaled, “wrapped,” or “stacked” to fit the relevant screen and may satisfy the
“clear and conspicuous” requirement.

Observation: Scaling the image could render it illegible. I suggest you check it on a
number of mobile phones. “Wrapping” or “stacking” the text may be a better option on
narrower screens in portrait mode.

Q7. If an IDI’s name appears at the top of its website, and it also appears in the
website’s footer, does the new FDIC official digital sign need to be displayed at the top
of the page and also in the footer?

A. Under the final rule, IDIs are required to display the FDIC official digital sign “clearly
and conspicuously” in a continuous manner; the official digital sign continuously
displayed near the top of the relevant page or screen and in close proximity to the IDI’s
name would meet the clear and conspicuous standard under the rule. 12 CFR § 328.5(f).

IDIs are not required to display the FDIC official digital sign every time the IDI’s
name appears, such as in the footer of the website.

Q8. To satisfy the final rule’s official digital sign requirements, can the official digital sign
be placed in the footer of the webpage?

A. No. purposes of satisfying the final rule, IDIs are required to display the official digital
sign in a clear, continuous, and conspicuous manner. The official digital sign
continuously displayed near the top of the relevant page or screen and in close
proximity to the IDI’s name would meet the clear and conspicuous standard under the
rule. 12 CFR § 328.5(f). Therefore, placing the official digital sign in a footer of an IDI’s
webpage would not meet the clear, conspicuous, and continuous display requirement.

Observation: Questions 7 and 8 should have been combined.

Q9. If an IDI displays the FDIC official digital sign on its mobile app’s homepage and
alongside the IDI’s logo within the app, is it also necessary to include this signage on
the transaction portal before a customer completes a transaction?

A. It depends in part on what type of transaction is being completed. The FDIC official
digital sign must be displayed on the (1) initial or homepage of the bank’s website or
application, (2) landing or login pages, and (3) pages where a customer may transact
with deposits. 12 CFR § 328.5(d). For example, the FDIC official digital sign should be
displayed where an IDI’s mobile application allows customers to deposit checks
remotely, because this is an electronic space where a customer is transacting with
deposits.

However, if a consumer is completing a transaction by using an embedded third-party
payment platform that consumers: (a) access after logging into their IDI’s website; and
(b) utilize to initiate payments/move funds out of the IDI, then the official digital sign
should not be posted on those pages.

Observation: If your bank includes both of these types of transactions on the same
page, it will need to separate them as described in the FDIC’s response.

Q10. What are examples of “pages where the customer may transact with deposits” that
require the display of the FDIC official digital sign?

A. Examples of “pages where the customer may transact with deposits” that require the
display of the FDIC official digital sign include, but are not limited to: mobile application
pages that allow customers to deposit checks remotely; and, pages where customers
may transfer deposits between deposit accounts held within the same IDI (e.g.,
checking to savings or vice versa).

On the other hand, the FDIC would not expect an IDI to display the FDIC official digital sign on pages where a customer is transferring money from a deposit account to a non-deposit account.

Observation: Check your bank’s online and app pages that offer transfer capabilities to
see if some transfer types need to be set up on a separate page.

Q11. On which webpages should IDIs include non-deposit signs, and are we in
compliance if we place the non-deposit signs in the footer of the webpage?

A. With respect to which specific webpages the non-deposit signs must be displayed,
when an IDI offers both access to deposits and non-deposit products on its digital
deposit-taking channels, it must display a non-deposit sign indicating that non-deposit
products: are not insured by the FDIC; are not deposits; and may lose value. This non-
deposit sign must be displayed clearly, conspicuously, and continuously on each
page relating to non-deposit products.

With respect to whether the non-deposit signs can be placed in the footer, although
there is no requirement for the non-deposit sign to be displayed near the top of the
relevant page or screen, placing the non-deposit sign in a footer of an IDI’s webpage
would generally not meet the clear, conspicuous, and continuous display requirement.

In addition, the non-deposit products sign may not be displayed in close proximity to the
FDIC official digital sign. 12 CFR § 328.5(g)(1).

Observation: It may be “cleaner” to avoid offering or access to deposit and non-deposit
products on the same page.

Use of Advertising Statement on Digital Channels

Q1. Should IDIs include the “Member FDIC,” “Member of FDIC,” or “FDIC-Insured”
advertising statement on every page of their digital platforms?

A. The advertising statement (e.g., “Member FDIC”) must be displayed on
advertisements, consistent with 12 CFR § 328.6. It is not intended to overlap with the
official digital sign, and the advertising statement is not required on web pages where
an IDI displays the official digital sign, such as the bank’s homepage. However, an IDI is
not prohibited from displaying the advertising statement on a page that also includes the
official digital sign, so long as the use of the advertising statement on that page is
otherwise consistent with the official advertising statement requirements in 12 CFR §
328.6.

Automated Teller Machines or Like Devices

Q1. When implementing new official digital signage on ATMs, are IDIs required to
remove existing physical signs, or can both types of signage be displayed
simultaneously?

A. IDIs are not required to take down physical FDIC official signs attached to ATMs. For
an IDI’s ATM or like device that receives deposits but does not offer access to non-
deposit products, except as described below, the final rule provides flexibility to meet
the signage requirement by either (1) displaying the FDIC official digital sign
electronically on ATM screens (consistent with the image as described in 12 CFR §
328.5), or (2) displaying the physical official sign by attaching or posting it to the ATM.
However, IDIs’ ATMs or like devices that accept deposits and are put into service after
January 1, 2025, must display the official digital sign electronically (with no option to
satisfy the requirement through display of the physical official sign). 12 CFR § 328.4(e).

Observation: If an IDI’s ATM does not receive deposits, neither the official physical
sign nor the official digital sign is required to be displayed. If, however, a screen
displayed on the ATM includes an advertisement subject to § 328.6, the official
advertising statement or an optional short title or symbol should appear on that screen.

Social Media

Q1. Are IDIs required to post the new official digital sign on its social media
advertisements?

A. No. IDIs are not required to display the FDIC official digital sign on its social media
advertisements. IDIs should ensure that social media advertisements are compliant with
the official advertising statement requirements contained in 12 CFR § 328.6.
Observation: Social media are not digital deposit-taking channels.

Technical assistance

Q1. Where can IDIs obtain additional information about the final rule to support
compliance efforts?

A. The FDIC posted the slides from the FDIC’s banker webinar on Part 328 on
its website.
The FDIC issued a Financial Institution Letter and press release addressing the
issuance of the final rule.
The final rule was published in the Federal Register on January 18, 2024.

Q2. Where can IDIs obtain downloadable versions of the digital official sign?

A. The FDIC has made optional versions of the official digital sign available for IDIs
on FDICconnect, a secure website operated by the FDIC that FDIC-insured institutions
can use to exchange information with the FDIC. The requirement to display the new
FDIC official digital sign only applies to IDIs. Display of the FDIC official digital sign by
any non-bank third party would improperly imply that the non-bank is FDIC-insured and
would constitute a misrepresentation under part 328 subpart B.

Compliance and effective dates

Q1. Are there any changes that had to have been implemented by the final rule’s
April 1, 2024, effective date, or do IDIs have until January 1, 2025, to comply with all
requirements?

A. The compliance date for the amendments made to the final rule is January 1, 2025.
No changes had to be implemented by April 1, 2024, but IDIs can begin posting the
official digital sign and implementing other aspects of the regulation prior to January 1,
2025. For example, some IDIs have already posted the new official digital sign on their
websites. Similarly, some non-bank entities have updated their disclosures consistent
with the amendments to part 328 subpart B.

Advertising for Non-Deposit Products

Q1. In marketing materials that feature safe deposit boxes or credit products alongside
insured products like checking accounts, should IDIs include a disclosure stating that
these products are not FDIC-insured?

A. For the purposes of part 328, safe deposit boxes and credit products are excluded
from the definition of “non-deposit product.” Therefore, there is no requirement under
part 328 for an IDI to include such a disclosure in marketing material for these products.
Observation: Some banks have posted notices in their safe deposit areas and/or in
contracts for safe deposit service to advise customers that, despite the use of “safe
deposit” in the name of the service, the contents of a customer’s safe deposit box is not
insured by the FDIC or by the bank and that customers should consider insuring any
intrinsically valuable contents in a rider to their hazard insurance policies. These notices
are not affected by part 328.

More on the FDIC’s Revisions to Part 328

By John S. Burnett

In last month’s Legal Update, I offered an analysis of the changes the FDIC has made to the rules applicable to deposit-accepting ATMs (and similar equipment) in its regulations at 12 CFR Part 328 on Advertisement of Membership, False Advertising, Misrepresentation of Insured Status, and Misuse of the FDIC’s Name or Logo.

Before going further, I want to emphasize here that the new rules on FDIC signage on ATMs in new § 328.4 only apply to deposit-accepting ATMs (and like devices).

In this month’s issue, we review these other significant changes to the regulation:

• The new definitions section
• Reorganized and updated information on the FDIC’s official sign
• New alternative official sign display options
• Non-deposit product signage requirements
• FDIC signs for digital deposit-taking channels
• Another optional FDIC short title for ads
• A “cleanup on aisle 10” change
• Required policies and procedures
• Changes to Subpart B

Definitions

There are now two sets of definitions in the regulation. Section 328.1 includes definitions applicable within the entire regulation, for “Branch,” “Corporation” (the FDIC), “Deposit,” “Digital deposit-taking channel” (websites, banking applications, and any other electronic communications method through which an insured depository institution accepts deposits), “Hybrid product,” “Insured depository institution,” and “Non-deposit product” (any product that is not a “deposit,” including, but not limited to: insurance products, annuities, mutual funds, securities and crypto-assets, but credit products and safe deposit boxes are excluded from this definition).

If you compare the old Subpart A with the new Subpart A, you will see that many of the definitions in the previous version appear with the first instance of the defined term in the text of the regulation, and some terms in the previous version are simply not defined.

Section 328.101 comprises definitions applicable only to Subpart B. More on that later.

Reorganized and updated information on the FDIC’s official sign

Under the “old” regulation, section 328.1 provides a description and definition of the FDIC’s official sign, which is the sign that FDIC-insured depository institutions (IDIs) must post at their teller stations. There is also a definition included of the “symbol” of the FDIC, which is essentially the official sign with the graphic and statement to the left of the initials FDIC cut off, and the horizontal lines removed.

Then, in the old regulation, section 328.2 provides the requirements for displaying the official sign; a provision allowing the use of signs that vary from the official sign in size, color, or material (with certain limitations on size and color combinations); information on procuring the official sign from the FDIC or from commercial sources in other sizes and colors; and a rule allowing the FDIC to require an IDI to “change the wording of the official sign in a manner deemed necessary for the protection of depositors or others.” I presume that addresses cases in which an IDI has not updated its signage when the FDIC makes a change (such as the change in the standard deposit insurance limit from $100,000 to $250,000 several years ago), or in which an IDI has bought non-conforming signs from a commercial source.

In the new regulation, all of that information is reorganized in sections 328.2 and 328.3. Section 328.2 includes the descriptions of the official sign and symbol, reworded information on procurement of signs, and the rule allowing the FDIC to require you to change its posted signs.

New section 328.3 governs signage within the premises of IDIs and adds requirements for signage when an IDI offers non-deposit products within their premises. And this is where we see some substantive changes.

New alternative official sign display options

To start, we see essentially the same old rules on displaying the FDIC’s official sign at teller stations (for banks that usually and normally receive insured deposits at teller windows or stations). You can still use signs that are larger than the standard 7 x 3 inches, and in colors other than black on gold (still limited to two colors with the logo, wording and graphics in one color and the background in another, as long as the color combination still makes the logo, graphics and wording legible).

NEW! If you do not offer non-deposit products on the premises, you can choose to replace those official signs at each teller station with official signs that are placed at one or more locations visible from the teller stations or windows in a manner that ensures a copy of the official sign is large enough to be legible from anywhere  in that area. For example, your lobby design team might want to blow the official sign up to 70 by 30 inches – ten times the standard size – with navy blue logo, graphics, and text against a gold background, to complement the color scheme of your lobby, and place it in only one spot, eight feet above floor level behind the center of your  teller line where no one can miss seeing it. Overkill, you say? Perhaps, but it gets across the point that you have this new option (but only if you do not offer non-deposit products on the premises).

Also new is a rule designed for café style bank lobbies or other non-traditional arrangements, whether or not non-deposit products are offered on the premises. If insured deposits are usually and normally received in areas of the premises other than teller windows or stations, you must display the official sign in one or more locations in a way that ensures a copy of the official sign is large enough so as to be legible from anywhere in those areas.

Non-deposit products signage requirements

Thirty years ago, the FDIC, Federal Reserve Board, OCC and Office of Thrift Supervision (for those of you new to banking, the OTS was eliminated by the Dodd-Frank Act of 2010) issued the “Interagency Statement on Retail Sales of Nondeposit Investment Products,” which was developed to eliminate customer confusion regarding what is insured and not insured among the various products available from FDIC-insured depository institutions.

The update of Part 328 by the FDIC has incorporated that guidance. Banks that offer non-deposit products should find the rules in section 328.3 familiar, and it is expected that compliance under the 1994 Guidance will comply with section 328.3.

There is a requirement for segregated areas to be used for the offering of non-deposit products and those areas are to be clearly delineated and distinguished from areas where insured deposit-taking activities occur. In cases of physical area limitations where there are challenges to offering non-deposit products in a distinct area,  you still must take prudent and reasonable steps to minimize customer confusion.

There is a familiar requirement for conspicuous signage in such areas indicating that the non-deposit products : are not insured by the FDIC; are not deposits; and may lose value.

You can use electronic media to display the official sign and the non-deposit sign as long as one related to the product being offered is continuously and conspicuously displayed while that product is being offered. So, for example, you could use an electronic sign board that displays the official sign most of the time but is switched off and replaced by the “not, not, may” sign when offering non-deposit products.

Signs for digital deposit-taking channels

In last month’s Legal Briefs, I introduced the FDIC’s new official digital sign that will appear on some ATMs. That new sign is officially described in new section 328.5, which governs signage for digital deposit-taking channels, “including IDIs’ websites and web-based or mobile applications that offer the ability to make deposits electronically and provide access to deposits at IDIs.” The design of the official digital sign is spelled out in meticulous detail in section 328.5(b), which I won’t repeat here, but I do recommend that you share that very technical description with whoever designs your website, banking app, and any other digital deposit-taking channels.

Display of the FDIC official sign (the one that appears at teller stations) or the use of the shorthand “Member FDIC” will no longer be acceptable, effective January 1, 2025, for use on bank websites or other digital deposit-taking channels.

Can you get by just by replacing the old FDIC symbol with the new official digital sign everywhere on your website or app?

No. The new official digital sign (or the “digital symbol” — essentially the digital sign without the gray graphic underscore) must appear on the following pages or screens:

1. Initial or homepage of the website or application
2. Landing or login pages
3. Pages where the customer may transact with deposits (for example, make deposits on an IDI’s smartphone app). I believe this would also apply to any page in an online banking web or smartphone app on which a customer can make a transfer to or from the customer’s accounts.

The official digital sign must be clearly legible across all IDI deposit-taking channels. To be considered clear and conspicuous, the official digital sign should be placed near the top of the relevant page or screen and close to the bank’s name. That requirements means the bank’s name should appear on each such page or screen.

Burying the official digital sign in a universal footer for all pages of a website will not be acceptable.

What about web or application pages that offer  non-deposit products?

If a digital deposit-taking channel offers both access to deposits at an IDI and non-deposit products, the institution must clearly and conspicuously display signage indicating that the non-deposit products: are not insured by the FDIC; are not deposits; and may lose value, continuously on each page relating to non-deposit products. This non-deposit signage may not be displayed in close proximity to the FDIC’s official digital sign. As a matter of practicality, it’s probably best not to mix deposit products and non-deposit products on the same page or screen of the website or application.

Can a bank provide a link on the website or application allowing logged-in customers to access a third-party’s offering of non-deposit products?

Yes, but the IDI must provide a one-time per web session notification on its digital deposit-taking channel before the customer leaves the digital deposit-taking channel. The notification must be dismissed by an action of the bank customer before initially accessing the third party’s online platform and it must clearly and conspicuously indicate that the third party’s non-deposit products: are not insured by the FDIC; are not deposits; and may lose value. Optionally, the notification may also indicate that the bank customer is leaving the IDI’s website or other disclosures that may help prevent consumer confusion.

As with the FDIC’s official sign, the FDIC may require any IDI, with 30 days’ notice, to change the wording, color or placement of the FDIC official digital sign and other signs for digital deposit-taking channels when the FDIC deems it necessary for the protection of depositors or others or to ensure consistency with the requirements of subpart A of the regulation.

Changes in official advertising statement requirements

Old section 328.3 – “Official advertising statement requirements” has been reissued as section 328.6 under the same heading, with only one change other than updating cross-references to other sections of the update regulation. It does give your marketing department one additional “short title” that can be used in advertisements in place of the full official advertising statement “Member of the Federal Deposit Insurance Corporation.” In addition to the familiar short titles “Member of FDIC” and “Member FDIC,” and the symbol of the FDIC, your marketing department now has the option of using “FDIC-Insured” in ads subject to section 328.6.

For decades, bankers have asked probing questions about using “Member FDIC” in ads. Questions like “Do we need to include ‘Member FDIC’ on Frisbees we give away to kids at our booth at the county fair each  year if they have our bank name on them?” Questions that I tend to counter with “What other reason does the bank have for having its name on the Frisbees than to advertise the bank, and what about a Frisbee makes it impractical to include ‘Member FDIC’ along with the bank’s name?” The FDIC has included a list of ten types of advertisements that do not require the official advertising statement in old section 328.3 for as long as I can remember, and it hasn’t updated that list at all in the updated regulation.

Cleanup on aisle 10

That is, EXCEPT for item 10 on the list, which, until April 1, 2024, still referred to an FDIC insurance limit of $100,000 because it was not updated when the limit was boosted to $250,000 permanently in 2010. In the new section 328.6 the phrasing was changed to “or that its deposits or depositors are insured by the Federal Deposit Insurance Corporation to at least the standard maximum deposit insurance amount (as defined in § 330.1(o)) for each depositor.”

Policies and procedures

What self-respecting FDIC regulator would not include a requirement that parties subject to its regulation have policies and procedures for compliance with the regulation?

Until April 1, 2024, Part 328 did not have such a requirement. To be sure, the FDIC has always expected that IDIs (and others affected by the rule) comply with Part 328. But the  updated regulation, which has a required compliance date of January 1, 2025, now requires, in new § 328.8, that IDIs establish and maintain “written policies and procedures to achieve compliance with this part.” Not only must the policies and procedures be written, but they also must be “commensurate with the nature, size, complexity, scope, and potential risk of the deposit-taking activities of the insured depository institution and must include, as appropriate, provisions related to monitoring and evaluating activities of persons that provide deposit-related services to the insured depository institution or offer the insured depository institution’s deposit-related products or services to other parties.”

In the prefatory text published with the amendments on January 18, 2024, the FDIC expanded on its requirement that the policies and procedures address any third-party that provides deposit-related serves to an IDI:

“Here, the policies and procedures established and maintained by IDIs will facilitate compliance with part 328, including by ensuring that appropriate monitoring is conducted and evaluations are performed regarding activities of certain persons that provide deposit-related services to IDIs or offer an IDI’s deposit products or services to other parties. The policies and procedures will help ensure activities are conducted in compliance with applicable laws and that IDIs are aware of whether certain third parties are in violation of subpart B of part 328. Having these policies and procedures in place will help mitigate the risks of consumer harm and confusion, consistent with the statutory purpose underlying section 18(a) of the FDI Act and the FDIC’s mission to maintain and promote public confidence in the banking system.” [https://www.federalregister.gov/d/2023-28629/p-212].

That paragraph is significant. You may recall that the FDIC has been issuing “cease and desist” letters to various fintechs that were allegedly misrepresenting their non-deposit products to be FDIC-insured or making other misleading statements about FDIC coverage of funds invested with the fintechs. In some cases, those companies have said that their clients’ funds are placed with an IDI, making them “fully insured” or “guaranteed by the U.S. government,” which, of course, isn’t always the case because there is a cap on FDIC coverage per depositor per capacity.

The requirement that an IDI be aware of whether certain third parties are in violation of subpart B now makes it the IDI’s responsibility to monitor the activities and statements of third parties it may work with to ensure the third parties are not misrepresenting the facts with regard to FDIC coverage of their clients’ funds.

Changes to subpart B

Subpart B was not overhauled to the extent that subpart A was. Here’s a list of the changes.

Definitions: Section 328.101 now includes a definition of “deposit” and selected other definitions were cleaned up a bit or restated rather than citing back to subpart A.

Prohibition: Section 328.102 has added prohibitions against using FDIC-associated terms or images in a way that inaccurately states or implies that a person other than an IDI is insured by the FDIC. Also added are examples of material misrepresentations relating to FDIC coverage.

• Bankers’ FAQs
• Changes in UCCC amounts effective 7/1/24
• ATMs and the FDIC’s new Advertisement of Membership Rule

Bankers’ FAQs

By Pauli Loeffler

Some of the questions submitted to the OBA’s Compliance team are asked with some frequency by our members. We’ve gathered some of these questions and responses to assist you when similar situations present themselves.

Altered check, indorsement claim

Q. We had a large check ($40,275.60) on which the payee was altered from United Health Care to Lizabeth Zambrano when it was deposited into JP Morgan Chase Bank. The payee, Lizabeth Zambrano endorsed the checked with her initials L.Z. instead of her full name. Can this check be returned because it was not endorsed correctly?

A. Your opportunity to return the check ended at midnight on the banking day after the check posted to your customer’s account. However, your customer, the check issuer, can have the intended payee (United Health Care) provide an affidavit that it did not receive, indorse, or receive the proceeds of the check, and the check issuer can provide an affidavit that the check was payable to United Health Care, the payee name was altered by person unknown to Lizabeth Zambrano, who appears to have indorsed the check and deposited it with JPMorgan Chase Bank (JPMCB).

Your bank then sends copies of the affidavits and a copy of the original check to JPMCB with a claim that JPMCB breached its Presentment Warranty under UCC 4-208 that the check was not altered.

Given the dollar amount involved, you may want to consider getting legal counsel involved. Time is of the essence — JPMCB’s liability to your bank under the presentment warranty can be reduced if you fail to notify them of the breach of warranty claim within 30 calendar days of learning of the alteration and of JPMCB’s involvement as the depositary bank. That includes obtaining the affidavits I mentioned above.

And, for whatever it is worth, “E.Z.” could be Elizabeth Zambrano’s actual signature. It does not have to contain all the letters of her given name.

Multiple payees, who must indorse

Q. When “and” appears on a check, I know both parties need to sign, but when one name appears below the other is that also the case? I have always assumed the answer is “no.” Am I wrong? What about when there is a “/”?
A. If there is an “and” or “&” between payee names, all payees must indorse or deposit the check into an account owned by all payees. If there is an “and/or,” “&/or,” “/,” or no conjunction between the names, any payee may indorse or deposit the check into an account s/he owns.
UCC Section 3-110 – Identification of Person to Whom Instrument is Payable
(d) If an instrument is payable to two or more persons alternatively, it is payable to any of them and may be negotiated, discharged, or enforced by any or all of them in possession of the instrument. If an instrument is payable to two or more persons not alternatively, it is payable to all of them and may be negotiated, discharged, or enforced only by all of them. If an instrument payable to two or more persons is ambiguous as to whether it is payable to the persons alternatively, the instrument is payable to the persons alternatively.
Oklahoma Code Comment
Sections 3-109 and 3-110 rewrote pre-revision Sections 3-110, 3-111, 3-116 and 3-117, for clarity and to modernize the language. Subsection 3-110(d) clarifies pre-revision Section 3-116 by seeking out guidelines for determining when an instrument payable to two or more payees must be indorsed by all of them. Essentially, in order to require indorsement by all the payees, their names must be joined in the conjunctive, as in “Jane Doe and John Doe” or “Jane Doe & John Doe.” Any other formulation will permit indorsement by only one payee, as with “Jane Doe or John Doe,” “Jane Doe/John Doe,” or “Jane Doe, John Doe.”

Payee is named as “Life Tenant”

Q. We were presented with a check payable to “John Doe, Life Tenant.” How do we handle this check?

A. As long as the life tenant payee is alive, the bank can deposit the check into his account. About a decade ago, oil and gas royalty checks started to include “Life Estate” after the name of the payee when the interest of the mineral owner would transfer on death to remaindermen.

If the life tenant is alive and kicking, the bank can deposit the check to any account he owns or cash it and totally ignore any persons named as remaindermen.

It is a different situation when the life tenant is deceased and name or names of the person(s) entitled to the funds are listed below the life tenant. “How do we handle the check?” Even if all remaindermen are present to indorse the check, I would suggest that the bank refuse to deposit the check or cash the check if it is not an “on-us” item. Why do I make this recommendation?

In order to get the deceased life tenant’s name from being the payee of future checks, a new division order for each remaindermen is required. The remaindermen need to notify the purchaser of the oil and gas of the death of the life tenant so 1099s are issued correctly to the remaindermen. I suggest that you tell the remaindermen to return the check along with a copy of the deceased’s death certificate to the purchaser so it will provide new Division Orders for them to execute, as well as a W-9. The royalties will be held in suspense pending receipt of those forms, at which point the payor will release any funds currently held and will issue separate checks to the remaindermen going forward.

Authorized signers on revocable trust accounts

Q. Can we add an authorized signer who isn’t a current trustee to a revocable trust?

A. If the settlor/trustee of a revocable trust wants to add a person who isn’t a trustee as an authorized signer, Sec. 175.57 of Title 60 applies:

E.

3. Except as otherwise provided by the terms of a trust, while the trust is revocable and the settlor has capacity to revoke, the rights of the beneficiaries are held by, and the duties of the trustee are owed exclusively to the settlor; the rights to be held by and owed to the beneficiaries arise only upon the settlor’s death or incapacity. The trustee may follow a written direction of the settlor, even if contrary to the terms of the trust. The holder of a presently exercisable power of withdrawal or a testamentary general power of appointment has the rights of a settlor of a revocable trust under this section to the extent of the property subject to the power.

While the settlor is alive and competent, he can add whomever he wants an authorized signer, and since the settlor is the only one who can claim a breach of fiduciary duty, and as the sole current beneficiary of the funds, he is estopped from making such claim. This is also the reason we allow the trustee/grantor of a revocable trust with an account at your bank to deposit checks payable to the trust or to himself as trustee to cash or deposit checks to his personal account.

I do like a “belt and suspenders” approach even in this situation, and you will find templates on the OBA’s Legal Links web page to use to add an authorized signer to a trust account as well one to add a deputy to a safe deposit box.

Joint tenants without right of survivorship, PODs

Q. Could you please clarify if there are any provisions that prevent each tenant from electing their own PODs? This would allow each elected POD to collect their equal share of the account funds upon the death of the signers.
Example: John Doe or Mary Doe, Joint Tenants in Common Without Rights of Survivorship
John Doe, POD Sally Doe and Bob Doe, in equal shares
Mary Doe, POD Sam Smith

A. Sec. 901 of the Banking Code covers PODs. This section has no provisions for tenants in common allowing them to independently name their own PODs, nor is this allowed for purposes of determining FDIC deposit insurance. The tenancy in common is terminated upon death of a tenant in common, and unless they designate some other proportion at the time the account is opened, 50% of the funds will be paid to the surviving tenant and the rest will be paid to the estate of deceased tenant.

Reg E

Q. We’ve had a situation where our customer is disputing some Cash App charges on his account, and I want to make sure what we’re responsible for. Any advice you have is greatly appreciated!

On 08/08/2023, our customer came into a branch location to question some Cash App charges on his account that he said were not his. The names associated with those posted transactions were his ex-wife and stepson. Being family, he was hesitant on how he wanted to handle the situation. Our employee suggested that he file a police report and get back to us. At that time, the employee shut down his current debit card, and issued a new card. He never signed any dispute forms, never brought in a police report, and we never heard back from him. Fast forward almost a year later, on 05/17/2024, he came to our main bank location and said he was advised by a lawyer to seek the full amount of these Cash App charges that occurred in the amount of $38K, and he did present a police report that he actually filed on 08/11/2023 that he never told us about. The first fraudulent charge happened on 03/09/2023. His next bank statement cycle was on 04/04/2023. And his last Cash App charge was on 08/09/2024. He was also notified by Fiserv Fraud Alert on 04/23/2023 of potentially fraudulent activity on his account, and he did confirm that to be legit. However, it was not a Cash App transaction, and he apparently didn’t review his statements at that time for other fraudulent charges.

