Saturday, November 23, 2024

Legal Briefs

March 2022 OBA Legal Briefs

  • The Beneficial Ownership Rule hasn’t gone away
  • UDA(A)P is becoming all the rage!

The Beneficial Ownership Rule hasn’t gone away

By John S. Burnett

The Corporate Transparency Act of 2021 (CTA) was enacted by Congress on January 1, 2021, as Title XIV of the William M. Thornberry National Defense Authorization Act for 2021, Public Law 116-283. It added a new section 31 U.S.C. 5336 to the Bank Secrecy Act.

The CTA requires that most private domestic U.S. entities formed on or after January 1, 2021, must self-report to FinCEN certain basic information about themselves, their beneficial owners and those individuals authorized to act on their behalf. The stated purpose of the CTA is to “discourage the use of shell corporations as a tool to disguise and move illicit funds” as part of the broader federal attempts to prevent and combat money laundering, tax fraud and terrorist financing.

The CTA requires FinCEN to promulgate regulations implementing the Act. No entity reporting to FinCEN can start until the final implementing regulations are issued and effective, and the structure for that reporting (presumably an online portal and a huge database) is completed.

What’s been completed so far?

FinCEN has begun the process of promulgating the regulations. In fact, FinCEN appears to be moving on the CTA requirements fairly quickly.

On April 1, 2021, FinCEN issued an Advance Notice of Proposed Rulemaking— a form of “heads up” that it was working on the rules and an invitation for stakeholders to offer suggestions and comments on the process.

On December 8, 2021, FinCEN published its proposed rules in the Federal Register [86 FR 69920], with a comment period ending February 7, 2022. There were 250 public comments submitted through Regulations.gov. We don’t know how many comments were sent directly to FinCEN itself.

As of this writing (early March 2022) no final regulation has been issued.

The CTA and financial institutions

Financial institutions have been required since May 11, 2018, to comply with 31 CFR 1010.230 (Beneficial ownership requirements for legal entity customers). The CTA has not changed that fact, and the regulations are still in effect.

It is true that the CTA was enacted with the intent to shift some of the burdens of gathering beneficial ownership information away from financial institutions and make it a government responsibility. It is also true that at some future time — FinCEN has unofficially suggested it will be a year or more after implementation of its final CTA beneficial ownership regulations — there will be a change for financial institutions, which will probably begin verifying entity ownership information against the CTA database, rather than gathering certifications of ownership information repeatedly during the existence of entity customer relationships.

To get to that time, FinCEN will first need to set up a secure and confidential portal through which financial institutions can make those verifications. How that will be done, or what information they will be required to verify, and what will happen if they are not able to successfully verify the information, has yet to be determined.

And yet, we have heard that bank examiners have identified financial institutions that totally misinterpreted — was this wishful thinking? — what FinCEN has so far done as a license to discontinue obtaining beneficial ownership certifications and stopped obtaining them around the time FinCEN announced the December 2021 proposed rule. If it is true that examiners have found financial institutions that made such an error, I can only imagine the sinking feeling the management, BSA officer or compliance officer at those institutions must have had when confronted with their error.

What to do about it

I sincerely hope your institution was not one of those making that mistake. But if it is, it is fortunate that only about three months have passed since the FinCEN proposed rule was published (in December 2021). If that’s when your institution stopped complying with § 1010.230, you can limit the damage by doing a look-back to identify each of the occasions on which you should have obtained beneficial ownership certification (or certification that information you were provided earlier was still correct) and start communicating with the entity customers involved to get those missing certifications.

If, instead, your institution made the wrong decision back in April 2021 when the advance notice of proposed rulemaking was published, you have a bit more digging to do — almost a year’s worth of account openings, renewals, etc.

Don’t assume that, once FinCEN finally eliminates § 1010.230 (remember there will be a different rule replacing it that you will have to follow), it will not matter that your institution jumped too soon to stop complying with § 1010.230. It will matter, so don’t postpone your remedial action to collect those missing certifications.

 

UDA(A)P is becoming all the rage!

By Andy Zavoina

I was recently reviewing enforcement actions published over approximately the last 18 months and saw what I believe is a trend not too many bankers are talking about. As an example, on a mortgage servicing topic the Consumer Finance Protection Bureau (CFPB) used the phrase, “…identified various Regulation Z and Regulation X violations, as well as unfair and deceptive acts or practices.” As past due fees were charged it was noted, “Examiners found that mortgage servicers engaged in unfair acts or practices…” and “Examiners found that lenders engaged in unfair acts or practices when they debited or attempted one or more additional, identical, unauthorized debits from consumers’ bank accounts after consumers called to authorize a loan payment by debit card and lenders’ systems erroneously indicated the transactions did not process.” In this article we will examine in more detail some of these violations that were made public. Like an iceberg, we know there is much more to it that we can not see, and we are not certain how much is there. But we do know we don’t want to run into it ourselves.

First, let’s cover some of the rules involving Unfair, Deceptive, or Abusive Acts or Practices so we can understand how broadly they can be applied in different scenarios.

UDAAP penalties can go up to $5,000 per day and if they are deemed “reckless” violations they could be $25,000 per day. Yes, it gets worse. Knowingly violating UDAAP can run a penalty of $1 million a day. Do we expect to see these maximum penalties? That would be a “no.” But the penalties can be severe. Consider that there are civil money penalties for the violations, and we have seen these go back for years and years.

Say a bank creates an add-on product to a deposit account. This product requires the customer to enroll with the bank and provide some affirmation such as that they are in good health, and they need to sign and return this form. But they fail to do this for one reason or another. The bank was diligent however, in charging the customer each month for a service that was never provided and technically could not be. That is a UDAAP violation. It may violate another law or regulation as well, and that law or regulation may also be referenced, but UDAAP has big teeth as we already mentioned the fines available. Because there seems to be no statute of limitations, UDAAP penalties at only hundreds of dollars a month add up quickly when a problem goes back 5 or 10 years.

“Seems outlandish, never going to happen,” you might say. Consider the penalty assessed against First Tennessee Bank by the Office of the Comptroller of the Currency (OCC). The bank sold an add-on product which required two things from the customer. They needed to enroll, and they needed to provide personal verification information. With this service, they would have credit monitoring services. Customers who failed to provide the verification information for whatever reason were charged a monthly fee for a service that was not performed for them. This penalty was in 2016, and the product was launched in 2000. The bank needed to look at 16 years of records. The bank paid a $1 million civil money penalty.

But UDAAP does not stop there. The CFPB can require that agreements be amended or terminated, that customers are refunded for charges that were improper, that restitution be ordered so that the bank understands the severity of the penalty, that profits from the act in question are surrendered and that the government be repaid for the time and effort put into the case. This is all on top of the work spent trying to review 16 years of files and responding to every customer and former customer who claims to have had that product and wants a refund.

There are some basic things that are considered a UDAP issue (one “A,” which omits “Abusive” which was added by the Dodd-Frank Act and is an addition the CFPB enforces) while prudential regulators still look at the Federal Trade Commission Act Section 5 rules for Unfair or Deceptive Acts or Practices. Some basic issues blatantly considered UDAP include prohibited provisions in agreements:

  1.  a confession-of-judgment;
  2.  a waiver of exemption in which the consumer relinquishes rights protecting their home and other necessities from seizure to satisfy a judgment,
  3. a n assignment of wages; and
  4.  the taking of household goods as loan collateral.

Also prohibited is the pyramiding of late fees. If you are not familiar with that concept, assume a borrower is late on a loan payment. They send the exact payment, and the bank applies it by first taking the late fee owed, then interest due and the remainder to principal. But the principal payment is short because of the late fee, so another late fee is accrued. And when the exact scheduled payment is made on time the following month, another late fee is paid and so on. That is pyramiding. I’m sure it doesn’t happen in your bank because automated routines control how payments are applied and interest and principal are always collected first, then fees.

But consider a case discussed more below where the borrower rounded up their payment. The extra principal was simply deposited to escrow. That is an improper application and has a similar impact as late fee pyramiding. The bank has certain remedies it can follow and compliance and/or audit needs to ensure the proper actions are taken.

Lastly, UDAP addresses the Holder in Due Course rule which involves the buying and selling of credit contracts and specifically also prohibits a bank from misrepresenting a co-signer’s liability and requires the bank to give a co-signer, prior to becoming obligated in a consumer credit transaction, a disclosure notice which explains the nature of the co-signer’s obligations and liabilities under the contract.

As already noted, it was the Dodd-Frank Act which empowered the CFPB to prevent unfair, deceptive, or abusive acts or practices. The other agencies enforce the FTC Act, Section 5. Rest assured for all intents and purposes they are similar as it pertains to the ability to right a perceived wrong.

The CFPB has definitions bankers must be familiar with to navigate compliance with UDAP and UDAAP. These are definitions that must be applied broadly when the bank is designing a new product, service, or policy.

Unfair: a practice that is “unfair” is one that:

a)  Causes or is likely to cause substantial injury to consumers;

(Substantial injury usually involves monetary harm. Monetary harm includes, for example, costs or fees paid by consumers as a result of an unfair practice. An act or practice that causes a small amount of harm to a large number of people may be deemed to cause substantial injury.

Actual injury is not required in every case. A significant risk of concrete harm is also sufficient. However, trivial or merely speculative harms are typically insufficient for a finding of substantial injury. Emotional impact and other more subjective types of harm also will not ordinarily amount to substantial injury. Nevertheless, in certain circumstances, such as unreasonable debt collection harassment, emotional impacts may amount to or contribute to substantial injury.)

b)  The injury is not reasonably avoidable by consumers;

An act or practice is not considered unfair if consumers may reasonably avoid injury. Consumers cannot reasonably avoid injury if the act or practice interferes with their ability to effectively make decisions or to take action to avoid injury. Normally the marketplace is self-correcting; it is governed by consumer choice and the ability of individual consumers to make their own private decisions without regulatory intervention. If material information about a product, such as pricing, is modified after, or withheld until after, the consumer has committed to purchasing the product, however, the consumer cannot reasonably avoid the injury. Moreover, consumers cannot avoid injury if they are coerced into purchasing unwanted products or services or if a transaction occurs without their knowledge or consent.

A key question is not whether a consumer could have made a better choice. Rather, the question is whether an act or practice hinders a consumer’s decision-making. For example, not having access to important information could prevent consumers from comparing available alternatives, choosing those that are most desirable to them, and avoiding those that are inadequate or unsatisfactory. In addition, if almost all market participants engage in a practice, a consumer’s incentive to search elsewhere for better terms is reduced, and the practice may not be reasonably avoidable.

The actions that a consumer is expected to take to avoid injury must be reasonable. While a consumer might avoid harm by hiring independent experts to test products in advance or by bringing legal claims for damages in every case of harm, these actions generally would be too expensive to be practical for individual consumers and, therefore, are not reasonable.

and,

c) The injury is not outweighed by countervailing benefits to consumers or to competition.

To be unfair, the act or practice must be injurious in its net effects — that is, the injury must not be outweighed by any offsetting consumer or competitive benefits that also are produced by the act or practice. Offsetting consumer or competitive benefits of an act or practice may include lower prices to the consumer or a wider availability of products and services resulting from competition.

Costs that would be incurred for measures to prevent the injury also are taken into account in determining whether an act or practice is unfair. These costs may include the costs to the institution in taking preventive measures and the costs to society as a whole of any increased burden and similar matters.

In determining whether an act or practice is unfair, the CFPB may consider established public policies as evidence to be considered with all other evidence. Such public policy considerations may not serve as a primary basis for such determination.

UDAP’s unfairness prong applies not only to overt acts and practices, but also to those that unreasonably impair a consumer’s ability to make an informed decision, such as withholding material information until after a consumer has purchased a product.  But a bevy of UDAP case law creates nuances. For instance, “substantial injury” can be monetary or reputation harm, but there must be a significant risk of concrete harm rather than a speculation that harm might occur. An act is not  considered unfair if its benefits outweigh any injuries caused. Some  examples of benefits include lower prices or the availability of products  and services to a wider range of consumers.

A representation, omission, act or practice is deceptive when—

  • The representation, omission, act, or practice misleads or is likely to mislead the consumer;
  • The consumer’s interpretation of the representation, omission, act, or practice is reasonable under the circumstances; and
  • The misleading representation, omission, act, or practice is material. This applies when it misleads or is likely to mislead the consumer.

Written disclosures may be insufficient to correct a misleading statement or representation, particularly where the consumer is directed away from qualifying limitations in the text or is counseled that reading the disclosures is unnecessary. Likewise, oral or fine print disclosures or contract disclosures may be insufficient to cure a misleading headline or a prominent written representation. Similarly, a deceptive act or practice may not be cured by subsequent truthful disclosures.

Acts or practices that may be deceptive include making misleading cost or price claims; offering to provide a product or service that is not in fact available; using bait-and-switch techniques; omitting material limitations or conditions from an offer; or failing to provide the promised services.

The FTC’s “four Ps” test can assist in the evaluation of whether a representation, omission, act, or practice is likely to mislead:

  • Is the statement prominent enough for the consumer to notice?
  • Is the information presented in an easy-to-understand format that does not contradict other information in the package and at a time when the consumer’s attention is not distracted elsewhere?
  • Is the placement of the information in a location where consumers can be expected to look or hear?
  • Finally, is the information in close proximity to the claim it qualifies?

A representation may be deceptive if the majority of consumers in the target class do not share the consumer’s interpretation, so long as a significant minority of such consumers is misled.

Exaggerated claims or “puffery” are not deceptive if a reasonable consumer would not take the claims seriously.

A representation, omission, act, or practice is material if it is likely to affect a consumer’s choice of, or conduct regarding, the product or service. Information that is important to consumers is material.

Certain categories of information are presumed to be material such as costs, benefits, or restrictions on the use or availability.

Express claims made with respect to a financial product or service are presumed material. Implied claims are presumed to be material when evidence shows that the institution intended to make the claim (even though intent to deceive is not necessary for deception to exist).

Claims made with knowledge that they are false are presumed to be material. Omissions will be presumed to be material when the financial institution knew or should have known that the consumer needed the omitted information to evaluate the product or service.

If a representation or claim is not presumed to be material, it still would be considered material if there is evidence that it is likely to be considered important by consumers.

The Dodd-Frank Act makes it unlawful for any covered person or service provider to engage in an “abusive act or practice.”  This is an act or practice which—

  1. materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service; or
  2. takes unreasonable advantage of—

a) a lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service;

b) the inability of the consumer to protect the interests of the consumer in selecting or using a consumer financial product or service; or

c) the reasonable reliance by the consumer on a covered person to act in the interests of the consumer.

Combined, this definition of “abusive” indicates terms, disclosures and advertisements for products need to be clear and easily understood without reliance on micro-font footnotes or other disclosures that may be “legalese” or have “hidden” terms. It also tells us that the more complex a product or service is, the more it may need to be explained and this will also depend on the market it is provided for. Lastly it says the bank has to act in the best interest of the consumer. It will not be enough to say, “we made the full disclosure, so we are covered for liability.”

Consumer complaints play a key role in the detection of unfair, deceptive, or abusive practices. As a general matter, consumer complaints can indicate weaknesses in elements of the institution’s compliance management system, such as training, internal controls, or monitoring. Complaints against subsidiaries, affiliates and third parties which pertain to your institution and its products and services are included in this analysis. While the absence of complaints does not ensure that unfair, deceptive, or abusive practices are not occurring, complaints may be one indication.

Now let’s examine some recent penalties and while I will use one specific example, as you read this and contemplate the issues, think broadly. As an example, this first penalty involves a credit card product. Do not discount it because it is a credit card, and your bank may not offer them but pay attention to it because it is about the advertising of the product, the training of staff, and the failure to deliver what was advertised.

The advertisement was targeted to sell new credit card accounts. Both existing customers and new ones were the target market. The intent was to have them qualify for the new card and then to meet prescribed spending requirements to qualify for a bonus. The plain terms on the face of the advertisement stated what was required as to the spending threshold. The bonus was central to the advertisement.  Remembering the criteria for UDAAP compliance, in this case a consumer could reasonably conclude that if they qualified for the new card and met the spending limit, they would receive the bonus.

The issuers of the product failed to state that the bonus would be offered only to consumers who applied online. This made the advertisements misleading as they were incomplete. Staff were not correctly trained on how to program these accounts, which further lead to bonuses not being paid. And because not all consumers would qualify for the bonus because of how they applied, the ads were deceptive. This is like many of the UDAAP enforcement actions taken on add-on products. That is poor marketing, poor training and charging fees without ensuring that all the qualifications were disclosed, programmed, and understood by both staff and the consumer.

A second case examines debt collection and the Fair Debt Collections Practices Act (FDCPA). Do not skip this section because you do not believe that the FDCPA does not apply to your bank because you collect your own debts. I believe the CFPB could connect the FDCPA to UDAAP dots in this manner. The FDCPA states in many places that certain acts or practices can be unfair or deceptive. As an unfair or deceptive act, UDAAP can then apply and using this proxy, UDAAP is violated while collection one’s own debt because of how it was done. I have not yet seen this in practice, but is it worth testing the action? I would not.

The FDCPA prohibits the use of any false representation or deceptive means to collect or attempt to collect any debt.   What examiners found was debt collectors proposing an alternate payment plan with past due borrowers. It was noted the new payment plan, when repaid, would improve the borrower’s credit because they paid the revised plan and extinguished the debt. That has to be better and lead to an improved credit rating, right? But there are many factors affecting creditworthiness and a person’s credit score, including repayment of the debt.  Saying that paying just this loan would improve their credit score and lead to increased borrowing power could be misleading.  Examiners found that the least sophisticated consumer could conclude from this discussion was that deleting derogatory information by paying this loan would result in improved creditworthiness, and this created the risk of a false representation and was a deceptive means to collect the debt. This is then defined as a UDAAP issue. You may not be subject to the FDCPA, but you are to UDAP and UDAAP.

Mortgage servicing is a hot issue as many borrowers are exiting pandemic protection forbearance plans on their home loans and may be ill equipped to resume payments. Mortgage servicing exams have identified various Reg Z and X violations, as well as UDAP problems. Remember UDAAP is brought up when a product or service: (1)  causes or is likely to cause substantial injury; (2) the injury is not reasonably avoidable by consumers; and (3) the substantial injury is not outweighed by countervailing benefits to consumers or to competition.

Examiners found that mortgage servicers engaged in the following unfair acts or practices by:

  • charging delinquency-related fees to borrowers in CARES Act forbearance plans. (Refer to the Coronavirus Aid, Relief, and Economic Security Act, Section 4022(b)(3) prohibits a mortgage servicer from imposing fees, penalties, or interest beyond the amounts scheduled or calculated as if the borrower made all contractual payments on time and in full under the terms of the mortgage contract);
  • failing to stop electronic fund transfers after receiving notice that the consumer’s bank account was closed, and an NSF fee had been assessed; and
  • assessing fees for services that exceeded the actual cost of the services performed.

Read this and look for those UDAAP buzzwords. The CFPB report said that consumers experienced substantial injury in the form of illegal fees, which were considered significant because these are the consumers experiencing hardships from the pandemic.  The mortgage servicers failed to refund some of the fees until almost a year after they were assessed.  These consumers  likely suffered further harm when because of these fees, they could not pay other expenses they had.  The injury was to a large number of consumers.  The consumers could not reasonably avoid the injury because they could not anticipate that the mortgage servicers would assess unlawful fees and they had no reasonable means to avoid the fees from being charged.  Charging the illegal fees did not provide any countervailing benefit to consumers.

Expanding on the second bullet above, what examiners found were mortgage servicers that engaged in unfair acts or practices by failing to terminate preauthorized EFTs that the servicer should have realized were from closed or inactive accounts. Examiners found that servicers received notices of account closures but continued to initiate EFTs from the closed accounts each month until the consumer affirmatively canceled the preauthorized EFT.  Borrowers experienced substantial injury because the mortgage servicers’ practices resulted in repeated NSF charges.  Borrowers could not reasonably avoid the injury because they could not anticipate that the mortgage servicers would continue to attempt the EFTs, even where the EFT agreement disclosed that the EFTs would terminate when the “from” account was closed.  The continued attempts to withdraw payment from closed accounts and fees associated with the subsequent NSF transactions did not provide any countervailing benefit to consumers.

Another issue examiners found was that mortgage servicers engaged in deceptive acts by incorrectly disclosing transaction and payment information in borrowers’ online mortgage loan accounts. They found violations of Reg X (RESPA) requirements to evaluate a borrower’s complete loss mitigation applications within 30 days of receipt. Reg Z requirements relating to overpayments to borrowers’ escrow accounts and Homeowners Protection Act (HPA) requirements to automatically terminate PMI as required were subtopics found with the online statement errors.

Still on the topic of mortgage servicing, some practices were deemed deceptive because  inaccurate descriptions of payment and transaction information was provided in online mortgage statements.  The inaccurate descriptions and information were likely to mislead borrowers because the information was false.  It would be reasonable for borrowers to rely on their mortgage servicers to report accurate mortgage payments and account transaction histories wherever the information was offered.  The inaccurate descriptions and information were material because they were likely to affect borrowers’ conduct regarding their mortgage payments.

February 2022 OBA Legal Briefs

  • Reg E FAQs – Part II

Reg E FAQs – Part II

By Andy Zavoina

Last month I introduced you to the updated Reg E FAQ Guidance issued by the Consumer Financial Protection Bureau (CFPB). The FAQ is a Compliance Aid as defined by the CFPB. It is not a new rule, but guidance on compliance with an existing rule. When a Compliance Aid such as an FAQ is issued, it can be periodically revised as is the case here.  In this instance the existing rules are addressing Reg E concerns. Unlike the first iteration of Reg E FAQs issued in June 2021 this update addresses new concerns and not just what bankers were getting wrong. In this iteration, issued December 13, 2021, there are several issues addressed on Person-to-Person payments and specifically on liability.  The interpretation is not favorable for banks.

The purpose of the Compliance Aid is not to write new rules, but to clarify how the CFPB interprets what is already in the laws, regulations and official interpretations without having to go through a rule writing process.

In January’s Reg E FAQ – Part I, we explained how the CFPB was going back to the bare definitions of what is an electronic fund transfer (EFT) and what is a financial institution. Briefly, EFTs are electronic transfers to or from a consumer’s account. Financial institutions include banks and can include P2P providers. And if a P2P provider does not hold the consumer’s account, issues its own access device such as the logon for an app, and has no agreement with a bank to do such transfers, under 1005.14 that vendor has Reg E liability and responsibility. Lastly, we ended last month’s Part 1 with the CFPB interpretation that if the bank and the P2P vendor have an ACH agreement to move funds and share another agreement such as each accepting the others debit cards, then the exception at 1005.14 placing error resolution liability on the P2P provider does not apply. The fact that each entity will accept the other’s debit cards satisfies the need for an “agreement.” We also noted the CFPB expressed this opinion to bankers at least nine months in advance of issuing the FAQ, so it was a somewhat accepted opinion within the CFPB.

Now, let’s continue a review of the third and fourth sections of the Reg E FAQs as updated in December 2021 and we will add a few compliance recommendations.

Error Resolution

In this section the CFPB restates much of what the regulation and prior iteration of the FAQ had with two of the questions shown as new.

1,  What is an error for purposes of EFTA and Regulation E?

While shown as a new question, the information is not changed from the regulatory verbiage, but this is intended to be a foundational topic on which claims will build.

An error under EFTA and Regulation E includes any of the following:

  • An unauthorized EFT.
  • An incorrect EFT to or from the consumer’s account.
  • The omission from a periodic statement of an EFT to or from the consumer’s account that should have been included.
  • A computational or bookkeeping error made by the financial institution relating to an EFT.
  • The consumer’s receipt of an incorrect amount of money from an electronic terminal.
  • An EFT not identified in accordance with the requirements of 12 CFR 1005.9 or 1005.10(a).
  • A consumer’s request for any documentation required by 12 CFR 1005.9 or 1005.10(a) or for additional information or clarification concerning an EFT

(12 CFR 1005.11(a)(1)).

The term “error” does not include:

  • A routine inquiry about the consumer’s account balance;
  • A request for information for tax or other recordkeeping purposes; or
  • A request for duplicate copies of documentation.

(Comment 11(a)-6).

2. What are a financial institution’s error resolution obligations under Regulation E?

Again, this is not new information but is necessary to build on in the following FAQs.

In general, Regulation E requires that after a financial institution receives oral or written notice of an error from a consumer, the financial institution must do all of the following:

  • Promptly investigate the oral or written allegation of error.
  • Complete its investigation within the time limits specified in Regulation E.
  • Report the results of its investigation within three business days after completing its investigation.
  • Correct the error within one business day after determining that an error has occurred.