Per Reg E, even though he didn’t actually sign any dispute forms, but verbally gave notice those wasn’t his transactions, would that bank be responsible for all transactions from the first unauthorized charge, up to 60 days after the next statement cycle, 03/09/23 through 06/04/23?

Due to untimely notice, the bank should not be liable for any transactions after that since we could have shut down his card and stopped all further transactions?
Due to untimely notice, would the bank also have been relieved from giving him any provisional credit on 08/08/2023 and had the right to investigate first?

Do you see any ground the bank has to stand on due to customer negligence, or since the customer didn’t follow through with our dispute procedures?

A. First, you cannot require the customer to file a police report. When the bank investigates the claim of a series of unauthorized EFTs (UEFT), and cannot determine they were authorized, the bank must apply the timing and liability rules in Regulation E section 1005.6 to determine which UEFTs the consumer is to be reimbursed for and which UEFTs the consumer must bear responsibility for.

In this case, because there was no lost or stolen access device involved, the first and second tiers of liability in paragraphs 1005.6(b)(1) and (b)(2), don’t apply. You go straight to the third tier of liability, in paragraph 1005.6(b)(3). Determine when the bank sent the periodic statement showing the earliest UEFT and add 60 days to that date. This is the date after which any UEFT in the claim is the consumer’s responsibility. Any UEFT on or before that date should be reimbursed to the consumer.

Although you don’t have to provide provisional credit or adhere to the investigation timing rules under the section 1005.11 rules if the claim is for a UEFT appearing on a statement sent more than 60 days before the claim is received, you do need to determine whether the EFTs listed in the claim were or were not authorized, and you must comply with section 1005.6.

Changes in Uniform Consumer Credit Code Amounts effective 7/1/24

By Pauli Loeffler

Sec. 1-106 of the Oklahoma Uniform Consumer Credit Code in Title 14A (the “U3C”) makes certain dollar limits subject to change when there are changes in the Consumer Price Index for Urban Wage Earners and Clerical Workers, compiled by the Bureau of Labor Statistics, U.S. Department of Labor. You can download and print the notification from the Oklahoma Department of Consumer Credit by clicking here. It is also accessible on the OBA’s Legal Links page under Resources once you create an account through the My OBA Member Portal. You can access the Oklahoma Consumer Credit Code with regard to changes in dollar amounts for prior years on that page as well.

Increased Late Fee

The maximum late fee that may be assessed on a consumer loan is the greater of (a) five percent of the unpaid amount of the installment or (b) the dollar amount provided by rule of the Administrator for this section pursuant to § 1-106. As of July 1, 2024, the amount provided under (b) will increase by $1.00 to $32.00.

Late fees for consumer loans must be disclosed under both the U3C and Reg Z, and the consumer must agree to the fee in writing. Any time a loan is originated, deferred, or renewed, the bank has the opportunity to obtain the borrower’s written consent to the increased late fee as set by the Administrator of the Oklahoma Department of Consumer Credit. However, if a loan is already outstanding and is not being modified or renewed, a bank has no way to unilaterally increase the late fee amount if it states a specific amount in the loan agreement.

On the other hand, the bank may take advantage of an increase in the dollar amount for late fees if the late-fee disclosure is properly worded, such as:

“If any installment is not paid in full within ten (10) days after its scheduled due date, a late fee in an amount which is the greater of five percent (5%) of the unpaid amount of the payment or the maximum dollar amount established by rule of the Consumer Credit Administrator from time to time may be imposed.”

§ 3-508A.

This section of the “U3C” sets the maximum annual percentage rate for certain loans. It provides three tiers with different rates based on unpaid principal balances that may be “blended” based on the amount of the loan under (a):

(a) the total of:

(i) thirty-two percent (32%) per year on that part of the unpaid balances of the principal which is Seven Thousand Dollars ($7,000.00) or less;

(ii) twenty-three percent (23%) per year on that part of the unpaid balances of the principal which is more than Seven Thousand Dollars ($7,000.00) but does not exceed Eleven Thousand Dollars ($11,000.00); and

(iii) twenty percent (20%) per year on that part of the unpaid balances of the principal which is more than Eleven Thousand Dollars ($11,000.00)…

It also has an alternative maximum rate that may be used rather than blending the rates under 2. (b): “twenty-five percent (25%) per year on the unpaid balances of the principal.

The amounts under each tier are NOT subject to annual adjustment by the Administrator of the Oklahoma Department of Consumer Credit under §1-106. However, subsection (4) added in 2022 allows the lender to charge a closing fee which IS subject to adjustment under § 1-106. The closing fee which was $178.87 has increased as follows:

(4) In addition to the loan finance charge permitted in this section and other charges permitted in this act, a supervised lender may assess a lender closing fee not to exceed One Hundred Eight-Four Dollars and Sixty-Four Cents ($184.64) upon consummation of the loan.

Note that the closing fee is NOT a finance charge under the OK U3C, and therefore not considered for purposes of usury. However, the fee IS a finance charge under Reg Z. Most banks use Reg Z disclosures. This means that it is possible that the fee under Reg Z disclosures will cause the APR to exceed the usury rate under § 3-508A. If that happens, document the file to show that the fee is excluded under the U3C in order to show the loan does not in fact violate Oklahoma’s usury provisions. Please note that the bank is NOT required to charge a closing fee at all, and banks may choose to not charge the fee at all or charge less than the amount permitted under the statute.
You can access the § 3-508A Table here.  (https://www.oba.com/wp-content/uploads/2022/11/3-508A-ABS-Chart.pdf)

§ 3-508B Loans

Some banks make small consumer loans based on a special finance-charge method that combines an initial “acquisition charge” with monthly “installment account handling charges,” rather than using the provisions of § 3-508A with regard to maximum annual percentage rate.

The permitted principal amounts for § 3-508B is adjusting from $3,450.00 to $3,540.00 for loans consummated on and after July 1, 2024.

Sec. 3-508B provides an alternative method of imposing a finance charge to that provided for Sec. 3-508A loans. Late or deferral fees and convenience fees as well as convenience fees for electronic payments under § 3-508C are permitted, but no other fees can be imposed. No insurance charges, application fees, documentation fees, processing fees, returned check fees, credit bureau fees, nor any other kind of fee is allowed. No credit insurance even if it is voluntary can be sold in connection with in § 3-508B loans. If a lender wants or needs to sell credit insurance or to impose other normal loan charges in connection with a loan, it will have to use § 3-508A instead. Existing loans made under § 3-508B cannot be refinanced as or consolidated with or into § 3-508A loans, nor vice versa.

As indicated above, § 3-508B can be utilized only for loans not exceeding $3,540.00. Further, substantially equal monthly payments are required. The first scheduled payment cannot be due less than one (1) calendar month after the loan is made, and subsequent installments due at not less than 30-day intervals thereafter. The minimum term for loans is 60 days. The maximum term of any loan made under this section shall be one (1) month for each Ten Dollars ($10.00) of principal up to a maximum term of eighteen (18) months. This would be loans not exceeding $621.00. Loans under subparagraphs e through i of paragraph 1 of this section ($621.01 up to $2,300.00) the maximum terms shall be one (1) month for each Twenty Dollars ($20.00) of principal up to a maximum term of eighteen (18) months, and under subparagraphs j and k of paragraph 1 of this section ($2,300.01 – $3,450), the maximum terms shall be one (1) month for each Twenty Dollars ($20.00) of principal to a maximum term of twenty-four (24) months.

Lenders making § 3-508B loans should be careful and promptly change to the new dollar amount brackets, as well as the new permissible fees within each bracket for loans originated on and after July 1st. Because of peculiarities in how the bracket amounts are adjusted, using a chart with the old rates after June 30 may result in excess charges for certain small loans and violations of the U3C provisions. Since §3-508B is “math intensive,” and the statute whether online or in a print version does NOT show updated acquisition fees and handling fees you must download and print the notification from the Oklahoma Department of Consumer Credit by clicking the link set out in the first paragraph of this article.

The acquisition charge authorized under this statute is deemed to be earned at the time a loan is made and shall not be subject to refund, but if the loan is prepaid in full, refinanced or consolidated within the first sixty (60) days, the acquisition charge will NOT be deemed fully earned and must be refunded pro rata at the rate of one-sixtieth (1/60) of the acquisition charge for each day from the date of the prepayment, refinancing or consolidation to the sixtieth day of the loan. The Department of Consumer Credit has published a Daily Acquisition Fee Refund Chart for prior years with links on this page, (https://www.ok.gov/okdocc/Licenses_We_Regulate/Supervised_Lender/index.html) but had not done so at the time this article was written. Note if a loan is prepaid, the installment account handling charge shall also be subject to refund. A Monthly Refund Chart for handling charges for prior years can be accessed on the page indicated above, as well as § 3-508B Loan Rate (APR) Table. I expect the charts and table for 2024 to be added shortly.

§ 3-511 Loans

I frequently get calls when lenders receive a warning from their loan origination systems that a loan may exceed the maximum interest rate. Nearly always, the banker says the interest rate does not exceed the alternative non-blended 25% rate allowed under § 3-508A according to their calculations. Usually, the cause for the red flag on the system is § 3-511. This is another section for which loan amounts may adjust annually. Here is the section with the amounts as effective for loans made on and after July 1, 2024 in bold type.

Supervised loans, not made pursuant to a revolving loan account, in which the principal loan amount is $6,400.00 or less and the rate of the loan finance charge calculated according to the actuarial method exceeds eighteen percent (18%) on the unpaid balances of the principal, shall be scheduled to be payable in substantially equal installments at equal periodic intervals except to the extent that the schedule of payments is adjusted to the seasonal or irregular income of the debtor; and

(a) over a period of not more than forty-nine (49) months if the principal is more than $1,920.00, or

(b) over a period of not more than thirty-seven (37) months if the principal is $1,920 or less.

The reason the warning has popped up is due to the italicized language: The small dollar loan’s APR exceeds 18%, and it is either single pay or interest-only with a balloon.

Dealer Paper “No Deficiency” Amount

If dealer paper is consumer-purpose and is secured by goods having an original cash price less than a certain dollar amount, and those goods are later repossessed or surrendered, the creditor cannot obtain a deficiency judgment if the collateral sells for less than the balance outstanding. This is covered in Section 5-103(2) of the U3C. This dollar amount was previously $6,200.00 and increases to $6,400.00 on July 1, 2024.

ATMs (and like devices) and the FDIC’s new Advertisement of Membership Rule

By John S. Burnett

If your bank has ATMs or similar devices that accept deposits, someone in your organization should be working on making sure those ATMs will be in compliance with the FDIC’s revised Advertisement of Membership, False Advertising, Misrepresentation of Insured Status, and Misuse of the FDIC’s Name or Logo regulation (12 C.F.R. Part 328) which has a compliance date of January 1, 2025.

The FDIC has created a new “official digital sign” for use on some ATMs (details below) and on bank websites, online banking sites, and smartphone banking apps. In this article, I will review only the requirements for ATMs.
The official digital sign includes the FDIC initials in bold text, followed by “FDIC-Insured. Backed by the full faith and credit of the U.S. Government” in italics. You can see a reproduction of the sign on the BankersOnline webpage for section 328.5 of the FDIC’s regulation (https://www.bankersonline.com/regulations/12-328-005-new).

What do you need to do to ensure your deposit-accepting ATMs are in compliance after January 1, 2025? It depends on which of the following three groups your ATM falls into:

1. ATMs or like devices receiving deposits and offering access to non-deposit products, regardless of when they are placed into service
2. ATMs or like devices receiving deposit and NOT offering access to non-deposit products, placed into service after January 1, 2025.
3. ATMs or like devices receiving deposits and NOT offering access to non-deposit products placed into service before January 1, 2025.

Group 1

These machines must include the FDIC official digital sign displayed clearly, continuously, and conspicuously on their home page or screen and on each transaction page or screen relating to deposits. Presumably that includes screens used in making a deposit, withdrawal, or transfer to or from a deposit account and balance inquiries.
“Not, Not, May” disclosures. Each screen on each transaction page or screen relating to non-deposit products must display clearly, continuously, and conspicuously electronic disclosures indicating that such products : are not insured by the FDIC; are not deposits; and may lose value. This “Not, Not, May” disclosure may not be displayed in close proximity to the FDIC official digital sign.

Group 2

These machines that receive deposits for an insured depository institution and does not offer access to non-deposit products must display the FDIC official digital sign displayed clearly, continuously, and conspicuously on their home page or screen and on each transaction page or screen relating to deposits.

Group 3

If your bank has ATMs in this group, you can upgrade them at any time to conform to the requirements for Group 2 machines, or you can advertise your bank’s membership in the FDIC by affixing an FDIC’s physical official sign (similar to the sign used at each teller’s station, not the official digital sign) to the machine façade so that is displayed “clearly, continuously, and conspicuously.” If you elect this option for these “grandfathered” machines, you or your third-party ATM servicer must monitor the signage and promptly replace any FDIC physical official sign that is removed, defaced, or degraded by weather, vandalism, or otherwise. If the sign is no longer clear or conspicuous, it should be replaced.

Military Customers – A Protected Class?

By Andy Zavoina

For starters, service members are not a protected class under Reg B or ECOA, but note I added a question mark in the title of this article. The question is, do you want to treat them as a protected class? In my opinion, a bank often mitigates risks most effectively by putting service members in the same category as the Reg B protected categories of race, color, religion, national origin, sex, marital status, age (provided that the applicant has the capacity to enter into a binding contract), the fact that all or part of the applicant’s income derives from any public assistance program, or the fact that the applicant has in good faith exercised any right under the Consumer Credit Protection Act.

I remind you of these prohibited basis categories for two reasons: to drive home the point that violations of a service member’s rights can yield severe consequences similar to those of Reg B violations, and the fact that if your bank has a fair lending violation (Reg B included), the Department of Justice (DOJ) is the government agency that will enforce it, and the DOJ is the same agency that will enforce the Service members Civil Relief Act (SCRA) as well. Under the SCRA, the Attorney General is authorized to file a federal lawsuit against any person, or entity, who engages in a pattern or practice of violating this law. Does “a pattern or practice” remind you of a term you have heard in fair lending training? For clarity, the DOJ is directly responsible for enforcing the SCRA, whereas the CFPB monitors complaints and can enforce unfair, deceptive, or abusive practices against banks for mistreating service members.

Often, we hear about the homeless problem and there is a subcategory of those who are veterans and that seems to get more attention because it seems more wrong when a veteran is involved. If there is an action against a debt collector, a repossession agent, or a bank charging overdraft fees, it sounds bad in the media, and then they add, “and this included veterans and service members,” because that garners more attention as well. This is both a reputation risk issue and one compounded by the fact that the SCRA may have been violated and because it carries the same weight as the Reg B consumer categories that are mentioned above. Yes, service members and veterans have given up a lot to defend our country and way of life. But as to salary, service members are also paid for what they do, and unlike many years ago when the draft helped ensure the armed services had the required manpower that was needed, today many service members make as much or more in the military as they would in the civilian sector, so compensation is not necessarily lower, especially when the entire compensation and benefits package is considered. The pay and benefits are competitive as to regular duties, but certainly those making the ultimate sacrifice could never be paid enough.

Putting aside the original spirit and intent of this law, while a part of that is still intact, a big part of it is not, and has been replaced with the idea that the SCRA is a benefit of military service. That is how it is explained to many service members. The Consumer Financial Protection Bureau (CFPB) explains that “The SCRA is a law created to provide extra protections for service members in the event that legal or financial transactions adversely affect their rights during military or uniformed service. These protections enable service members to devote their entire energy to the defense needs of the Nation.” So, while there is little obligation on a service member to validate any financial hardship that adversely affects them, they do need to be able to focus on their mission and the defense of our country.

While this is not an educational substitute for a class in lending to the military or the SCRA, I would be remiss not to remind you that, in addition to service members, the SCRA also protects commissioned officers in active service of the Public Health Service (PHS) and the National Oceanic and Atmospheric Administration (NOAA). While the key focus of the SCRA is military, as we discuss this group, read it with the PHS and NOAA included.

As more support for informally adding service members to the Reg B protected bases, the CFPB has a separate department just for these matters, the Office of Service member Affairs (OSA). Annually the CFPB also provides separate reports on service members, including how this group fares in the submission and resolution of consumer complaints. They are specifically separated so that they may be evaluated as a sole category separate from all others. What you do and how you serve your military customers is under a microscope.

In June 2023 the CFPB published “The Office of Servicemember Affairs: Annual Report” for 2022. Complaints submitted by service members serve as a key initial indicator of emerging issues and continuing trends. The report provides data and analysis around the most common complaints submitted by service members.

The Bureau received approximately 66,400 complaints from military consumers in 2022. This was a 55.5 percent increase over 2021. Reviewing the complaints handled by the OSA allows us the opportunity to examine internal procedures for responding to complaints and to improve communication and training to avoid similar complaints in your bank.

This brings me back to the DOJ. In July 2022 the DOJ issued a joint letter with the CFPB that was not directed to banks, but to the auto industry. That absolutely does not mean banks could not learn from the message, and it absolutely does not mean banks have not been penalized for violating these guidance items since 2022. The message is as pertinent today as it was two years ago.

In that letter there are three main provisions they wanted auto lenders to be aware of. Banks make auto loans, and other loans might be applicable as well. The three issues that were addressed included:

Wrongful Vehicle repossessions

The SCRA prohibits repossession of a vehicle during a period of military service unless you (the lender) have a court order or that vehicle loan was made before the period of service, making the loan not covered by the SCRA. There is no notice requirement from your borrower to have this protection, because the burden of determining whether the borrower is protected is on you, the lender. Verification is easiest via the Defense Manpower Data Center (DMDC) website, and I recommend checking that before any repossession order is issued. It may be wise to check it again if you have any reason to believe the borrower may become protected and/or check it again after the repossession to ensure the borrower is not protected at that point. That does not cancel out the fact that the vehicle of a covered borrower was repossessed, but if you verified the DMDC database prior to repossession you should be able to claim a safe harbor from fault. And if you check right after the repossession you can proceed with the return of personal items and a commercially reasonable private sale or auction on the vehicle knowing you will not receive a claim of protection and have to “un-do” that sale, which can be difficult. The DMDC has no separate hard cost, so it is a minimal investment of an employee’s time for peace of mind.2. Failure to terminate vehicle leases without penalty

Failure to terminate vehicle leases without penalty

Under the SCRA, a service member can terminate motor vehicle leases early without penalty after entering service or upon receiving qualifying permanent change of station (PCS) or deployment orders. When service members terminate motor vehicle leases, the SCRA requires that they be refunded all lease amounts paid in advance after the effective date, including “capitalized cost reduction” amounts. This has been a major bone of contention for several larger leasing institutions. The lesson learned here for banks is that upfront fees and costs that are considered part of the overall loan, like a rate buy down, should be amortized and not considered “one and done” as a cost of the loan or lease.

Interest rate benefits

If a loan was incurred prior to military service, the SCRA limits the interest rate to 6 percent upon a proper request from the service member. A proper request should include a formal request and a copy of their orders. The CFPB encourages lenders to use the DMDC checks as proof by itself and to provide rate reductions based on that information. A service member’s commander could also write a letter confirming the service member’s status, and that would satisfy the requirement for any verification. The amount above 6 percent must be forgiven and not deferred or added to the final payment, and it must be effective as of the date of SCRA eligibility, not the date of the request. Remember too, when the borrower is on active duty or the reservist receives their activation orders, they are a covered borrower. This provision allows the service member to make their request during the period of service or within 180 days after leaving the service.

Are banks or other financial institutions better than the auto industry and not deserving of such guidance? Of course not. And to go a step farther, I would point out that another form of enforcement comes not from the regulators or DOJ, but from the courts. So, there are several fronts that pose a compliance enforcement risk on your bank.

DOJ cases

Let’s start with a few DOJ cases and then look in detail at class action lawsuits which can take years to resolve and result in highly expensive litigation. All of this should be considered in a risk assessment concerning loan products. I want to ensure you are aware of some of these cases because they are not typically in mainstream media.

In March 2023, the DOJ filed two statements of interest for cases involving arbitration. The first was Espin v. Citibank, N.A. and the second was Padao v. American Express National Bank. Both cases were in the U.S. District Court for the Eastern District of North Carolina and were concerned with the right of the service members to bring class action litigation under the SCRA instead of being forced into private arbitration proceedings on their own.

The service members were disputing adherence to the 6 percent interest rate rule and were seeking to bring class actions against the banks on behalf of themselves and other service members who may have been affected by violations of this requirement. The complaint alleged that Citibank failed to comply with Section 3937 of the SCRA, requiring lenders to limit the interest rate charged to covered service members to 6 percent during periods of military service. Citibank and American Express were seeking to have the cases dismissed and to require each service member to bring their own individual claim in private arbitration. The DOJ’s statements of interest urged the court to deny each bank’s motion and allow the plaintiffs’ SCRA class claims to proceed.

On September 29, 2023, the court denied Citibank’s motion to compel arbitration in Espin v. Citibank. This class action lawsuit brought by four service members who held credit cards issued by, or had other interest-bearing obligations to, Citibank. In its statement, the DOJ argued that the SCRA gives service members pursuing SCRA claims the right to participate in a class action case in federal court even where a defendant seeks to enforce a contract clause mandating individual arbitration. The DOJ also argued that the relevant portion of the SCRA applies even where the arbitration agreements were executed before the change in law in 2019. The court’s opinion adopted the position advocated by the DOJ.

The Padao case was a class action lawsuit brought under the SCRA by a single service member on behalf of a class of service members who held credit cards issued by, or had other interest-bearing obligations to, the bank. While this was a different lender and plaintiff, the dispute was the same as was the specific Section 3937 reference to the 6 percent rate. The difference here is that this case was based on a single service member’s complaint and expanded to a class. The Padao case is still pending.

In these two cases, the banks are both large. Oftentimes a small community bank sees these very large banks as all-knowing. They have plenty of legal staff to understand all the requirements and react to them. But case after case shows that is not always true. Some like to push the limits or rely on their own interpretations of a requirement. What is your bank’s appetite for risk?

I want to draw attention to the fact that similar to other SCRA cases, especially involving repossessed collateral, significant actions are brought against a bank because of its actions with a single borrower. Just one person starts a snowball that turns into an avalanche. Some readers will be of the opinion that their bank has many military customers, and they know how to handle them as to SCRA compliance. Others may believe they have no military customers and do not need to know SCRA requirements, as they have yet to be an issue. The reality is, you should not be complacent, but be compliant. Evaluate risk, evaluate training, test your procedures, and verify all of it with controls and audits.

At any time, a civilian borrower could enlist in the service and suddenly you find you have an SCRA request. You could also have a reservist called up to active duty who would then be protected. The bank needs to have personnel trained on how to handle these accounts and evaluate the requests. It needs to look not just at loan records, but at overdrafts and safe deposit boxes because after all, a safe deposit box is a lease and the SCRA has a section just for leases. Just as the bank should train everybody in the bank in some basics, where is the Public File for CRA, how do I file a claim for an unauthorized withdrawal from my deposit account, what should they do in event of a robbery, they should recognize “I’m now in the military” as a key phrase that deserves immediate attention of the bank.

You may be surprised if an examiner, or a DOJ lawyer, asks you how many borrowers you have under SCRA protections, especially taking advantage of the 6 percent rate. Regardless of your answer, none, one, or one thousand, the next question may be asking how many were denied SCRA protections? Natural follow-ups to that will be how do you know, how do you track it, who makes the decision, and what factors are involved in that decision. Then, what controls are in place for quality assurance. When there is one complaint, they will look for other cases where the person accepted your answer but did not complain to a regulatory agency or the DOJ.

I do not know of any bankers who want DOJ lawyers in their banks asking questions about loan files. Lawyers are neither lenders nor bankers, and you could find yourself explaining every form and the reasons for every action taken on every loan made in the last five years. You do not want to spend your days doing that and catching up on your regular work at night and on the weekends.

In 2023, I found only four civil money penalties under the SCRA. Two were against towing companies and two were for lease termination problems involving homes. The penalties totaled only $53,000. Not that you would want to justify to your board any civil money penalty as being fair. Fortunately, these were not banks. But that does not mean all banks are getting it all right. The two arbitration cases mentioned earlier are examples even though one is still pending. There are costs incurred already; should we expect a different outcome from the same court for the same complaint?

Let’s revisit a few basic requirements of the Military Lending Act (MLA) and the SCRA, which I have indicated as “M” and “S” below. You can find each of these at www.BankersOnline.com/regulations, near the bottom of the page under the “Other” section. As a general rule the MLA applies to new loans made to service members and the SCRA applies to loans made to people who later became service members. (Please take note that the service member can include dependents, and some SCRA protections are not dependent on this pre-service test.)

M1 – Under the MLA your rate is capped at 36 percent. This applies to a covered borrower with a covered loan.

M2 – The 36 percent is calculated using the Military Annual Percentage Rate, which is like an all-in Reg Z APR. That is, it includes many more finance charge components such as any credit insurance premium or fee, any charge for single premium credit insurance, any fee for a debt cancellation contract, or any fee for a debt suspension and credit-related ancillary products sold in connection with the credit transaction for closed-end credit or an account for open-end credit; (exception bona fide fees). This can make 36 percent easily reachable.

M3 – You are not required by law to verify the applicant’s military status, but if you do not and violate the MLA, the first issue on the borrower’s list of cures is that the loan contract becomes void.

M4 – To obtain a safe harbor, the bank needs to verify the military status before the loan is consummated, by either checking with the MLA database at the DMDC or by obtaining that verification on the credit report. The source for the credit report is the DMDC so that is the sole resource for verification.

[Prior to a change in the MLA rules banks would obtain a signed statement from the applicant as to their military status. Very recently I mentioned in live training that this method is no longer acceptable and banks should have ceased using the form years ago. I almost did not mention it as I also said I think all banks have done away with it. Then during the next break, a banker verified with me that the form they were getting signed was of no use. All it does is create a document the bank creates, has signed, verifies it is signed, and then it is filed away until that file is involved in an audit or quality control check when more time is spent checking it. It provides no safe harbor and only costs the bank time and money and demonstrates that it does not understand the current MLA requirements. Check that your bank’s policy and procedures is updated if you have any doubts. And if your policy does require an MLA verification, it should be completed for that reason with an approved source.]

S1 – Generally, the maximum rate of interest for an SCRA-covered borrower on a covered SCRA loan is 6 percent. This rate can be requested up to 180 days after the service member is released from the service and it is retroactive to the date they were covered, not the date of the request.

S2 – Late fees are considered “interest” for the SCRA. If the bank reduces the interest rate to 6 percent, the maximum rate allowed, turn off late fee accruals or you could be usurious.

S3 – The rate caps apply when a person is on active duty, or a reservist receives their orders. What about National Guard? Title 32 outlines the role of the United States National Guard; normally Title 32 members are not covered under SCRA. To be considered for SCRA coverage a Title 32 member must be called “…to active service authorized by the President or the Secretary of Defense for a period of more than 30 consecutive days under section 502(f) of title 32, United States Code, for purposes of responding to a national emergency declared by the President and supported by Federal funds.” Also, this protection is afforded to joint loans with both the service member and their spouse.

S4 – The CFPB published a report in December 2022 that service members have paid millions of dollars in interest needlessly and that regardless of the law’s requirement that they request protections and provide documentation such as orders, banks should be proactive. This includes not waiting for a service member to make a claim for the interest rate reduction and proactively looking for signs that they may qualify. One way to accomplish this is verification through the DMDC database mentioned above. It has been fine-tuned more and more for accuracy and to reduce update latency. Banks can verify individual service members as well as batch process requests. Many banks adopted the batch processing method and would check the banks CIF records against the database on a monthly or other basis. New hits could be shown on the bank’s records as on active duty immediately and individual verifications could be initiated with the customer if desired.

Another case example

Now let’s turn to a very recent and newly filed class action case involving the SCRA. The case is Nowlin et al v Wells Fargo Bank, N.A., and it was filed in the U.S. District Court for the Eastern District of North Carolina on March 20, 2024. What the suit alleges that the bank “…illegally and negligently charged thousands of American service members and military families excessive interest rates and fees and compound interest on principal balances that were improperly inflated due to the bank’s misconduct.” We only have the plaintiff’s 29-page lawsuit because the filing is so recent and Wells Fargo has not yet replied to it.