12 CFR 1005.11(c)(1).

The investigation must be reasonable, including a reasonable review of relevant information within the financial institution’s own records.  2019-BCFP-0001.  The Bureau found that a financial institution did not conduct a reasonable investigation when it summarily denied error disputes if consumers had prior transactions with the same merchant, and the financial institution did not consider other relevant information such as the consumer’s assertion that the EFT was unauthorized or for an incorrect amount.  2019-BCFP-0001.  If the error is an unauthorized EFT, certain consumer liability limits apply.  12 CFR 1005.6.

3.  If private network rules provide less consumer protection than federal law, can a financial institution rely on private network rules?

The CFPB indicates this is not an update. It does reiterate what has been noted in practice for many years, that a consumer’s rights may not be adversely affected by an agreement.

Although private network rules and other agreements may provide additional consumer protections beyond Regulation E, less protective rules do not change a financial institution’s Regulation E obligations.  [See 15 USC  1693l.  For example, some network rules require consumers to provide notice of an error within 60 days of the date of the transaction, even though Regulation E, 12 CFR 1005.11(b)(1)(i), allows consumers to provide notice within 60 days after the institution sends the periodic statement showing the unauthorized transaction.  Other network rules allow a financial institution to require a consumer to contact the merchant before initiating an error investigation, even though 1005.11(b)(1) triggers error investigation obligations upon notice from the consumer.  The Bureau discussed instances where examiners found financial institutions had violated the 60-day notice requirement in the Summer 2020 edition of Supervisory Highlights.

4.  Can a financial institution require a consumer to file a police report or other documentation as a condition of initiating an error resolution investigation?

This is not updated from June 2021 but is reposted here so as to be a complete reference to the reader.

No.  A financial institution must begin its investigation promptly upon receipt of an oral or written notice of error and may not delay initiating or completing an investigation pending receipt of information from the consumer.  See Comments 11(b)(1)-2 and 11(c)-2.  In the past, Bureau examiners found that one or more financial institutions failed to initiate and complete reasonable error resolution investigations pending the receipt of additional information required by the institution.  These examples can be found in the Bureau’s Summer 2020 edition of Supervisory Highlights and Fall 2014 edition of Supervisory Highlights.  The Bureau cited similar violations in 2019-BCFP-0001.

Error Resolution: Unauthorized EFTs

With EFT errors defined and some basic responsibilities set, the FAQ looks deeper at unauthorized transfers and provides guidance banks will need to evaluate their practices and procedures.

1.  What is an unauthorized EFT?

While the CFPB’s answer has a December date as a new addition, it is regulatory verbiage that has not changed, so accept it as a reminder of the rules as it helps express the duties and liabilities of the bank.

An unauthorized EFT is an EFT from a consumer’s account initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit. 12 CFR 1005.2(m). Unauthorized EFTs include transfers initiated by a person who obtained a consumer’s access device through fraud or robbery and consumer transfers at an ATM that were induced by force.  Comments 2(m)-3 and 4.

The term unauthorized EFT does not include an EFT initiated through any of the following means:

(1) By a person who was furnished the access device to the consumer’s account by the consumer, unless the consumer has notified the financial institution that transfers by that person are no longer authorized.  12 CFR 1005.2(m)(1).  This exclusion does not apply to transfers initiated by a person who obtained a consumer’s access device through fraud or robbery.  Comment 2(m)-3.

(2) With fraudulent intent by the consumer or any person acting in concert with the consumer.  12 CFR 1005.2(m)(2); or

(3) By the financial institution or its employee, 12 CFR 1005.2(m)(3).

This FAQ is important and often misunderstood by claims investigators. It is important to understand that a consumer loaning their debit card to someone does not provide evergreen authorization for use until the consumer reports to the bank that the person is no longer authorized to use the card. Essentially that person given the card is authorized until the consumer customer retrieves the card or notifies the bank. Once the customer re-secures the card the authorization has ended. If that authorized user remembers the PIN and steals the card, that’s fraud or robbery and not authorized use. If a bank has a problem with these types of losses remind the users of security precautions, the ability to get a new card or change the PIN, and the possibility that the bank will rescind the card and not re-issue it if the bank chooses. There is no legal right to have a debit card. That is a feature of having a deposit account at your bank. Many bankers have also not read the back of the debit cards they issue. All I have looked at specifically states the card is the property of the bank. That provides the bank with the option to rescind that card and make it non-usable.

2.  If a transfer meets the Regulation E definition of unauthorized EFT, how does a financial institution determine the consumer’s liability, if any?

Not an updated response from the first FAQ – but in short if the claim is valid, § 1005.6 is used to determine liability based on when the transfers happened, if an accepted access device was used, and when the bank was notified. The response is as follows:

“If a consumer has provided timely notice of an error under 12 CFR 1005.11(b)(1) and the financial institution determines that the error was an unauthorized EFT, the liability protections in Regulation E section 1005.6 would apply. Depending on the circumstances regarding the unauthorized EFT and the timing of the reporting, a consumer may or may not have some liability for the unauthorized EFT. See 12 CFR 1005.6(b).”

The three basic tiers of liability are up to $50 for a timely notice of the claim within 2 business days of the consumer learning of the loss or theft [of an access device], up to $500 if the notice is beyond 2 business days and potentially unlimited for those transfers occurring after 60 days after the first statement was sent to the consumer reflecting an unauthorized transfer.

3.  Is an EFT from a consumer’s account initiated by a fraudster through a non-bank P2P payment provider considered an unauthorized EFT?

Shown as a new question and using P2P as an example, the CFPB states, “Yes.  Because the EFT was initiated by a person other than the consumer without actual authority to initiate the transfer – i.e., the fraudster – and the consumer received no benefit from the transfer, the EFT is an unauthorized EFT.  12 CFR 1005.2(m).  This is true even if the consumer does not have a relationship with, or does not recognize, the non-bank P2P payment provider.”

Succinctly, in this case it is a basic theft because the consumer did not do, authorize, or benefit from the transaction. Whether the customer had a relationship already with the P2P provider is immaterial.

4.  Does an EFT initiated by a fraudster using stolen credentials meet the Regulation E definition of an unauthorized EFT?

The response is still a basic example of a theft but specifically uses stolen credentials to execute the transfer.

“Yes.  As discussed in Electronic Fund Transfers Error Resolution: Unauthorized EFT Question 1, Regulation E defines an unauthorized EFT as a transfer from a consumer’s account initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit.  12 CFR 1005.2(m).  When a consumer’s account access information is obtained from a third party through fraudulent means such as computer hacking, and a hacker uses that information to make an EFT from the consumer’s account, the transfer is an unauthorized EFT under Regulation E.

For example, the Bureau is aware of the following situations involving unauthorized EFTs:

  • A consumer shares their account access information in order to enter into a transaction with a third party, such as a merchant, lender, or employer offering direct deposit, and a fraudster obtains the consumer’s account access information by hacking into the computer system of the third party. The fraudster then uses a bank-provided P2P payment application to initiate a credit push payment out of the consumer’s deposit account.
  • A consumer shares their debit card information with a P2P payment provider in order to use a mobile wallet. A fraudster then hacks into the consumer’s phone and uses the mobile wallet to initiate a debit card transfer out of the consumer’s deposit or prepaid account.
  • A thief steals a consumer’s physical wallet and initiates a payment using the consumer’s stolen debit card.

See Electronic Fund Transfers Error Resolution: Unauthorized EFTs Question 5 for more examples of unauthorized EFTs.

All of the financial institutions in these examples, including any non-bank P2P payment provider or deposit account holding financial institution, must comply with the error resolution requirements discussed in Electronic Fund Transfers Error Resolution Question 2, as well as the liability protections for unauthorized transfers in 12 CFR 1005.6.

5.  A third party fraudulently induces a consumer into sharing account access information that is used to initiate an EFT from the consumer’s account. Does the transfer meet Regulation E’s definition of an unauthorized EFT?

A key to this June 2021 question is that the consumer was duped into providing account access information and the while the consumer did provide it, it was not with the intent of creating a transfer. That was done fraudulently, and Reg E is a consumer protection regulation. The CFPB provided the following guidance:

“Yes.  As discussed in Electronic Fund Transfers Error Resolution: Unauthorized Fund Transfers Question 1, Regulation E defines an unauthorized EFT as an EFT from a consumer’s account initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit.  12 CFR 1005.2(m).  Comment 1005.2(m)-3 explains further that an unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery.  Similarly, when a consumer is fraudulently induced into sharing account access information with a third party, and a third party uses that information to make an EFT from the consumer’s account, the transfer is an unauthorized EFT under Regulation E.

For example, the Bureau is aware of the following situations where a third party has fraudulently obtained a consumer’s account access information, and thus, are considered unauthorized EFTs under Regulation E: (1) a third-party calling the consumer and pretending to be a representative from the consumer’s financial institution and then tricking the consumer into providing their account login information, texted account confirmation code, debit card number, or other information that could be used to initiate an EFT out of the consumer’s account, and (2) a third party using phishing or other methods to gain access to a consumer’s computer and observe the consumer entering account login information.  EFTs stemming from these situations meet the Regulation E definition of unauthorized EFTs.”

6.  If a third-party fraudulently induces a consumer to share account access information, are subsequent transfers initiated with the fraudulently obtained account information excluded from Regulation E’s definition of unauthorized electronic fund transfer because they are initiated “[b]y a person who was furnished the access device to the consumer’s account by the consumer”?

As in the example above, the subsequent transfers were not the intent of the consumer. Even if the consumer authorized one transfer, the intent was for that one transfer, not any additional. Perhaps more to the exact question, any and all transfers that use fraudulently obtained access can be part of a valid EFT claim because there was no intent for the transfers and the consumer received no benefit. So, the CFPB states, “No.  A consumer who is fraudulently induced into providing account information has not furnished an access device under Regulation E.  As explained above in Electronic Fund Transfers Error Resolution: Unauthorized EFTs 3, 4, and 5, EFTs initiated using account access information obtained through fraud or robbery fall within the Regulation E definition of unauthorized EFT.  See Comment 1005.2(m)-3.”

7.  Can a financial institution consider a consumer’s negligence when determining liability for unauthorized EFTs under Regulation E?

The regulation has never allowed a consumer’s negligence to be used in denying a claim of unauthorized use. The Reg commentary even uses the example of a consumer writing their PIN on the card. In that case the claim would still be valid because there was no intended use allowed. Some vendors may offer enhanced liability protections such as zero liability and some of those enhancements may be reduced because of negligence. But the basic requirements of Reg E do not change, only the enhanced protections.

The June FAQ stands, “No.  Regulation E sets forth the conditions in which consumers may be held liable for unauthorized transfers, and its commentary expressly says that negligence by the consumer cannot be used as the basis for imposing greater liability than is permissible under Regulation E.  12 CFR 1005.6; Comment 6(b)-2.  For example, consumer behavior that may constitute negligence under state law, such as situations where the consumer wrote the PIN on a debit card or on a piece of paper kept with the card, does not affect the consumer’s liability for unauthorized transfers under Regulation E.  Comment 1005.6(b)-2.”

8.  If a financial institution’s agreement with a consumer includes a provision that modifies or waives certain protections granted by Regulation E, such as waiving Regulation E liability protections if a consumer has shared account information with a third party, can the institution rely on its agreement when determining whether the EFT was unauthorized and whether related liability protections apply?

This restated response further illustrates that rights granted under Reg E may not be taken away. I will add that there are times a consumer will call and make a claim. Perhaps they are on vacation and a great distance away and when told the card will be canceled and reissued in a few days, they protest. They say they will accept the liability because they cannot be without their card while away. That is not an option. The consumer cannot accept that additional liability because to do so would amount to the bank taking away the consumer’s legal rights.

“No.  EFTA includes an anti-waiver provision stating that “[n]o writing or other agreement between a consumer and any other person may contain any provision which constitutes a waiver of any right conferred or cause of action created by [EFTA].”  15 U.S.C. § 1693l.  Although there may be circumstances where a consumer has provided actual authority to a third party under Regulation E according to 12 CFR 1005.2(m), an agreement cannot restrict a consumer’s rights beyond what is provided in the law, and any contract or agreement attempting to do so is a violation of EFTA.”

9.  If a consumer provides notice to a financial institution about an unauthorized EFT, can the financial institution require that the consumer first contact the merchant about the potential unauthorized EFT before the financial institution initiates its error resolution investigation?

Remember that the consumer has basic requirements to file a claim with the bank, and the bank is required to determine if it was an unauthorized use and to investigate and determine liability. The only things the consumer is required to do is indicate who they are and why they believe their account had an unauthorized transfer. Nothing allows the bank to refuse a claim and impose additional requirements beyond what the EFTA has required.

The CFPB’s response: “No.  A financial institution must begin its investigation promptly upon receipt of an oral or written notice of error and may not delay initiating or completing an investigation pending receipt of information from the consumer.  See Comments 11(b)(1)-2 and 11(c)-2.  For example, in 2019-BCFP-0001, the Bureau found that the practice of requiring a consumer to contact the merchant before initiating an error resolution investigation was a violation of Regulation E.  Similarly, the Fall 2014 edition of Supervisory Highlights discussed instances where examiners found that one or more financial institutions had instructed consumers to contact the merchant instead of promptly initiating an error investigation.”

10.  Do private network rules, such as provisions that a transfer is final and irrevocable, impact whether a P2P credit-push transfer meets the Regulation E definition of unauthorized EFT?

This is a new question and addresses specifically a P2P payment. Many P2P agreements indicate that when a transfer is sent and is based on, for example, a cell phone number, the transfer is completed and not reversible once it is accepted by the recipient. There is no process to reverse the transfer from the recipient. This question emphasizes that the bank’s consumer is protected regardless of any network rules. This is a question demonstrating additional liability on the bank. There is no process requiring the consumer to contact the cell number that received the funds and demand the return of those funds. The bank or P2P vendor may attempt this as a part of the investigation but likely there would be no response from the receiver of the funds, especially if the transfer was part of a fraud transaction.

“No.  Although private network rules and other commercial agreements may provide for interbank finality and irrevocability, they do not reduce consumer protections against liability for unauthorized EFTs afforded by the Electronic Fund Transfer Act.  See 15 USC 1693g(e). Moreover, no agreement between a consumer and any other person may waive any right provided by the EFTA.  See 15 USC 1693l.  Accordingly, any financial institution in this transaction must comply with the error resolution requirements discussed in Electronic Fund Transfers Error Resolution Question 2, as well as the liability protections for unauthorized transfers.”

11.  A fraudster initiates an EFT through a non-bank P2P payment provider that the consumer does not have a relationship with from the consumer’s account with a depository institution. Is the depository institution considered a financial institution with full error resolution obligations under Regulation E?

This is another new and P2P specific question. If a fraudster sets up an account using someone else’s identity and account information, transfers can be valid claims.

The Bureau’s response:

“Yes.  As discussed in Electronic Fund Transfers Coverage: Financial Institutions Question 1, the definition of financial institution includes a bank, savings association, credit union, or any other person that directly or indirectly holds an account belonging to a consumer, or that issues an access device and agrees with a consumer to provide EFT services.  12 CFR 1005.2(i). Here, the account-holding financial institution holds the consumer’s account, and is thus considered a financial institution under Regulation E.  Any entity defined as a financial institution under Regulation E has error resolution obligations in the event that a consumer notifies the financial institution of an error, with limited exceptions.  12 CFR 1005.11.  As discussed in Electronic Fund Transfers Error Resolution: Unauthorized Transfers Question 4, since the transaction is an unauthorized EFT, the depository institution must comply with any applicable liability protections for unauthorized transfers in 12 CFR 1005.6.”

Expectations:

Based on this interpretation in the FAQs regarding P2P transactions and liability, we can expect more examiner scrutiny on any claim pertaining to P2P losses by consumers. Prior to the FAQs many in the industry interpreted the needed “agreement” under 1005.14 to be a specific agreement defining the duties of the P2P vendor and the bank and this could have included liability. It may have also addressed daily transactions limits and many P2P vendors allow greater limits on transactions than banks do. Banks consciously keep daily limits low to protect the consumer’s balances and reduce losses. Exceptions are generally granted upon request and verification by the consumer. With the bank having to bear the burden of claims processing and payment liability the P2P vendor’s transaction limitations now control the amount of losses banks may have.

Under Reg E and the Electronic Fund Transfer Act (EFTA) consumers are granted certain rights. While the bank and a vendor may have separate agreements addressing some of these same rights – such as monetary liability for unauthorized transactions, the consumers rights always stand and may not be adversely limited by any of these agreements. You can always treat a consumer better, but never worse than the law or regulation provides.

In many cases, because of the CFPB’s interpretation pertaining to a broad definition of what an agreement with the bank is, banks will see an increase in liability for Reg E claims involving P2P transfers reported as unauthorized if the banks were pushing these claims to the P2P vendors in the past. If the P2P vendor allows a $1,200 daily limit and the bank has a $400 daily limit, two similar transfers will arrive at the bank in different ways. The P2P vendor will ACH the funds but a consumer would have directly been allowed say only $400 using their debit card. If the transfer is claimed as unauthorized, the bank now has a greater chance of losing $1,200 rather than $350. Remember the consumer typically has liability for the first $50 when an accepted access device is used. An ACH directly from the consumer’s account is not using an accepted access device between the consumer and the bank. It is easy to see how, in an example such as this, losses could grow over prior years.

Recommended Actions:

If the data is readily available, your bank may want to review EFT claims to determine, based on the new guidance, how many and what amount of EFT claims were P2P related in the past year or two and what new liability the bank may have. This may be a budgeting issue that needs to be addressed depending on the volumes you have seen. You must recognize if this will be a complication and how severe it may be.

Bank staff involved in any part of the claims process may require training to recognize P2P claims as valid EFT claims on which the bank is now deemed responsible. Where these may have been referred to the P2P vendor in the past, that may no longer be allowed.

Advise customers of ways to protect themselves – and the bank. Do not write PINs on debit cards. Secure their cell phones. Use multifactor authentication. Review balances and transactions regularly and even advertise services the bank has where it can advise a consumer of their balance and/or large transactions, etc.

When using P2P transfers, the consumer needs to absolutely verify the recipient that funds will be going to is the intended recipient. And watch out for fraudsters. If a consumer will buy hundreds or thousands of dollars in gift cards and send that information to a fraudster, they will certainly take the convenient track and P2P the funds to an unknown person.

For now, we have Reg E guidance that will, for many banks, increase Reg E liability for more valid claims than in the past. Bank management and the industry as a whole will need to determine if these are valid risks banks want to accept, or if the banks want to find other ways to reduce these claims without disadvantaging consumers and certainly without reducing any Reg E rights. Can ACH transfers require sone customer authentication or verification? Can a limit be placed on daily transfers or each transfer over a given amount?

Lastly, determine if this guidance will require any changes to bank policies and procedures and react appropriately.

January 2022 OBA Legal Briefs

  • The FDCPA Regulation—Part 2
  • The CFPB’s Reg E FAQ—Part 1

Don’t Ignore the FDCPA Regulation (Part 2)

By John Burnett

Part 1 of our update on the CFPB’s Regulation F (12 CFR Part 1006), “Fair Debt Collection Practices Act,” appears in our November 2021 Legal Briefs.

False, deceptive, or misleading representations or means

To remain compliant with section 1006.18 of the regulation, debt collectors cannot use any false, deceptive, or misleading representation or means in connection with their collection of any debt.

The regulation provides examples of the things that a compliant debt collector cannot do in paragraphs (b) through (d) of this section.

False, deceptive or misleading representations: Debt collectors must not falsely represent or imply that—

  • they are vouched for, bonded by, or affiliated with federal or state government including through the use of a badge, uniform, or facsimile of a badge or uniform
  • they operate or are employed by a consumer reporting agency (credit bureau)
  • they are attorneys or that any communication is from an attorney
  • the consumer committed any credit or other conduct, in order to disgrace the consumer
  • a sale, referral, or other transfer of any interest in a debt causes or will cause the consumer to:
    • lose any claim or defense to payment of the debt, or
    • become subject to any practice banned by the regulation
  • accounts have been turned over to innocent persons for value
  • documents are legal process
  • documents are not legal process forms or do not required action by the consumer

Debt collectors also must not falsely represent the character, amount, or legal status of any debt, or falsely represent any services rendered, or compensation that may be lawfully received, by the debt collector for the collection of a debt.

Many, many complaints to the CFPB included collectors who had incorrect information about the amount of the debt, and in some cases the debts had already been paid off or settled and no amount was owed. The consumers had to prove to the collector that an aged bill had been paid and this can take a lot of time and effort and the “official loan records” which the collector should have, are really what’s needed. Did the creditor accept payments after a loan was sold?  Did a settled amount not get properly written off? These are issues the consumer can’t easily fix and the collector is not interested in doing because they are interested in collecting money, as perhaps their income depends on how much they bring in. But the collector must know what’s owed.

Debt collectors mustn’t represent or imply that nonpayment of a debt will result in a person’s arrest or imprisonment, or the seizure, garnishment, attachment or sale of a person’s property or wages, unless such action is lawful, and the debt collector or creditor intends to take such action.

False, deceptive, or misleading collection means:

  • Threatening to take any action that cannot legally be taken or that is not intended to be taken (such as threatening to sue when you don’t or won’t sue to collect the debt)
  • Communicating or threatening to communicate to any person credit information that the debt collector knows or should know is false, including the failure to communicate that a disputed debt is disputed.
  • Using or distributing any written communication that simulates or that the debt collector falsely represents to be a document authorized, issued, or approved by any court, official, or agency of the U.S. or any state, or that creates a false impression about its source, authorization, or approval.
  • Using any business, company or organization name other than the true name of the debt collector’s business, company or organization.

False representations or deceptive means. Use of any false representation or deceptive means to collect or attempt to collect a debt or to obtain information concerning a customer is forbidden by the regulation. This is a catch-all that can cover any deceptive tactic that isn’t specifically listed.

For example, in a social media context, it would be a false representation or implication for a debt collector to request to be added as one of a consumer’s contacts or “friends” on a social media platform marketed for social or professional networking purposes if they do not disclose their identity as a debt collector in the request.

Or assume that a debt collector communicates privately with a friend or coworker of a consumer on a social media platform, for the purpose of getting location information about the consumer. The debt collector must identify himself or herself individually by name when communicating for the purpose of acquiring location information. To avoid violating that requirement, the debt collector must communicate using a profile that accurately identifies the debt collector’s individual name. (There is a limited exception for the consistent use of assumed names. See “Use of assumed names” below.) The debt collector also must comply with the other applicable requirements for obtaining location information (e.g., with respect to stating that the debt collector is confirming or correcting location information concerning the consumer and, only if expressly requested, identifying the name of the debt collector’s employer), for communicating with third parties and for communicating through social media.

Initial communication with debtor: A collector must disclose in their initial communication with a consumer that the debt collector is attempting to collect a debt and that any information obtained will be used for that purpose. If the debt collector’s initial communication with the consumer is oral, the debt collector must repeat the disclosure that they are attempting to collect a debt in its initial written communication with the consumer.

In each subsequent communication with the consumer, the debt collector must disclose that the communication is from a debt collector. These disclosures must be in the same language or languages used for the rest of the communication.

Use of assumed names. A debt collector’s employees can use assumed names when communicating or attempting to communicate with a person, but only if the employee uses the assumed name consistently and the debt collector can readily identify any employee using an assumed name.

Unfair or unconscionable means

Debt collectors cannot use unfair or unconscionable means to collect or attempt to collect any debt, including any of the following conduct:

Collection of unauthorized amounts, such as interest, fees, charges or expenses not expressly authorized by the loan note or other agreement creating the debt or permitted by law. Many collectors were in the habit of collecting more than legally permitted, on the theory that excess funds collected could always be returned.

Acceptance or use of postdate payment instruments, such as a check or other instrument post-dated more than five days, unless the consumer is notified in writing of the debt collector’s intent to deposit the check or instrument no more than 10 nor less than 3 days (excluding weekends and legal public holidays) before making the deposit.

Solicitation of post-dated checks or other payment instruments for the purpose of threatening or instituting criminal prosecution (“Give me a post-dated check and I won’t have you arrested.”)

Depositing (or threatening to) any post-dated check before its date (“You gave me four post-dated checks. I will run them all if you don’t come up with a cash payment!”)

Causing charges resulting from concealment of purpose. That’s a fancy way of saying a debt collector can’t pose as a friend or family member to make a collect telephone call to get a consumer to answer the telephone. The word “telegram” is included in this paragraph of the rule just in case someone figures out how to send a collect telegram. There are still ways to make collect phone calls, and they can be expensive for the person who accepts such a call.

Taking or threatening to take any nonjudicial action to effect dispossession or disablement of property if the creditor or debt collector has no current right to take possession of or to disable the property or has no present intention to take possession of it, or the property is exempted by law from dispossession or disablement.

Restrictions on use of certain media. Debt collectors are not allowed to:

  1. Communicate with a consumer about a debt by postcard
  2. Use any language or symbol other than the debt collector’s address, on any envelope when communicating with a consumer by mail (the debt collector’s business name may appear on the envelope if it does not show that the debt collector is in the business of debt collection).
  3. Communicate or attempt to communicate with a consumer by email sent to an email address the debt collector knows is provided to the consumer by the consumer’s employer, unless the consumer has directly given the debt collector prior consent to use that address, or the consumer has sent the debt collector an email from that address and has not subsequently rescinded the expressed or implied consent to use of the address.
  4. Communicate (or attempt to) with a person about collection of a debt through a social media platform if the communication or attempt can be viewed by the public or the person’s social media contacts.

Time-barred debts

Every state has statutes of limitations that prescribe the time limit for bringing a legal action to collect a debt. In some cases, these time limits can vary by the type of debt.

A time-barred debt is one for which the applicable statute of limitations has run or expired.

Under the FDCPA regulation, a debt collector is not allowed to bring or threaten to bring a legal action against a consumer to collect a time-barred debt.

Other prohibitions and requirements

There are miscellaneous other requirements in the regulation that prohibit certain actions and mandate others.

  • 1006.30—Other prohibited practices.
  • 1006.34—Notice for validation of debts.
  • 1006.38—Disputes and requests for original-creditor information.
  • 1006.42—Sending required disclosures.
  • 1006.100—Record retention

Why is this important for bankers?

The Fair Debt Collection Practices Act itself and the FDCPA regulation (Regulation F) are replete with prohibitions against actions that are deemed Unfair, Deceptive, or Abusive, the first three words abbreviated in UDAAP. If a bank were found to engage regularly in the unfair, deceptive, or abusive actions banned in this regulation, it would not be unreasonable for a regulator to bring an enforcement action against the bank under the UDAP provisions of the FTC Act or for the Bureau to bring an action against a large bank for violations of the UDAAP provisions of the Consumer Protection Act of 2010.

The more immediate concern, however, is that a bank that hires an outside debt collection firm has responsibility to verify that firm’s and its collectors’ compliance with the FDCPA and the regulation.

The CFPB’s Reg E FAQ – Part 1

By Andy Zavoina

In one episode of the TV sitcom Big Bang Theory, Leonard asked Sheldon, “What you would be if you were attached to another object by an incline plane wrapped helically around an axis?” And Sheldon answered appropriately, “Screwed.” When I teach Reg E, I typically say more than once that “Reg E is not fair to banks, and it is not meant to be. Reg E is a consumer protection regulation.” But the Electronic Fund Transfers FAQs issued in December 2021 by the Consumer Financial Protection Bureau have taken these protections up a notch. Using its interpretive authority without requesting input from the industry or public, The CFPB has made banks liable for more transactions than in the past, at least based on the common interpretations of the past.

This guidance is in the form of FAQs which the CFPB considers a Compliance Aid. Compliance Aids were introduced in February 2020. Refer to the Federal Register / Vol. 85, No. 17, January 27, 2020, page 4579. The CFPB stated it is not intended that Compliance Aids will bind banks and other entities to new rules. Unlike actual regulations and official interpretations, Compliance Aids are not “rules” under the Administrative Procedures Act.  Instead, Compliance Aids present the requirements of existing rules and statutes in a manner that is useful for those who must comply with the rules as well as the public and others interested in the topics. Compliance Aids can include practical suggestions for how to properly comply with these rules. An FAQ Compliance Aid from the CFPB is simply an explanation of how it connects the dots and interprets an existing rule. It is not new, but it is how those currently in the driver’s seat at the CFPB understand the rule. Again, above all, Reg E, which implements the Electronic Fund Transfer Act, is intended to protect consumers, and the CFPB will read and interpret it from that perspective. It is not intended to be fair to the banks or others.

Now, let’s preview the Reg E FAQs. This December 13, 2021, issuance is an update of the original FAQs on Reg E the CFPB issued on June 4, 2021. It is not all new content. There are four major categories and questions and answers under each.

  • “Coverage: Transactions” is the first section and it contains five new questions and answers. This general topic lays the foundation for interpretations that follow.
  • The second section, “Coverage: Financial Institutions” has four new questions and answers. This section is intended to add clarity as to who the banks and other entities such as “Person to Person” (P2P) vendors are. By defining the roles of these players, we are better able to define the responsibilities of each based on the transactions and relationships between the players.
  • Section three is “Error Resolution,” and it is a general topic. There are four questions and answers, of which two are new to the topic and two were issued in June 2021.
  • The fourth and final section is “Error Resolution: Unauthorized EFTs.” It includes six restated questions and answers from June 2021 and five new ones specific to the topic at hand as Reg E drills into some liability issues particular to P2P payments.

Section two on Coverage is perhaps one of the more controversial. As I read the FAQs the last question is where I annotated “gotcha” in the column. As far back as March 2021 one banker on the BOL threads referred to a conversation with an attorney at the CFPB who opined banks could not displace error resolution responsibilities and liabilities to a P2P third-party vendor as they were believing they could under § 1005.14. And nine months later we received this in print.

Under § 1005.14 a person that provides an electronic fund transfer service to a consumer (think P2P providers like Zell, Venmo, CashApp, etc.) but does not hold the consumer’s account, is subject to the error resolution requirements if the person meets a two-pronged test:

  1. The person issues a debit card (or other access device) that the consumer can use to access the consumer’s account held by a bank, and
  2. The person has no agreement with the account-holding institution regarding such access.

P2P providers often have an agreement directly with a bank to provide services to that bank’s customers. In that case the bank still has Reg E error resolution responsibilities. But when that company is acting on its own it assumes these responsibilities. At least that is how many bankers interpreted the rules.

Under that common understanding, most P2P providers issue logon credentials for access in an app or to a web site such as with a smartphone and this constitutes an access device. Therefore § 1005.14 applies when 1) the service provider offers EFT services and 2) the provider does not have an agreement with the bank who holds the account in question.  So, when a bank consumer customer loans their smartphone to someone who then without authority uses the P2P app to transfer money, the bank simply executed the debit order and sent the funds through the P2P provider to a destination not known by the bank. The P2P provider issued an access device, does not hold the deposit account, and has no agreement to execute such orders with the bank. Section 1005.14 has been used by many banks because of this understanding to refer the harmed consumer to the P2P provider they selected on their own, for satisfaction of a claim.

A. Coverage: Transactions

1. What transactions are covered by the Electronic Fund Transfer Act and Regulation E?

This is new to the FAQ, but the answer provided is not. It is straight out of Reg E, but it must be understood as it is a foundation for most of what follows. Per § 1005.3(a) the answer reminds us this is all about electronic fund transfer requests to a financial institution (FI) to debit or credit a consumer’s account. It applies to checking, savings and other consumer asset accounts, held directly or indirectly by a FI and established primarily for personal, family or household use.

The rules apply to any transfer of funds that is initiated through an electronic terminal, telephone, computer, or magnetic tape for the purpose of ordering, instructing, or authorizing a FI to debit or credit a consumer’s account, 1005.3(b)(1). Here the CFPB states inclusively that Reg E applies to any P2P or mobile payment transaction that meets the definition of EFT, including debit card, ACH, prepaid account and other EFTs to or from a consumer account. So, an EFT to or from a P2P vendor is an EFT to your consumer customer’s account.

2. Can person-to-person or “P2P” payments be EFTs under Regulation E?

This reinforces what was just presented as the short CFPB answer is “Yes.” The specific answer is that in general, yes, so long as the P2P payment meets the definition of an EFT, it is under Reg E.

3. Is a P2P payment that uses the consumer’s debit card to transfer funds considered an EFT?

Short answer, “Yes.” This allows the tying of a debit card to the P2P account and clearly includes such transfers.

4. Is a credit-push P2P payment that transfers funds out out of a consumer’s deposit, prepaid, or mobile account considered an EFT? (The FAQ uses “out” twice.)

Short answer is again, “Yes.” It ties back to the definition of an EFT and this meets that definition while associating the transfer as out of a consumer deposit. It further explains that a credit-push P2P transfer is considered an EFT even if the payment was initiated by a third party that fraudulently obtained access to the consumer’s account. An example is by using login credentials stolen in a data breach or obtained through fraudulent inducement. The credit-push P2P transfer would be considered an unauthorized EFT. The consumer neither did it, authorized it nor benefitted from the EFT and the credentials were obtained fraudulently. Remember, too, that if the access device as defined under 1005.2(a)(1) was not an accepted device, the consumer’s liability under 1005.6(a)-(b) may be eliminated and become the responsibility of the bank.

5.  Is a P2P debit card “pass-through” payment considered an EFT?

Another “Yes” plus the explanation that a “pass-through” payment transfers funds from the consumer’s account held by an external FI to another person’s account held by an external FI.Now the FAQ introduces a third-party P2P vendor. It tells us a “pass-through” payment is initiated through a FI that does not hold a consumer’s account, such as a non-bank P2P provider. It restates the foundational question and answer 1 above, that Reg E applies to any EFT that authorizes a debit or credit from a consumer’s account. Therefore, debit card “pass through” payments are EFTs.

B. Coverage: Financial Institutions

In this section the FAQ better defines who the financial institution players are to assist in defining liability and responsibility.

1. What is a financial institution under EFTA and Regulation E?

 Simply put it includes banks, savings associations, credit unions, and:

any other person that directly or indirectly holds an account belonging to a consumer, or

any other person that issues an access device and agrees with a consumer to provide electronic fund transfer (EFT) services.

This includes providers of P2P payment and bill payment services if they directly or indirectly hold an account belonging to a consumer, or if they issue an access device and agree with a consumer to provide EFT services.

So far so good, except that more of the answer clarifies how the P2P provider may become liable itself (it states essentially the two-pronged test under 1005.14), and then how that liability can revert to the FI based on another agreement. It states, “In narrow circumstances, a financial institution can also be considered a “service provider” under Regulation E. A financial institution who provides EFT services to a consumer but does not hold the consumer’s account is a service provider under Regulation E if the financial institution: (1) issues an access device that the consumer can use to access the account and (2) no agreement exists between the access device-issuing financial institution and the account-holding financial institution.  12 CFR 1005.14(a).  The automated clearing house (ACH) rules alone do not generally constitute an agreement for purposes of whether a financial institution meets the definition of “service provider” under Regulation E. However, an ACH agreement combined with another agreement to process payment transfers – such as an ACH agreement under which members specifically agree to honor each other’s debit cards – is an “agreement,” and thus section 1005.14 does not apply. Comment 14(a)-2.” So, the ACH agreement, plus another agreement such as acceptance of each other’s debit cards is sufficient to eliminate the § 1005.14 exception.

In the past many have interpreted that second agreement as one being between the P2P provider and the bank such as when the bank is endorsing and using Zelle. That would eliminate that § 1005.14 exception, but the CFPB tells us that both accepting each other’s debit cards, as an example, constitutes that agreement regardless of specific terms as to liability.

2. Can non-bank P2P payment providers be considered financial institutions under Regulation E?

The CFPB says, “Yes” as expected and refers to what is defined as a FI. It goes on to explain that the FI has certain responsibilities, as it states that even, “non-account-holding providers of P2P payment or bill payment services are considered covered financial institutions under Regulation E if the provider issues an access device and agrees with a consumer to provide EFT services. 12 CFR 1005.2(i).  For example, a P2P provider may enter into an agreement with a consumer for a mobile wallet that the consumer can use to initiate debit card transactions from their external bank account to another person’s external bank account.

Any entity defined as a financial institution under Regulation E has error resolution obligations in the event that a consumer notifies the financial institution of an error, with limited exceptions.”

3. If a non-bank P2P payment provider initiates a debit card “pass-through” payment from the consumer’s account held by a depository institution to a different person’s account at another institution, is the non-bank P2P payment provider considered a financial institution under Regulation E?

Response from the CFBP is “generally yes.” It references the definitions of what is an FI and states that “an entity, including a non-bank P2P payment provider, enters into an agreement with a consumer to provide EFT services and issues an access device, and initiates a debit card “pass-through” payment, then that entity would be covered as a financial institution under Regulation E.  Any entity defined as a financial institution under Regulation E has error resolution obligations in the event that a consumer notifies the financial institution of an error. So, we still can read that when there is liability for unauthorized EFTs, the FI will hold liability. But at this point we commonly have the bank, which is an FI, and a P2P provider, which can be an FI. The key to liability is that the bank is liable unless 1005.14 and the two-pronged test can come into play.

4.  If a consumer uses a non-bank P2P payment provider to initiate a debit card “pass-through” payment from the consumer’s account held by a depository institution, is the depository institution considered a financial institution under Regulation E, even though the transfer was initiated through the non-bank P2P payment provider?

The answer is Yes, and this has the definitive “Gotcha.” The bank holding the deposit account has full Reg E error resolution responsibilities as there is a narrow circumstance that redirect those responsibilities when 1005.14 applies. This exception is not applicable when there is an ACH agreement combined with another agreement to process payment transfers – such as an ACH agreement under which members specifically agree to honor each other’s debit cards. This constitutes an “agreement,” and 1005.14 does not apply. Comment 14(a)-2.

Conclusively, the FAQ states, where an EFT is initiated through a non-bank P2P payment provider using a consumer’s debit card information, the P2P provider and the account-holding financial institution are parties to an agreement to honor each other’s debit cards – the debit card network rules – and the service provider provision in 12 CFR 1005.14 does not apply.  The account-holding financial institution has full error resolution responsibilities.

5.  I know many bankers will state that the card acceptance issue is not an agreement per se with the P2P provider and liability is not addressed, plus the P2P provider controls the daily limits that are here said to be the bank’s liability. That is all true but again, the CFPB is protecting the consumer and looking at the raw definitions. Until the industry can come to terms on the specifics to an “agreement,” banks will have the responsibility in most P2P disputes. Remember too, that a bank may not reduce any consumer rights afforded by the EFTA and Reg E. It may have other agreements with vendors, but the consumer’s rights may not be diminished.

The final two sections of the Reg E FAQs and recommended actions will be covered in next month’s Legal Briefs.

 

December 2021 OBA Legal Briefs

  • 2022 to-dos today
  • New year, new rule—Computer-security incident notification
  • Foreclosure forbearance reminder
[Editor’s note: Due to the timeliness of this months articles, Part 2 of last month’s article on the new Fair Debt Collection Practice Act regulation will appear in our January 2022 Legal Briefs.]

_________________________________

2022 to-dos today

By Andy Zavoina

It is hard to believe that we are at the end of the year so soon. On the other hand, it seems like 2021 has lasted two years already. Still, we have worked through most of a pandemic but started bringing many if not all workers back into the branches, as well as our customers and soon we may expect examiners. It is time to get ready for 2022 and that means some of the light housekeeping may be in order. Let’s review some of your annual compliance chores to ensure they are tidy and cared for.

Security, Annual Report to the Board of Directors § 208.61 – The Bank Protection Act requires that your Security Officer report at least annually to the board of directors on the effectiveness of the security program. The substance of the report must be reflected in the minutes of the meeting. The regulations don’t specify if the report must be in writing, who must deliver it, or what information should be in the report. It is recommended that your report span three years and include last year’s historical data, this year’s current data and projections for the next year.

Similar to compliance reporting to the board, this may include a personal presentation, or it may not. I recommend that it is, as it is an opportunity to express what is being done to control what has happened as well as foreseeable events and why, as that can assist you in getting the budget and assets necessary in the coming year. While the year end is not necessarily the most desirable time to make such a presentation, take whatever time you do get and use it wisely. Annual presentations such as this are better done when the directors can focus more on the message so try to avoid quarter ends, and especially the fourth quarter. This is not a “how-to” on the annual security report, but you can find more on the topic, free, on the BankersOnline Tools by searching on “annual security program.”

Regulation O, Annual Resolution §§ 215.4, 215.8 – In order to comply with the lending restrictions and requirements of 215.4, you must be able to identify the “insiders.” Insider means an executive officer, director, or principal shareholder, and includes any related interest of such a person. Your insiders are defined in Reg O by title unless the Board has passed a resolution excluding certain persons. You are encouraged to check your list of who is an insider, verify that against your existing loans, and ensure there is a notification method to keep this list updated throughout the year.

Reg BB (CRA), Content and availability of Public File § 228.43 – Your Public Files must be updated and current as of April 1 of each year. Many banks update continuously, but it’s good to check. You want to ensure you have all written comments from the public from the current year plus each of the two prior calendar years. These are comments relating to the bank’s efforts in meeting community credit needs (your SBA loans may play a key role here) as well as any responses to comments. You also want a copy of the last public section of the CRA Performance Evaluation. That must be placed here within 30 days of receipt. Ensure you are keeping up with branch locations and especially ATMs, as those may change. The regulation has more on the content of this file. It may be best to review it with an audit workpaper to use as a checklist to avoid missing any required items.

CRA Notice and Recordkeeping  § 228.42, 228.44, 1003.5 – CRA data, which can include small business and small farm as well as home mortgages are gathered based on specific reporting requirements for the Loan Application Registers (LAR). CRA and HMDA information, if applicable, must be submitted by March 1, for the prior calendar year. If you are a reporter of either LAR you should start verifying the data integrity now to avoid stressing the process at the end of February. HMDA mortgage data should be compiled quarterly so this should not be a huge issue, but a thorough scrubbing as the new year starts and submission preparation readies is always warranted.

Pertaining to this, national banks should ensure they have reviewed and updated as needed the CRA, FHA and ECOA notices in accordance with the Aug. 5, 2021, OCC Bulletin 2021-35. This bulletin provided updated content for the appropriate names and addresses for notices required by the Community Reinvestment Act and Equal Credit Opportunity Act, and for posters under the Fair Housing Act. National banks were required to make the appropriate changes to their notices and posters within 90 days of the issuance which then had a mandatory compliance date of Nov. 3, 2021.

Fair Credit Reporting Act – FACTA Red Flags ReportSection VI (b) (§ 334.90) of the Guidelines (contained in Appendix J) require a report at least annually on your Red Flags Program. This can be reported to either the Board, an appropriate committee of the Board, or a designated employee at the senior management level.

This report should contain information related to your bank’s program, including the effectiveness of the policies and procedures you have addressing the risk of identity theft in connection with the opening of covered accounts and with respect to existing covered accounts, as well as service provider arrangements, specifics surrounding and significant incidents involving identity theft plus management’s response to these and any recommendations for material changes to the bank’s program. Times change, customers habits change, and importantly criminals change and each may require tweaks to the bank’s program.

Reg E § 1005.8– If your consumer customer has an account to or from which an electronic fund transfer can be made, an error resolution disclosure is required. There is a short version that you may have included with each periodic statement. If you’ve used this, you are done with this one. But if you send the longer version that is sent annually, it is time to review it for accuracy and ensure it has been sent or is scheduled to be. Electronic disclosures under E-SIGN are allowed here.

This is also a good time to review §1005.7(c) (additional electronic fund transfer services) and determine if any new services have been added and if they were disclosed as required. Think Person-to-Person transfers like Zelle, Venmo or Square. These require disclosure and inaccurate disclosures may affect your claims processing.

HMDA Notice and Recordkeeping § 1003.4, 1003.5 – HMDA data are gathered as home mortgage loans are applied for and are compiled quarterly if your bank is a HMDA reporter. There are specific and detailed reporting requirements for the Loan Application Register (LAR) itself. The LAR must be submitted by March 1 for the prior calendar year. If you are a reporter, you should start verifying the data integrity now and this is of vital importance if you have a large volume of records to report. When a systemic error is found it can be very time consuming to scrub all files for errors and correct them.

Annual MLO Registration § 1007.102 – Mortgage Loan Originators must go to the online Registry and renew their registration. This is done between November 1 and December 31. If this hasn’t been completed, don’t push it to the back burner and lose track during the holidays and then have to join a year-end rush to complete this task. This is also a good time to plan with management and Human Resources any MLO bonus plans. Reg Z Section 1026.36(d)(1)(iv)(B)(1) allows a 10 percent aggregate compensation limitation on total compensation which includes year-end bonuses.

Reg P § 1016.5 –There are exceptions allowing banks which meet certain conditions to forgo sending annual privacy notices to customers. The exception is generally based on two questions, does your bank share nonpublic personal information in any way that requires an opt-in under Reg P, and have you changed your policies and practices for sharing nonpublic personal information from the policies and procedures you routinely provide to new customers? Not every institution will qualify for the exception, however. John Burnett wrote about the privacy notice conundrum in the July 2017 Legal Briefs. That article has more details on this.

When your customer’s account was initially opened, you had to accurately describe your privacy policies and practices in a clear and conspicuous manner. If you don’t qualify for the exception described above, you must repeat that disclosure annually as well. Ensure that your practices have not changed and that the form you are sending accurately describes your practices.

For Reg P and the Privacy rules, annually means at least once in any period of 12 consecutive months during which that relationship exists. You may define the 12-consecutive-month period, but you must apply it to the customer on a consistent basis, so this is not necessarily a December or January issue, but it could be. And each customer does not have their own “annual date.” If a consumer opens a new account with you in February, you provide the initial privacy notice then. That is year one. You can provide the annual privacy notice for year two at any time, up until December 31 of the second year.

It is important to note that unlike most other regulatory requirements, Reg P doesn’t require E-SIGN compliance for your web-based disclosures. You can use e-disclosures on your bank website when the customer uses the website to access financial products and services electronically and agrees to receive notices at the website, and you post your current privacy notice continuously in a clear and conspicuous manner on the website. So, the demonstrable consent requirements and others in E-SIGN’s 15 USC Sect. 7001(c) do not apply, but there must still be acceptance to receive them on the web. Alternatively, if the customer has requested that you refrain from sending any information regarding the customer relationship and your current privacy notice remains available to the customer upon request this method is acceptable.

Fair Credit Reporting Act – Affiliate Marketing Opt-Out § 1022.27(c) – Affiliate marketing rules in Reg V place disclosure restrictions and opt out requirements on you. Each opt-out renewal must be effective for a period of at least five years. If this procedure is one your bank is using, you must know if there are there any expiration dates for the opt-outs and have these consumers been given an opportunity to renew their opt-out?

Annual Escrow Statements § 1024.17 – For each escrow account you have, you must provide the borrower(s) an annual escrow account statement. This statement must be done within 30 days of the completion of the escrow account computation year. This need not be based on a calendar year. You must also provide them with the previous year’s projection or the initial escrow account statement, so they can review any differences. If your analysis indicates there is a surplus, then within 30 days from the date of the analysis you must refund it to the borrower if the amount is greater than or equal to $50. If the surplus is less than that amount, the refund can be paid to the borrower, or credited against the next year’s escrow payments.

Reg Z Thresholds and Updates § 1026.00– These changes are effective January 1, 2022. You should ensure they are available to staff or correctly hard coded in your systems:

  • For open-end consumer credit plans under TILA, the threshold that triggers requirements to disclose minimum interest charges will remain unchanged at $1.00
  • For open-end consumer credit plans under the CARD Act amendments to TILA, the adjusted dollar amount in 2022 for the safe harbor for a first violation penalty fee will increase to $30 and the adjusted dollar amount for the safe harbor for a subsequent violation penalty fee will increase to $41
  • For HOEPA loans, the adjusted total loan amount threshold for high-cost mortgages in 2022 will be $22,969.
  • The adjusted points-and-fees dollar trigger for high-cost mortgages in 2022 will be $1,148.
  • For qualified mortgages (QMs) under the General QM loan definition in § 1026.43(e)(2), the thresholds for the spread between the annual percentage rate (APR) and the average prime offer rate (APOR) in 2022 will be:
    • 2.25 or more percentage points for a first lien covered transaction with a loan amount greater than or equal to $114,847
    • 3.5 or more percentage points for a first lien covered transaction with a loan amount greater than or equal to $68,908 but less than $114,847
    •  6.5 or more percentage points for a first lien covered transaction with loan amount less than $68,908
    • 6.5 or more percentage points for a first lien covered transaction secured by a manufactured home with a loan amount less than $114,847
    • 3.5 or more percentage points for a subordinate-lien covered transaction with a loan amount greater than or equal to $68,908
    • 6.5 or more percentage points for a subordinate-lien covered transaction with a loan amount less than $68,908
  • For all categories of QMs, the thresholds for total points and fees in 2022 will be:
    • 3 percent of the total loan amount for a loan greater than or equal to $114,847
    • $3,445 for a loan amount greater than or equal to $68,908 but less than $114,847
    • 5 percent of the total loan amount for a loan greater than or equal to $22,969 but less than $68,908
    • $1,148 for a loan amount greater than or equal to $14,356 but less than $22,969
    • 8 percent of the total loan amount for a loan amount less than $14,356
  • For Higher Priced Mortgage Loans (HPMLs), the special appraisal requirement exemption amount will be $28,500
  • The consumer lease (Reg M) and consumer credit transaction (Reg Z) exemption thresholds will be $61,000.

BSA Annual Certifications – Your bank is permitted to rely on another financial institution to perform some or all the elements of your CIP under certain conditions.  The other financial institution must certify annually to your bank that it has implemented its AML program. Also, banks must report all blockings to OFAC within ten days of the event and annually by September 30, concerning those assets blocked as of June 30.