The lawsuit notes that Wells Fargo heavily markets itself as being dedicated to the military. Yet even after claiming this, the bank has charged covered borrowers, with covered loans, in excess of the 6 percent interest rate limit, and that it must forgive that interest difference because it cannot be deferred or added to the loan, and that the bank is not waiving all fees as required. As identified above late fees would be considered interest but we do not have a specific description in the reports available as to what those fees are.

By way of background, the service members discovered the problem in 2022. Actually, Wells Fargo appears to have discovered the problem before that. The bank attempted to correct the issue at least with some of the service members by sending them a check and a letter explaining why the check was issued. However, rather than just being grateful for the unexpected checks, some service members questioned the “misleading correspondence” that explained it. These customers began investigating the issues on their own and determined there were “wholesale violations” and that the bank, in fact. has improperly damaged thousands of military families in this process.

The suit accuses Wells Fargo of failing to reduce the interest rates on service members’ accounts, waive fees, comply with the SCRA’s requirement that interest rate deductions are effective on the date military orders are received, and forgive incurred interest. It also criticizes Wells Fargo’s internal systems and then indicates that there is a miscalculation of principal, interest, and payoff amounts. Anyone who has ever manually calculated loan disclosures or done a series of calculations where one is dependent on the next understands that if one of those calculations is incorrect, all those that follow and rely on the first will be incorrect. They have to be. Again, these are all from the plaintiffs’ filing.

In addition to the miscalculations, they accuse Wells Fargo of imposing more interest, fees and other charges than is allowed. And that makes sense if the bank was not providing the reductions of interest in a timely manner or subsequently waiving fees and other charges. There seems to be a bit of piling on in this filing, but I suppose they need to paint a picture of an incompetent bank that already has a soiled reputation.

It is particularly stated that the bank’s internal audit (or compliance) program discovered the errors, and the bank was aware it both violated the SCRA and the bank’s own military benefits program. In the correspondence the bank has not admitted to any violations. Wells Fargo issued reimbursement checks but failed to adequately describe the methodology used to calculate those refunds.

Since the suit mentions the separate Wells Fargo Military Benefits program, there should be discussion as to whether or not such a program is actually a contract with the service members who relied on it. Since a contract is not a federal issue, the contract side of the discussion would be based on state law, but then again, could this be elevated to an unfair, deceptive, or abusive act or practice which may be punishable under federal UDAAP regulations? The suit alleges that without this special program, many of those service members would have banked elsewhere. A comment such as this, compounded with allegedly not reducing interest and not waiving fees demonstrates financial harm. That should immediately raise UDAAP red flags.

Lastly, the suit, in my opinion, piles on to the claims of illegal activity as it states Wells Fargo is, “still in possession of certain funds belonging to” impacted service members. The suit seeks to define the class of plaintiffs as those service members banking at Wells Fargo as far back as January 1, 2006. That means the bank is potentially responsible for more than 19 years of records reviews, calculations and statements, etc.

As you read this, reflect on any comparable situation your bank has been involved with. As a preventive measure, consider your bank’s position if a similar claim was made. Has training been adequate? Could the bank have been more transparent without admitting guilt in the letters explaining what transpired? Should the method of calculating the reimbursements been better defined to those with a need to know? Would that transparency and clear math alone have prevented what could be a lengthy and costly litigation? And will the examiners immediately demand to know what happened and why, because this could elevate the risk to the bank in the case even more? Remember, according to Andy Z, a service member is as good as a protected class.

Legislation to watch

In closing, I will point out that on April 17, 2024, Florida’s Senator Rick Scott and Georgia’s Senator Jon Ossoff introduced a bipartisan bill to lower costs for service members and their families through their bipartisan SCRA Benefit Utilization Act to expand access to financial protections and benefits. According to a post by Senator Scott, “The bipartisan bill would expand existing financial literacy programs to include information about these protections; require the Department of Defense’s annual survey to include information about these programs; include benefit information on all activation orders; and require creditors to apply a 6 percent cap to all eligible accounts under their jurisdiction once a service member invokes their SCRA rights.” Companion legislation was introduced in the U.S. House of Representatives by Pennsylvania’s Congressman Matt Cartwright.

Expect more claims.

 

• Update on the new CRA regulations
• FDIC rule affects ATMs, websites, apps and more
• Personal liability

Update on the new CRA regulations

By John S. Burnett

You know that the Federal Reserve Board, Office of the Comptroller of the Currency, and Federal Deposit Insurance Corporation announced final revisions to their Community Reinvestment Act regulations in October 2023, and those rules were finally published on February 1, 2024, at 89 FR 6574 [https://www.federalregister.gov/d/2023-25797] in the Federal Register. You also probably heard that, although the new regulations will be effective April 1, 2024, most of the changes in the regulations are not applicable until January 1, 2026, and one provision on reporting data under the new rules won’t be applicable until January 1, 2027. There are also some amendments in the rule that will not have an effective date unless and until the CFPB’s “1071” Small Business Lending Reporting rule is given a “green light” by the courts.

Three provisions delayed at the 11^th hour

If your bank has been racing to add its CRA Public File to its website, you can relax a bit. The agencies have issued, just a few days before April 1, a supplemental interim final rule that postpones the applicability of revised section ___.43 until January 1, 2026. That postponement includes the requirements in revised section __.43 requiring that the written comments from the public, the list of bank branches, and those opened or closed be updated quarterly, as well as the quarterly progress update required in new section __.43(b)(5) for banks with less than “Satisfactory” CRA evaluation ratings.

Also postponed to January 1, 2026, is the applicability date of the facility-based assessment area provision in section __.16.

The third change clears up confusion on which CRA Notice version banks need to post. It will allow banks to continue to use the CRA Notice in the agencies’ “legacy” regulations — the notice they posted before April 1, 2024 — until January 1, 2026.

These three changes were made because they all include requirements based in part on other sections of the updated CRA regulations that will not be applicable until January 1, 2026.

Where your Public File must be available

Because the applicability date for the changes to the Public File requirement has been postponed to January 1, 2026, banks should continue to have their full Public File available at their main office and, if they have offices in more than one state, at one office in each state. The reduced-content Public File can continue to be maintained at other offices.

Banks with public websites can also post their Public Files on their public websites before January 1, 2026, but they will have to continue to make the information in their Public File available to the public, upon request and at no cost from either the website or a physical file, from now until January 1, 2026, and from their public websites on and after that date.

Other developments relating to the new CRA rules

You may also have heard that a number of banking and business trade groups filed a civil suit in the U.S. District Court for the Northern District of Texas challenging the final CRA rules and will request a preliminary injunction to enjoin the agencies from implementing and enforcing the final rules while the suit is pending. In the meantime, the agencies have shown no sign of relenting in their support for the rules, and there has been no news (as of this writing) that an injunction has been issued.

The court issued a preliminary injunction just before the April 1, 2024, effective date, enjoining the Fed, OCC, and FDIC from enforcing the revised CRA regulations, and pushing back the April 1 effective day and each applicability date (such as the January 1, 2026, and January 1, 2027, dates mentioned above) one day for each day the injunction remains in place.

FDIC rule affects ATMs, websites, apps and more

By John S. Burnett

There is another regulatory change with an effective day of April 1, 2024, with compliance required by January 1, 2025, that all FDIC banks should be working on. The FDIC re-wrote subpart A of its regulation on “Advertisement of Membership, False Advertising, Misrepresentation of Insured Status, and Misuse of the FDIC’s Name or Logo (12 C.F.R. Part 328), and it affects every FDIC-insured bank in the nation.

While all of subpart A was re-issued, not everything is changing. Parts of the current rule were simply reorganized and shifted around to group similar topics. For example, current section 328.3 (“Official advertising statement requirements”) has been reissued as section 328.6 and otherwise largely untouched.

Paragraph 328.6(b)(1) in the new version adds “FDIC-insured” as a new optional short title that can be used in place of the official advertising statement “Member of the Federal Deposit Insurance Corporation,” joining the old standbys “Member FDIC” and “Member of FDIC” that have been approved for decades.

The current section 328.3(d) list of ten types of advertisements that do not require use of the official advertising statement or its alternate short form statements has not been changed in new section 328.6(d), except for the dollar amount in item 10 that was mistakenly not changed from $100,000 to $250,000 when the standard maximum deposit insurance amount (SMDIA) was officially changed in 2010. The new version of that paragraph, in section 328.6(d)(10) reads:

“(10) Advertisements which contain a statement to the effect that the depository institution is a member of the Federal Deposit Insurance Corporation, or that the depository institution is insured by the Federal Deposit Insurance Corporation, or that its deposits or depositors are insured by the Federal Deposit Insurance Corporation to at least the standard maximum deposit insurance amount (as defined in § 330.1(o)) for each depositor.”

Comment: One of the “frequent flyer questions” we get from bankers is a variation on “Do we have to include ‘Member FDIC’ on a [banner/business card/deposit receipt/signature card …]. The FDIC has not updated this list of “non-advertisements” in decades, and did not do so this time, either.

And, just to wrap up this discussion of new section 328.6, paragraph (f) reads the same as the version in current section 328.3—You can use a non-English equivalent of the official advertising statement in any advertisement, provided that the translations has been given prior written approval by the FDIC. To my knowledge, there is no list of accepted translations that can be accessed by banks. Instead, if your bank wants to use a translation, submit it in writing to the FDIC to obtain approval.

What is changing?

So, what in the rule IS changing? Here’s the short list. Explanations will follow:

1. Banks have new flexibility in placement of the FDIC official sign
2. New rules on signage in areas of bank offices in which non-deposit products are offered have been added
3. There are new areas where the official sign must be placed, such as on ATMs and similar machines
4. There are new requirements when deposit products are offered or accessible by consumers affecting a bank’s website, online banking portal, and mobile banking apps
5. New requirements for written policies and procedures

Flexibility in placement of the FDIC official sign. If insured deposits are usually and normally received at teller windows or statements, the insured depository institution (IDI) must display at each such teller window or station in its standard 7” by 3” size or larger, with black lettering on a gold background. Other color combinations are acceptable as long as the logo and text are in the same color and the background in a contrasting color. No change from the prescribed wording is allowed. So far, no change.

Here’s the first flexible requirement: If the IDI does not offer non-deposit products on the premises, one or more official signs can be placed at one or more locations visible from the teller windows or stations in a manner that ensures a copy of the official sign is large enough to be legible from anywhere in that area, in lieu of placing a sign at each station or window. Stretching this to the ridiculous, I suppose you could replace all the FDIC signs at your teller windows/stations with a single much larger version hung or painted high on the wall behind the tellers.

Another placement option is available for non-traditional deposit reception. If insured deposits are usually and normally received in areas of the premises other than teller windows or stations (customer service desks or other arrangements, such as café style banking like what you may have seen on some Capital One TV ads), the official FDIC sign must be displayed in one or more locations such that a copy of the official sign is large enough to be legible from anywhere in those areas.

An IDI may also display the official sign in other areas, except where non-deposit products are offered.

Non-deposit products offered on an IDI’s premises

In general, non-deposit products must be offered only in areas physically segregated from areas where deposit products are usually and normally accepted. The IDI must identify areas where activities related to the sale of non-deposit products occur and clearly delineate and distinguish those areas from the areas where insured deposit-taking activities occur.

At each non-deposit offering area, the IDI must continuously, clearly, and conspicuously display signage indicating that the non-deposit products:

• Are not insured by the FDIC
• Are not deposits
• May lose value

Such signs may not be in close proximity to the FDIC’s official sign. The FDIC did not specify design or size requirements for the non-deposit sign (other than it be clear and conspicuous).

In limited situations where physical considerations present challenges to offering non-deposit products in a distinct area, an IDI must take prudent and reasonable steps to minimize customer confusion.

Signage on ATMs and similar machines

In the current rule, the phrase “automated teller machine” appears only once, as an example of a “Remote Service Facility,” on which an IDI may, but is not required to, place the official FDIC sign, with certain restrictions. The abbreviation “ATM” does not appear at all. These rules have been around for a long time, after all.

The new rule includes a new section 328.4 that “governs signage for insured depository institutions’ automated teller machines or other remote electronic facilities that receive deposits.” There are separate requirements (1) for these facilities that are placed in service before January 1, 2025, and receive insured deposits but do not offer access to non-deposit products; (2) for ATMs and similar facilities that receive insured deposits and offer access to non-deposit products; and (3) for ATMs placed in service on or after January 1, 2025.

Deposit products only, in service before 1/1/2025: An IDI may comply with the official sign requirement by doing either of the following:

1. Placing a physical official sign (the version placed at teller windows/stations) on the machine. Such signs are placed on the face of the machine or its enclosure, conspicuously visible to a user, and must be replaced if removed, degraded, or defaced to remain displayed “clearly, continuously, and conspicuously.” This option continues to be available for these machines after 1/1/2025 as long as they do not offer access to non-deposit products.
2. Displaying the “FDIC official digital sign” [see below] on appropriate screens of the ATM or similar facility as described below for machines placed in service after 1/1/2025.

Deposit products, with access to non-deposit products: By 1/1/2025, an IDI’s ATM or similar machine must clearly, continuously, and conspicuously display disclosures indicating that non-deposit products are not insured by the FDIC, are not deposits, and may lose value, on each transaction page or screen relating to non-deposit products. This disclosure may not be displayed in close proximity to the FDIC digital sign.

ATMs and similar devices placed in service after 1/1/2025: An IDI’s ATM or similar device that receives deposits for an IDI and does not offer access to non-deposit products and is placed into service after January 1, 2025, must display the official digital sign on its home page or screen and on each transaction page or screen relating to deposits.

The FDIC official digital sign

New section 328.5 (Signs for digital deposit-taking channels) introduces a new official sign to be used only in digital deposit-taking channels such as ATMs and similar devices [see above] and IDIs’ websites and web-based or mobile applications that offer the ability to make deposits electronically and provide access to deposits at IDIs. It looks like this:

When on a contrasting light background, the letters FDIC are in navy blue and the text to the right is black.  If displayed on a dark background, the FDIC and text will both be in white. There are font and size parameters in paragraph (b) of section 328.5.

Requirements for use of the official digital sign on ATM screens were listed earlier. For other IDI deposit-taking channels as listed in the previous paragraph, the official digital sign must, after 1/1/2025, appear on

1. Initial or homepage of the website or application
2. Landing or login pages
3. Pages where the customer may transact with deposits

The official digital sign must be clearly legible across all IDI deposit-taking channels. [NOTE: This will be difficult on mobile banking apps displayed on most cell phones. It may require displaying the official digital sign with text wrapped on two (or more?) lines. I wrote to the FDIC about this problem over a month ago and have not yet had the courtesy of a response. In the prefatory text that accompanied the final rule at publication, the FDIC said it is reviewing options to provide IDIs with technical assistance or guidance to assist in implementing the FDIC official digital sign requirements.]

When placed on a web or app page, the official digital sign should be continuously displayed near the top of the relevant page or screen and in close proximity to the IDI’s name.

Displaying non-deposit signage on digital deposit channels

If a digital deposit-taking channel offers both access to deposits at an IDI and non-deposit products, the IDI must clearly and conspicuously display signage indicating that the non-deposit products: are not insured by the FDIC; are not deposits; and may lose value. This signage must be displayed continuously on each page relating to non-deposit products but may not be displayed in close proximity to the official digital sign.

One-time notice for customers related to third-party non-deposit products

If a digital deposit-taking channel offers access to non-deposit products from a non-bank third party’s online platform, and a logged-in bank customer attempts to access such non-deposit products, the insured depository institution must provide a one-time per web session notification (sometimes referred to as a “speed bump”) on the insured depository institution’s deposit-taking channel before the customer leaves the insured depository institution’s digital deposit-taking channel. The notification must be dismissed by an action of the bank customer before initially accessing the third party’s online platform and it must clearly, conspicuously indicate that the third party’s non-deposit products: are not insured by the FDIC; are not deposits; and may lose value. Nothing in this paragraph shall be read to limit an insured depository institution’s ability to include additional disclosures in the notification that may help prevent consumer confusion, including, for example, that the bank customer is leaving the insured depository institution’s website.

Written policies and procedures

Of course, your bank has a policy requiring compliance with regulations and procedures to implement the policy.

For the first time, the FDIC is now requiring that IDIs establish by January 1, 2025, and maintain written policies and procedures for compliance with this regulation. Such policies and procedures must be commensurate with the nature, size, complexity, scope, and potential risk of the deposit-taking activities of the IDI and must include, as appropriate, provisions related to monitoring and evaluating activities of third parties that provide deposit-related services to the IDI or offer the IDI’s deposit-related products or services to other parties.

Personal liability

By Andy Zavoina

Many years ago, I learned a valuable compliance lesson while making a presentation to my bank’s board. I always liked to tell them I was the conduit between the board and the examiners. Compliance information I provided management and the board flowed regularly and this allowed me to provide two-way communication with the examiners and the bank as a whole, and to insulate the board from ever getting a notice from our examiners asking them to attend a special meeting after an exam, and to bring with them their personal checkbooks as the monetary penalty that was owed had to come from them and not the bank.

In this particular meeting I was discussing Money Market Deposit Accounts. Like many banks before the Reg D amendments in early 2020, we had customers writing more than the allowed number of checks during a statement cycle. Remember the customer could make no more than six transfers or withdrawals, three of which could be by check, draft, debit card or similar order. We used to apply the “couch potato” rule that if they had to get off the couch to make the transfer and it was not convenient to do so, it likely did not count as one of the restricted transfers. If it was convenient, like writing a check, it counted. And those were days when lots and lots of payments were made by check.

Very often the New Accounts folks wanted an exception to the number of transfers rule because this was a good customer with large deposits. But Reg D defined this rule in the definition of a savings account and the money market deposits were savings accounts. There were no exceptions built in and while guidance was that they could have three inadvertent errors in a rolling twelve-month period, that wasn’t set in stone and a habitual violator had little room for exception. I regularly audited the accounts with excessive transfers and Operations had controls to always review them. We also had customers that business development and lenders had persuaded to move to our bank and these deposit accounts and the large balances were factored into the profitability of the relationship. According to most of those exception requests, the customers’ old banks never enforced that rule, so why should we? For the historical record, the requirement was that the following was allowed:

Up to 6 transfers and withdrawals per calendar month or statement period of at least four weeks:

1. to another account of the depositor at the same financial institution, or to a third party
2. by automatic or preauthorized transfer
3. by telephonic agreement (including FAX and data transmission) order or instruction

No more than 3 of these 6 can be by the following and payable to third parties

1. check
2. draft
3. debit card (Point of Sale)
4. similar orders

Most ACH debits are included in the 6/month limit.

Now you can understand what the requirement was and that these were “good” customers because “good” meant more digits in the average balance. The directors of the bank liked to consider themselves “good customers,” as well, and because of the close relationship and their position, they were better than the average “good customer.” Well, I had one director, as he explained it, several times, whose wife just picked up the wrong checkbook when she went shopping and I will tell you that any time that was the case, six was a very lonely number.

Back to my presentation. I had this problem with some accounts and officers wanting to grant exceptions in addition to the directors’ accounts. I’d recently read an article that I shared with the board. It was about a bank that chose to openly ignore the transfer limitation rule and it was going to accept the risk. The examiners in this article, at this point, were discussing the potential penalties. One of the examiners followed the train of thought that the board sets the direction of the bank. In this case the examiners considered going back to when the problems started and calculate the interest paid on all the money market accounts. The entire category was up to being reclassified as demand deposits. That means interest should not have been paid on those balances for that entire period [this predated the Dodd-Frank Act, which has since made interest on demand deposits legal] and the directors personally could be held responsible to repay the bank the interest that was paid on these accounts. That possibility raised every eyebrow in our board room, and I was assured of complete support and cooperation as I managed the money market accounts audits and my compliance program. My problem director also found a way to color code the checkbooks and there were no problems from his account after that.

The key issue that resonated with the board was individual liability. So often we bankers do not realize that we can often be held accountable for our own actions. That can include monetary penalties and some violations can warrant incarceration – jail time. That is a big step away from the status quo, cushy and prestigious positions some aspire to because they see less responsibility than there actually is. So, I like to provide reminders from time to time to directors, management, officers, and even lower-level employees that they must be aware that if their actions are poorly chosen, regardless of the reason, they are responsible for what they do. This helps with buy-in for the compliance program overall and in getting the resources necessary to do your job. It is not intended to be a scare tactic, but instead a reason to listen, to learn and to perform.

It never helps the bank or the employees, officers or directors to ignore the rules. Good compliance is good for the customers, the bank, and those who carry out those compliance rules with every disclosure they provide, and every Reg E claim they process and every account they service. People need to understand that they may think they are helping the bank by denying a valid Reg E claim, as an example, but they are not, and if they are truly violating the Electronic Fund Transfer Act, they may be putting themselves at risk.

Succinctly, violations, especially “willful” ones, are first the responsibility of the bank as it is the provider of services and the other party in the agreement with the depositor. But if an employee is acting outside the scope of their duties, they may have individual liability. You must ask, what training and education on the topic did the employee have? What was their motivation to do what they are accused of doing? This may be one reason Wells Fargo employees other than management were not held personally responsible for much of the “8 is great” new accounts production requirements and falsely opening new accounts under customers’ names without permission.

Examiners have focused more in the last few years on direct responsibility. When an entity like a bank keeps getting penalized, it has less personal meaning and the entity never went to jail and the people working there never pay out of pocket. So, let’s start a discussion based on a hot item, the Bank Secrecy Act. The law says, “willful violations of the statute or its implementing regulations by an institution and any of its partners, directors, officers, or employees are punishable by a civil penalty of $25,000 (or the amount of the transaction at issue, up to $100,000) per day for each day the violation continues and at each office or location where it occurs or continues.” The BSA is not new and has been a requirement since 1970. But it has been just the last few years that regulators have begun using the personal liability portion of the regulation. While this personal responsibility mindset is happening in other countries as well, in 2015 “the Yates Memo” from Deputy Attorney General Sally Yates announced a call to action for the Department of Justice (DOJ) to increase its efforts to hold executives personally accountable for corporate misdeeds. The Yates Memo stated it was “seeking accountability from the individuals who perpetrated the wrongdoing” as “it deters future illegal activity, it incentivizes changes in corporate behavior, it ensures that the proper parties are held responsible for their actions, and it promotes the public’s confidence in our justice system.” Has this been the case? Just a few months ago, on January 31, FinCEN assessed a $100,000 penalty against Gyanendra Kumar Asre. According to the press release, “Asre allowed millions of dollars in high-risk transactions to be processed without required anti-money laundering controls or reporting to FinCEN,” said FinCEN Director Andrea Gacki. “Today’s action serves as a reminder that FinCEN will not hesitate to take action against individuals when their conduct jeopardizes the integrity of our financial system.” In addition to the fine, Asre has a five-year ban on working at any institution subject to the BSA rules. There is more to this than just a bad BSA officer.  As the BSA Officer at a credit union, Asre was responsible for detecting and preventing money laundering activities. But it gets more personal, and the credit union should have increased oversight because of this relationship. Asre had his own money services business and failed to register it with FinCEN. That violation was compounded by inadequate AML program management that allowed millions of dollars in high-risk transactions to be conducted through the system.

And I did mention incarceration as a penalty available to the DOJ and regulators. Two of the earlier actions go back to 2015 when a then former BSA officer was sentenced to two years in prison and forfeited almost $1 million and another was fined $1 million and threatened with a permanent ban from working in our industry. FinCEN assessed a civil money penalty against Thomas E. Haider. It was alleged that over a five-year period at MoneyGram, he failed to implement and maintain an effective AML program and neglected to comply with BSA requirements to report suspicious activity despite complaints about scams being operated through the MoneyGram system. In the second case, again it was not a banker, but Charlie Shrem, who was both Founder and BSA Officer for BitInstant. This was a Bitcoin exchange and Shrem did correctly register his company as a MSB, but he was allegedly helping another unregistered company in its operations. While Shrem had implemented an AML compliance program, he allegedly failed to file SARs on the illegal activity being conducted by the company he was aiding and abetting. And not related to these, but to personal liability, at the end of March 2024 Sam Bankman-Fried, the former CEO of cryptocurrency exchange FTX, was sentenced to 25 years in prison for crimes of fraud and conspiracy.

Now let’s look at nine separate actions involving personal liability actions against employees of the Bank of England – in England, Arkansas, just for clarity. These were FDIC actions in January 2024. The nine employees actually worked for the Bank of England loan production office in a Detroit suburb. They were accused of using bait and switch tactics among other methods to deceive mortgage applicants. The violations were charged for actions going back to 2018 until 2020. Examples of the deceptive techniques used included misrepresenting actually available loan pricing for mortgage loans, misrepresenting to consumers that they could skip two months of their mortgage payments, and further misrepresenting the loan production office’s affiliation with the Department of Veterans Affairs. These were considered unsafe and unsound practices and were done in part for personal gain. One might assume this was based on loan production but that was not specified in the orders.

The (now former) branch manager was penalized for failing to ensure those working for him were not violating Section 5 of the FTC Act and were not committing the misrepresentations expressed above. He was fined $100,000 and banned from banking. The former sales manager was also banned for the same misrepresentations and fined $12,000. Five other employees were fined a total of $163,500 in amounts ranging from $1,000 to $110,000. The actions they were accused of included luring consumers to apply for mortgage loans with low, unavailable loan prices that would not be honored and subsequently increasing the price before closing the loan, and misrepresenting to consumers that they could skip two months of mortgage payments and by misrepresenting to consumers the bank’s affiliation with the Department of Veteran’s Affairs. Two others were not fined but were recognized for their roles and required remedial training. The fines totaling $275,500 cannot be paid or reimbursed by the bank. These are personal fines.

While employees have personal liability for their own actions, the bank has the responsibility, the obligation, to ensure they understand the requirements of what they do and why. “This is the way we’ve always done it” is not good enough. If you are interested in reading more on these last enforcement actions, links may be found in the BankersOnline Top Stories pages, on February 26, 2024, under the heading of the FDIC January enforcement actions.

 

• OBA Feedback
• FCRA and HR
• Employees, Social Media, and Ownership
• Federal Preemption in Question

OBA Feedback

By Andy Zavoina

The OBA has had numerous requests about what can be done when a credit report is accessed on a consumer and that consumer becomes inundated with calls from other lenders competing for the loan or to offer ancillary services. The consumers tend to blame the bank and it is not your fault, but what can be done?

The calls are not new or innovative – just more prevalent in today’s market. This practice known as “event-based trigger marketing,” is legal under the Fair Credit Reporting Act (FCRA) even though it is often an annoyance to the borrower and then to the bank when you have to field complaints. The relationship between the bank and its customer can be harmed because the customer associates the unwanted solicitations with the bank. Bank customers across the country have reported a sharp increase in recent years in various unwanted calls, text messages, emails and other solicitations originating this way.

Based on my personal recent experience after a credit inquiry, many competitors immediately contacted me, the applicant, in hopes they could offer better terms than I already had pending, and the offers continued even after consummation. Further, vendors offering complimentary products began contacting me with references specifically to that recent mortgage loan. In my case it was a mortgage, and the offers (even a year later) are for a home warranty and specifically reference the XYZ Bank’s mortgage. In other cases, the offer may be for an extended car warranty for a recent car loan or a refi with emphasis on skipping a payment or lowering the monthly payment. The solicitations attempt to co-brand off the lender’s good name by referencing the lender and in some cases using the lender’s logo or font style. Unless the reader looks at the fine print, they don’t see the “not affiliated with…” disclaimer to avoid Unfair or Deceptive Acts or Practices (UDAP) or other issues.

We recommend advising your customers it is through no fault of the bank that this is happening and the best way to avoid the contacts is to opt-out at the credit bureau. Banks may even want to be proactive as the advice does little once the horse has left the barn.

There is a website consumers can visit, www.optoutprescreen.com or they can call 1-888-5-OPT-OUT (1-888-567-8688) that allows individuals to opt out from receiving these calls. The major credit bureaus operate the phone number and website and the standard opt-out is for five years. Using the same contact methods, they can opt out permanently but to do so must sign and return the Permanent Opt-Out Election form (which they get online). Your consumer may be advised to consider that as an option. Calling the opt-out line or visiting the site will only stop prescreened offers that are based on lists supplied by the major credit bureaus. Consumers could continue to receive offers for things like credit and insurance based on lists from other sources. Opting out also won’t end mail from local merchants, religious groups, charities, professional and alumni associations, and companies that the consumer already does business with. To stop mail from groups they must contact each sender directly.