Information Security Program part of GLBA – Your bank must report to the board or an appropriate committee at least annually. The report should describe the overall status of the information security program and the bank’s compliance with regulatory guidelines. The reports should discuss material matters related to the program, addressing issues such as: risk assessment; risk management and control decisions; service provider arrangements; results of testing; security breaches or violations and management’s responses; and recommendations for changes in the information security program.

IRAs, IRS Notice 2002-27  If a minimum distribution is required from an IRA for a calendar year and the IRA owner is alive at the beginning of the year, the trustee that held the IRA on the prior year-end must provide a statement to the IRA owner by January 31 of the calendar year regarding the required minimum distribution.

Training – An actual requirement for training to be conducted annually is rare, but annual training has become the industry standard and may even be stated in your policies. There are six areas that require training (this doesn’t mean you don’t need other training, just that these regulations have stated requirements).

  • BSA (12 CFR §21.21(c)(4) and §208.63(c)(4) Provide training for appropriate personnel.
  • Bank Protection Act (12 CFR §21.3(a)(3) and §208.61(c)(1)(iii)) Provide initial & periodic training
  • Reg CC (12 CFR §229.19(f) Provide each employee who performs duties subject to the requirements of this subpart with a statement of the procedures applicable to that employee)
  • Customer Information Security found at III(C)(2) (Pursuant to the Interagency Guidelines for Safeguarding Customer Information), training is required. Many banks allow for turnover and train as needed, imposing their own requirements on frequency.)
  • FCRA Red Flag (12 CFR 222.90(e)(3)) Train staff, as necessary, to effectively implement the Program;)
  • Overdraft protection programs your bank offers. Employees must be able to explain the programs’ features, costs, and terms, and to explain other available overdraft products offered by your institution and how to qualify for them. This is one of the “best practices” listed in the Joint Guidance on Overdraft Protection Programs issued by the OCC, Fed, FDIC and NCUA in February 2005 (70 FR 9127, 2/24/2005), and reinforced by the FDIC in its FIL 81-2010 in November 2010.

Miscellany – Some miscellaneous items you may address internally in policies and procedures include preparation for IRS year-end reporting, vendor due diligence requirements including insurance issues and renewals, documenting ORE appraisals and sales attempts, risk management reviews, records retention requirements and destruction of expired records, and a designation by the bank’s board of the next year’s holidays. And last but not least, has there been a review of those staffers who have not yet taken vacation or “away time” to the five consecutive business days per the Oklahoma Administrative Code 85:10-5-3 “Minimum control elements for bank internal control program”?

New year, new rule – Computer-security incident notification

By Andy Zavoina

On November 18, 2021, there was a joint release by the OCC, FDIC and the Federal Reserve concerning a new rule intended to close a gap on computer-security incident reporting requirements. The new final rule does several things. Succinctly, a bank will have 36 hours to report certain computer related security incidents to its prudential regulator. That sounds like a tight time frame, and it is, but the 79-page final rule provides a lot more details. We will leave it to the group within your bank to slice and dice the details, but we wanted to give you a detailed overview of these new requirements so that it can be discussed intelligently and planned for accordingly.

As FDIC Chairman Jelena McWilliams put it, the rule “addresses a gap in timely notification to the banking agencies of the most significant computer-security incidents affecting banking organizations.” For many years banks have been tasked with reporting computer related security incidents to its regulator whether that be a formal requirement or in informal one. This final rule has a mandatory compliance date of May 1, 2022. Preparations for compliance will therefore be mixed with still working through the pandemic, the holiday season, CRA and HMDA scrubs and all things IRA and IRS. There is a lot to do in the next five months.

The new requirements are imposed not just on your bank to report to its federal regulator, but on certain of the bank’s service providers to report incidents to you. This allows the bank to then make a determination as to whether or not it must then in turn report up the food chain to its regulator, the OCC, FDIC or Fed.

So, let’s get to the nitty gritty.

When: The bank must notify its federal regulator as soon as possible and not later than 36 hours after determining a “notification incident” has occurred.

The rule separately requires your service providers to notify your bank as soon as possible when the service provider determines it has experienced “a computer-security incident that has caused, or is reasonably likely to cause, a material service disruption or degradation for four or more hours.”

You may be questioning the service provider’s timing requirement of “as soon as possible.” Read that to include a sense of urgency. The proposal wanted immediate notification but that is a very high benchmark and virtually impossible to follow. Timing is something the bank should discuss with its providers in advance, as well as whether there will be a designated point of contact with a back-up named, or if by default the contact is the chief executive or chief information officer or a comparable position.

What: The focus here is broadly described as “computer-security incident that materially disrupts or degrades, or is reasonably likely to materially disrupt or degrade, covered services provided by a bank service provider.”

The final rule attempts to partially synchronize the definition of a computer-security incident with an existing definition from the National Institute of Standards and Technology (NIST). The final rule defines “computer-security incident” as an occurrence that results in actual harm to an information system or the information contained within it.  Computer related incidents “may include major computer-system failures; cyber-related interruptions, such as distributed denial of service and ransomware attacks; or other types of significant operational interruptions.”

As defined in the final rule, a notification incident is a computer-security incident that has materially disrupted or degraded, or is reasonably likely to materially disrupt or degrade, a banking organization’s: (i) ability to carry out banking operations, activities, or processes, or deliver banking products and services to a material portion of its customer base, in the ordinary course of business; (ii) business line(s), including associated operations, services, functions, and support, that upon failure would result in a material loss of revenue, profit, or franchise value; or (iii) operations, including associated services, functions and support, as applicable, the failure or discontinuance of which would pose a threat to the financial stability of the United States.”

There is obviously a lot in the final rule, and it may depend on your actual involvement in the IT area as to how deep your role will go. There will obviously be several subject matter experts involved in the task of compiling a risk strategy prior to completing any policy and procedures for compliance with the rule.

Why: The bank is required to notify its regulator within such a short period because the intent is to promote early awareness of the threat and the fact that others in the industry may be subject to similar threats. If there is a broader risk, it must be immediately addressed. This is the same reason a service provider is required to notify its bank customer – so that the bank can determine the risk to itself and the banking customers. A notification from a service provider may trigger a bank’s notification to its regulator.

This is separate from the requirements on the bank to address potential exposure or the actual loss of customer information and the reporting requirements that are triggered from that.

Practical Application: The bank needs to define some critical examples of the incidents it could foresee and ensure that there is room for interpretation as technology and attacks on it vary and change with time. The service providers fitting into these critical roles are those subject to the Bank Service Company Act. You may refer to 12 USC 18 Bank Service Companies as well as FIL-49-99 Required Notification for Compliance with the Bank Service Company Ac and FIL-19-2019 Technology Service Provider Contracts for more on who is subject to the rule and the responsibilities of the parties involved. If not referenced in contracts with these service providers already, amended and future contracts may mandate notifications requirements for qualified incidents.

Of importance is defining the moment that the 36-hour window opens is when the bank determines that a notification incident has occurred. The proposal started this clock when there was a “good faith belief” so the bank will want to best define these terms based on the descriptions and examples in the final rule. It is recommended the bank use clear procedures to evaluate the risk of any system compromise or failure that qualifies.

Because the final rule is targeted toward an occurrence that results in actual harm to an information system or the information contained within it, material incidents such as systems failures and the ever-increasing threat of ransomware attacks are an instigator for these rules. If your bank has insurance against ransomware attacks you may incorporate procedures associated  with that with procedures for the new rules. Pay attention to the term “actual harm” as that was a key variation from the proposal. The NIST definition was broader and the regulators wanted to narrow the reportable incidents to those that actually occurred. The regulators expressed that the changes were made to “narrow the focus of the final rule to those incidents most likely to materially and adversely affect banking organizations.” One example was a large-scale distributed denial of service attack that disrupts customer account access for an extended period of time, meaning longer than four hours.

Foreclosure forbearance reminder

By Andy Zavoina

The CFPB is all about protecting consumers and that point was reiterated in a November 10, 2021, release, “CFPB Takes Action to Prevent Avoidable Foreclosures.”

The Bureau announced that working in concert with other agencies (the FDIC, NCUA, OCC and others) they were prepared to enforce the protections in place for families and homeowners who are at risk of losing their homes. Protections were put in place to provide alternatives to foreclosure, and there are an estimated one million home loans with forbearance programs put in place due to COVID-19 which are due to expire at the end of 2021.

CFPB Director Rohit Chopra  said, “Failures by mortgage servicers and regulators worsened the impact of the economic crisis a decade ago…. Regulators have learned their lesson, and we will be scrutinizing servicers to ensure they are doing all they can to help homeowners and follow the law.” The agencies mentioned above issued a joint statement in April 2020 advising they would relax enforcement of Reg. X because of the pandemic. The recent statement is clear that lenders and servicers have had ample opportunity to adapt and the requirements of Reg. X all apply at this time.

It reminds servicers there needs to be attention to the borrower’s needs. Borrowers need a meaningful chance at loss mitigation programs, not lip service. This means the servicer must have adequate staff to handle the accounts and to communicate to borrowers what may be available to them. There are many options available for streamlined loss mitigation programs and servicers should be familiar with what is available to qualified applicants. There should be consistency in who is communicating with a borrower and efforts to avoid unnecessary handoffs and disqualification from a program followed by option to start a new process for some alternative program with someone else.

Those borrowers ending a forbearance program should also be allowed to resume scheduled payments. Determine if most or all of any missed payments can be deferred to the end of the current Note obligation under a deferral agreement. If needed, explore options to modify an existing loan and lower their payments if necessary and if feasible. Lastly, in many areas it is a sellers’ market and it may be an option that allows them to lessen any loss of equity in their home.  Your efforts at avoiding foreclosure should be well documented.

It is recommended that a pre-foreclosure checklist be used to ensure all the banks records are in order before a home is put into a foreclosure process. Document efforts to avoid foreclosure, to find loss mitigation programs, modifications available, deferral amounts and the borrower’s ability to maintain any restructuring that could be done. Then verify that all the bank’s disclosures required for the loan (think TRID and Reg B) were complete and accurate. If there are any deficiencies, consider how material they may be and if a plaintiff’s attorney could take advantage of them. Then, and only then, act accordingly.

 

November 2021 OBA Legal Briefs

  • Don’t ignore the FDCPA regulation coming November 30 (Part 1)
  • New Stuff on Legal Links

Don’t ignore the FDCPA regulations

By John S. Burnett
The Consumer Financial Protection Bureau’s revisions to Regulation F become effective on November 30, 2021, less than a month from now. While on their face the rules in Reg F will apply to debt collectors who collect debts owed to other parties, there is plenty to be concerned about in the Fair Debt Collection Practices Act itself and in revised Reg F for first-party creditors, including banks, who handle their collection of debts owed to them in-house.

But first, some background.

The current rule

Until May 3, 2021, the current CFPB regulation implementing the Fair Debt Collection Practices Act (FDCPA, 15 U.S.C. 1692 et seq.) did not actually implement the statute. As originally written, the FDCPA did not provide for implementing regulations at all. Instead, the Federal Trade Commission was given enforcement authority, and any violation of the FDCPA was deemed an unfair or deceptive act or practice (UDAP) in violation of the Federal Trade Commission Act. The Federal Reserve Board, Office of the Comptroller of the Currency, and the Federal Deposit Insurance Corporation were given enforcement powers under the Federal Deposit Insurance Act, and the National Credit Union Administration was assigned enforcement responsibilities under the Federal Credit Union Act. Similar enforcement powers were granted to the Secretaries of Transportation and Agriculture.

Until May 3, 2021, 12 CFR Part 1006 (Regulation F), dealt only with procedures and criteria for states to apply to the Bureau for exemption of a class of debt collection practices within the applying state from the provisions of the FDCPA.

Subpart B added

On April 22, 2021, the CFPB published an interim final rule to add Subpart B to the regulation, with § 1006.9 (Debt Collection Practices in Connection with the Global COVID-19 Pandemic), which became effective May 3, 2021. This addition was made without the usual proposal, comment period, and final rule steps required under the Administrative Procedures Act due to the immediacy of the concerns the new section was issued to address.

Section 1006.9’s purpose is “to eliminate certain abusive debt collection practices by debt collectors related to the global COVID-19 pandemic, to ensure that debt collectors who refrain from using such abusive debt collection practices are not competitively disadvantaged, and to promote consistent State action to protect consumers against such debt collection abuses.” It remains effective during the effective period of the order issued by the Centers for Disease Control and Prevention titled Halt in Residential Evictions to Prevent the Further Spread of COVID–19 (86 FR 16731 (Mar. 31, 2021)), as extended. That order has expired, so Section 1006.9 is no longer effective.

The CFPB overhaul of Reg F

The Consumer Financial Protection Act of 2010 (CFPA, 12 U.S.C. 5561 et seq.), the portion of the Dodd-Frank Act that gave life to the Consumer Financial Protection Bureau and transferred the authority and responsibility for issuing regulations under a number of consumer protection statutes, included the FDCPA among the statutes for which the Bureau “may prescribe rules with respect to the collection of debts by debt collectors.”

The CFPB also has rulemaking authority to issue regulations for providers of financial products and services with regard to activity deemed by the Bureau to be “unfair, deceptive or abusive acts or practices” (UDAAP).

In May 2019, the Bureau issued proposed rules to implement provisions of the FDCPA. See 84 FR 23274. There was a comment period of 90 days.

The Bureau followed by issuing two final rules. The first (see 85 FR 76734 published on November 30, 2020 completely revised and reissued Regulation F, moving the existing provisions on state exemption applications to a new § 108 in a new Subpart D and new Appendix A. The second rule (see 87 FR 5766 published on January 19, 2021, finalized required disclosures by debt collectors and prohibited threats of suits or suits to collect time-barred debts under applicable statutes of limitations. The second rule also requires certain actions by debt collectors before furnishing information on a consumer’s debt to a consumer reporting agency.

Effective dates

Both of these final rules were to take effect on November 30, 2021. However, on April 19, 2021, the Bureau proposed delaying that date 60 days, to January 29, 2022. That proposal was withdrawn on July 30, 2021, leaving the effective date on November 30, 2021.

Frequently asked questions released

On October 1, 2021, the Bureau released frequently asked questions on limited-content messages and the call frequency provisions in the Debt Collection Rule. On October 29. 2021, additional FAQs were added to that document to address the validation information provisions in the Rule. As the Bureau compiles additional FAQs on the Rule, they will add them to the current FAQ document. You should check the link periodically to ensure you have the most current guidance from the CFPB.

Structure of the rule

The Regulation is set out in four subparts and three appendices (and Official Interpretations)—

• Subpart A includes the usual references to the legal authority for the regulation, its purpose and coverage. Persons covered by the rule include debt collectors, as defined in § 1006.2, except for motor vehicle dealers that are predominately engaged in the sale and/or leasing and servicing of motor vehicles.

• Subpart B comprises the substantive provisions of the regulation, providing rules for debt collectors. Much of this section of the rule focuses on communications.

• Subpart C is reserved.

• Subpart D includes miscellaneous requirements such as record retention, the relationship of the rule to state laws, and the provisions for state applications for exemption from portions of the regulation (due to similar state law requirements).

• Appendix A includes more detailed information and requirements for states seeking exemptions from portions of the regulation

• Appendix B includes Model Forms for compliance with the regulation

• Appendix C addresses the Bureau’s issuance of advisory opinions concerning the regulation (one such opinion was published at 81 FR 71977 on October 19. 2016

• Supplement I comprises Official Interpretations of the regulation by the CFPB. In the BankersOnline.com Regulations pages for Regulation F, these interpretations are broken out and included after the sections or paragraphs of regulatory text they interpret.

Applicability: “Debt collector”

Section 1006.2(a)(1) defines the term debt collector as “any person who uses any instrumentality of interstate commerce or mail in any business the principal purpose of which is the collection of debts, or who regularly collects or attempts to collect, directly or indirectly, debts owed or due, or asserted to be owed or due, to another. … the term debt collector includes any creditor that, in the process of collecting its own debts, uses any name other than its own that would indicate that a third person is collecting or attempting to collect such debts. For purposes of § 1006.22(e), the term also includes any person who uses any instrumentality of interstate commerce or mail in any business the principal purpose of which is the enforcement of security interests.”

Does that make your bank a debt collector? It’s clear that if your bank does collection work on debts owed to someone else, your bank is a debt collector subject to the regulation. There are some technical exceptions, which we’ll review in a moment. Does your bank, when collecting its own debts, use any name other than its own in its communications that might suggest it is using a third person to collect its debts? If so, the language in bold text in the definition above should concern you, because using that other name pulls the bank directly under the regulation’s requirements.

What are the exceptions? Paragraph 1006.2(it)(2) lists exceptions to the debt collector definition.

(i) Any officer or employee of a creditor while the officer or employee is collecting debts for the creditor in the creditor’s name;

(ii) Any person while acting as a debt collector for another person if:

(A) The person acting as a debt collector does so only for persons with whom the person acting as a debt collector is related by common ownership or affiliated by corporate control; and

(B) The principal business of the person acting as a debt collector is not the collection of debts;

(iii) Any officer or employee of the United States or any State to the extent that collecting or attempting to collect any debt is in the performance of the officer’s or employee’s official duties;

(iv) Any person while serving or attempting to serve legal process on any other person in connection with the judicial enforcement of any debt;

(v) Any nonprofit organization that, at the request of consumers, performs bona fide consumer credit counseling and assists consumers in liquidating their debts by receiving payment from such consumers and distributing such amounts to creditors;

(vi) Any person collecting or attempting to collect any debt owed or due, or asserted to be owed or due to another, to the extent such debt collection activity:

(A) Is incidental to a bona fide fiduciary obligation or a bona fide escrow arrangement;

(B) Concerns a debt that such person originated;

(C) Concerns a debt that was not in default at the time such person obtained it; or

(D) Concerns a debt that such person obtained as a secured party in a commercial credit transaction involving the creditor; and

(vii) A private entity, to the extent such private entity is operating a bad check enforcement program that complies with section 818 of the Act.

Consider paragraph (ii) in bold print in that list. Can a holding company or affiliate do debt collection on behalf of its subsidiary banks or other affiliates? It would seem so, but the exemption would not apply if the affiliate’s principal business is debt collection.

Be wary of the reach of UDAAP

Any violation – by anyone collecting debts – of the requirements of Regulation F can be deemed an Unfair, Deceptive, or Abusive Act or Practice (UDAAP), even when the person doing the debt collection is collecting its own debts.

Prior to Dodd-Frank in 2010, the FTC primarily enforced the FDCPA and UDAP and there was often a cross-over. The FTC reported common tactics debt collectors would use included telling a debtor they had committed a crime like check fraud, and unless they paid the debt, they could be arrested, be sued, have their wages garnished and go to jail. Many collectors harassed debtors, even after being provided with evidence that the debts had already been paid off. Some would illegally contact family, friends, and employers about the past due debts. So, the final rule is very much about communications in connection with debt collection and prohibitions on harassment or abuse, false or misleading representations, and unfair practices in debt collection.

Let’s connect the dots. If your bank did something deemed unfair or abusive in the way it communicated with a borrower, and the FDCPA or Regulation F said it was a UDAAP issue, could an examiner say the bank, while not subject to FDCPA, is subject to UDAAP/UDAP and it did something categorized as a UDAAP/UDAP violation? It’s easy to see that connection.

And, of course, there is the always-present requirement for vendor due diligence if the bank has a third party collecting debts owed to the bank.

Some definitions

Attempt to communicate means any act to initiate a communication or other contact with any person through any medium, including by soliciting a response from such person. This is very broad and is all encompassing. It also includes “limited content messages” which is a defined term defined a few paragraphs below.

The act of initiating communication or contact about a debt is an attempt regardless of whether it is successful. Example – you dial the number of a past due borrower. Whether or not you reach them, that is logged as an attempt.

Communicate or communication means conveying information about a debt directly or indirectly to any person through any medium. Leaving a “limited content message” is not “conveying information.” Similarly communicating something such as a marketing message is not conveying information as it is not debt related.

Debt is any obligation of a consumer to pay money arising from a transaction in which the money, property, insurance, or services are primarily for personal, family, or household purposes.

Limited-content message means a message for a consumer that includes all of the content in (j)(1) and may include any of the optional content described in (j)(2), and it includes no other content.

(1) Required content. …includes all of the following:

(i) The caller’s business name which is not indicative that this is a debt collection call

(ii) A request that the consumer reply to the message;

(iii) The name of a person or persons whom the consumer can contact in reply;

(iv) A telephone number the consumer can use for the reply:

(2) Optional content. In addition to the content described, you may include one or more of the following:

(i) A salutation;

(ii) The date and time of the message;

(iii) Suggested dates and times for the consumer to reply to the message, and

(iv) A statement that the return call they can speak to any rep from the company.

These limited content messages may really come into play on voicemails. They are not “communications” which, as you will see, come with frequency limitations. A call to a third party is not a limited content message because it isn’t to the debtor, such as to a “will call” who accepts messages. This is ok to the debtor – “This is Andy Zavoina calling from Last National Bank. Please contact me or John Burnett at 1-800-555-1212.”

Consumer – any natural person, whether living or deceased, obligated or allegedly obligated to pay any debt. For purposes of § 1006.6 – Communications, the term consumer includes “persons” (and see below).

Persons is broad and includes natural persons, corporations, companies, associations, firms, partnerships, societies, and joint stock companies.
For purposes of this section (on Communications), the term consumer includes:

(1) The consumer’s spouse;
(2) The consumer’s parent, if the consumer is a minor;
(3) The consumer’s legal guardian;
(4) The executor or administrator of the consumer’s estate, if the consumer is deceased;
and
(5) A confirmed successor in interest, as defined in Regulation X, 12 CFR 1024.31, and Regulation Z, 12 CFR 1026.2(a)(27)(ii).

Communications

Communications with the consumer in general

We will discuss some exceptions in a moment, but there are restrictions in contacting a consumer.

§ 1006.6(b) says a debt collector must not communicate or attempt to communicate with a consumer to collect a debt as prohibited by paragraphs (b)(1) through (3):

(1). Prohibits collection communication with a consumer based on time and place that is:

(i) At any unusual time, Unless the collector knows different based on a schedule, before 8:00 a.m. and after 9:00 p.m. local time to the consumer is inconvenient;

There have been complaints when a cell phone is called, and the consumer is now in a different time zone. These cases place the burden on the collector to know where the consumer is. It is difficult and courts have not allowed much latitude.

(ii) At any unusual place, or at a place that the collector knows or should know is inconvenient.

It may have been mentioned not to call at a time when the consumer says he’ll be in a meeting, or during a religious service or funeral the collector knows the consumer will be at.

(2) Except as provided in paragraph (b)(4) [below]…, a debt collector must not communicate or attempt to communicate with a consumer in connection with the collection of any debt if the debt collector knows the consumer is represented by an attorney with respect to such debt and knows, or can readily ascertain, the attorney’s name and address, unless the attorney:

(i) Fails to respond within a reasonable period of time to a communication from the debt collector; or

(ii) Consents to the debt collector’s direct communication with the consumer.

(3). A collector must not communicate or attempt to communicate with a consumer in connection with the collection of any debt at the consumer’s place of employment, if the collector knows or has reason to know that the employer prohibits the consumer from receiving the communication.

Places like a plant, for example, have employees working assembly lines. It can be a big deal to have someone’s work interrupted to come to a telephone. The consumers employment could be in jeopardy. Typically, if the employee tells you not to call at work, you must oblige. If you know the employer’s policy is to restrict such calls, don’t call.

If the consumer requests they not be contacted at work, they generally cannot be but can be asked how and when they should be contacted. Under 1006.22(f)(3) – “Unfair or unconscionable means” prohibits sending an email to an address that the collector knows is provided by the consumer’s employer. There are some nuances that allow this if the consumer has used it with you on the debt. That’s under 1006.22(f)(3). [More on emails later.]

Exceptions to the prohibitions on contact

Section 1006.6(b)(4) includes a couple of exceptions to the prohibitions on time, place, attorney and employer prohibitions in §§ 1006.6(b)(1) – (3). The prohibitions do not apply in the case of (1) prior consent from the consumer given directly to the debt collector during a communication that was not in violation, and (2) with the express permission of a court.

Refusal to pay or “cease communication” notice

Section 1006.6(c)(1) provides that, with limited exceptions, if a consumer notifies a debt collector in writing that the consumer refuses to pay a debt or that the consumer wants the debt collector to cease further communication with the consumer, the debt collector must not communicate or attempt to communicate further with the consumer with respect to such debt.

What are the exceptions?

This prohibition does not apply with a debt collector communicates or attempts to communicate further with respect to the debt—

(i) To advise the consumer that the debt collector’s further efforts are being terminated

(ii) To notify the consumer that the debt collector or creditor may invoke specified remedies that the debt collector or creditor ordinarily invokes

Do not make idle threats, but if repossession or foreclosure may be a remedy and it is used by the debt collector or creditor, you may indicate it will be considered. Small claims suits can also fit here.

(iii) Where applicable, to notify the consumer that the debt collector or creditor intends to invoke a specified remedy.

For example, if you must send a notice of intent to foreclose or repossess, it is allowed here.

Mortgage servicing exceptions.

The Official Interpretations to § 1006.6(c)(2) indicate that the written early intervention notice required by 12 CFR 1024.39(d)(3) falls within the exceptions to the cease communication provision. They also indicate that mortgage servicers who are subject to the FDCPA with respect to a mortgage loan is not liable under the FDCPA for complying with certain servicing rule provisions, including requirements to provide a consumer with disclosures regarding the forced placement of hazard insurance as required by 12 CFR 1024.37, a disclosure regarding an adjustable-rate mortgage’s initial interest rate adjustment as required by 12 CFR 1026.20(d), and a periodic statement for each billing cycle as required by 12 CFR 1026.41.

Prohibitions on communications with third parties

Section 1006.6(d)(1) includes a general prohibition on debt collector communications with third parties. Communications about the debt must only be with—

i. The consumer
ii. The consumer’s attorney
iii. A consumer reporting agency, if otherwise permitted by law
iv. The creditor
v. The creditor’s attorney, or
vi. The debt collector’s attorney

Exceptions: Section 1006.6(d)(2) includes these exceptions from those restrictions:

(i) For the purpose of acquiring location information, as provided in § 1006.10 (home address and telephone and place of employment)
(ii) With the prior consent of the consumer given directly to the debt collector;
(iii) With the express permission of a court of competent jurisdiction; or
(iv) As reasonably necessary to effectuate a post-judgment judicial remedy.

A case in point: the Eleventh Circuit Court of Appeals has held that a debt collector (as defined under the FDCPA) who transmits debtor information to a third party violates section 1692c(b) of the FDCPA, which prohibits debt collectors from communicating consumers’ personal information to third parties “in connection with the collection of any debt.” Hunstein v. Preferred Collection & Management Services, Inc., 994 F.3d 1341 (11th. Cir. 2021). If your bank farms out some of its collections to third-party collectors, part of your vendor due diligence should be verifying that the third party doesn’t contract out any part of that effort, including mailing services, etc.

Full disclosure: The Eleventh Circuit’s holding was made by a three-judge panel, from which one of the judges dissented. It is only binding in the states of Alabama, Florida, and Georgia, and the case was remanded back to the District Court to determine whether any unauthorized disclosure actually occurred, and whether the plaintiff is entitled to damages. Other cases involving debt collectors sharing debtor information with third parties are being brought in both federal and state courts. The issue should not be considered settled.

Communications via email and text

Sections 1006.6(d)(3) and (4) permit debt collectors to communicate with a debtor using an email address or phone number (for text messaging) recently used by the debtor regarding the debt unless the debtor subsequently opted out of using that address. But the debt collector may not use an email address or phone number that the debt collector knows has led to a prohibited disclosure of information. The debt collector must have procedures to ensure their use of email or text messaging remains compliant.

A collector who uses a specific email address, telephone number for text messages, or other electronic-medium address of a consumer must include in each such message a clear and conspicuous statement describing a reasonable and simple method by which the consumer can opt out of further electronic communications by the collector to that address or number. The collector may not require, directly or indirectly, that the consumer pay any fee to the collector or provide any information other than the consumer’s opt-out preferences and the email address, telephone number for text messages, or other electronic-medium address they do not want contact thru.

Assume that a debt collector sends a text message to a consumer’s mobile telephone number. The text message includes the following instruction: “Reply STOP to stop texts to this telephone number.” Assuming that it is readily noticeable and legible to consumers, this instruction constitutes a clear and conspicuous statement describing a reasonable and simple method to opt out.

Harassing, oppressive, or abusive conduct
Under § 1006.14(a) there is a general rule of conduct:
“A debt collector must not engage in any conduct the natural consequence of which is to harass, oppress, or abuse any person in connection with the collection of any debt, including, but not limited to, the conduct described in paragraphs 1006.14(b) through (h).”

b) Phone calls: Repeated or continuous calls prohibited. A collector violates this prohibition by placing a telephone call to a particular person in connection with collection of a particular debt either more than seven times within seven consecutive days, or within a period of seven consecutive days after having had a telephone conversation with the person in connection with the collection of that debt (the date of this conversation is the first day of the seven-day period).

Student loan debts: The term “particular debt” means all student loan debts that a consumer owns or allegedly owes that were serviced under a single account number at the time the debts were obtained by a debt collector.

Exclusions from frequency limits: Calls placed to a person do not count toward the frequency limits if they are (1) made with the person’s prior consent given directly to the debt collector within the last seven days; (2) not connected to the dialed number; or (3) with the consumer’s attorney, the creditor’s attorney, or the collector’s attorney.

Unconnected calls: A debt collector’s telephone call does not connect to the dialed number if, for example, the debt collector receives a busy signal or an indication that the dialed number is not in service. Conversely, a telephone call placed to a person counts toward the telephone call frequencies described in § 1006.14(b)(2)(i) if it connects to the dialed number, unless an exclusion in § 1006.14(b)(3) applies. A debt collector’s telephone call connects to the dialed number if, for example, the telephone call is answered, even if it subsequently drops; if the telephone call causes a telephone to ring at the dialed number but no one answers it; or if the telephone call is connected to a voicemail or other recorded message, even if it does not cause a telephone to ring and even if the debt collector is unable to leave a voicemail. [Comment 14(b)(3)(ii)-1]

c) Violence: A collector must not use or threaten violence or harm to a person, their reputation or property

d) Obscene language: A collector must not use obscene language or language deemed abusive to the listener or reader.

e) Debtor’s list: A collector must not publish a list of consumers who refuse to pay debts, except to a consumer reporting bureau

f) Coercive advertisements: A collector must not advertise for sale any debt to coerce payment of the debt.

g) Meaningful disclosure of identity: A collector must not place phone calls without meaningfully disclosing the caller’s identity, except as provided in § 1006.10 [when communicating with a person other than the consumer for the purpose of acquiring location information].

h) Prohibited communication media: Communication is prohibited with a consumer through a medium if the consumer has requested that it not be used. However, a collector may ask follow-up questions regarding preferred media to clarify statements by the person
If a consumer opts out in writing of receiving electronic communications from a collector, the collector may send a confirmation the consumer’s request to opt out, provided that the reply contains no information other than a statement confirming the consumer’s request;
If a consumer initiates contact with a debt collector using an address or a telephone number that the consumer previously said not to use, the collector may respond once using that. Or

If otherwise required by law, a collector may communicate about the collection of any debt through a medium of communication that the person has requested they not use [think required periodic statements].

To be continued

Our discussion of the new FDCPA regulation will conclude in our December 2021 Legal Briefs.

New stuff on Legal Links

By Pauli D. Loeffler

In response to legislative changes (see August, September, and October Legal Briefs), new and updated information and forms have been added to the OBA’s Legal Links web page under the Templates, Forms, and Charts. You will need to create an account through the My OBA Member Portal to gain access if you have already done so.
In response to the changes under Banking Code § 901, there is a summary of how PODs are paid based on whether the POD designations were made before November 1, 2021, as well as those made on and after that date.

With amendments to § 906 which deals with the use of an Affidavit of Heirs for deposits when there are no PODs, there is a new Affidavit form that incorporates statutory language regarding probates as well as an optional Indemnity and hold harmless clause.

Under the Miscellaneous subsection, there are links to all the statutes for both the Power of Attorney Act in Title 58 and for the Statutory Form Power of Attorney Act in Title 15. I have also provided a Power of Attorney Checklist you may find helpful when the bank receives a POA.

October 2021 OBA Legal Briefs

  • Regulatory priorities
  • Consumer complaints
  • 2021 OK legislation—Part III
    • OK Banking Code
    • Judgment liens
    • Motor Vehicles
    • OK Tax Code
    • OK POA Act—Part II
    • Uniform Consumer Credit Code (“U3C”) § 3-508A
    • Uniform Interstate Depositions and Discovery Act of 2021

 

Regulatory Priorities

By Andy Zavoina

You spend your days preparing for meetings, going to meetings, auditing your bank for various compliance topics, and answering questions about what can and cannot be done, and that is all before lunch. We understand you are busy, and your time is limited. Still, one of the issues you must address is forecasting changes that impact your bank and part of this is what the regulators’ priorities are. We watch what Congress and the agencies are doing and proposing and want to take time this month to condense a few of these potential issues before you commit to budgets and audit schedules and all those “next year” things that are about to happen to you in the weeks to come.

As to priorities, the regulatory agencies have a focus on fair lending and equal access to credit. Let me first mention a potential addition to Reg. B and the Equal Credit Opportunity Act (ECOA). HR 166, short titled “Fair Lending for All Act” is intended to clarify, if not expand, protected classes under the ECOA by adding specificity that, (i) sexual orientation, (ii) gender identity, and (iii) location based on zip code or census tract, are also protected classes under the ECOA.

Be sure to also read the section on the Consumer Financial Protection Bureau’s (CFPB) analysis of complaints as it specifically correlates race to census tract to types of complaints submitted. These are fair lending issues and is the first time the CFPB has done such an in-depth review and used census data to get there. Census data will play a larger role in more Reg B changes as well.

CFPB acting Director David Uejio said earlier this year that the CFPB had a new focus and priorities. He said, “I am going to elevate and expand existing investigations and exams and add new ones to ensure we have a healthy docket intended to address racial equity.” He went on, “This of course means that fair lending enforcement is a top priority and will be emphasized accordingly. But we will also look more broadly, beyond fair lending, to identify and root out unlawful conduct that disproportionately impacts communities of color and other vulnerable populations.” He also appeared in a CFPB produced video in which he said, “the CFPB will take action against institutions and individuals whose policies and practices prevent fair and equal access to credit or take advantage of poor, underserved, and disadvantaged communities.”

Acting Director Uejio is not alone; Acting Comptroller of the Currency Michael J. Hsu said, “There is no place for discrimination in the federal banking system,” and added, “The OCC will use the full force of our authority to correct fair lending violations with our supervisory and enforcement tools, including civil money penalties, cease and desist orders, and requiring restitution for customers harmed as a result of any discriminatory practices.”

The Federal Trade Commission took enforcement actions last year in one case requiring $1.5 million in refunds. This was the first time the FTC had charged an auto dealer with illegal racial discrimination said FTC Commissioner Rohit Chopra. Yes, this Commissioner is the incoming CFPB director now that his nomination has been confirmed by the Senate. One would reasonably believe that Chopra and Uejio have shared information as well as objectives and goals.

The OCC recently joined with the Department of Justice in taking actions against Cadence Bank for fair lending discrimination issues which resulted in a $3 million penalty and pledge to invest $5.5 million to increase credit opportunities in some Houston areas (think census tracts) that are predominantly Black and Hispanic neighborhoods.

While fair lending changes are projected, increased enforcement has already begun.

Another change to Reg B is out for comment. Section 1071 of the Dodd-Frank Act requires banks to collect, maintain and report to the CFPB, data on credit applications made by women-owned, minority-owned, and small businesses. This has been a slow-moving change but is now becoming a reality. The Bureau’s 1,000-page proposal will require many small business lenders to essentially collect LAR-like data you are accustomed to under HMDA and CRA for these small business loans when criteria are met. It will also restrict access to certain parts of the information, require recordkeeping and retention as well as publication of the collected data. While a potentially huge undertaking for small business lenders, this rule has some issues and conflicts to resolve and will be finalized within 18 months after its 10/8/2021 publication in the Federal Register . The CFPB is also proposing a transitional period permitting collection of the data such as the owners’ ethnicity, race, and sex and this could extend the required implementation to 2025.

If you are thinking that allows three years, yes, that is the way it looks now. But like the 2018 HMDA overhaul, preparations should begin when you know what you will have to address and that should start in 2022. Monitoring the bank’s lending activity to small business and the minimum thresholds in the final rule may put a bank into or outside data collection requirements.

Consumer Complaints

By Andy Zavoina

On September 23, 2021, the CFPB issued a report, “Consumer complaints throughout the credit life cycle, by demographic characteristics.” We know that complaint management is crucial to your compliance management program as complaints are critical in detecting and resolving issues before they become UDAP, fair lending or other compliance issues. Think of complaint resolution as a way to “nip it in the bud” and avoid a problem from becoming a pattern or practice.

This report used one million complaints from 2018 to 2020 and matches complaints to census tracts, and then uses census tract data to assimilate demographics of the complainant. What was deduced was that complaints from wealthier communities and communities with higher percentages of white, non-Hispanic residents complained about loan origination and performing servicing, and complaints from communities of color and lower income communities complained about credit reporting, identity theft, and delinquent servicing.

Complaints may then be categorized by type, to income and race, based on this methodology. CFPB Acting Director Dave Uejio said, “Our consumer complaint data is a crucial tool for understanding varying consumer experiences, including across racial and economic divides.”

Additional general findings were that:

  • Loan origination complaints increased 50% during the year, driven by higher-income areas with fewer people of color.
  • Areas with the highest share of whites complain twice as much as predominantly Black areas.
  • Predominantly Black areas complain twice as much (per resident) as others.
  • Lower income census tracts submit 30% more complaints per resident.

One reason this is important in my mind relates to the recent action by HUD to rescind the 2020 rule on disparate impact which will make it easier to “prove” discrimination exists based on generalizations. Disparate impact is one method used to show evidence of lending discrimination under ECOA and the Fair Housing Act. The methodology is controversial because it allows a person to claim a fair lending violation when a neutral practice is applied uniformly to all applicants but has a discriminatory effect on a prohibited basis. Could one connect the dots between complaints, income and race that then lead to Reg B – ECOA violations of equal treatment?

Action Items:

1) Stay abreast of the bills and proposals pending. Comment on them when it is of interest to your bank. Be aware of changes and how they impact your operations.

2) As changes are made, keep your policies and procedures current to new requirements. Even if changes are not necessary, document your review so any auditing will see that they are current.

3) Remember that fair lending starts with advertising and flows through the loan process, servicing, and collections. In the last year we have seen big enforcement penalties based on poorly crafted advertising and we see complaints on servicing and credit reporting.

4) Train staff to be aware, ultra-aware of lending issues and complaints and to treat all of them equally and thoroughly as a lending issue may more easily be deemed a fair lending issue today.

2021 OK legislation – Part III

By Kelsey Hull

Hello! My name is Kelsey Hull, and I am an extern for the Oklahoma Bankers Association for the fall semester. I’m currently in my last year at Oklahoma City University School of Law. My hometown is Waynoka, Oklahoma, and I hold a bachelor’s degree in International Studies from the University of Oklahoma. I’m very grateful for the opportunity to write this article, and I hope you find it helpful.

OK Banking Code

Title 6 O.S. § 908. This new section of the Banking Code covers Savings Promotion Raffles. In 2014, Congress passed the American Savings Promotion Act, and Andy Zavoina wrote about the Act in the March 2015 OBA Legal Briefs, which you can access online. While the federal Act excluded these raffles from being an illegal lottery under federal law, it was up to each state to enact legislation to allow these raffles under state law. See Can Contests Help Fill Americans’ Savings Gap?, Pew Charitable Trusts (Nov. 9, 2018); Caroline Ratcliffe, et. al., Evidence-Based Strategies to Build Emergency Savings, Consumer Financial Protection Bureau (July 2020).

Effective November 1, 2021, Oklahoma banks and credit unions may begin offering savings promotion raffles under § 908:

As used in this section, the term “savings promotion raffle” means a contest in which the sole consideration required for a chance of winning designated prizes is obtained by the deposit of a specified amount of money in a savings account or other savings program and each ticket or entry has an equal chance of being drawn, with such contest being subject to regulations that may from time to time be promulgated by the bank’s or credit union’s primary regulator. Oklahoma banks and credit unions are authorized to offer savings promotion raffles.

The only difference between Oklahoma’s Section 908 and the federal Act is in the last sentence. In the federal Act, the last sentence ends by saying “…to be promulgated by the appropriate prudential regulator (as defined in section 1002 of the Consumer Financial Protection Act of 2010 (12 U.S.C. 5481)).” In Oklahoma’s statute, it refers to the bank’s or credit union’s primary regulator.

If any questions remain as to whether saving promotion raffles are lotteries, the definition of “lottery” was changed under 12 U.S.C §25A in 2014, specifically excluding such raffles: “The term ‘lottery’ includes any arrangement, other than a savings promotion raffle…”

Judgment liens

Title 46 O.S. § 15 (Mortgage Code) and Title 36 O.S. § 5008 (Insurance Code). Bankers may recall that Title 47 of the Mortgage Code § 15 requires the release of mortgage be recorded within 30 days after the debt has been paid. If the release is not timely recorded, the mortgagor or the title insurer may demand release, and the mortgagee has 10 days to record the release or face penalties. Beginning 11/1/21 this section will apply to judgment lien holders as well as mortgagees.

Title 36 O.S. § 5008 in the Oklahoma Insurance Code provides that If a mortgagee fails to execute and deliver a release of mortgage to the mortgagor or designated agent of the mortgagor within sixty (60) days after the date of receipt of payment of the mortgage in accordance with a payoff statement provided by the mortgagee or servicer, an authorized officer of a title insurance company or its duly appointed agent may execute and record an affidavit with the county clerk where the real property is located on behalf of the mortgagor or a transferee of the mortgagor together with documentation of the payment. Effective 11/1/21, this section will also apply to judgment liens.

Motor vehicles

Title 47 O.S. § 1110 Perfection of Security Interest

Effective November 1, 2021, the following new provision is added under subsection A:

  1. When there is an active lien from a commercial lender in place on a vehicle, motor license agents shall be prohibited from transferring the certificate of title on that vehicle until the lien is satisfied.

Title 47 O.S. § 427A.  Electronic filing of certificates of title, liens, assignments, and releases. This is a new law under Title 47—Motor Vehicles, which takes effect November 1, 2021. The central idea of this law is the creation of an electronic filing, storage, and delivery of motor vehicle title certificates program. Additionally, the program allows the perfection, assignment, and release of a lien by a lienholder through electronic means rather than paper documents. This program will start on or before July 1, 2022. A qualified system developer will help with providing and accessing the necessary software and equipment to actually implement this digital transformation. However, this new system will only affect applications filed after June 30, 2022. Okla. Stat. Tit. 47, § 427A Sec. A.

Section B of the statute covers various procedures that are available for the program, although the list is nonexclusive.  Okla. Stat. tit. 47, §1105A(B)(1)-(6). First up on the list is delivery of a certificate of title. If a party chooses to use the electronic route, the certificate need only be issued or printed upon the satisfaction of the last lien. The next two examples regard the service provider, and basically say that the vendor will be qualified and charge reasonable fees. In the fourth example, the statute states that the program will allow access to electronic records of the filed items. Part five allows motor license agents to participate in the program and for their receipt of all fees provided by the Oklahoma Vehicle License and Registration Act. Finally, the program accepts electronic or digital signatures.

Section C concerns definitions, which match with those listed throughout the existing statutes in sections 1101 and beyond.

Section D addresses the validity of the documents created, stored, or delivered through the program. All the documents are in fact valid, even with scanned or electronic signatures. As long as the document is a certified copy of the Oklahoma Tax Commission’s electronic record, it will be admissible in court proceedings, if needed.

Section E deals with financing the program. Essentially, the Tax Commission can spend the necessary funds needed to implement the program.

Finally, section F allows the Tax Commission to consult third parties specifically including the Oklahoma Bankers Association to help with the program’s development.

Tax Code

Title 68 O.S. § 2370. This section is amended for taxable years beginning after December 31, 2021. The Oklahoma privilege tax of doing business within Oklahoma for state banking associations, national banking associations and credit unions organized under the laws of this state, located or doing business within the limits of the State of Oklahoma is reduced from the rate of 6% to 4% of the amount of the taxable income.

Title 68 O.S. § 2370.1. This section of the Oklahoma Tax Code is amended effective January 1, 2021, with regard to credit for SBA guaranty of 7(a) program loans. The new timeframe for these credits will be on or after January 1, 2022, and before January 1, 2025.

 Oklahoma POA Act – Part II

By Pauli D. Loeffler

I need to correct a statement made in the newspaper and email versions of the September 2021 OBA Legal Briefs indicating that some but not all the sections under the Durable Power of Attorney Act (“DPOA Act”) were repealed. In fact, all sections (Title 58 O.S. §§ 1071 – 1077) are repealed effective November 1, 2021. How does this affect DPOAs executed prior to November 1, 2021?

Appointment of guardian. Does appointment of a guardian terminate powers granted an AIF under a DPOA? The appointment of a guardian does not automatically revoke the DPOA under either ACT. § 1074 of the old DPOA Act and § 3008 of the new POA Act are similar but not identical. Under both Acts, the principal may nominate a guardian or conservator in the DPOA, and the court shall appoint such person unless s/he is disqualified or for good cause shown.  The AIF is accountable to both the principal and the guardian. The main difference between the two Acts is that under § 1074 (old), the guardian had the power to revoke or amend the DPOA, while under § 3008 (new) the AIF’s authority continues unless limited, suspended or terminated by the court. Note that if the POA is not durable, the powers granted the AIF terminate.

If the AIF under a non-durable POA has no actual knowledge that a guardian has been appointed, actions of the AIF on behalf of the principal are binding. This is true under § 1075 of the DPOA Act and under § 3010 of the new POA Act. On the other hand, even if the AIF does not know of the guardianship, if the bank has actual knowledge that a guardian has been appointed, if the bank allows the transaction under a non-durable POA, it may be liable.

Appointment of Rep Payee or Federal Fiduciary. Neither the Social Security Administration nor the Veteran’s Administration will accept a POA/DPOA. There is a presumption that every beneficiary is capable of handling his or her own money, and the appointment of a Rep Payee does not carry the same notice and hearing requirements as a guardianship. The question of whether appointment of a rep payee or federal fiduciary is effective to terminate a non-durable power of attorney is somewhat uncertain, but I would argue that it doesn’t necessarily amount to a determination of incapacity. Why do I say this? If the rep payee or the federal fiduciary dies or is determined by a court to require a guardian, the bank must notify the SSA or VA and return any benefit payments received. When this happens, the SSA and the VA will send checks directly to the beneficiary until such time as these agencies determine a new rep payee/federal fiduciary needs to be appointed. It is not uncommon for a beneficiary to have one individual named as rep payee/federal fiduciary and someone else appointed as guardian. Until the SSA or VA acknowledges the guardianship and directs payments to the guardian, the guardian will have to work with the current rep payee/federal fiduciary.

Death of the principal. Whether the POA is durable or not, the AIF’s authority terminates upon the principal’s death. Yes, I have actually seen DPOAs that say they are unaffected by death of the principal, but that isn’t true. On the other hand, both the DPOA Act (§ 1075) and the POA Act (§ 3010) provide that if the AIF does not have actual knowledge of the principal’s death and the acts performed are solely for the benefit of the principal, such acts are binding upon the principal’s heirs and successors. Again, if the bank has actual knowledge of the principal’s death, the bank has no protection if it allows the AIF to make transactions.

Protecting the bank. Section 1076 of the DPOA Act provided protection for the bank in making transactions with an AIF if the bank had concerns whether the POA or DPOA may have been revoked, a guardian may have been appointed for the principal if the POA was non-durable, or the principal had died. The bank could require the AIF to sign an Affidavit of Lack of Knowledge and be protected. As was mentioned in the September article, § 3042 of the POA Act provides an optional form that the bank may require the AIF to fill out and execute before a notary Certifying Facts Concerning Power of Attorney. Use of this form will protect the bank.

  • 3024 Authority and Restrictions. I review a lot of POAs/DPOAs to determine whether the AIF can add himself as joint owner or POD, add, remove, or otherwise change PODs, add an authorized signer to an account, directly make transactions on the principal’s living trust, etc. This section of the POA Act clearly sets forth restrictions on the authority of the AIF to do certain act unless explicitly granted in writing under the POA. It supports the positions and answers I have given for the past 17 years. In order for an AIF to create, amend, revoke or terminate an inter vivos trust, make a gift, create or change rights of survivorship, create or change a beneficiary designation, add an authorized signer, waive the principal’s right to be a beneficiary of a joint and survivor annuity, including a survivor benefit under a retirement plan, or exercise fiduciary powers that the principal has authority to delegate (e.g., appoint an authorized signer on a corporation, LLC, etc. account), these powers must be explicitly granted. Further, an AIF who is not an ancestor, spouse or descendant of the principal may not exercise authority under a power of attorney to create in the AIF, or in an individual to whom the AIF owes a legal obligation of support, an interest in the principal’s property, whether by gift, right of survivorship, beneficiary designation, disclaimer or otherwise.