On a related note, in August 2023, the White House announced a crackdown to protect consumers from third party data brokers. CFPB Director Chopra announced plans for new rules that would strictly limit the types of consumer data that may be sold by businesses and ensure that data brokers comply with the FCRA. Note that the recent complaints our bankers have been receiving will not directly benefit from this as the activity is not out of compliance with the FCRA, but it is a start.

There were actually two proposals being discussed. The first of the new rules would make a data broker that sells certain types of consumer data as a “consumer reporting agency.” The CFPB is considering a proposal that would generally treat a data broker’s sale of data regarding, for example, a consumer’s payment history, income, and criminal records as a consumer report, because that type of data is typically used for credit, employment, and certain other determinations. This would trigger requirements under the FCRA for ensuring accuracy and handling disputes of inaccurate information. It would also prohibit misuse of the information.

The second proposal addresses confusion about what is referred to as “credit header data” on a consumer report. The use of personally identifiable information is a necessity to data brokers and this credit header data is on reports sold by the big three bureaus, Equifax, Experian, and TransUnion. This header information includes key identifiers of the consumer, such as their name, date of birth, and Social Security number. The CFPB wants to clarify the extent to which credit header data constitutes a consumer report, reducing the ability of credit bureaus to impermissibly disclose this sensitive contact information that can be used to identify people who don’t want to be contacted. This is viewed as especially important to survivors of abuse.

And going full circle back to the original issue of event-based trigger marketing, in February 2024 the ABA Banking Journal reported that the ABA urged Congress to pass legislation to ban the sale of the consumer contact information to lenders who then inundate the consumers with unwanted solicitations. The ABA expressed support for S. 3502 (which was introduced and referred to the Senate Banking Committee) and H.R. 7297 (which has only been introduced so far), both of which would eliminate abusive event-based trigger marketing and limit prescreened credit offers to consumers who actually consent or who have a preexisting relationship with a bank.

So, what can you do today as we await proposals and bills to become effective? In addition to the www.optoutprescreen.com or call 1-888-5-OPT-OUT (1-888-567-8688) referral which the Federal Trade Commission recommends, the bank can take a proactive posture. If the customer is not looking for new credit or insurance from other than your bank, they may want to opt out for the five-year period or permanently. Again, these apply to prescreening solicitations only.

Additional resources the consumer may consider include the Do Not Call (DNC) list and the Direct Marketing Association (DMA). The National Do Not Call Registry was created to stop unwanted sales calls. It’s free. Consumers can register their home or cell phone number. They need to go to DoNotCall.gov or call 1-888-382-1222 from the phone they want to register.

Consumers may also register at the DMA website, DMAchoice.org to reduce promotional mail from marketers. It won’t stop all promotional mail, however, and they will have to pay a $4 processing fee, but the registration will last for 10 years.

DMAchoice.org also has an Email Preference Service that lets people get fewer marketing emails. Registration is free and will last for six years. Bear in mind none of these actually stop scammers and marketers who ignore the laws and the opt-outs, DNC list or DMA exclusions.

Banks with these complaints may want to produce a brochure, or web page they make available and can refer customers to, explaining what is happening. If I were creating such a consumer resource, I would hit these thoughts as I have highlighted them here. Certainly, you would want to elaborate on the points below based in whole or in part on the information above to meet your taste.

1. Why am I getting these calls after applying for a mortgage?
   When a consumer applies for a mortgage, the lender accesses the credit report for the applicants. Because the lender has to have a valid reason to get that credit report, the credit bureau now knows this consumer is looking for a new loan. Credit bureaus have to make money. One way to do this is to sell your contact information to other lenders who make loans similar to what you are applying for. Those lenders approach the credit bureaus and agree to buy a list of prospects on a very regular basis. This allows those other lenders to strike while the iron is hot. This may also facilitate the consumer getting the best deal available if they want to compare terms and pricing. Unfortunately, the lenders buying the lists often do not have a better deal, but go into a hard sale posture. To make matters worse, there may be multiple lenders with the same agreement, which reduces the ability to comparison shop and frustrates you with all the calls, emails and text messages followed by snail mail offers.
2. I like the terms I’m getting. How do I stop these multiple offers from pestering me?
   Unfortunately the credit bureaus want to make money and legally selling personal data is one way they accomplish that. By getting on the Do Not Call list, the Opt-Out Prescreen list and the Direct Marketing Association opt-out list, you can reduce future contacts. But what is done now, is done. Using voicemail and other filters on the media you use may help reduce the bother, but it will not eliminate it. In some cases, several types of solicitations may be forthcoming for a year or more, so actually getting on the opt-outs now can still help.

FCRA and HR      

By Andy Zavoina

It isn’t common that we in compliance get involved with Human Resources (HR) to check on the controls they use for compliance, but it is time to ensure the checks and balances are all in place. Both of these departments are highly regulated, and, in this case, Compliance should have a stronger grasp of the Fair Credit Reporting Act (FCRA), which is a key crossover regulation between Compliance and HR. I will provide the basic requirements here in the event Compliance has not yet but needs to incorporate HR into its risk assessment and audit calendar. I will say that a part of my FCRA annual audit included a review of the credit bureau bill. It was separated by terminal, so I knew which departments accessed the files. Then it was a case of finding the approved, denied, or withdrawn loan or employment file. One year, I discovered that HR was routinely accessing credit reports for employees being considered for promotion, and this was done without any notice to the employee before or after the decision was made. I considered it adverse if an employee was taken out of the promotable list due to information from the credit report or worse, if action was taken to demote or terminate employment. That had not happened, but the procedure adopted was simply wrong.

The FCRA imposes several restrictions and disclosure requirements on HR, just as it does loan staff, as to accessing, use and the impact of decisions made based on credit report data. Before HR obtains a credit report, it must give notice to an applicant or employee that it plans to pull a consumer report on them, and that it might use the consumer report information in its employment decisions. HR must also get the applicant or employee’s written approval to obtain the consumer report. The notice and authorization can be on the same page and must be in stand-alone format and not part of an employment application or other document, and it may not include any other authorizations or waivers.

If the bank uses information from the consumer report in its decision to take adverse action against an applicant or employee such as deciding not to hire, or to terminate or demote them, the bank must provide the applicant or employee with a disclosure before the adverse action occurs. This disclosure must contain:

1. A) A notice that the bank is contemplating adverse action;
2. B) A copy of the consumer report; and
3. C) A copy of the publication, “A Summary of your Rights Under the Fair Credit Reporting Act.”

   In addition, the bank must give the applicant or employee a reasonable period of time to respond to the notice of contemplated adverse action. Typically, five business days is the minimum period that is recommended. During this time, the bank should not fill the open job position or take other action that would constitute an adverse employment action against the applicant or employee. If the applicant or employee provides additional information, the bank must consider it, but is not required to reverse the decision. Much like a Reg B Adverse Action is intended to inform an applicant of the reasons for denial so they can correct the deficiencies over time and reapply, this is intended to provide time to correct a deficiency and secure that position which obviously cannot be held open indefinitely. It provides a short window for the applicant to explain or correct obvious errors.

After HR takes adverse action based on a Consumer Report, it must give the applicant or employee notice of the actual adverse employment action. This notice should be in writing and must include:

1) The name, address, and telephone number of the Consumer Reporting Agency that provided the Consumer Report;

2) A statement that the Consumer Reporting Agency did not make the adverse employment decision and cannot give specific reasons for it; and

3) Notice of the applicant or employee’s right to dispute the accuracy or completeness of the information the Consumer Reporting Agency provided, and the applicant or employee’s right to get a free copy of the report from the Consumer Reporting Agency if the applicant or employee asks for it within 60 days.

HR may contend that the necessary forms and disclosures above are all provided by a vendor or the Credit Reporting Agency itself. But these forms could still contain errors or be outdated and therefore should be reviewed for compliance just as loan forms are all reviewed for compliance and accuracy. The bank is still the one liable for deficiencies.

In this particular case the form in question, “A Summary of Your Rights Under the Fair Credit Reporting Act,” which is often referred to as a “Summary of Your Rights” disclosure is in Reg V, 12 CFR Part 1022 from the CFPB under Appendix K. The bank must provide the employee or applicant with a Summary of Your Rights in the form prescribed by the CFPB. We all know forms change from time to time.

In March 2023, the CFPB published an updated “A Summary of Your Rights Under the Fair Credit Reporting Act” form and the required usage begins March 20, 2024. The updated form added verbiage designed to alert the applicant or employee to his or her rights to place a “security freeze” on their credit report from a consumer reporting agency and the contact addresses for certain agencies such as the OCC were updated. This security freeze will prohibit the consumer reporting agency from releasing information in the job applicant’s or employee’s frozen credit report without their express authorization, and the OCC address was changed to include P.O. Box 53570, Houston, TX 77052 instead of the street address at 1301 McKinney. That is one way to know you have the current form; just look for the section using the term “Security Freeze.”

In researching the form for this article, I found many instances of the old form first. Because the new form (linked below) was optional for the last year but is soon to be mandatory (again as of March 20, 2024) it is a last opportunity to ensure your HR department is using the correct version.

New Summary Form linked from the BOL Regulations pages: https://www.bankersonline.com/regulations/12-1022-appk

Employees, Social Media, and Ownership

By Andy Zavoina

Does your bank outsource its social media work or have one or two enthusiastic employees who just “get it” and love posting on social media on behalf of the bank? If so, this brief article is for you because the bank needs to worry about work product and copyright and ownership of these accounts. If there isn’t a clear path on who owns these social media accounts, there needs to be.

JLM Couture is a company dealing in bridal gowns, bridesmaid dresses and the like. Like a bank or any other business, JLM sees value in a social media following. In this case JLM had a contract employee who managed, among other things, social media for the company. In JLM Couture, Inc. v. Gutman, the company and the designer had an employment contract. This contract was detailed and addressed most of their relationship, but not social media accounts. As you will imagine, there was a parting of the ways and a lawsuit that has gone on for over two years.

The case has gone from federal district court to the 2nd Circuit and back again. One issue was for work product and who owned the social media the employee was doing for JLM.

When the relationship ended, JLM claimed ownership of the designer’s Instagram, TikTok and Pinterest accounts. They argued that she created them in her capacity as an employee and it was a work product. Gutman argued that she created them in her personal capacity, they were registered in her name, and she did not pass ownership to JLM by agreeing to use her accounts to market JLM’s products. Part of JLM’s argument was that ownership passed because a provision in their contract with Gutman which provided that all “designs, drawings, notes, patterns, sketches, prototypes, samples, improvements to existing works, and any other works conceived of or developed by [the designer] in connection with her employment with the Company involving bridal clothing, bridal accessories and related bridal or wedding items,” are works for hire and the exclusive property of JLM.

Originally, the federal district court gave JLM control and created a six-factor test that it developed specifically for social media ownership disputes. On appeal, the 2nd Circuit disagreed with this methodology and ruled that traditional property law principles would apply. The 2nd Circuit noted that if Gutman created the accounts using her personal information and for her personal use, then she is the owner of the accounts. Gutman could have transferred ownership to JLM by contract but noted that transferring rights to content posted on the account is different from transferring ownership.

Some lawyers would potentially read this differently, as the 2nd Circuit did when it said the social media did not qualify as “other works” because under the general principle of contract interpretation “the ordinary meaning of general terms at the end of a list must be interpreted to embrace only objects similar in nature to those objects enumerated by the preceding specific words.” In this case, the items listed are closely related to fashion design and are things that might be sold to the public, but social media accounts are far separate from those.

My read on the case is that one party felt it could broadly interpret the agreement it had with an employee and say the company owned these accounts. But legally that was not as clearly stated as JLM believed. More than two years of lawyer costs and court fees have been billed and the case goes on. Social media accounts your bank feels it owns have value and should be in the bank’s name and tied to bank-owned email accounts and paid for (as necessary) by the bank. They should not be in an employee’s name just because that employee opened the account. Postings should not be mixed between personal and business purposes unless they are the same.

In my area, a successful high school athletic director and head football coach enjoyed many years of success with his team. Early on in these successful seasons he convinced the school board that they needed a new identity, and they became known as the “Bulldawgs” or the “Dawgs” for short, they play at Bulldawg Stadium, and he tweaked the logo that is virtually everywhere. But winning seasons don’t last forever, and the coach and school have parted ways. As he collected his severance, he reminded them that he would be generous and allow them to use the name and logo he copyrighted but only for a brief time. After that they could change it or license the rights from him. We will have to see how that goes, but years of litigation are not really an option and should not be for your bank either.

Federal Preemption in Question

By Andy Zavoina

The dual banking system we enjoy provides that banks can, in general, choose to be chartered as a national or a state bank. This choice leads to determining who a bank’s primary regulator will be and what laws and regulations will apply to it. National banks still have to follow some state laws and state banks still have to follow some federal laws, so it is never “all or nothing” but there are advantages to and disadvantages to each.

National banks are still subject to many applicable state laws such as those affecting contracts, property rights, and debt collection, when those state laws do not conflict with the purpose of a federal law. Nonetheless, federal law preempts state laws that interfere with the powers of national banks. The doctrine of federal preemption is grounded in the Supremacy Clause of Article VI of the Constitution and the Supreme Court has held that, “under the Supremacy Clause . . . any state law, however clearly within a State’s acknowledged power, which interferes with or is contrary to federal law, must yield.” The Supreme Court held that the National Bank Act of 1864 (NBA) preempts state laws that “significantly interfere” with a “national bank’s exercise of its powers.” In some cases, a federal law explicitly says it will preempt others and in some cases this is implied. The Office of the Comptroller of the Currency (OCC) is the primary regulatory agency to oversee national banks and it has taken a broad view of the preemptive effects of the NBA.

One question that is currently being posed is to what degree does a state’s law have to “significantly interfere” to  be overridden by a federal law?

In a case with the decision still pending, Bank of America N.A v. Riffard is one of two we will discuss arguing preemption. In this case, Bank of America believed the Wisconsin Consumer Act (WCA) did not apply to it. Jean-Pierre Riffard had two separate credit cards from Bank of America and defaulted on the monthly payments on each account. Bank of America sued Riffard for breach of contract due to his nonpayment. Riffard argued the case should be dismissed because Bank of America never provided him with notice of his right to cure before accelerating his debt and suing him, as required by the WCA. Bank of America argued the NBA preempts the WCA.

The WCA is a state law that regulates consumer credit transactions and debt collection. Under section 425 of the WCA, a creditor must give a consumer notice of any default on a credit account and an opportunity to cure the default.

The Wisconsin circuit court hearing the case agreed with Bank of America but noted there are differing results from the court on this matter. The Eastern District of Wisconsin held the WCA provision is not preempted in Boerner v. LVNV Funding LLC (2019). Contrary to this the Western District of Wisconsin held the WCA is preempted in Lako v. Portfolio Recovery Associates (2021). In Lako, the district court concluded “the WCA goes beyond debt collection and sets conditions on the lending relationship between the creditor and the borrower.” The court also noted in Lako the WCA not only prohibits the debt collection, but also acceleration of the debt until state required notices are made.

Last November the case was heard by the Wisconsin Court of Appeals. Riffard characterized the WCA’s notice-to-cure provisions as debt collection rules that are not preempted while briefs in support of Bank of America argued that applying cure notice requirements to national banks would subject them to each state’s regulatory requirements and defeat the NBA’s purpose of having a uniform regulation for national banks.

On February 27, 2024, the Supreme Court of the United States (SCOTUS) heard oral argument in Cantero v. Bank of America, N.A. In this case the question is whether the NBA preempts a New York statute requiring banks to pay interest on mortgage escrow accounts. The 2nd Circuit ruled that the application of the New York statute to national banks is preempted by the NBA, and this reversed a lower district court ruling.

The OCC has provided preemption regulations for the benefit of national banks so that each can rely on these rules and choose not to comply with many of a state’s consumer protection regulations. As SCOTUS contemplates this Cantero case, if it does not believe the NBA preemption applies to the New York law, it will directly call into question the validity of the OCC’s preemption regulations. This would mean that all national banks should then reconsider any preemption laws it is taking advantage of which could also be questioned and determine whether the bank must now comply with those state consumer protection laws and regulations. If SCOTUS provides an adverse ruling to Bank of America, it could be adverse to all national banks and trigger a wave of actions by state Attorneys General as well as private litigation against national banks based on violations of state consumer protection laws and regulations, as in the Riffard case. Would these actions be limited to a SCOTUS decision date forward, or be retroactive and open to many class action cases? There is no crystal ball that could force the probable causes and effects of such an action, but in researching this article I did come upon an October 12, 2000, article in The Oklahoman addressing one charter switch by the then new Peoples Bank of Oklahoma. The article stated, “Within 30 days, the bank… had virtually doubled its monthly income. Its lending limit had climbed from 15 percent to 30 percent of its capital. In addition, the bank’s annual regulatory fees had dropped significantly.

“We’ll save six or seven thousand dollars a year just on the fees we pay,” board member Randy Wright said. “That’s almost a month’s income. With a small bank like ours, every dime counts.” The article went on to point out, “For Peoples Bank, the decision to convert was purely financial.”

For other banks, like Arvest – which converted four banks this summer – the change had less to do with economics. “We eliminated two regulators. We did it to simplify things,” said Neil Schemmer, chief executive officer of the recently converted Arvest Bank in Norman. “Until this summer, all but five of the 16 banks in Arvest’s holding company were state-chartered banks,” Schemmer said. “Now, all but one are.” There may be many reasons for banks to make charter choices. If there are fewer NBA protections, that may affect banks’ consideration of a national bank charter choice.

• CFPB Proposes New NSF Fee Rule
• Overdrafts — Comments Requested

Editor’s Note: We do not usually write about proposed rules in Legal Briefs because so much can change between publication of a proposal and issuance of a final rule. However, we believe that Oklahoma’s bankers need to know about both of the recent CFPB proposals discussed in this edition.

CFPB Proposes New NSF Fee Rule

By John Burnett

On January 24, 2024, The Consumer Financial Protection Bureau announced a proposal for a new regulation on non-sufficient funds (NSF) fees. That should not have been a surprise, because the CFPB mentioned the possibility of a rule on NSF fees at least as long ago as 2022, when its Fall Regulatory Agenda indicated the Bureau was considering whether to issue new rules regarding them.

Now, the “other shoe” has dropped. Perhaps we should call it “a mismatched shoe,” because the new regulation proposal does not reference current financial institution practices regarding NSF fees. Instead, it anticipates that a bank or credit union might just be looking for a new fee income source, and the Bureau proposes to “nip it in the bud” before the idea can become a reality.

In short, the Bureau wants to ban something that almost no one (that the Bureau knows of) practices, but someone might try in the future. Here is what the proposal is all about.

It happens all the time — Someone taps their debit card on a POS terminal at Walmart to pay for a cartload of groceries, and the terminal displays “denied” or provides some gentler negative response because the cardholder’s bank account isn’t up to the task, the well is dry, or, in banker-speak, the account balance is “non-sufficient,” and the bank will not approve a transaction that would overdraw the account. The same result can be seen at an ATM, and in some peer-to-peer transfer networks.

The Bureau thinks that there might be a bank, credit union, or P2P network out there looking for ways to replace some of the fee income it has given up (perhaps in the current campaign against “junk fees”), and counting the number of NSF responses it sends back on ATM, POS and transfer authorization requests to see if they might be leaving some fee income on the table.

So, in a remarkably short (only 68 pages in all, with just over one page devoted to the words of the regulation) Federal Register document, the Bureau has proposed as new regulation (Part 1042) to say, in essence, “Don’t you even THINK about doing that!” by borrowing the definitions of “account” and “covered financial institution” from Regulation E and defining a “covered transaction” as “an attempt by a consumer to withdraw, debit, pay, or transfer funds from their account that is declined instantaneously or near-instantaneously [sic] by a covered financial institution due to insufficient funds.”

That’s followed by a definition of “nonsufficient funds fee” as “a charge that is assessed by a covered financial institution for declining an attempt by a consumer to withdraw, debit, pay, or transfer funds from their account due to insufficient funds” regardless of how the financial institution labels the fee. Then the proposed rule declares the charging of such a fee to be an abusive practice and prohibits it. A short little regulation with three little sections, about 270 words (including headings), and no official interpretations (as proposed).

I will not ask whether your bank has been thinking about imposing these “real-time” NSF fees, or whether, after reading the proposed rule, your bank changed its mind.

Comments are due by March 25, 2024. If you have a comment to offer, check out the guidance for commenters at the end of Andy’s article below.

Overdrafts – Comments Requested

By Andy Zavoina

In late 2023 there were a reported 4,645 commercial banks, 574 savings and loan associations and 4,994 credit unions in the United States. That is 10,213 financial institutions if you do not want to do the math. This gives you an idea of the “universe” which can be impacted by a new rule or interpretation. But some rules and interpretations do not actually affect all financial institutions.

When a new proposal or rule is published, the first things I would do is determine the impact of the proposal on my bank based on a general description, and if it will apply to me, when is it going to be effective? Well, on January 17, 2024, the CFPB released its proposal to “close the overdraft loophole that costs Americans billions each year in junk fees.” How will it accomplish this? With a tweak of a few words in a few regulations in certain conditions overdraft fees will be considered finance charges under Reg Z and Truth in Lending. Now my head begins to spin as I fear making APR disclosures, usury limits, periodic statements and those things associated with loan closings and lines of credit. But am I getting ahead of myself? To be clear, this rule will impact only the largest banks, those at or over $10 billion in assets.

If your bank is not in that category, please DO NOT STOP reading now and move on to more meaningful issues affecting your bank. While the CFPB estimates only 175 financial institutions will be impacted, and the math tells us that this amounts to a mere 1.71 percent of all financial institutions, there are some people who believe this rule could trickle down to smaller, community banks. According to the FDIC, Oklahoma has 178 banks with main offices in Oklahoma. Only a small percentage of these will be in the larger bank category and subject to the new rule, when and if approved.

Think about the process involved in a Notice of Proposed Rulemaking (NPRM). A proposal is made, and comments are requested. In a proposal that will relieve the American public of paying “billions of dollars” each year in non-sufficient funds – junk fees – charged by “banks” (meaning the financial institutions referenced above) where will the comment letters in support of, and against, all or some of the proposed rule come from? Will more come from the consumer protection organizations and the American public, or from those 175 banks? And will the final rule indicate overwhelming support for the proposal based on the comment letters, or that thoughtful comments indicated that overdraft fees are not always bad, these serve a purpose, and help in controlling fees in general charged by banks, they act as a deterrent for writing bad checks and should not be mischaracterized as “junk fees.” Would you be surprised to read that “based on overwhelming support of the proposal” it is approved? And do not forget the political aspects of this in an election year. The president and his staff have dwelled on junk fees and the large dollars collected by banks from consumers.

I want to explore the concept of “consumer protections” and the intent of these rules and contrast this to rules applicable to larger banks as compared to smaller banks. Using the Home Mortgage Disclosure Act (HMDA) as an example, when reporting is limited to larger institutions, the amount of data gathered is proportional to the size of those lending institutions. By limiting the application of the rule to the larger volume lenders the public gets the vast majority of the lending data gathered. Having such a rule excluding the smaller lenders makes review and analysis of trends much easier and it is cost effective, especially for those smaller lenders who have the same data gathering burden but far few resources and less technology to meet the requirements. Having the smaller lenders exempt from reporting takes away little data. In years past the CFPB did increase the reporting threshold for HMDA applicable loans. This increased the number of exempt lenders and therefore took away a small amount of data. It worked just as planned. The public and regulatory agencies received useful data and the smaller lenders were able to still make loans supporting the housing efforts of their communities yet deploy funds and assets elsewhere to facilitate an overall more effective community bank.

But no good deed goes unpunished. There was a court case which argued that data was necessary to properly evaluate the housing efforts of even the smaller lenders and the action was successful. The argument that less data still accomplished the goals of HMDA was not enough and the CFPB did not appeal the decision. The threshold dropped to its prior limit. Now a larger segment of smaller volume lenders is once again recording and reporting HMDA information. My point is, the objectives were met even with the higher limit, but the argument that a more microscopic application better meets the needs for more finite reviews prevailed. At the end of the day, consumer protections against discrimination were deemed better met by applying the rules uniformly down to smaller lenders and eliminating only the smallest of low-volume lenders.

Contrast this HMDA example to a true consumer protection regulation. The former is based on a bulk of transactions and analysis using a broad brush, and the latter is based on individual transactions. The overview of the proposed overdraft fee rule includes three important points.

1. The proposal would require very large banks to treat commonly used overdraft protection as credit, making it subject to Reg Z disclosure requirements and other protections that apply to credit cards and loans.
2. The proposed rule provides those banks subject to the rule two options on how to approach handling overdrafts. The bank could offer overdraft loans, officially offering lines of credit and triggering a multitude of disclosures and statements (e., processing) meaning potentially systems improvements and all that comes with such an undertaking. Alternatively, the bank could offer overdrafts as a courtesy service where fees do not exceed costs and losses, using a “breakeven standard” calculation or, optionally, a “benchmark fee.” Currently these benchmark fees being proposed are $3, $6, $7, or $14. The CFPB estimates the average fee is currently $35.
3. The new rules would apply to banks and credit unions with $10 billion or more in assets and, if finalized as proposed, would go into effect in October 2025. That provides nearly two years to prepare from the publication of the NPRM.

Under a data gathering rule, there is the broad brush used to effect protections and these take extended periods to provide substantive information to act on. In this proposal it is individual transactions which will be impacted. Which is truly the most effective form of consumer protection? There is no denying that individuals who are protected at each transaction receive the most benefit and more quickly than is derived from data which takes years to accumulate and analyze. How can any regulatory agency that is responsible for consumer protection actions justify applying such a rule based on the asset size of the lender when all banks are subject to Reg Z already? A depositor with an overdraft at a smaller community bank would not be entitled to the same protections afforded a similar consumer at a larger bank even when both banks are subject to the same regulation that provides the protections.

If you are keeping a tally of the impact this rule poses and are comforted by the fact that your bank is under the $10 billion threshold, do not take that sigh of relief too soon. The CFPB has hinted at potentially applying this rule to smaller banks, stating that the CFPB intends to “monitor the market’s response” before deciding whether to expand the scope to smaller banks in the future. In the future it would be quite easy to justify expanding this proposal to all banks.

I ask you, what is the “market’s response” to this proposal if fewer than 175 banks comment? Certainly, banking organizations will respond but I would add that thoughtful comments from the smaller and as of yet unaffected banks need to be made to better protect those who do not want the options described above in their future. I would add that once the larger banks have adapted to the new rule and vendors have worked through the technological hurdles, it will be deemed a much easier process for smaller banks to adopt the same rules.

As a brief background, Congress gave us the TILA in 1969 and the Federal Reserve then gave us Reg Z to implement it. As to the use of currency, checks were frequently used by consumers to send money and pay bills. Zelle and similar programs were not invented. Check volume was huge and growing annually. It was recognized at that time that check processing was labor intensive. The processing technologies banks have used for decades did not exist then. Checks were manually encoded, and the items were compared to account balances. They were typically manually reviewed, account analysis was completed, and someone made a decision to pay or return an item. The bank had policies that would have included considering how long the bank has had the account, the average deposit balance, when deposits were made (direct deposit was not required  or even highly encouraged until the 1970s) and how often the account had checks presented that exceeded the available balance. It was a costly and manually intensive process. The Fed exempted overdraft=related costs from Reg Z requirements if the bank honored a check when its depositor “inadvertently” overdrew their account. Over recent years banks have been careful not to confuse inadvertent overdrafts with lines of credit because the costs of disclosing the latter can be high and smaller banks may not even have the technology to meet the Reg Z disclosure requirements. Overdrafts were not nearly as frequent in 1969 as today, and banks imposed fees to cover these processing costs as well to incentivize the depositor to not overdraw their account.

Banking technology has come a long way, and these costs are now greatly reduced and may be deemed truly minimal, other than the costs of the technology used and the cost of funds. Reg Z has retained this exemption, but this is what is now being considered for removal. This intentional exemption is the loophole in question.

The loophole is in the definition of “finance charge” at 1026.4(c)(3). Paraphrasing from the NPRM, page 64, “These proposed changes require compliance with not only Reg Z when providing higher than breakeven overdraft credit services described below, but would allow those banks to continue to comply with Regs DD and E when providing non-covered overdraft credit services at or below breakeven pricing. This means the banks that have invested in compliance with Regs DD and E could maintain their current processes for providing consumers with non-covered overdraft credit so long as it priced such credit at or below breakeven pricing.” Reg E will require some tweaking as well to allow complete compliance with this proposal and as credit products, banks may start reporting these overdraft lines to credit bureaus.

Reg Z would have new key terms and definitions that would become commonplace in discussions as operations and lending bridge these overdraft gaps, terms like, overdraft credit, above breakeven overdraft credit, covered asset credit account, covered overdraft credit, covered overdraft credit account, and hybrid debit-credit card.

I also find it interesting that it is never mentioned that in most cases writing a check against non-sufficient funds is typically a misdemeanor, a crime. Neither banks nor regulatory agencies should encourage such an act. Providing both payment options, the approval of an inadvertent item and a line of credit cause the items to be paid rather than returned, avoiding misdemeanors and fees from those on the receiving ends of the checks. This protection ends when banks begin returning the items because they cannot pay the items due to cost inefficiencies. These inefficiencies will be based on the lower income derived from overdrafts, potentially increased costs due to losses and the cost of technology to support lines of credit if that is what banks opt to offer.

While banks can continue to provide courtesy overdraft credit as is often done now, the fees which will be regulated would be assessed against a breakeven calculation or a benchmark amount. If the fees are equal to or less than these metrics, the overdraft credit provided would not be subject to Reg Z. Using this low-cost approach will exempt the bank.

1. To use a breakeven standard the CFPB would require the bank to determine its total direct costs and charge-off losses for providing overdraft credit to all accounts open at any point during the previous 12 months. This amount would then be divided by the total number of overdraft transactions attributable to those accounts occurring in the previous 12 months. The proposal includes guidance on the types of costs and charge-off losses that a bank may consider when making this calculation.
2. The CFPB proposes to set this alternative fee, a breakeven fee at $3, $6, $7 or $14, and the Bureau believes this would create a “simple bright-line method” for the very large banks to use when assessing whether the overdraft credit they provide is below or above the breakeven threshold. The CFPB reached each of the benchmark fees by applying different calculations to relevant data collected from eight of the large banks.

The alternative to use of the breakeven or benchmark fees is overdraft lines of credit. Overdraft credit can be provided at a cost higher than the breakeven standard or the benchmark fees described above, but the cost to the bank is that these would be subject to Reg Z.

This compliance would require treating transfer fees (line of credit to overdrawn account) as finance charges, or the bank can eliminate those fees altogether. This line of credit then offers consumers a means of repaying their overdrafts other than by preauthorized EFTs. This line of credit facility also means compliance with the regulatory provisions in Reg Z that apply to credit cards that would newly apply to certain types of covered overdraft credit. This requires systems and new skillsets for your staff.

Banks would then be required to make mandatory disclosures to consumers disclosing the cost of credit and more. Hybrid debit-credit cards used by consumers to access overdraft credit would be subject under the proposal to the Credit Card Accountability Responsibility and Disclosure (CARD) Act-related sections of Reg Z. These would include, but are not limited to, ability-to-pay underwriting requirements and limitations on penalty fees.

The proposal also requires that overdraft credit be structured as a separate credit account, not a negative balance on a checking or other type of transaction account. The underlying checking or transaction account would be considered the asset account and tied to the separate credit account created for the overdraft credit. This separate credit facility would have its own due date at the same time for each period. That means that if a $100 item is paid on the first against a deposit balance of $40, the $60 goes to the credit facility. If a deposit of $100 to the deposit account is received on the second, there is no setoff available. The $60 owed is under the credit line and is not owed until the billing is due, possibly at the month end, as an example. The billing dates will have to be on the same day of each billing cycle.

The banks subject to the proposed new rule would also be prohibited from compelling consumers to use automatic payments to repay overdraft credit, which would effectively require them to provide consumers with at least one alternative repayment option.

One point I have not seen addressed yet includes those consumers subject to the Military Lending Act (MLA). The bank would need to know who these consumers are in order to meet the disclosure requirements of the MLA. Currently the MLA is moot. In the FAQs published in the Federal Register, Vol. 81, No. 166, Friday, August 26, 2016, under Section II, question 1, it asks, “What types of overdraft products are within the scope of 32 CFR 232.3(f) defining ‘‘consumer credit’’?” The answer includes, “The MLA regulation generally directs creditors to look to provisions of TILA and its implementing regulation, Regulation Z, in determining whether a product or service is considered “consumer credit” for purposes of the MLA. Also, the supplementary information to the July 2015 Final Rule discusses coverage of overdraft products.

The MLA regulation defines “consumer credit” as credit offered or extended to a covered borrower primarily for personal, family or household purposes that is either subject to a finance charge or payable by a written agreement in more than four installments, with some exceptions. The exceptions include “residential mortgage transactions; purchase-money credit for a vehicle or personal property that is secured by the purchased vehicle or personal property; certain transactions exempt from Regulation Z (not including transactions exempt under 12 CFR 1026.29); and credit extended to non-covered borrowers consistent with 32 CFR 232.5(b).”

If overdrafts are paid from a line of credit and are subject to Reg Z, in addition to the CARD Act and ATR, there will be MLA requirements. The bank will have to know if it is dealing with a covered borrower at the time the credit is offered. This includes dependents. There are written and oral disclosures required as well as a Military Annual Percentage Rate.

Most banks are aware of the “all in fee” nature that the MAPR has resulting in a higher rate than Reg Z APR. But the open-end MAPR is different still. From the CFPB exam manual — “…the MAPR for open-end credit should be calculated following the rules for calculating the effective APR for a billing cycle as set forth in 12 CFR 1026.14(c) and (d) of Regulation Z (as if a creditor must comply with that section) based on the charges listed above. Even if a fee is otherwise eligible to be excluded under 12 CFR 1026.14(c) and (d), the amount of charges related to opening, renewing, or continuing an account must be included in the calculation of the MAPR to the extent those charges are among those in the above Types of Fees to Include in MAPR Calculation.” While the MAPR will still be capped at 36 percent and presumably all the fees will be compliant and reasonable, the minimum fees will have to be weighed against the amount of the credit and the date of the payment due from the consumer. How close to 36 percent could possible scenarios get? When and how often will banks be required to verify with the DMDC database that their overdrawing consumers are covered or not?

There are many questions, and I believe that every banker who reads the 211-page proposal will ask themselves similar questions, but also a few unique ones. Comment letters that all banks are encouraged to submit should pose these questions so that guidance can be included in a final rule and not offered in the distant future when the questions are real and not hypothetical.

While this article is not intended to serve as a how-to on writing a comment letter, I am asking all banks with an interest in the overdraft topic now or in the future to seriously consider sending one. Therefore, I will include points common to comment letters though few comment letters would ever be considered wrongly sent.

1. Read the entire proposal to best understand the requirements and ask meaningful questions supported by realistic and factual scenarios to support them.
2. Where any questions are asked in the NPRM of those submitting comments, answer them. This increases the usefulness of the process especially in those which ask, “what is the impact of…” on a bank or consumer.
3. Use facts and refrain from personal comments such as “the proposal is unfair because…” or in this case, “the consumer wrote the check, and we disclosed the fee and that’s all that matters.” That would take the process nowhere and is often just subjective. Cite facts and conditions which support the bank’s position that this is a cost-effective option when considered overall. If more checks are being returned the consumer will suffer more costs, especially from merchants not obligated to keep fees low for returned payments, and for consumers who later find it harder to bank anywhere due to poor management of checking accounts in the past.
4. Specifically quote the proposal where appropriate so the reader knows exactly what your comment pertains to.
5. Some banking organizations may prepare comment letter templates. These are useful as to providing guidance on topics and formats. But the regurgitation verbatim of someone else’s comment letter is nothing better than a tick mark for, or against something as the comments have already been stated and read. It will add to support your position, but in a less meaningful way.
6. Offer suggestions on issues that are realistic and meet the goals of both your bank and the consumer’s needs for protection. After reading the proposal, you will read about issues such as, “For example, CFPB research found that in 2012 the median overdraft fee was $34, the median size of a debit card transaction incurring an overdraft fee was $24, and that the majority of non-covered overdraft credit transactions were repaid within three days. Putting these figures in lending terms, the annual percentage rate (APR) for such a non-covered overdraft credit transaction would be 17,000 percent (if transaction fees were included in the APR calculation).” This is where the cost to actually process a transaction comes into play, as well as losses and collection expenses. I see the APR as less of an issue when the fees are reasonable. It is not enough to say an APR is not reasonable when the actual fee is only a matter of a few dollars. Expressing that minimal fee as an annual rate provides an unbalanced calculation.
7. Balance your comment letter based on the bank’s experience as a whole. That is, consider the side of the loan department as well as operations for the big picture.
8. The pounds test is not a goal to be met here. Do not add comments that go on and on so that if printed, you will have the longer document. Succinct and meaningful comments that convey valid points will be held in higher regard as being productive for all. You don’t need to address every issue raised in the proposal. Focus on the elements most important to you and your bank.
9. If you read other comment letters or reports in the press, you will understand those who disagree with your position. With this understanding you can better offer intelligent counterpoints.
10. The comment period for this proposal ends April 1, 2024. You should have your letter in by that date. Sending it electronically is the fastest and easiest way to make a submission. Prior to sending yours, you can read others that have been submitted and remember your comment letter will also be publicly available. For this reason, bank management and/or counsel may want to be involved in the process. The NPRM itself contains instructions for all this.

 

• ’Tis Still the Season — Security and Fraud Losses
• MLOs Hirable Now — Changes in Section 19
• AI in Banking

’Tis Still the Season

By Andy Zavoina

Security and Fraud Losses

The holiday season has ended and now it is all about the returns. Side note – it is a great time not to be working at Amazon. What does all this have to do with banking? Money. Your depositors have it and there are thieves out there who want it even more than the retailers. When a retailer is paid by your customer, it is because your customer spent their money at that store. It is an honest buyer and seller relationship. But there are thieves out there waiting to scam and steal from your customer. In many cases, when the thieves steal your customer’s money, they are really stealing from the bank by using the weakest link, the customer, to get access to it. Some of these customers may be negligent and others fall for a good story filled with deception and technology tricks. The type of customer and type of loss will influence whether the customer or the bank will be taking this loss.

We have all seen check fraud increase even as the overall use of checks has declined by 7 percent according to the Federal Reserve. One report indicated that 70 percent of banks have experienced an increase in fraud over 2021. Fraud losses are increasing by about 65 percent from $2.3 million in 2022 to $3.8 million in 2023.
One barometer to see what is happening on this front is the growth in the numbers of Suspicious Activity Reports (SARs) for check fraud cases filed by banks. According to Financial Crimes Enforcement Network (FinCEN) data, it is up 201.2 percent between 2018 and 2022. With 447,525 SAR check fraud reports in 2023 through October, the year was on track to beat the 2022. Check fraud SARs have increased more for personal and business checks than for any other financial instrument. Check fraud accounts for one-third of all the fraud banks are experiencing, excluding mortgage fraud.

The Federal Trade Commission (FTC) estimates Americans lost $330 million to text scams in 2022. That is up from $86 million in 2020. Text messages are fast, cheap, and easy to send from anywhere. The median loss in cases like these is $1,000.

Your consumer customers are often the main target of these thieves, especially during peak sales seasons such as the holidays we are now recovering from. You may not have heard of all the fraud committed yet, as many customers will not be aware until they have their latest statements – that is, if they actually review them.
Scams accounted for 12 percent of the fraud transactions, with two key scams standing out. The first is a thief impersonating a bank security or support person and the other is an IRS scam. The former instills a fear of immediate loss with the hopes of an immediate recovery if they act fast, and the latter one of red tape and a never-ending issue of audit, collections and threats of arrest.

Let’s look at business customers. Say your business customer “A” regularly pays business “B” for services rendered. One day an employee in accounting receives an email from a person at “B” they frequently correspond with. The message says they have changed banks and provides new payment routing information. What is the proper procedure here? Should “A” verify these changes with a trusted source at “B” or make the changes and move on? Business email compromise (BEC) happens, and if that email is not questioned and verified, future payments will go to a thief and the payor will not be aware until “B” contacts them about the past due status. As soon as funds reach the thief’s account, they are almost immediately wired out and unrecoverable. If either the payor or payee is aware of the payment within a day, there is a chance for a recovery. In instances like this the payor still has to make a payment, and “B” may be having cash flow problems while this is figured out. The payor’s procedures will be questioned, and the bank may be held to blame if its customer is the payor in this scenario. Why the bank? Because it has deep pockets. and customers who demand privacy also believe the bank knows this payment is uncharacteristic for one or more reasons.

BECs often take the form of fake invoices from real vendors or business partners, fake requests from upper management to transfer funds to a bank account that actually belongs to the attacker, and fake notifications from real vendors and business partners of changes in banking account information. These bank customers are not protected by Reg E and the Electronic Fund Transfer Act, but they may be under the Uniform Commercial Code (UCC). That is their hope, and the bank may be their best chance for recovery. The fact that the bank followed the payment order it was given is a moot point. But there is hope for the bank. Review UCC 4A-207 in situations like this. This section provides that if a payment order (including wire transfers) received by the payee’s bank includes the payee’s name and a different account number than the payee’s real account number, the bank is not liable for the misdirected wire unless the bank had “actual knowledge” that the payee’s name and account number referred to different persons or entities. The bank does not need to affirmatively determine whether the name and number refer to the same person. UCC 4A-207(b)(1). But if someone in your wire room is keying in information on incoming transfers and your system displays the account owner name before the input date is checked and “enter” is clicked, it will be hard to claim the bank was not aware of a mismatched name and account number.

Much of the loss prevention effort employed by banks today is older technology dating back to the 1990s. Those banks experiencing sizable amounts of check fraud losses should invest in newer technology and these banks should see a significant return on the investment as losses are curtailed. Artificial Intelligence (AI) can be employed and will make it easier, for example, to detect unusual transactions in a customer’s account and immediately confirm those transactions with the consumer. This technology can play a dual role to both reduce fraud and indicate Bank Secrecy Act red flags on transactions and account relationships.

The customers can take another preventative measure themselves as banks tout the security of using electronic payments over paper. Businesses have many cost-effective options such as automated cash management services. At the end of the day, their loss exposure is lessened with each check they do not write.

Banks must do a more effective job of educating customers about security. A recent survey by PYMNTS.com indicated customers prefer multifactor authentication (MFA) each time they access their accounts and send or receive funds. According to the poll, eighty-three percent of respondents said they want MFA for riskier transactions, such as accessing a bank account from an unknown device, changing personal information in a bank account, and spending or sending larger sums of money electronically. Sixty-two percent wanted MFA for routine transactions such as accessing a bank account from any device or transferring money to family and friends. More than half said they prefer MFA for low-risk transactions such as paying bills, rent or loans. Smartphones are making this easier than ever with biometrics such as fingerprint and facial recognition to act as their MFA.

When I was in the military there was always the same lesson plan to be followed when teaching, which is what the bank should be doing here. Tell them what you’ll tell them, tell them, and tell them what you told them. It is difficult to get the attention of customers and to convince them that security of their access information is everyone’s job. So, you must constantly remind them and mix your messages about security protocols. Marketing needs to work with compliance, security and those who investigate fraud and other losses to deliver the message.

1. Does your bank encourage customers to review their statements or at least regularly review their balances and transactions online? Perhaps customers can be incented to do either or Marketing can make doing so fun in one way or another. But customers need to be reminded of this important responsibility.

2. When sending One Time Passwords (OTP), think of those six-digit codes to verify the device and access authorization to the account as the same, and ensure that each one clearly says, we will never ask you for this code. That is a very common technique for that thief to get access after sending thousands of text messages like “XYZ bank – we need to verify your $5,026 transaction at Big Box, reply “Y” to accept the charge and “N” to deny it. If you have a question, call the bank at 623-387-6862.” All the customer wants is to refuse the charge. The thief will get a verification that this a fish is ready to take the bait when they reply “N,” or the customer will call, and the hook will be set. The thief discusses how this happened and what needs to be done to save the customer their money and part of that is verifying they have the right customer. To do that the bank (thief) will send a six-digit code and the customer needs to give them that number back. That is when the customer must have had positive reinforcement TO NEVER GIVE THAT OTP CODE OUT. Even when the security officer says it is OK this time. The security officer/thief will immediately change that password to the account and clear out the balance. The bank is then carefully reviewing Reg E to see who is liable for the losses — the bank or the consumer. And by the way, the “bank’s phone number” above translates on the phone touch pad to “MAD EUP NMBR” and if your customer is calling the bank, they should look for a known number. That “direct” line is not to the bank in any way.

3. Check washing is very popular again. Blue or black gel pens are preferred for checks as that ink is much harder to remove. Like yard signs that tout protection services, they may be real or not, but it is easier to move to the next house than find out. Skipping the gel inked check for the next one is a logical move as even for thieves, time is money.” And remind customers to avoid dropping outbound mail in those blue boxes or leaving it in their mailbox with the flag up. Have it picked up by postal personnel or drop in a lobby slot at the Post Office.

4. Use the internet banking bill pay services when checks are needed for recurring payments.

5. If the customer transfers money using Zelle, PayPal and the like, have they verified who they are sending that money to? Sending $1 and getting verification that it was received with a call or verified text and then sending the rest can save money when there is a thief or just a wrong number.

6. When it comes to passwords, four-digit numerical PINs are terrible security even though there are 10,000 possible combinations. Hackers who steal phones are not sitting at the table trying 0 – 0 – 0 – 0, then 0 – 0 – 0 – 1, and so on until it works. A four-digit PIN can be cracked by a computer in less than a second. Six-digits are better but ‘real” passwords are better yet, and biometrics are best. If the desired security is “something they have” and biometrics is not acceptable to customers or is one part of a verification process, another option is a security key. These cost about $50, and a device will not unlock or a site requiring logon credentials will not work without the physical key. The less expensive way to accomplish this is with a OTP generator so the customer has to know where to go and to sign in to get the OTP.

Good security is a pain in wallet area, but also a great preventer of another pain in the wallet when a customer finds out their accounts have been drained, that lines of credit were accessed automatically to cure overdrafts, and that they still have to replace the phone they lost.

7. Teach customers not to click on links or respond to text messages from an unknown source. When a text comes in asking, “This is Tina. Are we still on for lunch tomorrow at 1?” They are setting that hook and looking for a sucker. If they find that elderly, lonely customer with a savings account, suddenly the thief is a caring and good person who is willing to talk and spend time with them. Have no doubt money is the motive and that thief has no remorse as to the effects of what they do. When such a text comes in, either block the number and delete the message, or reply, “wrong number” and then block and delete. If interested, the FTC asks that suspicious texts be reported to ReportFraud.ftc.gov or forwarded to 7726 (SPAM).

8. Remind commercial depositors about BEC and account takeover thefts and encourage them to protect themselves.

Customers, all customers, should be reminded with paper statements, e-statements, when they log on to internet banking and when they receive an email or text message from the bank. In some cases, just email or text the reminder solo, without any other message. Just like for scammers, email and text messages are easy to send in bulk and inexpensive.

Another common scam is the undeliverable package. Here is one from my spam box as I write this article.

“ZAVOINA, you have (1) package pending in our warehouse.

Unfortunately, we could not deliver your postal parcel on time because your address is not correct.

Please reply to us with the correct delivery address. ___ here ____

Best regards,

Track & Trace Rewards”

There were various emojis in this HTML email and the thieves wanted the receiver to click the HTML link. They will attempt to get more information, especially banking info, or infect the computer. When was the last time you received a computer-generated message like that from Fed Ex, UPS or another professional company? My old home, in the city limits and to which packages are regularly delivered, is not difficult to find. Yet the only reason the scam is being run is because it works. In a recent cybersecurity presentation I attended, one session discussed when law enforcement recovered the original mailing list from a thief. The police contacted those on the list and found that 18 percent of the recipients had responded favorably to the thief. Your Marketing department would be ecstatic to have a near 20 percent response to a mass mailing.

I recently taught on my own experience where my Apple password, then 10 characters long, had been cracked. MFA prevented the thieves from getting into my accounts. I simply added a character to what I had and went on with my business. Not 12 hours later they were at it again. I had not outsmarted anyone. Long story short I made painful changes, and that logon password is now 23 characters long and I have more security protocols in place. Are they problematic when I need quick access to something? Yes, but it is all less problematic than losing everything and having some or all financial liability on top of it.

If you really want your customer’s attention, ask them if they are using cloud services from a provider tied to their phone. In the case of the Apple ecosystem things just work seamlessly and life is good. But if a thief shoulder-surfs and sees that easy to remember four-digit code and then grabs the phone and runs, they can change that person’s security code and even their main password to their Apple accounts. The thief does not need the current password to change it and the real owner can be locked out forever in minutes. That includes email, photos and Apple TV. Emphasize “photos” to your customer. If they do not have a separate backup of those photos, there may be years and years of photos and videos documenting births, deaths, weddings, holidays, and general memories only in the cloud. When your customer is locked out of their own account because of the thief, Apple will tell them there is nothing they can do as it does not have the codes or master codes to access the photos. They’re gone. Money comes and goes, but those photos are gone forever. Now the customer has a genuine interest. As a side note, Apple is working on a fix for this security change issue in an upcoming update to the operating system.

MLOs Hirable Now

We generally do not get too involved in Human Resources issues but this one has some compliance crossover implications, so it is worth mentioning, especially since we are just through the annual renewal period. Section 19 of the Federal Deposit Insurance Act contains restrictions on hiring employees with criminal backgrounds. That is, Section 19 prohibits hiring individuals convicted of crimes of dishonesty, breach of trust, or money laundering, including theft, misappropriation, embezzlement, false identification, and writing of a bad check, among others, from working in a bank without written consent from the FDIC.

But in December 2022, President Biden signed the National Defense Authorization Act for Fiscal Year 2023. Section 5705 of that Act is the “Fair Hiring in Banking” section, which instructs banks to disregard certain criminal convictions. While this eases the restrictions on the hiring of individuals with criminal records, the changes open questions regarding the de minimis standard, and whether the changes to Section 19 effectively amended Reg Z, as it applies to mortgage loan originators because of Reg Z’s references to Section 19. Specifically, § 1026.36(f)(3)(ii) addresses the qualifications individual loan originator employees and requires the bank to review the person’s background as to meeting certain standards and states that if they do not meet these standards, “before the individual acts as a loan originator in a consumer credit transaction secured by a dwelling, that the individual loan originator:

(A)( 1 ) Has not been convicted of, or pleaded guilty or nolo contendere to, a felony in a domestic or military court during the preceding seven-year period or, in the case of a felony involving an act of fraud, dishonesty, a breach of trust, or money laundering, at any time;
( 2 ) For purposes of this paragraph (f)(3)(ii)(A):

( i ) A crime is a felony only if at the time of conviction, it was classified as a felony under the law of the jurisdiction under which the individual was convicted;

( ii ) Expunged convictions and pardoned convictions do not render an individual unqualified; and

( iii ) A conviction or plea of guilty or nolo contendere does not render an individual unqualified under this § 1026.36(f) if the loan originator organization has obtained consent to employ the individual from the Federal Deposit Insurance Corporation (or the Board of Governors of the Federal Reserve System, as applicable) pursuant to section 19 of the Federal Deposit Insurance Act (FDIA), 12 U.S.C. 1829, the National Credit Union Administration pursuant to section 205 of the Federal Credit Union Act (FCUA), 12 U.S.C. 1785(d), or the Farm Credit Administration pursuant to section 5.65(d) of the Farm Credit Act of 1971 (FCA), 12 U.S.C. 227a-14(d), notwithstanding the bars posed with respect to that conviction or plea by the FDIA, FCUA, and FCA, as applicable; and

(B) Has demonstrated financial responsibility, character, and general fitness such as to warrant a determination that the individual loan originator will operate honestly, fairly, and efficiently…”

So, there are the rules and some exceptions now. Section 5705 provides that an individual no longer needs the consent of the FDIC (or NCUA if you are keeping score. Add NCUA in most places when you read FDIC here) to become employed with an insured bank or credit union for “Certain Older Offenses.” These exceptions apply where:

1. It has been seven years or more since the individual committed the offense; or
2. The individual was incarcerated with respect to the offense, and it has been five years or more since the individual was released from incarceration; or
3. The individual committed the offense when they were 21 years of age or younger, if more than 30 months have passed since the sentencing for the offense occurred.

These are lower thresholds than recognized under prior law and FDIC rules. In addition, other de minimis offenses may be exempt, subject to the FDIC rulemaking capabilities and meeting the following criteria:

1. Punishable by a term of three years or less confined in a correctional facility;”
2. Offenses for writing insufficient funds checks must require that the aggregate total face value of all insufficient funds checks (regardless of the number of convictions or program entries at issue) be $2,000 or less; and
3. Other lesser offenses, like the use of a fake ID, shoplifting, trespass, fare evasion, and driving with an expired license or tag, if at least one year has passed since the conviction or program entry for such offense.

There is greater opportunity for exempting de minimis offenses. Banks are now able to move through the hiring process more easily for individuals with lesser, minor convictions than in the past. I will draw attention to the fact that the rules do not say “may consider” or “may waive,” as in “this is optional.” It says banks should disregard prior requirements where these conditions exist. Theoretically if a young employee embezzled from the bank and has been released and meets these conditions, the bank could not stand on Section 19 of the FDI Act and refuse employment.

Under the current Section 19 rules, offenses are considered de minimis and a waiver is automatically granted if the maximum punishment for the crime was:

1. imprisonment of one year or less, and the individual served three days or less of jail time, and
2. a fine of $2,500 or less.
3. Offenses for writing “bad checks” are considered de minimis so long as the aggregate value of the “bad checks” written is less than $1,000 and the payees were not an insured depository institution (IDI) or a credit union.

For a direct comparison, the Fair Hiring in Banking changes this auto-exception to:

1. if the maximum punishment for the crime were three years, calculated based on the time an individual spent incarcerated and not including pretrial detention, probation, or parole.
2. The fine is not referenced.
3. The aggregate amount of the bad checks was increased to $2,000.

Now the Reg Z issues. Reg Z prohibits banks from employing individuals in loan originator positions if that individual was:

1. convicted of a felony in the preceding seven years, or
2. “at any time” for felonies “involving an act of fraud, dishonesty, a breach of trust, or money laundering,”
3. unless they have received consent from the FDIC pursuant to Section 19.

But now the Fair Hiring in Banking provisions removed the requirement that an individual must obtain consent under Section 19 for offenses where:

1. it has been seven years or more since the offense occurred, or
2. the individual was incarcerated for the offense, and it has been five years or more since the individual was released from incarceration; and (ii) the individual was 21 years or younger when he or she committed the offense and 30 months or more have passed since the individual was sentenced.

The result is a set of convictions that would require FDIC consent under Reg Z that are no longer covered convictions under Section 19. Fast forward to October 23, 2023, and the FDIC’s Notice of Proposed Rulemaking Concerning Section 19. The NPRM states:

The proposed rule would incorporate statutory changes to Section 19, including the following:

• Certain older offenses. The Act excludes certain offenses from the scope of Section 19 based on the amount of time that has passed since the offense occurred or since the individual was released from incarceration.

• Designated lesser offenses. Under the Act, Section 19 does not apply to the following offenses, if one year or more has passed since the applicable conviction or program entry: using fake identification; shoplifting; trespassing; fare evasion; and driving with an expired license or tag.

• Criminal offenses involving dishonesty. The Act excludes certain offenses from the definition of “criminal offenses involving dishonesty,” including “an offense involving the possession of controlled substances.” Historically, the FDIC has required an application as to drug-related offenses—aside from simple-possession offenses. In light of the Act, however, the FDIC believes that Congress intended to exclude, at least, the offenses of simple possession and possession with intent to distribute from the “involving dishonesty” category because of the statute’s use of the phrase “involving the possession of controlled substances.” Additionally, the FDIC believes it should shift from the presumption that other drug-related offenses are subject to Section 19 as crimes involving dishonesty, breach of trust, or money laundering. This revised approach would treat drug offenses the same as all other types of crimes, which do not automatically trigger the need for an application, but which may require an application depending on the elements of the underlying criminal offense.

• Expunged, sealed, and dismissed criminal records. The Act excludes certain convictions from the scope of Section 19 that have been expunged, sealed, or dismissed. The existing FDIC regulations already exclude most of those offenses. The proposed rule would modestly broaden the statutory language concerning such offenses to harmonize the FDIC’s current regulations concerning expunged and sealed records with the statutory language.

• Standards for FDIC review of Section 19 applications. The Act prescribes standards for the FDIC’s review of applications submitted under Section 19.

The proposed rule also provides interpretive language that addresses, among other topics, when an offense “occurs” under the Act, whether otherwise-covered offenses that occurred in foreign jurisdictions are covered by Section 19, and offenses that involve controlled substances.