Attorneys generally put in the catch-all provision granting the AIF the power to do any act that the principal may himself do.  I often have to defend my requirement that certain acts, such as adding the AIF as joint owner or a POD require explicit authority.  Subsection C. of this statute provides that subject to subsections A, B, D and E of this section, if a power of attorney grants to an agent authority to do all acts that a principal could do, the agent has the general authority described in Sections 27 through 39 of the POA Act while the grant of the power to make a gift is explained in detail under § 3040.

Uniform Consumer Credit Code (“U3C”) § 3-508A

Title 14A O.S. § 3-508. This section of the “U3C” sets the maximum annual percentage rate for certain loans. It provides three tiers based with different rates based on unpaid principal balances that may be “blended.” It also has an alternative maximum rate that may be used rather than blending the rates. The amounts under each tier were subject to annual adjustment by the Administrator of the Oklahoma Department of Consumer Credit under §1-106, however. The annual adjustment of tier amounts was removed effective August 22, 2014, and a loan made under §3-508A could not have a repayment term of less than 12 months from the date the loan is made which provision was removed effective November 1, 2015.

The loan amount subject to tier (2)(a)(i) has greatly increased as well as the maximum annual percentage rate allowed for that tier. The maximum annual percentage rate for the other two tiers did not increase, but the loan amounts under the second and third tier have. The alternative maximum annual percentage rate allowed in lieu of blending the tiers under (2)(b) remains unchanged.

Maximum Rates by Tier Amounts. §3-508A as amended limits the maximum APR under the three tiers as follows:

(2) The loan finance charge, calculated according to the actuarial method, may not exceed the equivalent of the greater of either of the following:

(a)  the total of:

(i)  thirty-two percent (32%) [currently 27%] per year on that part of the unpaid balances of the principal which is Seven Thousand Dollars ($7,000.00) [currently $2,910] or less;

(ii)  twenty-three percent (23%) [no change] per year on that part of the unpaid balances of the principal which is more than Seven Thousand Dollars ($7,000.00) [currently $2,910.01] but does not exceed Eleven Thousand Dollars ($11,000.00) [currently $6,200.00]; and

(iii)  twenty percent (20%) [no change] per year on that part of the unpaid balances of the principal which is more than Eleven Thousand Dollars ($11,000.00) [currently $6,200.00]; or

(b)  twenty-five percent (25%) [no change] per year on the unpaid balances of the principal.

The Dollar Amounts under the three tiers of §3-508A Loans are NOT subject to annual adjustment, but a new subsection (4) has been added allowing the lender to charge a closing fee IS subject to adjustment under § 1-106:

(4)  In addition to the loan finance charge permitted in this section and other charges permitted in this act, a supervised lender may assess a lender closing fee not to exceed Twenty-eight Dollars and eighty-five cents ($28.85) upon consummation of the loan.

Note that the closing fee, while not a finance charge under the OK U3C, IS a finance charge under Reg Z. Most banks use Reg Z disclosures. This means that it is possible that the fee under Reg Z disclosures will cause the APR to exceed the usury rate under § 3-508A. If that happens, document the file to show that the fee is excluded under the U3C to show that the loan does not in fact violate Oklahoma’s usury provisions.

You can access the § 3-508A Matrix here.

 

Uniform Interstate Depositions and Discovery Act of 2021

By Pauli D. Loeffler

This new Act is codified in Title 12, the Civil Procedure Code, and contains §§ 3250 – 3257. Per § 3257 the Act applies to requests for discovery in cases pending on November 1, 2021.

A subpoena issued by a court of a state other than Oklahoma served on a bank without branches in the state issuing the subpoena had to be logged by the court clerk in the county where the bank was located before service in order to have jurisdiction over the Oklahoma bank. If this wasn’t done, I advised the bank to use the “No Jurisdiction Letter” template available on the OBA’s Legal Links page found under Templates, Forms, and Charts.  On and after 11/1/21, the procedures under the new Act will apply.

§ 3251 contains definitions. “Foreign jurisdiction” is a state other than Oklahoma while a “foreign subpoena” is one issued under the authority of a court of record of a foreign jurisdiction. “State” means the United States, the District of Columbia, Puerto Rico, the United States Virgin Islands, a federally recognized Indian tribe or any territory or insular possession subject to the jurisdiction of the United States. The Act covers subpoenas requiring attendance and giving of testimony at a deposition, production of documents (Subpoena Duces Tecum), and inspection of premises.

§ 3252 requires a party to submit the foreign subpoena to the court clerk of the county in which discovery is to be conducted. Generally, this would be the county where the main bank is located. A request for the issuance of a subpoena does not constitute an appearance in the courts of this state. This is important if the attorney requesting the subpoena is not licensed to practice law in Oklahoma, because s/he would have to file a Motion Pro Hac Vice with the court and obtain a judicial order in order to appear in the Oklahoma court. The names, addresses and telephone numbers of all counsel of record in the proceeding and any unrepresented party have to be provided.

The subpoena issued by the Oklahoma court clerk must be served in compliance with § 2004.1 of the Civil Procedure Code just like any other subpoena. The duties to respond to the subpoena are also subject to § 2004.1.

Orders to enforce, quash, or modify the subpoena or for a protective order must be submitted to the county court in Oklahoma that issued the subpoena.

 

Consumer Complaints

By Andy Zavoina

On September 23, 2021, the CFPB issued a report, “Consumer complaints throughout the credit life cycle, by demographic characteristics.” We know that complaint management is crucial to your compliance management program as complaints are critical in detecting and resolving issues before they become UDAP, fair lending or other compliance issues. Think of complaint resolution as a way to “nip it in the bud” and avoid a problem from becoming a pattern or practice.

This report used one million complaints from 2018 to 2020 and matches complaints to census tracts, and then uses census tract data to assimilate demographics of the complainant. What was deduced was that complaints from wealthier communities and communities with higher percentages of white, non-Hispanic residents complained about loan origination and performing servicing, and complaints from communities of color and lower income communities complained about credit reporting, identity theft, and delinquent servicing.

Complaints may then be categorized by type, to income and race, based on this methodology. CFPB Acting Director Dave Uejio said, “Our consumer complaint data is a crucial tool for understanding varying consumer experiences, including across racial and economic divides.”

Additional general findings were that:

  • Loan origination complaints increased 50% during the year, driven by higher-income areas with fewer people of color.
  • Areas with the highest share of whites complain twice as much as predominantly Black areas.
  • Predominantly Black areas complain twice as much (per resident) as others.
  • Lower income census tracts submit 30% more complaints per resident.

One reason this is important in my mind relates to the recent action by HUD to rescind the 2020 rule on disparate impact which will make it easier to “prove” discrimination exists based on generalizations. Disparate impact is one method used to show evidence of lending discrimination under ECOA and the Fair Housing Act. The methodology is controversial because it allows a person to claim a fair lending violation when a neutral practice is applied uniformly to all applicants but has a discriminatory effect on a prohibited basis. Could one connect the dots between complaints, income and race that then lead to Reg B – ECOA violations of equal treatment?

Action Items:

1) Stay abreast of the bills and proposals pending. Comment on them when it is of interest to your bank. Be aware of changes and how they impact your operations.

2) As changes are made, keep your policies and procedures current to new requirements. Even if changes are not necessary, document your review so any auditing will see that they are current.

3) Remember that fair lending starts with advertising and flows through the loan process, servicing, and collections. In the last year we have seen big enforcement penalties based on poorly crafted advertising and we see complaints on servicing and credit reporting.

4) Train staff to be aware, ultra-aware of lending issues and complaints and to treat all of them equally and thoroughly as a lending issue may more easily be deemed a fair lending issue today.

The CFPB is also proposing a transitional period permitting collection of the data such as the owners’ ethnicity, race, and sex and this could extend the required implementation to 2025.

If you are thinking that allows three years, yes, that is the way it looks now. But like the 2018 HMDA overhaul, preparations should begin when you know what you will have to address and that should start in 2022. Monitoring the bank’s lending activity to small business and the minimum thresholds in the final rule may put a bank into or outside data collection requirements.

2021 OK legislation – Part III

By Kelsey Hull

Hello! My name is Kelsey Hull, and I am an extern for the Oklahoma Bankers Association for the fall semester. I’m currently in my last year at Oklahoma City University School of Law. My hometown is Waynoka, Oklahoma, and I hold a bachelor’s degree in International Studies from the University of Oklahoma. I’m very grateful for the opportunity to write this article, and I hope you find it helpful.

OK Banking Code

Title 6 O.S. § 908. This new section of the Banking Code covers Savings Promotion Raffles. In 2014, Congress passed the American Savings Promotion Act, and Andy Zavoina wrote about the Act in the March 2015 OBA Legal Briefs, which you can access online. While the federal Act excluded these raffles from being an illegal lottery under federal law, it was up to each state to enact legislation to allow these raffles under state law. See Can Contests Help Fill Americans’ Savings Gap?, Pew Charitable Trusts (Nov. 9, 2018), https://www.pewtrusts.org/en/research-and-analysis/issue-briefs/2018/11/can-contests-help-fill-americans-savings-gap; Caroline Ratcliffe, et. al., Evidence-Based Strategies to Build Emergency Savings, Consumer Financial Protection Bureau (July 2020), https://files.consumerfinance.gov/f/documents/cfpb_evidence-based-strategies-build-emergency-savings_report_2020-07.pdf

Effective November 1, 2021, Oklahoma banks and credit unions may begin offering savings promotion raffles under § 908:

As used in this section, the term “savings promotion raffle” means a contest in which the sole consideration required for a chance of winning designated prizes is obtained by the deposit of a specified amount of money in a savings account or other savings program and each ticket or entry has an equal chance of being drawn, with such contest being subject to regulations that may from time to time be promulgated by the bank’s or credit union’s primary regulator. Oklahoma banks and credit unions are authorized to offer savings promotion raffles.

The only difference between Oklahoma’s Section 908 and the federal Act is in the last sentence. In the federal Act, the last sentence ends by saying “…to be promulgated by the appropriate prudential regulator (as defined in section 1002 of the Consumer Financial Protection Act of 2010 (12 U.S.C. 5481)).” In Oklahoma’s statute, it refers to the bank’s or credit union’s primary regulator.

If any questions remain as to whether saving promotion raffles are lotteries, the definition of “lottery” was changed under 12 U.S.C §25A in 2014, specifically excluding such raffles: “The term ‘lottery’ includes any arrangement, other than a savings promotion raffle…”

Judgment liens

Title 46 O.S. § 15 (Mortgage Code) and Title 36 O.S. § 5008 (Insurance Code). Bankers may recall that § 15 in the Mortgage Code requires the release of mortgage be recorded within 30 days after the debt has been paid. If the release is not timely recorded, the mortgagor or the title insurer may demand release, and the mortgagee has 10 days to record the release or face penalties. Beginning 11/1/21 this section will apply to judgment lien holders as well as mortgagees.

§ 5008 in the Oklahoma Insurance Code provides that If a mortgagee fails to execute and deliver a release of mortgage to the mortgagor or designated agent of the mortgagor within sixty (60) days after the date of receipt of payment of the mortgage in accordance with a payoff statement provided by the mortgagee or servicer, an authorized officer of a title insurance company or its duly appointed agent may execute and record an affidavit with the county clerk where the real property is located on behalf of the mortgagor or a transferee of the mortgagor together with documentation of the payment. Effective 11/1/21, this section will also apply to judgment liens.

Motor vehicles

Title 47 O.S. § 1110 Perfection of Security Interest

Effective November 1, 2021, the following new provision is added under subsection A:

  1. When there is an active lien from a commercial lender in place on a vehicle, motor license agents shall be prohibited from transferring the certificate of title on that vehicle until the lien is satisfied.

Title 47 O.S. § 1105A.  Electronic filing of certificates of title, liens, assignments, and releases. This is a new law under Title 47—Motor Vehicles, which takes effect November 1, 2021. The central idea of this law is the creation of an electronic filing, storage, and delivery of motor vehicle title certificates program. Additionally, the program allows the perfection, assignment, and release of a lien by a lienholder through electronic means rather than paper documents. This program will start on or before July 1, 2022. A qualified system developer will help with providing and accessing the necessary software and equipment to actually implement this digital transformation. However, this new system will only affect applications filed after June 30, 2022. Okla. Stat. tit. 47, §1105A(A).

Section B of the statute covers various procedures that are available for the program, although the list is nonexclusive.  Okla. Stat. tit. 47, §1105A(B)(1)-(6). First up on the list is delivery of a certificate of title. If a party chooses to use the electronic route, the certificate need only be issued or printed upon the satisfaction of the last lien. The next two examples regard the service provider, and basically say that the vendor will be qualified and charge reasonable fees. In the fourth example, the statute states that the program will allow access to electronic records of the filed items. Part five allows motor license agents to participate in the program and for their receipt of all fees provided by the Oklahoma Vehicle License and Registration Act. Finally, the program accepts electronic or digital signatures.

Section C concerns definitions, which match with those listed throughout the existing statutes in sections 1101 and beyond.

Section D addresses the validity of the documents created, stored, or delivered through the program. All the documents are in fact valid, even with scanned or electronic signatures. As long as the document is a certified copy of the Oklahoma Tax Commission’s electronic record, it will be admissible in court proceedings, if needed.

Section E deals with financing the program. Essentially, the Tax Commission can spend the necessary funds needed to implement the program.

Finally, section F allows the Tax Commission to consult third parties to help with the program’s development.

Tax Code

Title 68 O.S. § 2370. This section is amended for taxable years beginning after December 31, 2021. The Oklahoma privilege tax of doing business within Oklahoma for state banking associations, national banking associations and credit unions organized under the laws of this state, located or doing business within the limits of the State of Oklahoma is reduced from the rate of 6% to 4% of the amount of the taxable income.

Title 68 O.S. § 2370.1. This section of the Oklahoma Tax Code is amended effective January 1, 2021, with regard to credit for SBA guaranty of 7(a) program loans. The new timeframe for these credits will be on or after January 1, 2022, and before January 1, 2025.

Oklahoma POA Act – Part II

By Pauli D. Loeffler

I need to correct a statement made in the newspaper and email versions of the September 2021 OBA Legal Briefs indicating that some but not all the sections under the Durable Power of Attorney Act (“DPOA Act”) were repealed. In fact, all sections (Title 58 O.S. §§ 1071 – 1077) are repealed effective November 1, 2021. How does this affect DPOAs executed prior to November 1, 2021?

Appointment of guardian. Does appointment of a guardian terminate powers granted an AIF under a DPOA? The appointment of a guardian does not automatically revoke the DPOA under either ACT. § 1074 of the old DPOA Act and § 3008 of the new POA Act are similar but not identical. Under both Acts, the principal may nominate a guardian or conservator in the DPOA, and the court shall appoint such person unless s/he is disqualified or for good cause shown.  The AIF is accountable to both the principal and the guardian. The main difference between the two Acts is that under § 1074 (old), the guardian had the power to revoke or amend the DPOA, while under § 3008 (new) the AIF’s authority continues unless limited, suspended or terminated by the court. Note that if the POA is not durable, the powers granted the AIF terminate.

If the AIF under a non-durable POA has no actual knowledge that a guardian has been appointed, actions of the AIF on behalf of the principal are binding. This is true under § 1075 of the DPOA Act and under § 3010 of the new POA Act. On the other hand, even if the AIF does not know of the guardianship, if the bank has actual knowledge that a guardian has been appointed, if the bank allows the transaction under a non-durable POA, it may be liable.

Appointment of Rep Payee or Federal Fiduciary. Neither the Social Security Administration nor the Veteran’s Administration will accept a POA/DPOA. There is a presumption that every beneficiary is capable of handling his or her own money, and the appointment of a Rep Payee does not carry the same notice and hearing requirements as a guardianship. The question of whether appointment of a rep payee or federal fiduciary is effective to terminate a non-durable power of attorney is somewhat uncertain, but I would argue that it doesn’t necessarily amount to a determination of incapacity. Why do I say this? If the rep payee or the federal fiduciary dies or is determined by a court to require a guardian, the bank must notify the SSA or VA and return any benefit payments received. When this happens, the SSA and the VA will send checks directly to the beneficiary until such time as these agencies determine a new rep payee/federal fiduciary needs to be appointed. It is not uncommon for a beneficiary to have one individual named as rep payee/federal fiduciary and someone else appointed as guardian. Until the SSA or VA acknowledges the guardianship and directs payments to the guardian, the guardian will have to work with the current rep payee/federal fiduciary.

Death of the principal. Whether the POA is durable or not, the AIF’s authority terminates upon the principal’s death. Yes, I have actually seen DPOAs that say they are unaffected by death of the principal, but that isn’t true. On the other hand, both the DPOA Act (§ 1075) and the POA Act (§ 3010) provide that if the AIF does not have actual knowledge of the principal’s death and the acts performed are solely for the benefit of the principal, such acts are binding upon the principal’s heirs and successors. Again, if the bank has actual knowledge of the principal’s death, the bank has no protection if it allows the AIF to make transactions.

Protecting the bank. Section 1076 of the DPOA Act provided protection for the bank in making transactions with an AIF if the bank had concerns whether the POA or DPOA may have been revoked, a guardian may have been appointed for the principal if the POA was non-durable, or the principal had died. The bank could require the AIF to sign an Affidavit of Lack of Knowledge and be protected. As was mentioned in the September article, § 3042 of the POA Act provides an optional form that the bank may require the AIF to fill out and execute before a notary Certifying Facts Concerning Power of Attorney. Use of this form will protect the bank. 3024 Authority and

§ 3024 Authority and Restrictions. I review a lot of POAs/DPOAs to determine whether the AIF can add himself as joint owner or POD, add, remove, or otherwise change PODs, add an authorized signer to an account, directly make transactions on the principal’s living trust, etc. This section of the POA Act clearly sets forth restrictions on the authority of the AIF to do certain act unless explicitly granted in writing under the POA. It supports the positions and answers I have given for the past 17 years. In order for an AIF to create, amend, revoke or terminate an inter vivos trust, make a gift, create or change rights of survivorship, create or change a beneficiary designation, add an authorized signer, waive the principal’s right to be a beneficiary of a joint and survivor annuity, including a survivor benefit under a retirement plan, or exercise fiduciary powers that the principal has authority to delegate (e.g., appoint an authorized signer on a corporation, LLC, etc. account), these powers must be explicitly granted. Further, an AIF who is not an ancestor, spouse or descendant of the principal may not exercise authority under a power of attorney to create in the AIF, or in an individual to whom the AIF owes a legal obligation of support, an interest in the principal’s property, whether by gift, right of survivorship, beneficiary designation, disclaimer or otherwise.

Attorneys generally put in the catch-all provision granting the AIF the power to do any act that the principal may himself do.  I often have to defend my requirement that certain acts, such as adding the AIF as joint owner or a POD require explicit authority.  Subsection C. of this statute provides that subject to subsections A, B, D and E of this section, if a power of attorney grants to an agent authority to do all acts that a principal could do, the agent has the general authority described in Sections 27 through 39 of the POA Act while the grant of the power to make a gift is explained in detail under § 3040.

Uniform Consumer Credit Code (“U3C”) § 3-508A

By Pauli D. Loeffler

Title 14A O.S. § 3-508. This section of the “U3C” sets the maximum annual percentage rate for certain loans. It provides three tiers based with different rates based on unpaid principal balances that may be “blended.” It also has an alternative maximum rate that may be used rather than blending the rates. The amounts under each tier were subject to annual adjustment by the Administrator of the Oklahoma Department of Consumer Credit under §1-106, however. The annual adjustment of tier amounts was removed effective August 22, 2014, and a loan made under §3-508A could not have a repayment term of less than 12 months from the date the loan is made which provision was removed effective November 1, 2015.

The loan amount subject to tier (2)(a)(i) has greatly increased as well as the maximum annual percentage rate allowed for that tier. The maximum annual percentage rate for the other two tiers did not increase, but the loan amounts under the second and third tier have. The alternative maximum annual percentage rate allowed in lieu of blending the tiers under (2)(b) remains unchanged.

Maximum Rates by Tier Amounts. § 3-508A as amended limits the maximum APR under the three tiers as follows:

(2) The loan finance charge, calculated according to the actuarial method, may not exceed the equivalent of the greater of either of the following:

(a)  the total of:

(i)  thirty-two percent (32%) [currently 27%] per year on that part of the unpaid balances of the principal which is Seven Thousand Dollars ($7,000.00) [currently $2,910] or less;

(ii)  twenty-three percent (23%) [no change] per year on that part of the unpaid balances of the principal which is more than Seven Thousand Dollars ($7,000.00) [currently $2,910.01 but does not exceed Eleven Thousand Dollars ($11,000.00); and

(iii)  twenty percent (20%) [no change] per year on that part of the unpaid balances of the principal which is more than Eleven Thousand Dollars ($11,000.00); or

(b)  twenty-five percent (25%) [no change] per year on the unpaid balances of the principal.

The Dollar Amounts under the three tiers of §3-508A Loans are NOT subject to annual adjustment, but a new subsection (4) has been added allowing the lender to charge a closing fee IS subject to adjustment under § 1-106:

(4)  In addition to the loan finance charge permitted in this section and other charges permitted in this act, a supervised lender may assess a lender closing fee not to exceed Twenty-eight Dollars and eighty-five cents ($28.85) upon consummation of the loan.

Note that the closing fee, while not a finance charge under the OK U3C, IS a finance charge under Reg Z. Most banks use Reg Z disclosures. This means that it is possible that the fee under Reg Z disclosures will cause the APR to exceed the usury rate under § 3-508A. If that happens, document the file to show that the fee is excluded under the U3C to show that the loan does not in fact violate Oklahoma’s usury provisions.

 

Uniform Interstate Depositions and Discovery Act of 2021

By Pauli D. Loeffler

This new Act is codified in Title 12, the Civil Procedure Code, and contains §§ 3250 – 3257. Per § 3257 the Act applies to requests for discovery in cases pending on November 1, 2021.

A subpoena issued by a court of a state other than Oklahoma served on a bank without branches in the state issuing the subpoena had to be logged by the court clerk in the county where the bank was located before service in order to have jurisdiction over the Oklahoma bank. If this wasn’t done, I advised the bank to use the “No Jurisdiction Letter” template available on the OBA’s Legal Links page found under Templates, Forms, and Charts.  On and after 11/1/21, the procedures under the new Act will apply.

§ 3251 contains definitions. “Foreign jurisdiction” is a state other than Oklahoma while a “foreign subpoena” is one issued under the authority of a court of record of a foreign jurisdiction. “State” means the United States, the District of Columbia, Puerto Rico, the United States Virgin Islands, a federally recognized Indian tribe or any territory or insular possession subject to the jurisdiction of the United States. The Act covers subpoenas requiring attendance and giving of testimony at a deposition, production of documents (Subpoena Duces Tecum), and inspection of premises.

§ 3252 requires a party to submit the foreign subpoena to the court clerk of the county in which discovery is to be conducted. Generally, this would be the county where the main bank is located. A request for the issuance of a subpoena does not constitute an appearance in the courts of this state. This is important if the attorney requesting the subpoena is not licensed to practice law in Oklahoma, because s/he would have to file a Motion Pro Hac Vice with the court and obtain a judicial order in order to appear in the Oklahoma court. The names, addresses and telephone numbers of all counsel of record in the proceeding and any unrepresented party have to be provided.

The subpoena issued by the Oklahoma court clerk must be served in compliance with § 2004.1 of the Civil Procedure Code just like any other subpoena. The duties to respond to the subpoena are also subject to § 2004.1.

Orders to enforce, quash, or modify the subpoena or for a protective order must be submitted to the county court in Oklahoma that issued the subpoena.

August 2021 OBA Legal Briefs

  • Reg Z’s business day definitions
  • Advance Child Tax Credits and closed accounts
  • 2021 Oklahoma legislation—Part I

Reg Z’s business day definitions

By John S. Burnett

Why Juneteenth caught lenders unprepared

Congress clearly doesn’t know (or care?) that two days’ notice isn’t enough to give lenders when they pass legislation creating a new federal legal public holiday. The kerfuffle that erupted over the addition of the Juneteenth National Independence Day to the list of holidays in 5 U.S.C. 6103(a) may not have ruffled Congress’s legislative feathers, but it raised a lot of questions among lenders, compliance officers, closing agents, investors and, yes, borrowers.

Why? Because it affected many mortgage loans for which closing disclosures had already been provided in the days immediately before the law was enacted on July 17, with closing dates set for early the following week. It also eliminated Saturday, June 19, as a business day for the purpose of counting rescission period days on loans that had closed on June 16 and 17.

In short, some lenders had to postpone closings by a day or more and others had to delay disbursement of loan proceeds, and, of course, borrowers weren’t happy that the new holiday forced those scheduling changes. For lenders who, for whatever reason, were not able to make the right moves, the risk is very real of litigation down the road over technical timing requirements in Regulation Z.