Comments are due by January 16, 2024, as this appeared in the Federal Register on November 14. https://www.federalregister.gov/documents/2023/11/14/2023-23853/fair-hiring-in-banking-act. Compliance may want to coordinate with Human Resources on a comment letter if there are questions your bank has, clarifications you want, or changes to recommend.

AI in Banking

Is your bank an early adopter of technology? I do not see many community banks jumping on to the cutting edge of technology but soon it will become a more commonly offered service from vendors. Now is the time to become familiar with what is happening in this arena. Not banking but looking for shortcuts could be dangerous. If a “techie auditor” wants to use a ChatGPT or similar program to dress up an audit report, who fact checks it? In December the CEO of The Arena Group, which publishes Sports Illustrated, was fired weeks after the magazine was accused of publishing articles generated using artificial intelligence (AI).

The CFPB in June reported on consumer dissatisfaction with chatbots, another common use of AI. The report noted that about 37 percent of the U.S. population has interacted with chatbots. In banking, the use of chatbots raised several risks including: (i) noncompliance with federal consumer financial protection laws; (ii) diminished customer service and trust; and (iii) harm to customers. There have been complaints received by the CFPB. We have also seen AI result in fair lending cases based on poorly targeted marketing. You can find the CPPB’s report here: https://www.consumerfinance.gov/data-research/research-reports/chatbots-in-consumer-finance/chatbots-in-consumer-finance/

• Year End, Year Start

Year-End, Year Start

By Andy Zavoina

This is a time of celebrations, family, and looking forward to a new beginning as the calendar turns to 2024. But, has every “i” been dotted and “t” crossed for 2023? Do you get to exhale in a sigh of relief as you enjoy the holiday season, chill for a moment, and start anew on January 1? The answers are, “You need to know they are,” and “Absolutely not.” As 2023 ends, 2024 begins as a new year but what’s not done from the year-end still has to be. So, let’s do a quick review of those annual tasks and ensure you are really ready to close the books on 2023 and open the new one for 2024.

What must you always consider as you begin planning your year? The major events you anticipate, especially changes.

HMDA

Are you a HMDA reporter, or now will be, based on your bank’s size and transactions and what ramifications does that bring? (See 1-5 immediately below for the requirements applicable to 2023 data. Each test must be met.) If applicable, are you ready for the March 1 filing deadline this year? Do you have only the final quarter’s Loan Application Register (LAR) entries to scrub, and if not, how long will that take? Are the first three quarters of 2023 ready to go?

1. Asset-Size Threshold Test. On December 31, 2022, your bank had assets in excess of $54 million. This was for data collection threshold for 2023. We expect the 2024 threshold to be released in late December.
2. Location Test. On the preceding December 31, your bank had a home or branch office located in a metropolitan statistical area (MSA).
3. Loan Activity Test. During the preceding calendar year, your bank originated at least one home purchase loan or refinancing of a home purchase loan secured by a first lien on a one-to four-unit dwelling.
4. Federally Related Test. Your bank is federally insured, regulated, or originated at least one home purchase loan or refinancing of a home purchase loan that was secured by a first lien on a one- to-four-unit dwelling and, well there is more to this test at 12 CFR 1003.2(g)(1)(iv) but I think we had you at “insured.”
5. Loan-Volume Threshold. Your bank meets or exceeds either the closed-end mortgage loan or the open-end line of credit loan volume threshold in each of the two preceding calendar years. A bank that originated at least 25 closed-end mortgage loans in each of the two preceding calendar years or originated at least 200 open-end lines of credit in each of the two preceding calendar years meets or exceeds the loan-volume threshold. (If the loan or line of credit is not a closed-end mortgage loan or an open-end line of credit, it does not need to be reported.

If you barely missed any of these five criteria, you’ll want to pay attention to any revisions to them next year, such as the asset threshold or loan volume.

Small Business Lending Data Rule

Small Business Lending Data Rule. The Reg B small business data gathering rule referred to as “1071” was released and there were legal challenges affecting the rule. It is important to note that the 1071 rule was not challenged, but the CFPB was. On July 31, 2023, the U.S. District Court for the Southern District of Texas ordered the CFPB not to implement or enforce the 1071 rule. The order stays all deadlines for compliance and in subsequent cases and rulings the stay applies to all banks. The Supreme Court has to rule on the case and that is expected about mid-2024. At that point, if the CFPB is successful, it may simply redesignate the deadlines and if it is not, the 1071 rule will be implemented in some form as it is based on Section 1071 of the Dodd-Frank Act, which is not in question. Ask yourself, if the CFPB is successful and that seems likely to many but remains an unknown, how fast will you be able to react on implementation and change management?

In the BOL Lending Compliance Triage Conference in November, Kimberly Boatwright recommended five critical steps compliance officers need to take now.

1. Determine your bank’s status/tier as a covered institution.

2. Conduct a Gap Analysis to understand your products, delivery channels and lending life cycle.

3. Commercial Lending Challenges that need focus, training, and action.

4. Based on your bank’s needs, allocate a budget.

5. Raise the Board’s and senior management’s awareness of issues related to implementation of Section 1071.

When is your next compliance exam?

That is a compliance officers’ direct responsibility. What has been done to prepare for it and depending on when that is expected, more importantly, what has not been done? Start making that list if your exam is imminent. What other exams do you contribute to – Bank Secrecy Act, Safety and Soundness which may include Reg O, any fair lending or mortgage origination and servicing requirements?

The New CRA Rule

One more biggie that cannot be ignored is the new Community Reinvestment Act rule that was recently published. Most of us are beginning to digest it now as the final rule takes effect on April 1, 2024, but with staggered compliance dates of January 1, 2026, and January 1, 2027. So, it is not an immediate need to completely revamp your policy and procedures, but the changes are enormous and you must start planning now. The November Legal Briefs edition has more on the new CRA, but here are a few key elements.

• Asset thresholds for small, intermediate and large banks will increase.
• Most of the rule’s requirements will go into effect on January 1, 2026, to give you time to prepare for implementation.
• Data reporting requirements, which only apply to large banks, will become applicable starting January 1, 2027.
• The rule allows small banks to be evaluated under the existing framework or opt in to be evaluated under the new framework.
• The final rule does not include a start date for examinations pursuant to the performance tests in the amended regulation. We will have to watch as the agencies prepare for and announce this.

Don’t forget the little things

Now let’s look at the future and eliminate some of the small things for peace of mind. These are minimal tasks that need to be sorted and ensure there are no issues with compliance. It’s the little things that sometimes catch you unprepared.

Let’s talk about signage requirements. In our main branch we had a “Fed wall,” which was one area which had the federally required (and state, as applicable) notice requirements. It should be in an area that is highly visible to the public to meet the intent of the posted notice requirements. It does no good to put these on the wall behind a door that stays open or the plastic trees in the lobby which prevent viewing them. You will not get credit during an exam for posting them where they cannot be seen. If there was a remodel done and the signage was taken down for maintenance, ensure it went back up, and in the right location.

As to being unsightly, beauty is in the eye of the beholder. If you put courier font printed pages in a $2 frame and nailed it to the wall, that is what it will look like. I recommend you lay out all the applicable disclosures and buy one large frame, have a matte cut for all these in one space and then everything is accounted for in one space. As a new branch is opened, just order another of the same design. This ensures everything is easily accounted for and posted easily on the wall rather than trying to lay out several frames, especially if those frames were each different giving a hodgepodge appearance. It is also a simple task to pull the frame down, remove the backing and switch out disclosures when necessary. As a tip, there is a transparent tape and removable tape that uses the same adhesive as sticky notes. It will hold your documents to the matte securely yet provide the flexibility to switch them out without destroying the matte or other documents.

Here are suggestions and justifications for your fed wall and other required signage.

1. Community Reinvestment Act Notice: This is to be posted in each lobby with one version in your main office and another in each branch, other than off premise electronic deposit facilities, the Public Notice described in 12 CFR 345.44 (FDIC), 228.44 (FRB), 25.44 (OCC).

2. Equal Housing Lending Poster: Post in lobby of main office, all branches, and in any other areas where loans are made. Note, this is an 11”x14” poster and unlike most other requirements for signage, the size requirements are specifically stated. 12 CFR 338.4 (FDIC), 24 CFR 110.15 and 110.25 (HUD and OCC) the FRB requirements fall under the Fair Housing Act. .

In August 2022 the FDIC made changes to its version of the sign. Refer to Federal Register Vol. 87, No. 151, Page 48079 as the Fair Housing and Consumer Protection Sale of Insurance Rule are both impacted. To improve efficiency and effectiveness the FDIC consolidated the Consumer Response Center and the Deposit Insurance Section under one organization, entitled the National Center for Consumer and Depositor Assistance. Fair Housing signage and the Sales of Insurance disclosure should refer to, “…National Center for Consumer and Deposit Assistance.” The effective date of the change was August 8, 2022. The OCC has also had changes to its poster. Refer to Bulletin 2021-35, August 5, 2021.

3. Home Mortgage Disclosure Act (HMDA). General notice of availability must be posted in each home office and physical branch offices located in an MSA. 12 CFR 1003.5(e). Non-HMDA banks do not post this notice.

4. Fair Credit Reporting Act (FCRA) requires that a consumer be allowed to notify the bank of an error in their consumer report. If a notice is posted informing consumers where to direct their notice, they may not be delivered to just any employee and must be properly directed. 623(a)(1)(C) (Note, this is a recommendation, not a requirement. Not having such a notice does set the bank up for failure as virtually all staff would need awareness training on how to handle such a notice from a customer.)

Additional signage requirements while you are auditing those above.

A. Customer Information Program procedures require providing adequate notice the bank is requesting information to verify customer identities prior to opening account. May be given or posted, 31 CFR 1020.220(a)(5)

B. FDIC Deposit Insurance Notices are to be displayed at each station or window (including drop boxes, teller windows, new accounts, drive-ups) where insured deposits are normally received, excluding automated service facilities such as ATMs, night depositories and POS. These signs must be 3″X7″ in size. 12 CFR 328.2 & FDIC 93-42, 94-17.

C. Funds Availability Policy is for banks routinely delaying availability of any deposited item. Disclosure is required of several items in a conspicuous place in each location where deposits are accepted. This includes the abbreviated text on ATMs but excludes drive-ups. These disclosures are contained in our Facts About Funds Availability brochure that doubles as the posted notice. 12 CFR 229.18

D. ATM Surcharge Notice requirements apply if your bank, as an ATM owner/operator, imposes a fee to complete a transaction or inquiry. The bank must disclose on the ATM that a fee may be imposed. 12 CFR 1005.16(c).

And for employees there are several other requirements.

E. 5-in-1 Employment Poster is required to be visible to job applicants and employees, 42 USC 2000e-10(a). This poster should include five parts, and if not in a combined poster, individual signs must be posted in the manager’s office or lobby. The five laws are: Equal Employment Opportunity Act, Fair Labor Standards Act, Employee Polygraph Protection Act, Family Medical Leave Act, and OSHA’s Plain Language “It’s The Law.” Refer to 29 USC 201, 29 USC 2003, 29 CFR 825.300, and 29 CFR 1903.2(a)(3)

F. Rate Board requirements under TISA/Reg DD are that indoor signs are exempt from many advertising requirements. But if a rate is stated it will use the term “annual percentage yield” or “APY” and contain a statement advising consumers to contact an employee for further information on terms and fees. 12 CFR 1030.8(e)(2)

G. Notice of Employee Rights has two requirements; 1) Executive Order 13496 is a Notice of Employee Rights under the National Labor Relations Act, the primary law governing relations between unions and employers in the private sector. See 29 CFR Part 471. Banks need to follow this for various reasons including due to FDIC insurance, savings bond transactions, TTL accounts and government contracts. Post the notice conspicuously in offices where employees covered by the NLRA perform contract-related activity, including all places where notices to employees are customarily posted both physically and electronically. 2) Employee Rights under the NLRA See section 7 of the NLRA, 29 U.S.C. 157

Now that signage requirements are addressed, let’s ensure “annual” tasks have been completed.

Annual compliance tasks

Reg BB (CRA), Content and availability of Public File § 228.43 – Your Public Files must be updated and current as of April 1 of each year. Many banks update this continuously, but it’s good to check. You want to ensure you have all written comments from the public from the current year plus each of the two prior calendar years. These are comments relating to the bank’s efforts in meeting community credit needs (your SBA loans may play a key role here) as well as any responses to comments. You also want a copy of the last public section of the CRA Performance Evaluation. That actually is to be placed here within 30 days of receipt. Ensure you are keeping up with branch locations and especially ATMs as those may fluctuate. The regulation has more on the content of this file. It may be best to review it with an audit workpaper to use as a checklist to avoid missing any required items.

CRA Notice and Recordkeeping § 228.42, 228.44, 1003.5 – CRA data, which can include small business and small farm as well as home mortgages, are gathered based on specific reporting requirements for the Loan Application Registers (LAR). CRA and HMDA information, if applicable, must be submitted by March 1, for the prior calendar year. If you are a reporter of either LAR you should start verifying the data integrity now to avoid stressing the process at the end of February. HMDA mortgage data should be compiled quarterly so this should not be a huge issue, but a thorough scrubbing as the new year starts and submission preparation approaches is always warranted.

Pertaining to this, national banks should ensure they have reviewed and updated as needed the CRA, FHA and ECOA notices in accordance with the Aug. 5, 2021, OCC Bulletin 2021-35. This bulletin provided updated content for the appropriate names and addresses for notices required by the Community Reinvestment Act and Equal Credit Opportunity Act, and for posters under the Fair Housing Act. National banks were required to make the appropriate changes to their notices and posters within 90 days of the issuance which then had a mandatory compliance date of Nov. 3, 2021.

Reg C – HMDA Notice and Recordkeeping § 1003.4, 1003.5 – HMDA data are gathered as home mortgage loans are applied for and are compiled quarterly if your bank is a HMDA reporter. There are specific and detailed reporting requirements for the Loan Application Register (LAR) itself. The LAR must be submitted by March 1, for the prior calendar year. If you are a reporter, you should start verifying the data integrity now and this is of vital importance if you have a large volume of records to report.

Reg E § 1005.8– If your consumer customer has an account to or from which an electronic fund transfer can be made, an error resolution disclosure is required. There is a short version that you may have included with each periodic statement. If you’ve used this, you are done with this one. But if you send the longer version that is sent annually, it is time to review it for accuracy and ensure it has been sent or is scheduled to be. Electronic disclosures under E-SIGN are allowed here.

This is also a good time to review §1005.7(c) (additional electronic fund transfer services) and determine if any new services have been added and if they were disclosed as required. Think Person-to-Person transfers like Zelle, Venmo or Square.

Reg G – Annual MLO Registration § 1007.102, 1007.103 – Mortgage Loan Originators must go to the online Registry and renew their registration. This is done between November 1 and December 31. If this hasn’t been completed, don’t push it to the back burner and lose track during the holidays and then have to join a year-end rush to complete this task. This is also a good time to plan with management and Human Resources any MLO bonus plans. Reg Z Section 1026.36(d)(1)(iv)(B)(1) allows a 10 percent aggregate compensation limitation on total compensation which includes year-end bonuses. Additionally, paragraph (b) of 1007.103 requires updates that may require coordination with HR – were there name changes of an MLO or a move to another location?

Regulation O, Annual Resolution §§ 215.4, 215.8 – In order to comply with the lending restrictions and requirements of § 215.4, you must be able to identify the “insiders.” Insider means an executive officer, director, or principal shareholder, and includes any related interest of such a person. Your insiders are defined in Reg O by title unless the Board has passed a resolution excluding certain persons. You are encouraged to check your list of who is an insider, verify that against your existing loans, and ensure there is a notification method to keep this list updated throughout the year.

Reg P § 1016.5 –There are exceptions allowing banks which meet certain conditions to forgo sending annual privacy notices to customers. The exception is generally based on two questions; does your bank share nonpublic personal information in any way that requires an opt-in under Reg P, and have you changed your policies and practices for sharing nonpublic personal information from the policies and procedures you routinely provide to new customers? Not every bank will qualify for the exception, however. John Burnett wrote about the privacy notice conundrum in the July 2017 Legal Briefs. That article has more details on this.

When your customer’s account was initially opened, you had to accurately describe your privacy policies and practices in a clear and conspicuous manner. If you don’t qualify for the exception described above, you must repeat that disclosure annually as well. Ensure that your practices have not changed and that the form you are sending accurately describes your practices.

For Reg P and the Privacy rules, annually means at least once in any period of 12 consecutive months during which that relationship exists. You may define the 12-consecutive-month period, but you must apply it to the customer on a consistent basis, so this is not necessarily a December or January issue, but it could be. And each customer does not have their own “annual date.” If a consumer opens a new account with you in February, you provide the initial privacy notice then. That is year one. You can provide the annual privacy notice for year two at any time, up until December 31 of the second year.

It is important to note that unlike most other regulatory requirements, Reg P doesn’t require E-SIGN compliance for your web-based disclosures. You can use e-disclosures on your bank web site when the customer uses the web site to access financial products and services electronically and agrees to receive notices at the web site, and you post your current privacy notice continuously in a clear and conspicuous manner on the web site. So, the demonstrable consent requirements and others in E-SIGN’s 15 USC Sect. 7001(c) do not apply, but there must still be acceptance to receive them on the web. Alternatively, if the customer has requested that you refrain from sending any information regarding the customer relationship and your current privacy notice remains available to the customer upon request this method is acceptable.

Fair Credit Reporting Act – FACTA Red Flags Report – Section VI (b) (12 CFR 334.90) of the Guidelines (contained in Appendix J) require a report at least annually on your Red Flags Program. This can be reported to either the Board, an appropriate committee of the Board, or a designated employee at the senior management level.

This report should contain information related to your bank’s program, including the effectiveness of the policies and procedures you have addressing the risk of identity theft in connection with the opening of covered accounts and with respect to existing covered accounts, as well as service provider arrangements, specifics surrounding and significant incidents involving identity theft plus management’s response to these and any recommendations for material changes to the bank’s program. Times change, customers’ habits change, and importantly criminals change and each may require tweaks to the bank’s program.

Reg V, Fair Credit Reporting Act – Affiliate Marketing Opt-Out § 1022.27(c) – Affiliate marketing rules in Reg V place disclosure restrictions and opt out requirements on you. Each opt-out renewal must be effective for a period of at least five years. If this procedure is one your bank is using, you must know if there are there any expiration dates for the opt-outs and whether those consumers have been given an opportunity to renew their opt-out.

RESPA Reg X, Annual Escrow Statements § 1024.17 – For each escrow account you have, you must provide the borrower(s) an annual escrow account statement. This statement must be done within 30 days of the completion of the escrow account computation year. This need not be based on a calendar year. You must also provide them with the previous year’s projection or the initial escrow account statement, so they can review any differences. If your analysis indicates there is a surplus, then within 30 days from the date of the analysis you must refund it to the borrower if the amount is greater than or equal to $50. If the surplus is less than that amount, the refund can be paid to the borrower, or credited against next year’s escrow payments.

Reg Z Thresholds and Updates § 1026.3(b)– These changes are effective January 1, 2024. You should ensure they are available to staff or correctly hard coded in your systems. The exemption for Reg Z disclosures will increase from $66,400 to $69,500, meaning consumer loans over that amount (except for loans secured by real or personal property expected to be used as the consumer’s principal dwelling or a private education loan) will be exempt.

BSA Annual Certifications – Your bank is permitted to rely on another financial institution to perform some or all the elements of your CIP under certain conditions. The other financial institution must certify annually to your bank that it has implemented its AML program. Also, banks must report all blockings to OFAC within ten days of the event and annually by September 30, concerning those assets blocked.

Information Security Program part of GLBA – Your bank must report to the board or an appropriate committee at least annually. The report should describe the overall status of the information security program and the bank’s compliance with regulatory guidelines. The reports should discuss material matters related to the program, addressing issues such as: risk assessment; risk management and control decisions; service provider arrangements; results of testing; security breaches or violations and management’s responses; and recommendations for changes in the information security program.

Security, Annual Report to the Board of Directors § 208.61 – The Bank Protection Act requires that your bank’s Security Officer report at least annually to the board of directors on the effectiveness of the security program. The substance of the report must be reflected in the minutes of the meeting. The regulations don’t specify if the report must be in writing, who must deliver it, or what information should be in the report. It is recommended that your report span three years and include last year’s historical data, this year’s current data and projections for the next year.

Similar to the Compliance Officer reporting to the board, this may include a personal presentation, or it may not. I recommend that it is because this is an opportunity to express what is being done to control security events from the recent past as well as foreseeable events and why these are important issues. These facts can assist Security in getting the budget and assets necessary for the coming year. There is no prescribed period during which the report must be made other than “annually” and this may be based off the timing of the prior report, give or take a month. Annual presentations such as this are better done when the directors can focus more on the message, so try to avoid quarter ends, and especially the fourth quarter. This is not a “how-to” on the annual security report, but you can find more on the topic, free, on the BankersOnline Tools by searching on “annual security program.”

Training – An actual requirement for training to be conducted annually is rare, but annual training has become the industry standard and may even be stated in your policies. There are six areas that require training (this doesn’t mean you don’t need other training, just that these regulations have stated requirements).

– BSA (31 CFR §1020.210(b)(4), and 12 CFR §208.63(c)(4) Provide training for appropriate personnel.
– Bank Protection Act (12 CFR §21.3(a)(3) and §208.61(c)(1)(iii)) Provide initial and periodic training
– Reg CC (12 CFR §229.19(f)) – Provide each employee who performs duties subject to the requirements of this subpart with a statement of the procedures applicable to that employee.
– Customer Information Security found at III(C)(2) (Pursuant to the Interagency Guidelines for Safeguarding Customer Information), training is required. Many banks allow for turnover and train as needed, imposing their own requirements on frequency.)
– FCRA Red Flag (12 CFR 222.90(e)(3)) Train staff, as necessary, to effectively implement the Program;)
– Overdraft protection programs your bank offers. Employees must be able to explain the programs’ features, costs, and terms, and to explain other available overdraft products offered by your institution and how to qualify for them. This is one of the “best practices” listed in the Joint Guidance on Overdraft Protection Programs issued by the OCC, Fed, FDIC and NCUA in February 2005 (70 FR 9127, 2/24/2005), and reinforced by the FDIC in its FIL 81-2010 in November 2010.

MISCELLANY – Some miscellaneous items you may address internally in policies and procedures include preparation for IRS year-end reporting, vendor due diligence requirements including insurance issues and renewals, documenting ORE appraisals and sales attempts, risk management reviews, following records retention requirements and destruction of expired records, and a designation by the bank’s board of the next year’s holidays.

And finally, has there been a review of those staffers who have not yet taken five consecutive vacation or “away time” days per Oklahoma Administrative Code 85:10-5-3 “Minimum control elements for bank internal control program”?

• Loans, ECOA, and Noncitizen Discrimination
• New CRA Final Rule Released

Loans, ECOA, and Noncitizen Discrimination

By Andy Zavoina

To me, this is one of those statements that says it is a warning shot and you need to know where the bullet may drop. This is your opportunity to evaluate the situation and step to the side to avoid injury, if necessary. On October 18, 2023, the Consumer Financial Protection Bureau (CFPB) and the Department of Justice (DOJ) published a joint statement in the Federal Register (https://www.federalregister.gov/d/2023-22968), “to assist creditors and borrowers in understanding the potential civil rights implications of a creditor’s consideration of an individual’s immigration status under the Equal Credit Opportunity Act (ECOA)”. The DOJ enforces civil rights violations as well as fair lending, so its involvement identifies the purpose of the statement.

First, let’s review what the joint statement says. It clearly states that lenders need to understand, “the potential civil rights implications of a creditor’s consideration of an individual’s immigration status under ECOA. ECOA does not expressly prohibit consideration of immigration status…,” and then it gets to the intent of the statement, “creditors should be aware that unnecessary or overbroad reliance on immigration status in the credit decisioning process, including when that reliance is based on bias, may run afoul of ECOA’s antidiscrimination provisions and could also violate other laws.”

I have taught Reg B, which implements ECOA, for many years. In subsection 1002.5(e) it states, “A creditor may inquire about the permanent residency and immigration status of an applicant or any other person in connection with a credit transaction.” That is under the section titled, “Rules concerning requests for information.” When I teach, I mention this section as being a nondiscriminatory way to ascertain residency status as it pertains to future collection of a debt. This should have nothing to do with color, race, religion or any other protected basis that cannot be used in making a loan decision. The intent of the question is, would this person be subject to, or scheduled to move out of the country during the term of the loan, and where might your collateral be at that time? When a person has few ties to where they live, it is easier for them to move and harder for you to contact them when necessary. I can tell you from experience that repossessing collateral internationally is much harder, and you are at the mercy of others when it comes to the bill and a sale.

As an example, person A arrived in your area a few months ago from South America. She is an executive at a large company that is a particularly good customer of the bank. She wants to buy a new car and finance it for sixty months. If your applicant has a B-1 visa and applies for this loan, be aware that the typical stay is usually six months for work, with a possible extension for another six months. What will happen to this new car in just a few months? What if the extension being requested is not approved? These are valid concerns.

On the other hand, if the lender reviews an application from the same person but for a short term loan that will be repaid prior to the visa’s expiration, and interviews the person, but still does not like the fact that English is a second language, communication is difficult at best, and the applicant is not a U.S. citizen, and denies the request for those reasons, that could be the Reg B issue this joint statement is concerned with. This is an obviously made-up scenario, but the point is, you may consider the immigration status but be cautious if it is a key reason for the denial. Lenders are still concerned with credit risk based on capacity, character, capital, collateral and conditions. Quoting from the joint statement, “Creditors should therefore be aware that if their consideration of immigration status is not ‘necessary to ascertain the creditor’s rights and remedies regarding repayment,’ and it results in discrimination on a prohibited basis, it violates ECOA and Regulation B.” At the end of the day, does the lender predict the loan would perform and pay as agreed or not? Is it a collateral rights or access issue? These are questions for the bank. A lender’s bias should not influence the credit decision of the bank as it is the bank making the loan. That is the heart of the joint statement as I read it.

Reg B tells us “…a creditor may consider any information obtained, so long as the information is not used to discriminate against an applicant on a prohibited basis.” If immigration status is a proxy for race, religion, national origin, color, or any prohibited basis, that would be a violation. As the joint statement explains it, “Regulation B notably provides that a ‘creditor may consider [an] applicant’s immigration status or status as a permanent resident of the United States, and any additional information that may be necessary to ascertain the creditor’s rights and remedies regarding repayment.’ 12 C.F.R. § 1002.6(b)(7). Regulation B does not, however, provide a safe harbor for all consideration of immigration status.” And this is where I would like to remind readers that, as noted above, it is the bank taking action here through a lender, and it is the bank’s responsibility to ensure compliance.
Considering the above, we may also introduce Bank Secrecy Act prohibitions here. Like the issues above, this may be a training issue that lenders should be reminded of. In section II of the joint statement we find, “As a general matter, creditors should evaluate whether their reliance on immigration status, citizenship status, or “alienage” (i.e., an individual’s status as a non-citizen) is necessary or unnecessary to ascertain their rights or remedies regarding repayment. To the extent that a creditor is relying on immigration status for a reason other than determining its rights or remedies for repayment, and the creditor cannot show that such reliance is necessary to meet other binding legal obligations, such as restrictions on dealings with citizens of particular countries, 12 C.F.R. pt. 1002, Supp I. ¶ 2(z)-2, the creditor may risk engaging in unlawful discrimination, including on the basis of race or national origin, in violation of ECOA and Regulation B.” What does comment 2(z)-2 address? It addresses National Origin. “A creditor may not refuse to grant credit because an applicant comes from a particular country but may take the applicant’s immigration status into account. A creditor may also take into account any applicable law, regulation, or executive order restricting dealings with citizens (or the government) of a particular country or imposing limitations regarding credit extended for their use.”

Going forward, banks should consider training in-person or at the least by memorandum or computer-based training reminding lenders of these issues. No bank or lender should look to automatically decline loan applications from certain groups of noncitizens regardless of the credit qualifications because of the citizenship unless there is a legal prohibition preventing working with them. To carry this to the next level of fair banking, the same rules should apply to deposit and service relationships. Denying a loan, deposit or service to someone solely because they do not have a Social Security account number is too broad a reach based on that one criterion. The absence of an SSAN should not be a proxy for non-citizenship which ignores other credit qualifications and causes an automatic denial. Treating this group of applicants differently would also be a Reg B violation. For example, that could include requiring all non-SSAN applicants to apply in person. When such a requirement is applied to a group and is predicated on a prohibited basis, it would be a discriminatory act.

It was recently noted that rules are changing to allow more people to be paired testers who enter a bank and apply for loans. The paired testers involve one applicant who has characteristics of a prohibited basis and another who does not, but the underlying credit qualifications for both are similar. An example would be a white couple applying for a joint loan and a Black couple asking for the same product and terms. The object is to detect if they are treated differently. I recall one evaluation from paired testers which criticized the lender because the majority testers were offered soft drinks, and the minority testers were not. The evaluations drill way down of what is considered being “treated similarly.” In addition to this training, the bank should ensure there are no conflicts in any policies and procedures. It should be an accepted fact that examiners will be scrutinizing this issue in your next compliance or fair lending exam. All banks would be wise to review the issues in advance of that.

I must be clear that I am not a lawyer, and this is not legal guidance. The joint statement gets its points across, but it offers advice that you can consider immigration status but cannot consider it completely or in a broad, overreaching manner. There is subjectivity in the terms used, but with what I read between the lines, the objective is as I stated above, make loans to those qualified, do not exclude a qualified borrower because they are a non-citizen, and lend in a safe and sound manner to comply with ECOA and civil rights.

Other Fair Lending Concerns

If your bank considers implementing a review and training on this fair lending and civil rights issue, you might as well get the most bang for your training buck and consider adding some “lessons learned” from mid-year CFPB release of its “2022 Fair Lending Annual Report to Congress” found here, https://www.consumerfinance.gov/about-us/blog/the-cfpbs-2022-fair-lending-annual-report-to-congress/ .
It shows how the CFPB set its sights on redlining and appraisal discrimination in the prior year, and we can rest assured it did not end there. Since that report was filed, an Oklahoma bank settled a redlining case for $1.15 million for failing to provide mortgages in all areas for a four-year period from 2017 through 2021. That case originated as a referral from the FDIC to the DOJ, which has the authority to handle fair lending cases. The bank allegedly engaged in a pattern or practice of lending discrimination by redlining historically Black neighborhoods in the Tulsa MSA. In part, the proposed consent order calls for the bank to:

1) Invest at least $950,000 in a loan subsidy fund to increase credit for home mortgage loans and lines of credit for consumers applying in majority-Black and Hispanic census tracts in the Tulsa MSA;
2) Spend at least $100,000 in advertising, community outreach, and consumer financial education programs and credit counseling in the Tulsa MSA;
3) Spend at least $100,000 in developing partnerships with one or more community-based or governmental organizations that provide the residents of majority-Black and Hispanic census tracts in the Tulsa MSA with services related to credit, financial education, homeownership, and foreclosure prevention;
4) Establish a community-oriented loan production office in a majority-Black and Hispanic census tract in the Tulsa MSA;
5) Assign at least two full-time loan officers to solicit mortgage applications primarily in majority-Black and Hispanic census tracts in the Tulsa MSA;
6) Employ a full-time director of community lending to oversee the continued development of lending.

Another recent redlining case occurring after the 2022 report involves a $9 million settlement agreement with a Rhode Island bank that allegedly failed to provide mortgage lending services in majority-Black and Hispanic neighborhoods in Rhode Island between 2016 and 2022. This case had its settlement agreement released at the end of September 2023. In this case the DOJ announced the bank would, among other things:

1) Invest at least $7 million in a loan subsidy fund for majority-Black and Hispanic neighborhoods in Rhode Island to increase access to credit for home mortgage, improvement, and refinance loans, and home equity loans and lines of credit;
2) Invest $1 million towards outreach, advertising, consumer financial education, and credit counseling initiatives;
3) Invest $1 million in developing community partnerships to expand access to residential mortgage credit for Black and Hispanic consumers;
4) Establish two new branches, ensure at least two mortgage loan officers, and employ a “Director of Community Lending” in majority-Black and Hispanic neighborhoods in Rhode Island;
5) Conduct a community credit needs assessment; and
6) Produce a fair lending status report and compliance plan and conduct fair lending training.

Back to the 2022 Fair Lending Annual Report— For those interested in getting up to date on enforcement actions, it recaps 2022’s enforcement actions related to fair lending, including an action against Trident Mortgage Company for alleged unlawful discrimination on the basis of race, color or national origin.
The CFPB also referred five fair lending cases to the DOJ which included four related to redlining and one related to discriminatory underwriting.
I have written previously here on appraisal discrimination and reconsideration of value complaints so I will not go over that again. While there are still hearings being held, the most recent on November 1, 2023, you can find more in our June and July 2023 Legal Briefs.

New CRA Final Rule Released

By Andy Zavoina

The modernized Community Reinvestment Act (CRA) final rule was released on October 24, 2023. It is a joint release by the FDIC, OCC and FRB. You’ll find it here if you haven’t already downloaded a copy to work from: https://www.federalreserve.gov/aboutthefed/boardmeetings/files/frn-cra-20231024.pdf . It is nearly 1,500 pages, so plan to break it into chunks. This is marked as a draft, but it’s the final form we have to start with.

Here are some quick facts for an overview:

Under the final rule, banks are classified as either a:
1) large bank – those with assets of at least $2 billion as of December 31 in both of the prior two calendar years
2) intermediate bank – those with assets of at least $600 million as of December 31 in both of the prior two calendar years and less than $2 billion as of December 31 in either of the prior two calendar years
3) small bank – those with assets of less than $600 million as of December 31 in either of the prior two calendar years
4) limited purpose bank – a bank that is not in the business of extending certain loans, except on an incidental and accommodation basis, and for which a designation as a limited purpose bank is in effect.

These asset-size thresholds will be adjusted annually for inflation.

In general, the rule is effective April 1, 2024. But to understand the complexity of what is effective when, you must dissect a copy of the rule as certain amendments are effective based on conditions such as the legal cases surrounding the Small Business Loan Reporting requirements. The agencies will publish an announcement of an effective date for those delayed amendments. One group of selected sections of the common rule text adopted by the agencies will be applicable on January 1, 2026; while another group of sections implementing reporting requirements will be applicable January 1, 2027, with data reporting each April 1, beginning in 2027.

The CRA was implemented originally to help low- and moderate-income borrowers receive loans. The old saying that banks would only loan money to those who didn’t need it was not completely inaccurate. The spirit and intent of the law was to ensure that banks were making loans to customers in their market area from which deposits were being received. So, the bank would loan to its community that was supporting it with deposits to lend.

The 1977 law was not meant to work in today’s economy, as much has changed and the CRA needed to be updated. This was a huge project that needed coordination and adoption by each of the regulatory agencies. Banks needed a unified CRA so that they are similarly graded, and the same rules apply across the board. That is the attempt with the modernization of the CRA. While there is unification, each agency will still publish its own set of rules as each has its own section of the laws. Banks regulated by the:

– Office of the Comptroller of the Currency will follow 12 CFR 25 (national banks) and 12 CFR 195 (federal savings associations)
– Board of Governors of the Federal Reserve System will follow 12 CFR 228
– Federal Deposit Insurance Corporation will follow 12 CFR 345.

The massive re-write to modernize the CRA will require extensive preparation on the part of each bank. You will need to prepare for these finalized requirements as they will go into effect in stages beginning on April 1, 2024, and continuing on January 1, 2026, and January 1, 2027. One or more persons in the bank will have to digest the CRA and “chunk it out” as different deliverables will have to be decided on for each bank and the complexity of those deliverables will depend on your bank’s market, niche, strategic goals going forward, and capabilities, all compounded by the court’s actions on the 1071 rule. It is important to note that the legal cases may involve 1071 and payday lending, but they challenge more the constitutionality of the CFPB, and its method of funding designed by Congress. The Senate has had bills submitted as to 1071 revisions but there may be no consensus in the House to facilitate change. At the center legal actions are going against the cause, the CFPB, not necessarily the rules themselves. The 1071 rule for small business data gathering was brought about by the Dodd-Frank Act, another law. The CFPB was slow to enact these requirements and was taken to court in California because of it. That law is not really in question at this time so there is little reason to believe that if the CFPB were to be criticized, that the work it has done would be reversed. It is quite possible that, like the challenges which were decided by the Supreme Court on the ability to appoint a new director at the CFPB as decided on by the current President, the court agreed and said just that would be changed, now go back to work. SCOTUS could rule that funding needs to be done by Congress annually, and now go back to work. In that case the CFPB could say everything stands as planned. Some extensions might be allowed based on the delay due to the wheels of justice moving slowly, but banks may not even get an extension equal to that gap. I encourage banks to prepare now for 1071 and not to expect the rule to change. That creates a domino effect with the Reg B 1071 rule and the new CRA rule. Start looking at the CRA as though the 1071 rule will be implemented as planned, however those rules affect your bank.

Here are five key issues in the new CRA.

1) Asset thresholds for small, intermediate and large banks will change and increase.
2) Most of the rule’s requirements will go into effect on January 1, 2026, to give you time for implementation and change management procedures.
3) Data reporting requirements will begin as of January 1, 2027, and will only apply to large banks.
4) The rule allows small banks to be evaluated under the existing criteria or opt in to be evaluated under the new criteria.
5) The final rule does not include a start date for examinations pursuant to the new performance tests so that is a wait-and-see issue.

I’ve mentioned the new thresholds above in the initial recap, but here they are with some additional explanation. These go into effect January 1, 2026.

Small banks will be those with total assets of less than $600 million. This is an increase from $376 million under the current CRA. The regulatory agencies estimate that this increase will shift approximately 778 banks from intermediate to small status.

Intermediate banks will be those with total assets of at least $600 million, but less than $2 billion. This is an increase from a range of $376 million to $1.503 billion under the current CRA. It is estimated that this increase will shift approximately 216 banks from large to intermediate status.

Large banks will be those with total assets of $2 billion or more. This is an increase from $1.503 billion under the current rule. There will be additional requirements for large banks with total assets of $10 billion or more. Those items are not carved out into a separate “very large” bank category, however.

Like the current CRA, the minimum asset threshold for an intermediate or large bank must be met for two consecutive calendar year-ends to reach the intermediate or large status. The threshold amounts will be adjusted annually for inflation. The new CRA includes a definition for limited purpose banks that includes those banks that are considered a limited purpose or wholesale bank under the current regulation, but it does not use those terms.

There is a definition of “military bank” which now means a bank whose business predominantly consists of serving the needs of military personnel who serve or have served in the U.S. armed forces or their dependents. There is an exception for assessment areas carved out for these military banks. Because the customer base is literally all over the world these banks may delineate its entire deposit customer base as its assessment area.

Excluding the military banking exception, the new CRA includes two types of assessment areas — facility-based assessment areas and retail lending assessment areas.

Facility-based assessment areas will be similar to current assessment areas except for the requirement that they include entire counties. An exception to the entire-county requirement exists for small and intermediate banks so long as the assessment area consists of contiguous whole census tracts. This section of the regulation is effective April 1, 2024, but the new definition of small and intermediate banks does not become effective until January 1, 2026. This may cause confusion, but a conservative compliance approach would be for banks that meet the current definition of a small or intermediate bank to have a facility-based assessment area that does not consist of entire counties. Otherwise keep them whole for now and assess if there is good reason to divide them.

Retail lending assessment areas will be applicable to large banks, and these are not effective until January 1, 2026. Retail lending assessment areas must be established when less than 80% of retail lending occurs within facility-based assessment areas. Retail lending assessment areas will then need to be designated in any nonmetropolitan area of a state or MSA where at least 150 closed-end home mortgage loans or 400 small business loans were originated or purchased during each of the prior two calendar years.

Small banks will have the easiest road to implementation. Small banks can opt-in to the new Retail Lending Test or continue to be evaluated under the current Small Bank Lending Test.

As to evaluations, the Retail Lending Test will be optional for small banks. Intermediate and large banks may be evaluated with this test when it becomes effective January 1, 2026. The agencies have not yet indicated when evaluations under the new CRA will begin. I’m sure it has not been a priority given the time gap and that they, too, need to grasp all the nuances of the new rule.

Under the current rule, which products will be evaluated may depend on borrower profiles and geographic distribution of loans. Now there will be Retail Lending Volume Screens and Major Product Line Standards which will provide the metrics. The loan types, such as home mortgages, multifamily, small business, small farm, and automobile loans, which will be evaluated can vary by assessment area and by Outside Retail Lending Areas. These are areas nationwide where the bank originated or purchased loans in a product line that is being evaluated outside any of its facility-based or retail lending assessment areas. Modernization, remember. This is not foreign to military banks as their effective lending areas exceeded local geographies. The bank’s lending performance will be evaluated in outside retail lending areas for large banks and in certain circumstances for intermediate and small banks.

Intermediate and small banks will be evaluated when more than 50% of certain loans have been originated or purchased outside of their assessment areas during the prior two calendar years or, if desired at your bank’s option.

As is the case under the current CRA, intermediate banks will be subject to two tests, and each contributes one-half to the total rating. The Retail Lending Test replaces the current lending test. Banks will have the option to be evaluated under the current Community Development test for intermediate banks for community development loans and services, along with qualified investments or a new Community Development Financing Test.

This new test evaluates your bank’s dollar volumes for community development loans and investments. This is compared to your deposit base and uses a new Impact and Responsiveness Review.

Community development activities have long been an area of subjectivity and there are changes effective January 1, 2026, to these.

You will now have eleven qualification criteria to determine if a loan, investment or service is a valid community development activity. You may also be eligible to receive full or partial credit. You will consider affordable housing, revitalization, and stabilization as well as economic development. There will also be considerations for community support services and new possibilities such as essential community facilities and infrastructure, disaster preparedness and weather resiliency as examples.

The Impact and Responsiveness of community development activities will be evaluated using a list of about twelve factors including:

– the benefit to counties with persistent poverty or census tracts with a poverty rate of 40 percent or more;
– support for minority depository institutions, women’s depository institutions, low-income credit unions or certified community development financial institutions;
– support of businesses or farms with gross annual revenues of $250,000 or less;
– whether it benefits or serves residents of Native Land Areas or benefits projects financed with low-income housing tax credit or new markets tax credit.

You will now be able to receive credit for community development activities anywhere in the country.

Large banks will now be evaluated under four tests. The Retail Lending Test and the Community Development Financing Test will each contribute 40%. The Retail Services and Products Test and the Community Development Services Test will each contribute 10%.

The Retail Services and Products Test will evaluate the bank’s credit and deposit products and programs along with the responsiveness of these programs to the needs of LMI communities. It will also assess your delivery methods, including digital, as well as the availability of branch and remote service facilities.

Deposit products will be evaluated based on availability and usage and only receive positive consideration for those larger banks with more than $10 billion in total assets or at the bank’s option for those with assets of $10 billion or less.

OK Legislation 2023

By Pauli D. Loeffler

Oklahoma Uniform Consumer Credit Code Title 14A

Sec. 1-106 of the Oklahoma Uniform Consumer Credit Code  in Title 14A (the “U3C”) is the section that determines when and how much dollar limits under Title 14A are subject to change. These changes are based on increases in the Consumer Price Index for Urban Wage Earners and Clerical Workers compiled by the Bureau of Labor Statistics, U.S. Department of Labor.

Legislation enacted in the last session modified Subsection (4)(a) of § 1-106 removing the 3% increase cap on increased amounts. The amendment became effective April 23, 2023, and is part of the notification by the Oklahoma Department of Consumer Credit of changes in dollar amounts effective July 1, 2023. I covered these changes in the June 2023 OBA Legal Briefs. The OK DOCC notice can be accessed here.   It is also accessible on the OBA’s Legal Links page under Resources. In order to gain access to the Legal Briefs online archive and the Legal Links, you will need to create an account through the My OBA Member Portal if you have not done so already.

• 3-508A Loans

This section of the “U3C” sets the maximum annual percentage rate for certain loans. It provides three tiers with different rates based on unpaid principal balances that may be “blended.” It also has an alternative maximum rate that may be used rather than blending the rates. Effective for loans consummated on or after November 1, 2023, § 3-508A is amended to read:

(2) The loan finance charge, calculated according to the actuarial method, may not exceed the equivalent of the greater of either of the following:

(a) the total of:

(i) thirty-two percent (32%) plus the federal funds rate per year on that part of the unpaid balances of the principal which is Seven Thousand Dollars ($7,000.00) or less;

(ii) twenty-three percent (23%) plus the federal funds rate per year on that part of the unpaid balances of the principal which is more than Seven Thousand Dollars ($7,000.00) but does not exceed Eleven Thousand Dollars ($11,000.00); and

(iii) twenty percent (20%) plus the federal funds rate per year on that part of the unpaid balances of the principal which is more than Eleven Thousand Dollars ($11,000.00); or

(b) twenty-five percent (25%) plus the federal funds rate per year on the unpaid balances of the principal…

(7) As used in this section, the “federal funds rate” means the rate published by the Board of Governors of the Federal Reserve System in its statistical release H.15 Selected Interest Rates [Click HERE] and in effect as of the first day of each month immediately preceding the month during which the loan is consummated.

Title 60 O.S. § 121 – Alien ownership of Oklahoma real estate

I covered loans to non-U.S. citizens in the January 2016 OBA Legal Briefs. Effective November 1, 2023, § 121 is amended as follows:

1. No alien or any person who is not a citizen of the United States shall acquire title to or own land in this state either directly or indirectly through a business entity or trust, except as hereinafter provided, but he or she shall have and enjoy in this state such rights as to personal property as are, or shall be accorded a citizen of the United States under the laws of the nation to which such alien belongs, or by the treaties of such nation with the United States, except as the same may be affected by the provisions of Section 121et seq. of this title or the Constitution of this state. Provided, however, the requirements of this subsection shall not apply to a business entity that is engaged in regulated interstate commerce in accordance with federal law.
2. On or after the effective date of this act, any deed recorded with a county clerk shall include as an exhibit to the deed an affidavit executed by the person or entity coming into title attesting that the person, business entity, or trust is obtaining the land in compliance with the requirements of this section and that no funding source is being used in the sale or transfer in violation of this section or any other state or federal law. A county clerk shall not accept and record any deed without an affidavit as required by this section. The Attorney General shall promulgate a separate affidavit form for individuals and for business entities or trusts to comply with the requirements of this section, with the exception of those deeds which the Attorney General deems necessary when promulgating the affidavit form.

The affidavit is only required for deeds transferring ownership of real estate on or after the November 1, 2023, effective date. It does not apply to deeds filed of record prior to that date nor does it apply to leases or personal property. If the bank is making a purchase money loan for real estate on or after the effective date, it will require that the affidavit be executed by the purchaser and recorded with deed. (Updated November 1, 2023)

I reached out to the Oklahoma Attorney General’s office regarding the affidavit. Drafts of the affidavit are currently being circulated. They anticipate the affidavit form will be finalized shortly and will be available to view next month. Expect an update with the link to the affidavit in a future article.

Title 12 – Garnishment Forms

Effective November 1, 2023, the Oklahoma garnishment forms, i.e., affidavits, pre- and post- judgment garnishment summonses, garnishee’s answer, etc., will be under the purview of the Oklahoma Bar Association rather than the Administrative Office of the Courts. Inasmuch as the garnishment statutes themselves did not have any substantive changes, there should be no changes in the forms themselves.

I worked with the Administrative Office of the Courts in amending the forms in 2011 when the Garnishment of Accounts Containing Federal Benefits rule became effective. I was also involved in changes to the garnishment summonses with regard to the amount and time of payment of the garnishment fee when a federally regulated financial institution is the garnishee as provided under § 1190 of Title 12 in regard to legislation effective November 1, 2016, and November 1, 2022. I have reached out to the Oklahoma Bar Association to find out who specifically is in charge of the forms.

Title 43A O.S. § Section 10-111.1 – Vulnerable Adult Abuse, Neglect and Exploitation Report

Elder financial exploitation has been the topic of three OBA Legal Briefs articles: July 2006, June 2007, and July 2008. These are available to read online on the OBA website.

• 10-111.1 was added to the Oklahoma statutes in 2018. The statute as amended requires the Office of the Attorney General to maintain the Vulnerable Adult Abuse, Neglect and Exploitation Report accessible to the public on the Internet in an electronic format that is easily and readily searchable to include persons found guilty by a court of law or who have entered a plea of guilty or nolo contendere (Latin for “no contest”) to a charge of abuse, neglect, or exploitation of a vulnerable adult. The Report will provide the full name of the offender, information necessary to identify the individual, information regarding the case regarding convictions and confessions made in a court of law, and the date the offender was convicted or pled guilty or no contest. The Report is required to be updated quarterly.

The Oklahoma Uniform Power of Attorney Act that became effective November 1, 2021, which is covered in the September and October 2021 OBA Legal Briefs, requires banks to accept an acknowledged Power of Attorney (signed by the principal in the presence of a notary). There are six exceptions, one of which stated in § 3020 of the Act:

“The person makes, or has actual knowledge that another person has made, a report to the Adult Protective Services office stating a good-faith belief that the principal may be subject to physical or financial abuse, neglect, exploitation or abandonment by the agent or a person acting for or with the agent.”

Title 58 O.S. § 1252 – Transfer-on-death (“TOD”) deeds

Oklahoma has allowed Transfer-on-Death-deeds since November 1, 2008, (see August 2008 OBA Legal Briefs), but the statute has had a few amendments over the years. Additional changes were made this last legislative session. The amendments are effective November 1, 2023.

TOD Deeds convey any estate or interest in, over or under land, including surface, minerals, structures and fixtures. The signature, consent, or notice to a beneficiary or beneficiaries is not required prior to the owner’s death.

Subsection C. is amended and provides:

A designated grantee beneficiary may accept real estate pursuant to a transfer-on-death deed only on behalf of himself, herself, or a legal entity over which he or she has proper authority. A beneficiary shall not accept such real estate on behalf of another designated beneficiary.

Subsection D. is amended to require:

Each designated grantee beneficiary wishing to accept real estate pursuant to a transfer-on-death deed shall execute an affidavit affirming:

1. Verification of the record owner’s death;
2. Whether the record owner and the designated beneficiary were married at the time of the record owner’s death; and
3. A legal description of the real estate.

Former Subsection D. is now E.:

1. The grantee shall attach a copy of the record owner’s death certificate to the beneficiary affidavit. For a record owner’s death occurring on or after November 1, 2011, the beneficiary shall record the affidavit and related documents with the office of the county clerk where the real estate is located within nine (9) months of the grantor’s death, otherwise the interest in the property reverts to the deceased grantor’s estate; provided, however, for a record owner’s death occurring before November 1, 2011, such recording of the affidavit and related documents by the beneficiary shall not be subject to the nine-month time limitation. Notwithstanding the provisions of Section 26 of Title 16 of the Oklahoma Statutes, an affidavit properly sworn to before a notary shall be received for record and recorded by the county clerk without having been acknowledged and, when recorded, shall be effective as if it had been acknowledged.

Subsection F. is new:

1. A beneficiary affidavit recorded pursuant to this section before November 1, 2023, in which one or more, but not all, named beneficiaries of a transfer-on-death deed explicitly accept the interests being conveyed by the deed on behalf of all or some of the beneficiaries named shall be effective to accept such interests if executed by at least one of the named beneficiaries accepting such interests.

The real estate interest conveyed by a TOD Deed taken by the beneficiary/beneficiaries is subject to the bank’s existing mortgage.

Title 42 O.S. § 91 – Personal property liens

I last covered changes to this statute in the December 2014 OBA Legal Briefs, much of which remains unchanged.

This section applies to every vehicle, all-terrain vehicle, utility vehicle, manufactured home, motorcycle, boat, outboard motor, or trailer that has a certificate of title issued by the Oklahoma Tax Commission/Service Oklahoma or by a federally recognized Indian tribe in the State of Oklahoma.

The special possessory lien provided under this section will have priority over any perfected liens (e.g., lien entries and other lien claimants), ONLY if the lien claimant strictly complies with ALL applicable provisions of § 91 with regard to submission of claim and documentation, notice and mailing requirements to owner and other lien holders with regard to the lien, as well as notice of sale. If the lien is denied, the claimant may resubmit its claim once within 15 business days of denial. One change to the existing statute is when the possessory lien claimant has been in possession of the property for at least 21 days before the Notice of Sale is to be mailed. The second change is that proceedings for foreclosure in 20 days after the lien accrued, except as provided elsewhere by Oklahoma law.

RESPA – Section 8

By Andy Zavoina

In December 1974 Public Law 93-533 was passed. That may not mean much to you initially, but Section 8 of that law is very meaningful. In short, I’m referring to Section 8 of the Real Estate Settlement Procedures Act (RESPA). I’m not sure why we commonly reference the section of the actual law instead where there is a violation instead of Reg. X where we study it and read about the restrictions, but at times it is good to go to the roots of the law and see what it says. The law and the Reg follow each other closely in this section, which is implemented in § 1024.14 of Reg. X. Briefly, it prohibits a person from giving or accepting anything of value for referrals of settlement service business related to a federally related mortgage loan. It also prohibits a person from giving or accepting any part of a charge for services that are not performed. These are also known as kickbacks, fee-splitting and unearned fees.

Penalty Overview: Violations of Section 8 are subject to criminal and civil penalties. A person who violates Section 8 may be fined up to $10,000 and imprisoned for up to one year. In a private lawsuit a person who violates Section 8 may be liable to the person charged for the settlement service an amount equal to three times the amount of the charge paid for the service.

Background: When you search on “Section 8” or “kickbacks” you will find many resources including those from real estate brokers and Realtors. I am not a Realtor but those I know have all been trained on Section 8. “Thou shall not give, nor receive” and the emphasis is on any gift that could be construed as an incentive for a mortgage referral. The law aims to punish both sides of that violation because it is intended to protect the third party in this, the consumer – the borrower in these transactions.

If Lender A pays Realtor B to send business its way, Lender A gets more business but now has more costs. Lender A has to recover these costs and that would be compensated for by higher fees charged to Borrower C. This makes the loans less affordable. That is why we have this section of law and regulation. The common issues that promote discussions on Section 8 are inadvertent violations. That is, things not truly intended to violate the rules but at face value, may.

Lender A is at lunch and sees his friend, Realtor B. They chat about the Friday night football game the whole town is excited about and about business. If Realtor B mentions, “hey, I have a prospect you may be interested in. They just moved to this area, and I found them a great house. Qualifying for a new mortgage is hard, though, because of his new job.” Lender A is always looking for mortgage production and a new depositor prospect is icing on the cake. Lender A picks up the lunch tab. Is that a kickback, a Section 8 violation?

At other times, the violations appear concrete and completely justified. Let’s examine the August 17, 2023, Consent Order between the Consumer Financial Protection Bureau (CFPB) and Freedom Mortgage Corporation, (Freedom), File No. 2023-CFPB-0008. This is a case of both giving and receiving so we will include an examination of a separate Consent Order (File No. 2023-CFPB-0009) against Realty Connect USA Long Island, Inc. (Realty Connect) issued on the same day.

Section 8 violations do not appear to be common as this was the first for the CFPB since 2017, but it was egregious, as you will see. The CFPB is not the only agency looking at RESPA rules and compliance with them, however. The Federal Deposit Insurance Corporation (FDIC) published its Consumer Compliance Supervisory Highlights, in March 2023. It stated, “In 2022, the FDIC identified RESPA Section 8(a) violations where a bank contracted with third parties that took steps to identify and contact consumers in order to directly steer and affirmatively influence the consumer’s selection of the bank as the settlement service provider. In some cases, this process involved the third party calling identified consumers and directly connecting and introducing them to a specific mortgage representative on the phone. This process is often referred to as a “warm transfer.” In other cases, the process involved operation of a digital platform that purported to rank lender options based on neutral criteria but where the participating lenders merely rotated in the top spot. Although each case is fact specific, indicators of risk in these arrangements include a third party that does one or more of the following activities:

• Initiates calls directly to consumers to steer them to a particular lender;
• Offers consumers only one lender o will only transfer the consumer to one lender;
• Describes the lender in non-neutral terms such as preferred, skilled, or possessing specialized expertise;
• Receives payment from the lender only if a “warm transfer” occurs; or
• On a consumer-facing digital platform that purports to rank settlement service providers based on objective factors, includes providers that pay to take turns appearing in the top spot in a round-robin format.

Payment for activities that go beyond the simple provision of a “lead” may be improper payment for referrals when the activity affirmatively influences the consumer towards the selection of a particular lender. The warm transfers were of particular interest in the report.