There is talk – or wishful thinking – that the CFPB can “fix” everything with an interpretation or ruling about the impact of the new holiday on mortgage loans closed with unavoidable errors. However, the Bureau can do what it can, but the courts will ultimately decide whether lenders’ concerns are real, and at what cost.

The “business day” definitions

The key to complying with any law or regulations is an understanding of its terms. That’s why there is usually a collection of important definitions, and for regulations, it is usually found in one of the first sections of the rule.

Regulation Z has so many technical timing requirements that include a count of business days that it should be no surprise that “business day” is a defined term in the regulation. In fact, there are two definitions of the term, and which definition applies in a given case depends on which timing requirement in the regulation is in question.

Regulation Z’s definitions of “business day” are found in section 1026.2(a), in paragraph 1026.2(a)(6), which includes two sentences.

The “general” definition. The first sentence of the paragraph reads—

Business day means a day on which the creditor’s offices are open to the public for carrying on substantially all of its business functions.

What does that sentence mean by “substantially all of its business functions”? Comment 2(a)(6)-1 explains—

Business function test. Activities that indicate that the creditor is open for substantially all of its business functions include the availability of personnel to make loan disbursements, to open new accounts, and to handle credit transaction inquiries. Activities that indicate that the creditor is not open for substantially all of its business functions include a retailer’s merely accepting credit cards for purchases or a bank’s having its customer-service windows open only for limited purposes such as deposits and withdrawals, bill paying, and related services.

So, for example, if your bank’s branches are open on Saturdays for handling deposits, check cashing, withdrawals and other routine teller responsibilities, but there are no staffers who can disburse loan proceeds, handle inquiries about loans or loan rates or open new accounts, your bank is not “open to the pubic for carrying on substantially all of its business functions,” and Saturday would not be a business day for your bank under the business day definition in the first sentence of section 1026.2(a)(6).

But if during your Saturday teller hours there is someone at all or most of your branches to open accounts, make loan disbursements and handle credit transaction inquiries, Saturdays would be a business day for your bank.

The term “business day” appears 72 more times in the text of the full regulation (excluding the Official Interpretations in Supplement I). This general definition — a day on which the creditor’s offices are open to the public for carrying on substantially all of its business functions — applies to most of those uses of the term.

However, there are thirteen sections or paragraphs of the regulation in which “business day” is used where the “precise” definition for “business day” is used. Those sections and paragraphs are listed in the second sentence of paragraph 1026.2(a)(6), which reads—

However, for purposes of rescission under §§ 1026.15 and 1026.23, and for purposes of §§ 1026.19(a)(1)(ii), 1026.19(a)(2), 1026.19(e)(1)(iii)(B), 1026.19(e)(1)(iv), 1026.19(e)(2)(i)(A), 1026.19(e)(4)(ii), 1026.19(f)(1)(ii), 1026.19(f)(1)(iii), 1026.20(e)(5), 1026.31, and 1026.46(d)(4), the term means all calendar days except Sundays and the legal public holidays specified in 5 U.S.C, 6103(a), such as New Year’s Day, the Birthday of Martin Luther King, Jr., Washington’s Birthday, Memorial Day, [Juneteenth National Independence Day,] Independence Day, Labor Day, Columbus Day, Veterans Day, Thanksgiving Day, and Christmas Day.

(I added Juneteenth to the list in the regulatory text.)

There are two important lists in that sentence:

  • The list of sections where the “precise” definition applies
  • The list of legal public holidays

The affected Regulation provisions: Here’s a list of the affected Reg Z sections with a brief description of each:

  • 1026.15 – Counting the three business days in the rescission period for certain open-end credit extensions for which there is a security interest in a consumer’s principal dwelling
  • 1026.23—Counting the three business days in the rescission period for certain closed-end credit transactions secured by a consumer’s principal dwelling
  • 1026.19(a)(1)(ii)—Counting the presumed three business days by which a consumer is deemed to have received good faith estimate disclosures in connection with a consumer’s application for a reverse mortgage to be secured by the consumer’s dwelling, if the disclosures are mailed to the consumer. The consumer cannot be charged a fee (except for the cost of a credit report) before the consumer receives (or is deemed to have received) the disclosures.
  • 1026.19(a)(2)—Those good faith estimate disclosures must also be delivered in person or placed in the mail not later than the seventh (precise definition) business day before consummation of the reverse mortgage loan. The precise definition is also used in counting three business days before consummation (and the presumed three-day delivery time if sent by mail) that a revised disclosure must be received if the APR in the early disclosures becomes inaccurate.
  • 1026.19(e)(1)(iii)(B)—Counting the seven business days before consummation to determine the latest day the creditor may send a TRID loan estimate (except for loans secured by a timeshare interest).
  • 1026.19(e)(1)(iv)—If a TRID loan estimate is not provided to the consumer in person, counting the three business days until the consumer is considered to have received it after it was delivered or placed in the mail
  • 1026.19(e)(2)(i)(A)—The consumer in a TRID transaction cannot be charged a fee (other that for a credit report) before the consumer has received the loan estimate and has expressed an intent to proceed with the transaction described in the loan estimate. Section 1026.19(e)(1)(iv) just above requires that, if the loan estimate isn’t given in person, the consumer is considered to have received the loan estimate three (precise) business days after delivery or mailing.
  • 1026.19(e)(4)(ii)—Counting the four business days before consummation by which the consumer must receive any required revised loan estimate and counting the three business days after non-in-person delivery by which the consumer is considered to have received a revised loan estimate.
  • 1026.(f)(1)(ii)—Counting three business days before consummation to determine when the consumer is required to have received the TRID closing disclosure.
  • 1026.19(f)(1)(iii)— If the TRID closing disclosure isn’t given in person, counting the three business days after placing them in the mail by which the consumer is considered to have received them.
  • 1026.20(e)(5)—Counting business days for the timing requirements for disclosures involved when closing a consumer’s mortgage escrow account.
  • 1026.31—Counting the three business days prior to consummation or account opening by which the creditor must provide disclosures required by § 1026.32 for a high cost mortgage or by § 1026.33 for a reverse mortgage
  • 1026.46(d)(4)—Counting the three business days after which a required disclosure for a private education loan is mailed to a consumer that the consumer is considered to have received the disclosure.

The public legal holidays. There are now 11 public legal holidays and 52 (or 53) Sundays that are not business days (even if your bank is open for all purposes) when the precise business day definition in Regulation Z applies. Six of those holidays —the Birthday of Martin Luther King, Jr., Washington’s Birthday, Memorial Day, Labor Day, Columbus (or Indigenous Peoples) Day, and Thanksgiving Day—are always weekdays (five Mondays and one Thursday), and have not caused anyone any confusion.

The other five public legal holidays fall on designated dates—January 1, June 19, July 4, November 11, and December 25—that can occur on Saturday or Sunday. When one of these holidays falls on Saturday, it is often observed the previous Friday, especially by federal employees. In those cases, whether or not the Federal Reserve Banks are closed (they normally are open under these circumstances) the observed holiday (Friday) is a business day when the precise business day definition is applied. The actual holiday (Saturday in such cases) is not a business day when the precise business day definition is applied, even if your bank is fully operational.

When one of the five designated dates occurs on Sunday (Juneteenth and Christmas in 2022, New Year’s Day in 2023), it is often observed on the following Monday, especially by federal agencies and offices. In such cases, the actual holiday is not a business day (both because it is one of the 11 public legal holidays and because it is a Sunday); the observed holiday on Monday (June 20 and December 26 in 2022, and January 2, 2023) is a business day when the precise business day definition applies, even though all Federal Reserve Bank offices will be closed.

For those of you who have read comment 2(a)(6)-2 and note that it says nothing about a designated date public legal holiday falling on Sunday, I agree. The Fed, when it added that little clarifying example of July 4 occurring on Saturday, ignored the fact that it also falls on Sundays with a Monday observance (as it did in 2021). In a phone conversation with a CFPB representative on Friday, July 2, I was assured that Monday, July 5 would be a business day.

In that conversation I suggested that the CFPB will probably be issuing an amendment to § 1026.2(a)(6) and comment 2(a)(6)-2 to add Juneteenth National Independence Day to their lists (hopefully they will make those amendments before Juneteenth arrives in 2022), and that when they make those amendments it would be the perfect opportunity to add an example to the commentary of one of the five designated date holidays (Juneteenth would be the perfect example to use) falling on Sunday. We’ll have to wait and see if the powers that be at the Bureau agree with that logical suggestion.

Don’t use the Reg Z definition elsewhere

Some of you may already be anticipating where this is going, and you’re wondering, “What about Regulation CC and its definition of “business day?” And this is the perfect time for the warning: Never “borrow” a definition from one regulation and apply it to a different regulation. It is a recipe for confusion (or worse) to do so.

Regulation CC is the perfect example, since it has its own “business day” definition in § 229.2(g):

Business day means a calendar day other than a Saturday or a Sunday, January 1, the third Monday in January, the third Monday in February, the last Monday in May, July 4, the first Monday in September, the second Monday in October, November 11, the fourth Thursday in November, or December 25. If January 1, July 4, November 11, or December 25 fall on a Sunday, the next Monday is not a business day.

Do you see the differences between this definition and either definition in Regulation Z?

  • It can never be a Saturday or a Sunday.
  • It doesn’t matter whether your bank is open for substantially all business (it does matter in the definition of “banking day”).
  • If one of the designated-date holidays occurs on a Sunday, the next Monday is not a business day (because the Fed isn’t open for check clearing, etc.)

The same list of public legal holidays is included in both regulations. The Fed should be amending the definition at some point to add Juneteenth to that list in Regulation CC (but, given the Fed’s track record on keeping the regulation current, I won’t hold my breath).

Advance Child Tax Credits and closed accounts

By John Burnett

The IRS started sending direct deposits of Advance Child Tax Credits (ACTC) on July 15, 2021. Additional ACTC credits will be sent on August 13, and the 15th of each month from September through December 2021.

Some of the direct deposits will be directed to accounts that have been closed by the depositor or the bank. This will probably mean that people in some banks will start thinking about “offsets.” But don’t go there!

Treasury regulations require that direct deposits of federal benefit payments directed to closed accounts be returned. The IRS will reissue the payments in check form. A bank cannot legally “reopen” a closed account to accept such a payment, and the payment cannot be diverted to recover on a charge-off. The payments should be returned even if the recipient has another account with your bank.

The IRS has an online tool – the Child Tax Credit Update Portal at https://www.irs.gov/credits-deductions/child-tax-credit-update-portal — for taxpayers to use to update bank account information.

2021 Oklahoma legislation – Part I

By Pauli D. Loeffler

Legislation was enacted amending two sections in the Oklahoma Banking Code (Title 6) and an entirely new section was added. The effective date for the amendments and the new section is November 1, 2021.

§ 901 – POD beneficiaries.

The amended provisions of this statute are emphasized.

B.

2.  A deposit account with a P.O.D. designation shall constitute a contract between the account owner, (or owners, if more than one) and the bank that upon the death of the last surviving owner of the account, and after payment of account proceeds to any secured party with a valid security interest in the account, the bank will hold the funds for or pay them to the named primary beneficiary or beneficiaries if living. If a primary beneficiary predeceases the account owner, the share of that primary beneficiary shall be distributed pursuant to either paragraph 4 or 5 of this subsection, whichever is applicable.

3.  Each P.O.D. beneficiary designated on a deposit account shall be a primary beneficiary unless specifically designated as a contingent beneficiary.

4.  If there is only one primary P.O.D. beneficiary on a deposit account and that beneficiary is an individual, the account owner may designate one or more contingent beneficiaries for whom the funds shall be held or to whom the funds shall be paid if the primary beneficiary is not living when the last surviving owner of the account dies. If there is more than one primary P.O.D. beneficiary on a deposit account, contingent beneficiaries shall not be allowed on that account.

5.  If the sole primary P.O.D. beneficiary is not living and one or more contingent beneficiaries have been designated as allowed by paragraph 4 of this subsection, the funds shall be held for or paid to the contingent beneficiaries who are alive at the time of the account owner’s death in equal shares, and shall not belong to the estate of the deceased primary beneficiary. If neither the primary beneficiary nor any contingent beneficiary is living at the time of the account owner’s death, the funds shall be paid to the account owner’s estate

7.  If only one primary P.O.D. beneficiary has been designated on a deposit account, the account owner may add the following, or words of similar meaning, in the style of the account or in the account agreement:

“If the designated P.O.D. beneficiary is deceased, then payable on the death of the account owner to (Name of Beneficiary), (Name of Beneficiary), and (Name of Beneficiary), as contingent beneficiaries, in equal share.”

8.  Adjustments may be made in the styling, depending upon the number of owners of the account, to allow for survivorship rights, and the number of beneficiaries.  It is to be understood that each beneficiary is entitled to a proportionate share of the account proceeds only after the death of the last surviving account owner, and after payment of account proceeds to any secured party with a valid security interest in the account.  All designated primary P.O.D. beneficiaries shall have equal shares.  All designated contingent P.O.D. beneficiaries shall have equal shares as if the sole primary beneficiary is deceased. In the event of the death of a beneficiary prior to the death of the account owner, the share of that beneficiary shall be divided among any surviving beneficiaries or distributed to contingent beneficiaries pursuant to paragraphs 4 and 5 of this subsection, if applicable.  If no beneficiaries are alive at the time of the account owner’s death, the funds should be held for, or paid to, the estate of the deceased account owner…

12. Subsequent to the effective date of this act, a bank shall provide a customer creating a P.O.D. account with a written notice that the distribution of the proceeds in the P.O.D. account shall be consistent with the provisions of this section.

 What you need to know:

  • First and most importantly, the changes apply ONLY with regard to POD beneficiary designations made on or after November 1, 2021. They do not apply to existing POD designations, so it is critical to take into account the date the POD designations were made in order to comply with the statute.
  • If only one natural person is named as POD beneficiary, the owner may name contingent beneficiaries. if a tax-exempt § 501(3)(c) beneficiary or a trust is named as POD beneficiary, no contingent beneficiaries can be named. These statements apply under both the current version of § 901 and the amended version.
  • If two or more natural persons are named as POD beneficiaries and one of them predeceases the last surviving owner of the account, under the current version of § 901 the funds will be split equally among the living PODs and the estate of the predeceasing POD beneficiary. Under the amended version, only those PODs alive at the time the last surviving account owner dies will receive equal shares.
  • If there is only one natural person named as POD beneficiary who predeceases the last surviving account owner and contingent beneficiaries are named, the contingent beneficiaries who are alive at the time the last account owner dies will receive equal shares under the amended statute as opposed to the current statute under which the estate of a predeceasing beneficiary would receive a share.
  • If all primary beneficiaries predecease the last surviving owner, the funds belong to the owner’s estate under the amended statute, Likewise, this is the result if the sole primary beneficiary and all named contingent beneficiaries predecease the owner.

§ 906 – Transfer of deposits or contents of safe deposit boxes to heirs.

Again, I have emphasized the amendments to this statute.

A. 1. When a deposit has been made in a bank or credit union in the name of a sole individual without designation of a payable-on-death beneficiary, upon the death of the sole owner of the account if the amount of the aggregate deposits held in single ownership accounts in the name of the deceased individual is Fifty Thousand Dollars ($50,000.00) or less, the bank or credit union may, without a requirement that heirs open an additional account, transfer the funds to the known heirs of the deceased upon receipt of an affidavit sworn to by the known heirs of the deceased which establishes jurisdiction and relationship and states that the owner of the account left no will; provided, however, that no probate proceedings are pending.  The affidavit shall be sworn to and signed by the known heirs of the deceased and the same shall swear that the facts set forth in the affidavit establishing jurisdiction, heirship and intestacy are true and correct. The affidavit may contain a clause indemnifying the bank from any damages related to the release of funds.  In the event the account is subject to pending probate proceedings, the release of the deposits in the account shall be determined by the court.

2.  Upon the death of an individual who is the sole renter of a safe deposit box in a bank or credit union, the bank or credit union may open the box in the presence of all known heirs and transfer or release the contents to such heirs upon receipt of an affidavit which establishes jurisdiction and relationship to the deceased and states that the renter of the safe deposit box left no will or that the contents of the safe deposit box are the only known assets of the deceased renter. The affidavit shall be sworn to and signed by the known heirs of the deceased and the same shall swear that the facts set forth in the affidavit establishing jurisdiction, heirship and intestacy or that the contents of the safe deposit box are the only asset of the deceased are true and correct.  Every known heir shall either be present in person or by a duly authorized agent.  If any known heir is unable to be physically present for the opening of the box and transfer of the contents, such heir may appoint an agent by executing authorization in writing in the following form:  “I hereby authorize (name of person) to act as my agent at the opening and transfer of contents of safe deposit box (number or other identification) at (name of financial institution).”  The authorization form shall be signed and dated by the heir and notarized.  The bank or credit union may impose its standard fee for drilling the box if the heirs cannot provide the key for opening.

B.  Receipt by the bank or credit union of the affidavit described in subsection A of this section shall be a valid and sufficient release and discharge to the bank or credit union for any transfer of deposits or contents made in good-faith reliance on the affidavit and shall serve to discharge the bank or credit union from liability as to any other party, including any heir, legatee, devisee, creditor or other person having rights or claims to funds or property of the decedent, and include a discharge of the bank or credit union from liability for any estate, inheritance or other taxes which may be due the state from the estate or as a result of the transfer.

C.  Any person who knowingly submits and signs a false affidavit as provided in this section shall be fined not more than Three Thousand Dollars ($3,000.00) or imprisoned for not more than six (6) months, or both. Restitution of the amount fraudulently attained shall be made to the rightful beneficiary by the guilty person.

Unlike the amendments to § 901, the amendments should have little or no impact on banks. If a) the aggregate deposits held in sole ownership without PODs do not exceed $50,000, b) the customer died a resident of Oklahoma, and c) did not have a will, the affidavit under § 906 was and is available for authority to disburse the funds. If there is a will, or the customer died a resident of another state, then an affidavit under this section is not an option, but the Affidavit under § 393 of the Oklahoma Probate Code (Title 58) might be used both for deposits and safe deposit boxes, if all conditions of that statute are met. I note that under the probate code the Affidavit requires a statement that there is no pending probate. Unlike an Affidavit submitted under § 393, the bank does not face liability for refusing to accept an affidavit under § 906 of the Banking Code for either deposits or safe deposit box contents.

I am mystified by some of the additional language. For instance, I have no clue why “without a requirement that heirs open an additional account” was added. I assume that some banks or credit unions may have had such a requirement that I didn’t know about. Allowing the bank to include an indemnity clause was not prohibited under the current statute, and in light of the provisions under subsections B. and C, I am not sure this change was needed. I note that charging a drilling fee was not prohibited under the prior version.

§ 909 – Powers of Authorized Signer — Form for Additional Powers

This is an entirely new statute. You may access both the statute and the form here.

A. Unless the deposit agreement states otherwise, an authorized signer on a deposit account shall have the following powers, regardless of whether the account is a consumer or commercial account:

 1.  Sign checks;

2.  Make deposits of checks payable to the account owner into the account;

3.  Make cash deposits into the account;

4.  Obtain an account balance;

5.  View copies of checks he or she has signed; and

6.  Obtain deposit slips when making a deposit.

B.  If additional authority is not expressly granted in the deposit account agreement, additional powers may be granted in writing by the owner of the account. If the account is an individual account, the owner may execute an additional authorization document.  It must be dated and in writing and may be revoked or amended at any time by the account owner.  If there are multiple owners, all must execute the additional authorization document.  If the account is owned by an entity, the entity must approve the grant of additional powers in the same manner as it appoints authorized signers.

C.  A customer may initial next to the additional powers to be granted and line through those that are not being granted, pursuant to subsection D of this section.

Form for Additional Powers for Authorized Signer:

I, the undersigned account owner or duly empowered representative of the account owner, hereby grant and approve the following additional powers for authorized signer(s) on account

# _______________________.  Bank name ______________________.

____________ Obtain and use a debit card or automated teller machine card

____________ Obtain copies of statements on the account from the bank

____________ Order checks

____________ Obtain copies of checks or other transactions on the account

____________ Authorize or terminate automated clearing house debits to the account

____________ Complete affidavits of forgery

____________ Initiate a change of address for the account

____________ Withdraw cash up to $___________

____________ Dispute a card transaction on the account

____________ Report a lost or stolen card on the account

____________ Use online banking to view transactions on the account

____________ Set up online bill payments

____________ Use the mobile app to access information about the account.

Important points. The list of powers granted to an authorized signer in subsection A. is not exclusive, and your account agreement may grant powers that aren’t listed in that subsection or restrict powers that are. Additionally, UCC § 4-403 provides that any person authorized on an account may stop payment or close the account and that power exists regardless of the omission from this statute.

There is no requirement that the bank use the additional powers form, and the bank is free to add to or delete powers from the form as it chooses. Please keep in mind that guardians and attorneys-in-fact are governed by other law, so neither the statute nor the additional powers form is appropriate for use in those cases.

July 2021 OBA Legal Briefs

  • Vacations — Required or recommended

Vacations – Required or recommended

By Andy Zavoina

We last wrote about vacation time in the September 2019 Legal Briefs. That was a short article on the recommended necessity of taking consecutive days off. After a year of COVID-19 and everyone being couped up, summer 2021 stands to be a record as people can finally get back out and take much needed vacation time. But rather than say, “here is a cite from the FDIC and Human Resources needs to enforce a policy…” I want to explore why a “vacation” policy should be required, where it is required as well as where it is not, and how to meet the spirit and intent. I put quotes around the key term, vacation, but that is misleading. I also want to explore not just being absent but also being disconnected, and why this is important. It is important to point out to both management and staff that such a policy is a safety and soundness issue, not a way to inconvenience staff or force them to group together the few days of vacation they have.

We will talk about a few real-life cases which reinforce why this policy needs to exist, and under what circumstances exceptions are allowed. By the time you are done, you will be able to ensure management has all the facts and the reasons for requiring many staff members are in fact absent from their duties, and how this is beneficial to both the bank and the employee. In short, it will help you understand why a policy is needed and how to craft it or tweak, if needed, what you already have in place, to best meet the spirit and intent of the rule.

Three cases of interest

Indirect vehicle financing. Fortunately, this was not my bank, but it was a bank about a block away from our main branch and we all knew many of the staff there. Many in my bank knew the woman in question. She had worked for the bank for over 20 years. She rarely took a vacation or sick day. She was seen as dedicated. She was seen as experienced. She was trusted.

It turned out what she was, was a thief, an embezzler. She worked in the indirect dealer area and handled drafts. With many larger floorplans there was a lot of money coming in and going out and that meant large suspense accounts. Those accounts had to be reconciled and checked. But when you have an employee of this caliber and with this experience, you ask her “why?” She will explain it and on you go, because these audits are such a pain to do and explain anyway.

But when she was on a very rare vacation, the employee filling in had questions. Nobody liked the answers because it was well over $100,000 that could not be reconciled and that is a shock for a small bank. She had been taking money and as the phrase goes, cooking the books. When she was not available to answer certain questions, the facts came pouring out because numbers do not lie.

First Community Bank, Cave City, AR. Two years ago, there was an incident in Cave City, Arkansas. This is “Home of the world’s sweetest watermelons.” In the 2010 census this was a town of less than 2,000 people, so a small town to say the least.

Today the bank involved has 28 locations in Arkansas and Missouri and the Cave City branch shows to have deposits of $22 million. For 18 years Carrie Porter worked at First Community Bank. She was a teller. For about 12 of those years Carrie would periodically take a stack of $100 bills. The first time she walked out of the bank with $10,000 in her purse that was not hers, it was not hard. She continued this every three or four months.

By the time she was caught the sum of her theft was calculated to be $285,125. She was very apologetic and confessed what she had done. She was cashing in her retirement and her family was harvesting trees from their property and selling land. She hoped to repay 80 percent of what she had stolen before she reported to prison for 18 months. She swore she would repay all of it. She said the money “was just gone” and really had nothing to show for it.

Carrie Porter will be about 51 years old when she is released and most certainly her family will be paying the price with her. Thefts such as this impact the bank, the employee, and the families of all involved.

Bank fraud, wire fraud, and money laundering (Oh, my!). In April of this year in New York, Gangadai Rampersaud Azim was arrested and charged with wire fraud, bank fraud, bank theft, money laundering, and conspiracy, for her role in a scheme to defraud the bank she worked at, of $1.7 million. These charges are pending, so the crime is alleged at this point.

Azim allegedly stole more than $1.7 million and concealed the crime until an absence from work led to its discovery. Yes, she had an illness that forced her to take leave. She was not there to cover her tracks.
In January 2021, the bank set off a customer’s deposit for a delinquent loan. The customer claimed the loan had been paid off in 2019, and the unravelling began. In 2019 the money was taken for the loan and the customer believed the loan was paid off. Azim kept that payoff and unbeknownst to the borrower, started a renewal of the loan for them. There is both a debit and credit, but Azim’s theft created an additional debit that had to be concealed in the future.