Consent Orders: Let’s review the specific compliance issues in the two consent orders, but first an attention getter – the Consent Orders provide for civil money penalties of $1.75 million against Freedom and $200,000 against Realty Connect, along with other compliance obligations. While each party has its own obligations to adhere to RESPA and Reg. X, one is not doing the other any favors with enticements that lead to long term and expensive problems such as these enforcement actions.

The period during which these actions took place began in January 2017 and essentially extends to August 2022. The focus was on Freedom’s “Traditional Retail Unit,” which was part of Freedom until about August 2021, and then these activities were conducted through a former subsidiary, RoundPoint Mortgage Servicing, Inc. The traditional retail unit was one in which loan officers went directly to real estate brokers and agents to obtain new loans.

Issue One: Freedom paid for subscription services and gave real estate agents and brokers (collectively “brokers”) free access. These were professional publications which offered useful information to the brokers concerning property reports, comparable sales, and foreclosure data in their markets. For RESPA this was a “thing of value,” as the retail cost would be $300 per month for this service. While the Realty Connect Consent Order states more than 100 of its brokers accepted this service, (Freedom’s cost based on a retail subscription would be $30,000 per month) the Freedom Consent Order indicates over 2,000 brokers accepted subscriptions. (Perhaps that was different brokers over a period of time and perhaps Freedom had a multi-user license at a lower cost. Still, a “thing of value” is based on the retail value.)

Issue Two: Freedom sometimes required brokers to be paired up specifically with an individual in the Traditional Retail Unit and this also influenced that broker’s access to the valuable subscription service. These brokers made more than 1,000 mortgage referrals and it was a quid pro quo arrangement, according to the Freedom Consent Order. Realty Connect’s Consent Order indicated more than 400 referrals were made during the period reviewed which affirms there were issues with other brokers as well.

Issue Three: From at least July 2017 through 2022, Freedom hosted and subsidized events for certain real estate brokers and agents. This included food, beverages, alcohol and entertainment. Freedom also gave away free tickets to sporting events, charity galas and other events that would each have had a cost had the brokers paid their own way. Some of these events cost Freedom thousands of dollars and more. One event paid for by Freedom and held at a restaurant and bar cost them more than $6,300 as it included rented sports simulators. There were fifty brokers there because they referred the most mortgage loans to Freedom and new brokers were also in attendance in a recruitment effort by Freedom to develop more referral brokers.

Freedom denied requests for event sponsorship from brokers who did not refer mortgage business to its loan officers.

These activities were viewed as part of a pattern, practice, or course of conduct of giving things of value to create, maintain, and strengthen mortgage referral relationships. It clearly went beyond mere business development.

Issue Four: in October 2020, the CFPB produced a guidance document to clarify its position on Marketing Service Agreements (MSAs) and Section 8 practices. An MSA involves two or more parties whereby one agrees to market or promote the services of another and receives compensation for the work provided. A lawful MSA is an agreement for the performance of marketing services where the payments under the MSA are reasonably related to the value of services actually performed.

Freedom had marketing agreements with over forty real estate brokerages. Payments varied but ranged from a few hundred to several thousand dollars per month. The total amount Freedom paid under its MSAs during the period reviewed here was approximately $90,000 per month.

One agreement included promotion rights by Freedom to the brokers at Realty Connect. Freedom was allowed to have its loan officers promote themselves at Realty Connect internal meetings and to allow those lenders to email the brokers directly as “referral partners.”  It was also agreed that Freedom would host at least one training event for Realty Connect’s brokers at least quarterly to maintain and increase the referrals from those brokers.

The MSA with brokerages, of which Realty Connect was one, required brokerages to provide marketing services. Realty Connect received $6,000 per month from Freedom under the MSA from January 2017 to December 2022. This equates to $432,000 for marketing services.

Realty Connect failed to execute many of the marketing tasks required by its MSA with Freedom. Realty Connect was to send 15,000 marketing emails each month, allocating 50% of the content to Freedom. Realty Connect sent no marketing emails at all. The MSA required Realty Connect to maintain three “physical locations showing video loop or kiosk advertising” for Freedom. Realty Connect had no video loops or kiosks. And the MSA required Realty Connect to create an average of 75 property websites per month showing Freedom’s content, but it never created any property websites.

As further demonstration that the MSAs were a sham to pay for referrals and not generally advertise for Freedom, the Realty Connect Consent order provides an example between a loan officer and broker in which a lender was to help promote a Realty Connect open house. The lender said, “I want to continue to help you with this, do you think on your listing you can try to get me some referrals to work with?” The agent replied, “I have recommended you many times—Gave them your info on the last two sales.”

Additionally, Freedom had its own professional design team to create the marketing copy it advertised with, including co-branded mailers and open house flyers. Freedom also owned and operated its own print shop that created the hard copies it used as advertisements. Freedom essentially created and produced its own advertisements and was not using the services the MSAs called for. Realty Connect’s actual role in the marketing activities was limited to offering minor design suggestions and it paid the postage for the co-branded mailers. The monthly $6,000 fee was excessive compensation for the services actually performed.

Freedom also encouraged those brokerages with MSAs to use a third-party smartphone app, which Freedom’s loan officers would share with the brokers. The brokers would then share the app with their clients. The app then featured the Freedom loan officer’s headshot and Freedom’s logo at the top, and included buttons where the client could directly contact the loan officer for assistance. It is inferred that this proprietary app is considered akin to a direct referral by the CFPB, although I have seen no specific guidance on this.

Some brokers who worked with Freedom and its MSAs received direct payments. This also emphasized to the CFPB that the MSA was a method to pay compensation for referrals and not for advertising.

Closing: Additional requirements in the Consent Orders require that there be no further Section 8 violations. I used to think it made no sense for an enforcement order to say “for the next 3 years you cannot violate Section 8…” as an example. There was never any inference that anyone could. But if there is a subsequent violation, it is not only a repeat violation but violates the enforcement action they specifically agreed to, allowing even more charges to be added to a new action. Additionally, the Consent order emphasizes that the Board of Freedom has the ultimate responsibility for compliance and the board must review all the plans and reports required in the Consent Order. It is putting them on notice. There are accounting and reporting requirements and additional prohibitions placed on things related to Section 8. One year from the Consent Order a detailed report has to be filed with the CFPB describing its progress. It also states that in the event the company is sold, the purchaser must agree to the terms of this Consent Order, effectively removing the possibility of a reorganization by the same or similar ownership attempting to dodge these restrictions and requirements.

Section 8(c) of RESPA does describe allowable payments as it states, “Nothing in this section shall be construed as prohibiting (1) the payment of a fee (A) to attorneys at law for services actually rendered or (B) by a title company to its duly appointed agent for services actually performed in the issuance of a policy of title insurance or (C) by a lender to its duly appointed agent for services actually performed in the making of a loan, or (2) the payment to any person of a bona fide salary or compensation or other payment for goods or facilities actually furnished or for services actually performed.”

The FDIC in its Consumer Compliance Supervisory Highlights referenced earlier also noted five things that banks can do to mitigate risks associated with Section 8 violations.

1. Train applicable staff on what is permitted to generate leads, and what is prohibited and would be an illegal referral.
2. The lenders and management need to review any referral program the bank is participating in to clearly understand the functions of the program and any cost structure and cost justification.
3. Management must develop policies and procedures which strictly comply with the regulatory requirements in Reg. X and RESPA as to programs designed to generate leads.
4. Require loan officers to report annually the established relationships that are used for mortgage loan generations and new ones which develop, so that they may be reviewed and approved by management.
5. The bank must impose controls to monitor lead generation activities for compliance with the bank’s policy and procedures as well as RESPA and Reg. X.

• HMDA Analysis
• Personal Responsibility
• Forms Update

HMDA Analysis

By Andy Zavoina

If your bank is a reporter under the Home Mortgage Disclosure Act (HMDA), you may well have some work to do if you have not already done some or all of this. On June 29, 2023, the Federal Financial Institutions Examination Council (FFIEC) announced the availability of data on 2022 mortgage lending transactions reported under HMDA. This HMDA data is the largest source of publicly available data on mortgage lending in the United States. If your bank is reporting, your data is here. Other banks in your geographic areas who report also have data here. Banks outside your area which may be similar to yours, yes, that data is here too. It is all available and can more easily than ever before be analyzed. This article is a discussion on why — and a little bit of how — to analyze your data and that of your peer banks.

Years ago, the system was far less automated than we have today. When the HMDA data came out it was sent to central repositories. In my case it was held as reference material in the local public library which happened to be a few blocks from the main branch I was working out of. It was set up by Metropolitan Statistical Area (MSA) and was a treasure trove if you knew what you wanted to do with it.

When teaching compliance management, I often say compliance is not a cost center as it is often described, but a resource because it touches so many areas in the bank. In this case you are touching on loan production, and you can compare your bank’s production against that of your peers. Management likes to know how the competition is doing and you can compare apples to apples, at least as far as HMDA reportable loans are concerned.

Your Marketing area can use this data to see what type of applicants for HMDA loans it is attracting and where these applicants may be from as well as where they want to move to. Consider the ways you can use this data. You can easily build a picture of who your applicants are and where they live. That means you also know the areas they are not living in, and this is what can help Marketing redirect advertising campaigns if those are areas you need or want to market to. This information is data gold for Marketing and management as well, and you have it all available right now.

You can plot where the mortgage loans (so long as they are HMDA reportable, so not everything, but a lot) are not just for your bank, but for all those peer lenders in your area as well. And you can reach farther if desired. One of my banks was a military bank. We had borrowers literally all over the world and, while it was less common than say a car loan, we did some mortgage financing all over the country. Other military banks may be doing the same. It is often difficult to get a lot of data about your peer banks when they happen to be across the country from you, but as a military bank, they were our peers, and it was important to understand how my numbers compared to theirs. We recognized that there were different markets and quite different conditions, yet when it came to the Community Reinvestment Act (CRA) this was a comparison you wanted to be aware of. Were our numbers close to our peers or far different – and in either case why? When you compare your loan volumes to your peers, and when you understand the different lending strategies of these other lenders, it helps set benchmarks and goals as well as to understand your own loan patterns.

Again, when you know to whom you are lending, you also know those to whom you are not lending. Are your numbers good or bad when you look, for example, at racial demographics? When you ask in the loan committee meeting why (as a hypothetical) there were so few loans to Blacks and the response is there are few Black applicants applying, it sets off questions such as:

• Are we marketing to areas of a majority minority?
• Are we trying to reach this demographic in targeted ads? Why or why not?
• What percent of our applicants were Black?
• What percent of our Black applicants were approved, denied, withdrawn, or closed for other reasons?
• And if there is a level of complacency with those figures, next compare yourself to those peer banks’ lending in the same area, to the same would-be home buyers.

When it comes to fair lending justifications of your bank’s actions, read fair lending enforcement actions, and learn how regulators and the Department of Justice (DOJ) attorneys compare the results of your bank to peer banks. As one example, consider when the Consumer Financial Protection Bureau (CFPB) and the DOJ took action against Trident Mortgage Company LP (Trident) under the Fair Housing Act (FHA), the Equal Credit Opportunity Act (ECOA),  and Regulation B, as well as the Consumer Financial Protection Act of 2010 (CFPA) (also referred to as Unfair, Deceptive, or Abusive Acts or Practices (UDAAP)) to remedy discrimination in Trident’s mortgage lending. There were many problems with Trident, and we covered many of the problems in last April’s edition of the Legal Briefs. Here is a snippet from that edition to emphasize the points of this HMDA analysis.

Trident received 80 percent of its mortgage applications for properties located in that MSA its defined as its market area. But the actual loan distribution pattern showed a disproportionate number in the majority-white areas. As a foundation there was the selection of office locations and limited outreach and marketing which led to these lending patterns which are confirmed by HMDA data. One must ask, “was this a choice?” When comparing HMDA data, Trident significantly underperformed its peer lenders in generating home mortgage applications from majority-minority neighborhoods and the disparity between the rate of applications generated by Trident and by its peer lenders from majority-minority neighborhoods and high-minority neighborhoods was both statistically significant.

Of the nearly 31,000 applications on the HMDA reports from 2015 through 2019, 12 percent came from majority-minority areas. Peer lenders generated 21.5 percent of their 135,000 applications. The disparity was seen year after year. In in high-minority neighborhoods, Trident showed 4.1 percent of its applications as coming from high-minority areas, compared to 10.8 percent of its peer lenders.

Trident significantly underperformed its peer lenders in making home loans in majority-minority neighborhoods as well. The complaint notes that, “…of the 22,960 HMDA-reportable loans Trident made for single family dwellings from 2015 through 2019 in the Philadelphia MSA, 11.7% came from residents of majority-minority areas. By contrast, Trident’s peers made 16.2% of their 50,060 loans from these same majority-minority neighborhoods.” And only 3.7 percent of Trident’s loans were made in high-minority areas, while peer lenders made 6.9 percent of their loans in these same areas.

Enforcement actions are a good “go by” for the type of analysis done when lending is questionable. CRA Public Evaluations are another resource not only for key analytics, but also for comments as to what was good, bad and ugly. Remember that HMDA analysis is a basis for fair lending examinations which are a foundation for your next CRA exam. When you can identify weaknesses in your numbers, you can proactively impose corrective actions, and this demonstrates to examiners reviewing your bank’s lending activity and your compliance program that you are aware of and managing the processes.

The data available will help show whether your lenders and therefore your bank are serving the housing needs of the communities you serve as your market area. It includes information that helps management make recommendations to the board on decisions and policies and draws attention to your lending patterns that could be discriminatory. Your bank, as a HMDA filer, recorded up to 110 different data points for each HMDA applicable mortgage application received on a Loan Application Register (LAR). What you have in your bank is your complete LAR. In March, the FFIEC provided your bank with a modified, or sanitized, LAR. The modified LAR data provides information from the most current HMDA submission that was required to be submitted essentially a month earlier, by March 1, of each year. This modified LAR is available to the public, and to your bank and your peer banks who are also evaluating your bank’s performance. Section 1003.5(c) of Regulation C requires that you post, “a written notice that clearly conveys that the institution’s loan/application register, as modified by the Bureau to protect applicant and borrower privacy, may be obtained on the Bureau’s Web site at www.consumerfinance.gov/hmda.” The publicly released data excludes or modifies several data points reported by all the institutions submitting LAR data, such as the universal loan identifier, the date the application was received or the date shown on the application form, the address of the property, the credit score or scores relied on in making the credit decision, and any applicant or borrower ethnicity free-form text field. In theory this makes it difficult to review entries and identify a particular applicant and therefore data about that applicant which is protected by privacy laws. Others have pointed out faults in this system as deeds are public documents and with a little work a knowledgeable person can connect many dots. Connecting those dots is not the point of this article, but rather what you can do with the LAR data to analyze the mortgage lending picture your lenders are painting and how you compare to peer banks.

So, where would you find HMDA data now that the old central repositories are automated? HMDA data is available at https://ffiec.cfpb.gov/. You can also find a HMDA Data Browser at https://ffiec.cfpb.gov/data-browser/ which will help you filter any and all of the LARs that were submitted. In June 2022 the CFPB published, “A Beginner’s Guide to Accessing and Using Home Mortgage Disclosure Act Data” which you can find online here, https://files.consumerfinance.gov/f/documents/cfpb_beginners-guide-accessing-using-hmda-data_guide_2022-06.pdf. In addition to background HMDA information, this is a step-by-step guide on how to filter the data to extract just what you want to know. In computer coding there is an old adage, garbage in – garbage out,” meaning you can get out what you put in. Your LAR has that “up to 110 data points” mentioned already. Data for your peers is modified information but as said earlier, it is still especially useful to management, Marketing, those working on your bank’s strategic plan, everyone analyzing fair lending and certainly Compliance. A sound recap and analysis of the data available will be a compliance value-added exercise to the bank for the information you need to know anyway.

Review the Beginner’s Guide mentioned just above as it takes a user through the steps to apply the filters and it has additional instructions with graphics to help you use Excel and Pivot Tables to get the most out of your analysis. In total this is a 29-page PDF that will help ignite your analytical curiosity and provide needed information to your bank. Compare your results, especially those government monitoring demographics, to the breakdown for your market areas. That is, if your area is X percent white, Y percent Black and Z percent Asian, how do your applications correlate to those numbers, and your approved loans, and do not forget the denials and withdrawn applications. Based on the HMDA data tables available annually from the CFPB and ideas of key data points gleaned from enforcement actions and CRA Performance Evaluations, choose the data you want to focus on.

While you can do peer comparisons only annually, you can track your bank’s progress using quarterly updates to further refine corrective actions. Then determine how your numbers compare to peers. Does this analysis indicate strengths, weaknesses, and areas upon which you can improve? The lending data you arrive at should influence or confirm what you are doing with marketing activities, lending policies, and exceptions being made, and may shed light on complaints.

Here are some high-level observations about the 2022 HMDA data that are of interest.

• The 2022 LAR data includes information on 14.3 million home loan applications.
• 5 million applications (82 percent) were for closed-end credit, while 2.5 million (18 percent) were for open-end products.
• As to the aggregate demographics of the borrowers’ race and ethnicity, the portion of closed-end home purchase loans made to Black borrowers rose from 7.9 percent in 2021 to 8.1 percent in 2022. The portion made to Hispanic borrowers decreased slightly from 9.2 percent to 9.1 percent, and those made to Asian borrowers increased from 7.1 percent to 7.6 percent.
• In 2022, Black and Hispanic applicants experienced denial rates for home purchase loans of 16.4 percent and 11.1 percent respectively, while the denial rates for Asian and non-Hispanic White applicants were 9.2 percent and 5.8 percent, respectively.

After management has had an opportunity to study the data, your board of directors should receive a high-level summary of where you are and where the data will be taking you. This is an opportunity to influence the confidence they have in your abilities and the resources available for your compliance management program.

Personal Responsibility

By Andy Zavoina

If you have taught regulatory requirements before, you likely mentioned the potential penalties for noncompliance. As an example, Reg B has penalties for noncompliance in § 1002.16(b) that include Actual damages in individual or class actions – without a limit, and Punitive damages in individual or class actions, where liability for punitive damages is limited to $10,000 in individual actions and the lesser of $500,000 or 1 percent of the lender’s net worth in class actions.

By the time an instructor gets to this part of the presentation the listener’s eyes are glazing over and they hear Charlie Brown’s teacher saying, “never has happened, don’t worry, the bank gets penalized not the employee or officer.” But that is not always the case, and it is often wise to remind everyone of that, from the newest teller to that longest-standing director on the board. Everyone in the bank is responsible for ethical behavior and compliance. And while everyone has a boss they report to, I remind officers of a bank that they work for the bank, and not necessarily for their boss. This is especially important for those in the role of auditor and those responsible for compliant and ethical performance evaluations. Just as in the military, we follow instructions, but we also trust that no “illegal” orders will be given.

It may have seemed harmless initially, but let’s look back at Wells Fargo for a moment. A few years ago, Wells Fargo’s troubles really came to the forefront when the bank was accused of, among other things, opening accounts for consumers without those consumers’ requests or consents. At the center was a push to meet lofty sales goals. In September 2016, the bank agreed to pay a $185 million fine and return $5 million in fees wrongly charged to customers. The problem originated with bank employees allegedly opening more than two million deposit and credit card accounts without customers’ permission. Wells Fargo’s ex-CEO John Stumpf apologized during a congressional hearing in which he accepted the blame saying, “I accept full responsibility for all unethical sales practices.”  In the long term, however, 5,300 Wells Fargo employees lost their jobs because of the practices employed.

A personal observation of mine was that because the employees created the accounts without authorization and moved deposits to and from the accounts to activate them, I could have seen a case for identity theft and fraud against those employees. Thankfully, I never heard of that happening and the root of the problem was not the employees’ actions, but the push to meet goals and the potential that “illegal orders” were given or at least insinuated. Here are three examples of how unethical sales practices sprang from minor unethical compromises.

1. A new accounts representative is under pressure to meet sales goals and pushes a customer to add a credit card, even though the rep knows it’s not in the customer’s best interest and was not requested.
2. As the month progresses, the rep is short of the goal and asks friends and family to open new accounts. These accounts served one purpose – to inflate account production numbers. In reality, the bank staff spent time programming these new accounts which were closed shortly thereafter, and the cost was greater than the income that was never produced.
3. With the account production goal still out of reach, the rep opens accounts without asking customers and transfers a small amount of money. These accounts are also closed shortly after opening and the money is transferred back. Customers may question what happened but when they see the funds transferred back, why frustrate themselves by calling the bank to complain and inquire as to what happened?

But to be clear, Wells Fargo was not alone, they were just the first big bank to gain national coverage for unethical and illegal practices surrounding creating deposit and credit accounts that were not requested by the consumer’s whose names they carried. Fifth Third was accused of this and In March 2020 the CFPB initiated a suit against that bank. The complaint alleged that Fifth Third’s cross-selling practices, which included sales goals and an incentive-compensation program, caused Fifth Third’s employees to open new consumer accounts for existing customers without their knowledge or consent. The CFPB alleged that such conduct in certain respects was unfair and abusive (yes, a UDA(A)P issue) and that issuing unauthorized credit cards and opening deposit accounts without required disclosures violated Reg Z and Reg DD.

Fast forward to July 2023, when the OCC and CFPB ordered Bank of America to pay $100M in consumer redress and $150M in fines for and an out-of-control incentive program that resulted in unauthorized account openings, credit reports, etc., which is a basic rehash of the problems at Wells Fargo and Fifth Third. These were not the only issues, as the Bank of America action also cites junk fees relating to multiple presentments of NSF items and for mismanagement of credit card systems. As it typically happens, many regulatory and ethical violations are part of a snowball that grows as the investigation continues and additional violations are uncovered or found to have evolved, such as the failure to make disclosures on an account that was fraudulently opened anyway.

Let’s look closer at one case of a former executive involved in the Wells Fargo case. Carrie Tolstedt was an executive, or THE executive, accused of overseeing programs that resulted in the millions of fraudulent customer accounts at Wells. In March 2023, she agreed to plead guilty to criminal charges which could impose actual prison time. In her agreement with the court, she will serve a 16-month prison sentence for obstructing regulators’ investigations into abusive sales practices that culminated in the bank paying what has turned into billions of dollars in fines. Tolstedt also agreed to pay a $17 million fine in a separate settlement with the OCC that also bans her from working again in the banking industry. BankersOnline covered this in its Top Story at https://www.bankersonline.com/topstory/173048.

Tolstedt was not alone in the list of executives who fell as a result of the new account production goals that were virtually unattainable. These goals were emphasized with a slogan of “eight is great.” That was, each customer should have eight separate accounts at the bank. Why eight? It was said that was selected because it rhymed with “great.”

Take a moment to look at your product offerings and try to determine what sales techniques you could use to accomplish this. Now reconsider it as if your job is on the line as it was for the 5,300 former employees who talked of supervisors screaming at them to meet the goals. They were told if they could not meet their goal, they would be working at McDonald’s. Those missing goals would have what was essentially an after-school detention and were often tasked with “call sessions” on Saturdays. Presumably, these sessions were to make calls and hone sales skills. Employees in many cases either reverted to unethical and illegal techniques or were embarrassed in front of their peers, demoted, or fired. In the three-step process to meet goals, consider that some new accounts reps were able to meet goals. Now the pressure was up because others had to employ the same tactics. And that culture fed on itself and has caused huge fines to be imposed as well as direct personal responsibility. Goals should be realistic, and rules should be well known and to police the rules, controls must be in place.

Forms Update

By Andy Zavoina

We are in the heat of summer as this edition of Legal Briefs goes to the presses, but it is a perfect time to get a pesky change out of the way. Often this might be something to do at year end, but as some banks prepare for 1071 changes, and the normal year-end tasks followed by HMDA submissions will all be coming about at the same time, why wait? These changes impact Reg B’s Adverse Action Notices, some Fair Credit Reporting Act disclosures, and a bit of Reg E. There were several others, but we will cover in detail what impacts our banks.

If you use preprinted forms that will change, you will want to use up any supply and not reorder any bulk that may not be used by the mandatory compliance date. You will want to get the new addresses on your next order. And if you need to have a forms vendor program the changes, well, they will be busy at year-end and beginning of 2024 too, so just get this out of the way so you can enjoy summer.

Change management is what I’m speaking of and notices – disclosure changes. On March 20, 2023, the CFPB published a Final Rule in the Federal Register. Look for Vol. 88, No. 53, Monday, March 20, 2023, and page 16531 if you want all the details. The “Regulations” pages on BankersOnline.com also reflect these changes. These were considered non-substantive corrections and updates. The “Cliff Notes” version of the changes simply tells you that some regulatory agencies have had address changes for notices you provide to your customers and those disclosures and notices need to be corrected. The effective date for optional compliance has passed. It was April 19, 2023, so you may comply now, but compliance with these changes is not mandatory until March 20, 2024. Again, why wait and risk this falling through the cracks?

Reg B and Adverse Action Notices
The most significant change for banks is under Reg B. Appendix A, which lists contact information for the CFPB, OCC, FDIC, National Credit Union Administration (NCUA), Federal Trade Commission (FTC), and other agencies. (The Federal Reserve is listed but did not change.) This contact information listed must be included in Reg B adverse action notices. This is separate from the FCRA disclosure many banks have combined onto the Reg B, adverse action notices. The two are called the same thing but have different disclosure rules and content. The FCRA notice on Reg B’s forms has not changed, although there is an FCRA change noted below.

The OCC regulated institutions should be showing the following:

Office of the Comptroller of the Currency
Customer Assistance Group
P.O. Box 53570
Houston, TX 77052

The FDIC regulated institutions should be showing the following:

Division of Depositor and Consumer Protection
National Center for Consumer and Depositor Assistance
Federal Deposit Insurance Corporation
1100 Walnut Street, Box #11
Kansas City, MO 64106.

The CFPB regulated institutions should be showing the following:

 Bureau of Consumer Financial Protection
1700 G Street NW
Washington DC 20552

And without change but for the record and accountability in case you want to check, the FRB regulated institutions should be showing the following:

Federal Reserve Consumer Help Center
P.O. Box 1200
Minneapolis, MN 55480

Interpretations
The CFPB also corrected its contact information in Reg B’s Appendix D, for the process for requesting official CFPB interpretations of Reg B. The same address below is applicable for Reg E interpretations. The difference between the old and new addresses was a change in the ZIP code.

A request for an official interpretation should be in writing and addressed to:

Assistant Director, Office of Regulations,
Division of Research, Monitoring, and Regulations,
Bureau of Consumer Financial Protection,
1700 G Street, NW
Washington, DC 20552

Fair Credit Reporting Act
In Reg. V and the Fair Credit Reporting Act (FCRA), the CFPB amended the model form in Appendix K for the “Summary of Consumer Rights” to correct the contact information for various agencies, including the OCC, FDIC, and NCUA. Those addresses are on the form itself. A Word version is in a link on the BankersOnline, Regulations page. Consumer reporting agencies must provide the Summary form when making written disclosure of information from a consumer’s file or providing a credit score to a consumer. Most importantly, this Summary must also be provided by Human Resources at your bank, before obtaining  an investigative consumer report (under 1681d(a)(1)), and with pre-adverse action notices for employment purposes (under 1681b(b)(3)). As Compliance and/or Internal Audit complete a periodic FCRA audit this is one of those potential “gotchas” you want to look at to ensure the procedures are correct for providing these notices if someone is denied employment or a promotion, as examples, based on a credit report.

Real Estate Settlement Protections Act
In Reg. X, the Real Estate Settlement Protections Act (RESPA), the CFPB has corrected its contact information in the definition of “Public Guidance Documents” in section 1024.2(b) and in the introductory section of Supplement I, which provides the procedure for requesting copies of public guidance documents from the CFPB and the procedure for requesting official CFPB interpretations of Regulation X.

Truth in Savings Act
In Reg. DD, and the Truth in Savings Act (TISA), the CFPB has corrected its contact information in Appendix C, which provides the procedure for requesting a determination from the CFPB regarding whether a state law is inconsistent with TISA and Regulation DD.

Truth in Lending Act
In Reg. Z, the Truth in Lending Act (TILA), the Bureau has corrected its contact information in Appendices A, B, and C which provide the procedures for requesting a determination from the CFPB regarding whether a state law is inconsistent with or substantially the same as TILA and Reg Z, the process for a state to apply to the CFPB to exempt a class of transactions from TILA and Reg Z, and the process for requesting official CFPB interpretations of Reg Z.  In Appendix J, the CFPB has corrected its postal address for requests to the CFPB for APR calculation tables and to add a URL on its website at which the tables can be accessed.