The investigation revealed Azim repeatedly made false entries in the bank’s systems, misappropriating funds paid to the bank by many borrowers who thought their loans were paid off. In fact, Azim was extending the maturity dates, so the bank believed it had assets, while the borrowers thought they had no debts. As loans came due, they were covered by new loans faked by Azim to replace them.

The criminal complaint says, “Between August 2008 and January 2021, Azim, a long-time employee of a New York, New York-based bank (“Bank-1”) stole approximately $1.7 million from her employer. Over the course of approximately 12 years, Azim executed hundreds of wire transfers of Bank-1 funds to co-conspirators and related companies, who then sent portions of the ill-gotten funds to Azim’s personal bank account.

“In furtherance of her scheme to defraud Bank-1, Axim repeatedly made false entries in Bank-1’s systems, misappropriating funds paid to Bank-1 by its clients to satisfy outstanding loan obligations and then extending the maturity dates of those loan obligations, making it appear as though the loan obligations had not yet been paid. When even the fraudulently extended maturity dates came due, Azim originated new, fraudulent loans. Azim utilized the proceeds of those fraudulent loans to satisfy the loans for which she had previously stolen the client payments. In doing so, Azim abused her position at Bank-1 and enriched herself at the expense of her employer.”

In all it appears there were 14 fraudulent loans without promissory notes for $1 million that were used to pay the fictitious debts Azim created, and five others for more than $700,000 with extended maturity dates where the borrower thought the loans had been satisfied. Over approximately 12 years, between 2008 and 2020, Azim made approximately 200 wire transfers of bank funds, each for an amount under $10,000, sent to third party accounts. Transfers were made to co-conspirators and related companies, which then returned portions of those funds to Azim.

We never would have thought …

The bank’s Security Officer will advise the bank to diligently have the internal control and other periodic audits completed because the bank must be diligent against theft. Banks and other companies often say when an embezzlement is found that that was the last employee they would have ever thought would steal from them. Unfortunately, many of the traits of a dedicated employee are also those of someone covering up a theft. Additionally, there are signs to look for in employees such as those living beyond their means, having financial difficulties, having unusually close relationships with vendors, and having excessive control issues such as over the account relationships they oversee.

Security programs will point out common warning signs seen when employee thefts have occurred. These are not definitive points, but rather are intended to raise awareness.

• The employee never wants to take vacation.

• The employee works a lot of overtime and enjoys the peace of quiet of being the only one there.

• The employee takes work home.

• There are signs of excessive personal spending, cars, vacations, collectibles, etc. Some of these may be converted to cash through sale, laundering if you will, and some may be for personal enjoyment.

• Frequent casino trips.

• Unusually close relationship with customers or vendors.

• Unverified expense reports for supplies or travel.

Disconnecting

Human Resource managers and health experts all agree that there is a reason for weekends and vacations regardless of the energy and dedication an employee has. Disconnecting from the job is needed for mental health. Therefore, your bank offers vacation time.

There are many reasons big vacations are not taken. Not every employee wants to travel or has the means to do so. There may be additional restrictions due to an employee’s health or that of someone they care for. Family schedules can be hard to sync and there can be many other reasons. But that does not prevent a person from using time off and disconnecting from the job.

There is the occasional employee who wants control. The work they do may be intricate and detailed and having a day-to-day knowledge of what has transpired assists them in keeping up to date and resolving problems quickly and accurately. “If I leave for a few days, I’ll just come back to a mess that will take weeks to clean up.” This may be a valid concern, but sometimes it is a sign of a controlling person who has falsified records and accounts and is concerned that anyone stepping into their job may find a discrepancy and that could lead to discovery. It is like a juggler with many balls in the air. If you miss one, many others may come down as well. They must be there, in control, to keep those balls in the air.

There are pros and cons of a mandatory vacation requirement. These should be recognized by management, HR, and the bank’s employees. Taking a short block of days, such as one week, gives the employee a chance to recharge their batteries. It can be a needed break.

This employee’s time off is also an opportunity for the bank to review the employee’s area. Have there been complaints from customers or staff that a supervisor was overstepping their authority? This is a chance for issues to come to the top so they can be resolved. It is also a time when workloads can be reviewed and balanced for the benefit of everyone. It also encourages cross training staff. No one person is irreplaceable and if they are, the bank needs to rectify that. People come and go but the business tasks continue as do deadlines. This gives the junior employee a chance to work at a higher level and to understand a job they may inherit or may not be suited for. In that case, it is better to know sooner rather than later. If that junior employee is in a rut, this may be an opportunity to help them as well. And if that seasoned employee were to decide to leave suddenly, the bank wants to know who can fill the position and what information may be needed to do so. A few vacation days may reveal that more cross training is required to be efficient, or that the written procedures are not adequate for the position in today’s environment.

After a year of so many telecommuting on a full or part time basis, this need is even more pressing today. It is rare that an employee will come back from a vacation more tired than when they left, even if they filled every day with activities. They either enjoyed the time off or looked forward to getting back to their routine. Either way, it is a positive position for the bank. That leads to happier employees, and makes future recruiting easier as well. It also makes planning easier for the bank and the employees because certain dates can be blacked out well in advance for the benefit of both the bank and staff.

Something that can be a short term “con” and a long term “pro” is that this advance planning reveals staffing concerns. Certain positions can be harder to fill and may stretch key employees very thin. Knowing this in advance assists in resolving the issue before it happens at a less controlled time.

Preplanned vacations may contribute to scheduling challenges as well. When several employees want the week off around given holidays like July 4th or Christmas, it can be taxing on those left to complete all the work. This may also draw down management’s time as increased supervision over a department or certain jobs becomes required. For this reason, adding planned maternity leaves into the calendar aids in the overall planning. A vacation will be easier to adjust than a parental leave.

Another challenge in having a mandatory vacation requirement is enforcing it. HR needs to be able to warn employees well in advance so there is not a concentration of employees who all need the last week of the year off. If planned events must be adjusted for whatever reason, they should be rescheduled immediately to avoid a bottleneck.

If an employee does not use their annual vacation time, either it accumulates which could cause the bank actual cash if it pays the employee for that time, or the employee could lose those days which could be seen in the long term as “theft of time” by the employee. That is, if their opinion of the bank sours, this will be one more thing they dislike about it and blame the bank. It also serves to support a bad employee as it adds justification to anything they are doing wrong.

How should the bank manage these situations? The bank controls the risks. The risk is the employee could be embezzling, but that is certainly not the norm and we do not assume it is, but we do recognize it as a red flag. It is a risk that is mitigated in part by ensuring employees use vacation time. You may hear arguments, “I don’t have enough vacation time to take an entire week off,” or “I’m a one-person department. If I’m not here to do my job, it will not get done.” This brings us back to risk mitigation. The bank truly needs someone else to understand that job and to be able to do it. In addition to the proverbial bus taking that employee out of their job, that employee limits their upward mobility in the bank, and if they ever choose to leave the bank there would be nobody cross-trained to fill in or take over. Again, risk mitigation is good for the bank and the employee in this case. Fortunately, this risk mitigation is also an audit control feature.

Audit Controls

The bank’s HR area should have a record of which employees have how many days of vacation. Proper procedures tell us the vacation days should be tracked. The bank needs to be aware of who uses, stockpiles, or loses vacation time. Proactively monitoring who has how many vacation days is a positive step for the bank in planning its calendar. When the bank has large projects coming up such as systems conversions, a new branch opening, or a major exam, certain employees may not be able to take vacation days. These need to blacked out and the employee needs to know this in advance.

Likewise, the employee should be able to identify at least one block of time they do want vacation, and this should be communicated to the bank. As an example, a bank with a mandatory five-day block of vacation needs to know when certain employees will be out. Additional vacation days may be broken up as some people enjoy short breaks and pairing one or two days with a holiday weekend provides interim breaks. But that five-day break helps detect possible ongoing fraud. Five days is often enough for one or more of those balls in the air to drop.

There may be a set period of days the bank identifies as “mandatory vacation.” If the bank determines that for a variety of reasons a five or even ten-day block of time is required, employees and the bank need to plan when this will be, so it meets the needs of both the staff and the bank. Employees may be restricted from having overlapping days with another key employee, so it may be necessary to create a hierarchy of who gets preference, the senior employee by position or time at the bank, the first one to request those days or some other methodology that works for your bank.

OK Administrative Code 85:10-5-3

To save you from looking this up, here is what the Administrative Code requires of your internal controls program as to being absent. The actual text is in italics, and I’ve injected my own comments after each paragraph, as needed, to reinforce certain points:

All internal control programs adopted by banks shall contain as a minimum the following:

(1) A requirement that each officer and employee, when eligible for vacation, be absent from the institution at least five consecutive banking days each calendar year, unless otherwise approved in writing by the bank’s bonding company for bank officers and employees generally and then each officer and employee who may be excepted from this requirement must be specifically approved by the bank’s board of directors and it shall be recorded in the board of director’s minutes, that the officer or the employee may be absent less than the five consecutive banking days. During the absence of an officer or employee, the duties of the absent officer or employee must be performed by other bank officers and employees.

This section says a lot. Some banks have expressed a policy of providing immediate vacation availability to meet this perceived five days off requirement. Note the text says, “when eligible for vacation.” If the bank’s vacation policy requires accrual and prohibits taking vacation in the first three or six months, then the requirement to take days off is based on eligibility and no time is available during that probation or accrual period. The bank may consider a policy such as “the employee will accrue 0.83 days of vacation per month yielding 10 days after one year. The employee will be eligible for vacation after 6 months, when five days have accrued. As vacations are planned, a five-day continuous block must be scheduled by the employee. Additional days may be taken at the convenience of the bank in one day increments, but at least one block of five days must be planned.” A policy such as this means that an employee hired after June will not have time to accrue the minimum five days required, July to December is six months, 6 x0.83=4.98 days, rounded up to the five needed, but the calendar year ends with the last accrual. In this case the accrued days could be taken in that year with the caveat that the 5-day block will be taken the following calendar year as there are more days accrued. Employees hired in May could feel resentment as a strict reading says they are eligible for five days of vacation in December and would have to take those days then to achieve the “each calendar year” requirement. The bank would then have to consider that is what is required, or an exception be granted or that vacations are simply not allowed in the first calendar year except by special permission.

Note next that the actual requirement is not that an employee take vacation days, but that they be absent for at least five consecutive days. In that this is an internal fraud control procedure the five days are business days – days in which problematic transactions such as those noted in the actual cases above could be detected. This means we do not count non-banking days such as weekends, holidays, or days when the bank is otherwise closed. This brings up an exception to consider. Say an employee is on a five-day vacation break and a winter storm closes your bank for two days. If there is no item processing, the intent of this break may not be met. The bank needs to consider extending that employees time off to accomplish the five-day break. Since the bank was closed those shouldn’t be vacation days anyway, but the employee may not have enough vacation days remaining for a five-day absence. If the vacation is not extended at that time, consider noting it as an unintended and unavoidable exception caused by an act of God.

Let’s consider another exception. Say an employee has a severe illness and has used their personal and vacation days. Some policies allow other employees to donate their days off to that sick employee. That may exhaust the donating employees vacation days and not allow the five-day absence requirement to be met. Such a policy should allow all but five days to be donated, unless the absence requirement has or will otherwise be met, so keep reading.

The real point here is that the issue is a five-day absence. Let’s assume the bank’s CFO is travelling out of town on Monday for a conference to be held Tuesday through Thursday. She then will travel home on Friday. All 5 of those days were business days. The 5 days of absence can be met with her not performing any of her duties in the bank – that is, if she was absent.

Now let’s consider what “absence” means. Remember that one motivating factor here is fraud detection. This means that employee is not conducting any of their functions or advising on issues while away. They should not be calling, texting, or emailing anyone about their job. Any message such as “Do not worry if it does not balance. Leave it as out and I will fix it/figure it out when I get back. No one will know” would completely defeat the purpose of the rule from an internal control perspective. Similarly, the bank should consider suspending the logon credentials of the absent employee. This protects the bank and the employee as the employee will without question not be able to go into the bank’s systems and make any changes, and any other employee using those credentials will be locked out. The bank’s IT department would be able to track attempted logons and determine if these credentials were compromised. That would be a separate issue, but an important internal control, nonetheless.

Exceptions can be allowed. These may require the approval of the bank’s bonding company, and the board of directors. The latter should be noted in the board meeting minutes. I was a common exception in my bank. It was a smaller bank, and I was the Compliance Department. This is a field requiring precise knowledge of laws and regulations and I was not easily replaceable. There were subject matter experts in various departments of the bank who could answer questions about their areas, but I tied it all together. I never worked on any general ledgers, debits or credits or handled cash or checks for processing. I did not grant or close loans. This put my position at a very low risk of conducting internal fraud and especially any fraud that would be detected because of my absence.

In a very small bank, another potential solution is cross-training. Two employees may switch positions, but it is imperative that they not conduct or advise each other about their duties as this could defeat the purpose of being absent. This is not ideal but may be permissible under certain circumstances.

Other Rules

The FDIC addressed this issue in FIL-52-95. Yes, that is from 1995 and it is still valid. In part it says, “The FDIC endorses the concept of a vacation policy that allows active officers and employees to be absent from their duties for an uninterrupted period of no less than two weeks.” Some larger banks do hold to a ten-day period but because of staffing issues, five days is often considered adequate to detect wrongdoing. The FIL is guidance, not a requirement. It states that if a bank is not following this guide, examiners should encourage the board of directors to annually review and approve the policy followed and the exceptions allowed. The March 2015 Internal Routine and Controls exam manual includes a section recommending a bank have a policy requiring employees (which includes officers) be absent for a two consecutive week period. I understand examiners will inquire about this, but that little else is done when risk management practices and strong internal controls exist. The exam manual calls for only a discussion with management when such a policy does not exist. It also states, “Any significant deficiencies in an institution’s vacation policy or compensating controls should be discussed in the ROE and reflected in the Management component of the Uniform Financial Institutions Rating System (UFIRS).” The exam manual also refers to the rotation of staff as an effective internal control and a valuable part of an employee’s training.

The Federal Reserve issued SR 96-37 in December 1996 discussing required absences. This was a guidance document. The FRB later issued Circular 10923 on February 10, 1997, where it provided guidance and recommended a ten-day absence. It is specific to sensitive positions and allows for well document exceptions.

I was in a national bank for over 20 years, and it was not an event during any of our exams. I have read that as national banks get bigger, the examiners do pay more attention and do point it out as a strong internal control. So, like the FDIC and FRB, they encourage a policy requiring absence, but it is not a requirement. It is mentioned in the OCC’s Internal Controls Manual. This references sensitive positions or risk-taking activities and asks, “Is there periodic unannounced rotation of duties for employees or vacation requirements that ensure their absence for at least a two-week period?” This is a question, but not a stated requirement.

The bank may opt to prioritize which positions would require a consecutive five- or ten-day absence from their positions and those handling cash and checks, approving and processing loans and similar “at-risk” tasks and positions may be the only ones required, or they may require a higher bar to request and have approved any exception. Risk rating the employee’s positions will not please all of them, but some may be happier than others. Changes to a position’s duties could influence this risk status, so remember to add that to a checklist, if applicable.

May 2021 OBA Legal Briefs

  • Dot your i’s, cross your t’s (employer workplace notice rules)
  • Foreclosures and evictions after a pandemic

Dot your i’s, cross your t’s

By Andy Zavoina

We, in the compliance and legal fields make it a habit of dotting our i’s and crossing out t’s because we are nitpickers. We look for little details and we agonize over potential terms like “the bank may…” If your mother said you “may” eat all your brussels sprouts does that seem like “may” means it is an option to do so or you must do so? And different people may interpret that statement differently, but we all need to know and follow the rules as best we can. Doing so is a risk issue. Sometimes that risk issue is of a regulatory nature and at others it may be a litigation issue.

Now let’s address one of those often-forgotten rules addressing signage. As nitpickers we periodically walk through our branches and we look for signage. There are funds availability notices near the teller line, equal lending posters near the loan area and a Customer Information Program notice near new accounts. We are very familiar with the signage requirements that are well defined in the regulations we deal with every day. But it is the odd requirements we could fail on because we are not well versed in personnel compliance matters, nor are our examiners who may or may not be checking them. These are signage requirements involving the bank as employer and its employees. These may be of little “importance” on day-to-day matters because it is not a consumer protection issue, but it may be an employee information issue. In my bank, I would include these human resource signage requirements in my compliance signage audits because as a bank officer, it was my job to protect the bank in all matters, extending beyond consumer compliance.

Has your bank ever been involved in litigation with an ex-employee? It might be like many marital divorces as the name calling and mudslinging begins. Signage could be an issue in these instances, because the bank never posted “that sign advising me of my rights, so the bank was negligent.” That may be heard from the ex-employee’s lawyer as they ask for back pay or some other compensation they feel they are now entitled to, or when the employee’s gripe may lead to a monetary penalty from a government agency like the Department of Labor.

When you do that walk-through (annually or at some other frequency based on your compliance audit program) in the branches with your signage checklist, you may be looking for the 5-in-1 Employment poster. On the BankersOnline Tools section for Signage Audits, this is noted as “Required to be visible to job applicants and employees, 42 USC 2000e-10(a). This poster should include five parts, and if not in a combined poster, individual signs must be posted in the manager’s office or lobby. The five laws are: Equal Employment Opportunity Act, Fair Labor Standards Act, Employee Polygraph Protection Act, Family Medical Leave Act, and OSHA’s Plain Language ‘It’s the Law’.”

There is also a Notice of Employee Rights poster under the National Labor Relations Act, the primary law governing relations between unions and employers in the private sector. See 29 CFR Part 471. Banks need this sign because they have FDIC deposit insurance, complete savings bonds transactions, and perhaps have government contracts. Post the notice conspicuously in offices where employees covered by the NLRA perform contract-related activity, including all places where notices to employees are customarily posted both physically and electronically.

Generally, there are several requirements your bank may need to follow from the Fair Labor Standards Act (FLSA), the Family and Medical Leave Act (FMLA), the Employee Polygraph Protection Act (EPPA), or the Service Contract Act (SCA). The SCA is also referred to as the McNamara-O’Hara Service Contract Act, a federal law controlling service contracts entered into between individuals or companies and the federal government, for the contractors to engage “service employees” to provide services for these government agencies. Most banks don’t have SCA concerns.

Sometimes these signage requirements are met with notices in a Human Resources area, where staff hiring and training is common, and perhaps in a breakroom where employees frequently gather for meetings and breaks. But how many times have employees seen these required notices since the pandemic sent them to work from home?

Many employees have been working from home for twelve months or more. While some staff may be returning to the branches to work, others may be rotating back and forth from a home office to the bank every other week or with some other frequency, and still others may be shifting to a home office on a permanent basis for any number of reasons. Many banks and other employers have ignored signage requirements because there were more pressing issues, and the home office was a temporary assignment. No regulators were asking about signage and it has not risen to being a formal issue, yet.

But as a nitpicker, part or your job assignment is to mitigate risk – and to avoid it when possible. As it pertains to compliance with federal employment laws, let’s talk about risk avoidance. Be sure to include Human Resources in this discussion both to ensure they are aware of what can be done, as well as to avoid duplicative efforts and to know that anything that has been done meets all the legal requirements. Two heads are better than one.

The Department of Labor (DOL) has provided some assistance in its Field Assistance Bulletin No. 2020-7 (FAB 2020-7). This bulletin was published last December and provides guidance explaining what can be done with electronic postings.

Early in FAB 2020-7, it separates the federal requirements of these notices which require continuous availability from those which are considered individual notices. The former includes FLSA, FMLA, and the EPPA. The latter group requires the bank to provide one-time, individual notices includes Section 14(c) of the FLSA. According to FAB 2020-7, the bank may meet posting and disclosure requirements for the first group by always making them available to home office workers on a website; the latter may be delivered by email. There are conditions for these substitutions and the bank may still have to keep those paper versions posted in the branches.

For laws or regulations which require a bank to “post and keep posted” certain signage “at all times” the Wage and Hour Division of the DOL says that it will consider electronic posting an acceptable substitute where three conditions are met. (1) All of the employer’s employees exclusively work remotely; (2) all employees customarily receive information from the employer via electronic means; and (3) all employees always have readily available access to the electronic posting. Let’s break down some of this and immediately clarify some points.

Like E-SIGN, the idea is that accessibility matters. Unlike E-SIGN there are no demonstrable consent requirements. If you have employees working remotely, it is assumed technology is not a problem and the employee can send and receive, view, and respond to all these work-related items. The requirement is that electronic postings and notices be as effective as the hard copy notices you have in branches. Next, when it says “all of the employer’s employees” it does not mean the entire work force must be working from remote locations for these disclosures to be permitted, but rather it is referring to all of those who are working remotely. It is also separating those who may be remotely working from those in the branches. Remote workers can get these notices electronically while those in the physical branches could have it available electronically but must also have it available via the traditional means of physical posters, as an example. The FAB explains that “where an employer has employees on-site and other employees teleworking full-time, for example, the employer may supplement a hard-copy posting requirement with electronic posting and the Department would encourage both methods of posting.” It also says “In most cases, these electronic notices supplement but do not replace the statutory and regulatory requirements that employers post a hard-copy notice. Whether notices are provided electronically or in hard-copy format, it is an employer’s obligation to provide the required notices to all affected individuals,” referring to EPPA and FMLA requirements.

The FLSA has a requirement for individual notices under Section 14(c) which pertains to subminimum wage provisions. I’m including some discussion here in the event Section 14(c) is applicable to some of our banks.

The FLSA provides for the employment at wage rates below the statutory minimum for certain individuals. These include students which could be high school vocational students, full-time students employed at the bank as well as college interns. Also included are individuals whose earning or productive capacities are impaired by a physical or mental disability. These may be related to age or injury. Employment at less than the minimum wage is authorized to encourage employment opportunities for this class.

Section 14(c) requires delivery of individual notices to applicable employees. Notice requirements may be met using email or something similar, such as through an intranet, but only if the employee typically receives communications from the bank in this same manner. So, this is not a channel exclusively used for these notices.

To meet the requirements of delivery via an electronic medium, the employee must have “access.” This means they must be able to readily see a copy of the required postings, and the electronic postings must meet the same requirements as worksite postings in the branches. This effectively means the employee must have access to the postings without first acquiring any special permissions such as links or passwords that they would not typically already have. It is not an effective substitute if the postings are in an unknown or little-known location. If this were the case the DOL might consider the disclosures to effectively be hidden from view. The bank would be required to inform employees how to access these notices and provide that employees easily be able to identify which postings apply to them. If the bank does not customarily post notices to affected employees electronically, then doing so just for these notices would not be considered an effective substitute.

Fair Labor Standards Act

The FLSA applies to employers whose annual revenues total $500,000 or more or who are engaged in interstate commerce. The interstate commerce sounds like it may be a disqualifier for some banks, but courts have ruled that this is a very low bar. In fact, some courts ruled that using the postal service to send and receive mail to and from other states qualifies and so can using bank telephones to make and accept calls from other states. There are exemptions for executive, administrative and professional workers in many cases, but it is unlikely everyone in the bank is exempt.

Banks with employees subject to the FSLA rules on overtime, minimum wage or Break Time for Nursing Mothers are required to have a disclosure continually available. This signage must be in a conspicuous place in each branch (or office) so the employees can easily see it.

When the three conditions described above are met, the bank can satisfy its posting requirements using electronic format.

Family and Medical Leave Act

The FMLA applies to all public agencies, all public and private elementary and secondary schools, and companies with 50 or more employees. In our case, it requires banks meeting the criteria to provide an eligible employee with up to 12 weeks of unpaid leave each year for various reasons including for the birth and care of an employee’s newborn, new adoption, or new foster child, to care for an ill immediate family member, and more.

Similar to the FLSA, a notice in the branches and offices must be posted and kept continually available with prescribed information for the employees. It must be in a prominent place to be seen, in this case, by existing employees and applicants for employment. It must be easily readable. In this case, having the FMLA notice in an area accessible by existing staff is not sufficient if the bank is hiring staff using a web site. Remember as these notices are placed, they must be where the applicable persons will see them. Again, review the three conditions above to satisfy the FMLA signage requirements when doing so electronically.

Employee Polygraph Protection Act

The EPPA prohibits the bank (and most private employers) from using polygraph tests for pre-employment screening and during employment. The bank cannot require that someone take a polygraph test, fire, discipline or discriminate against someone because they refuse to take one and exercise their rights under this law. But there are some exceptions to the rules. The bank may obtain a polygraph when that person is reasonably suspected of involvement in a bank incident (theft, embezzlement, etc.) that resulted in economic loss or injury to the bank. If one is done, it must be completed by an examiner licensed by the state where the test is done, they must be bonded and have professional liability coverage. Additionally, the test must include a pretest, test and posttest following strict standards.

This is a poster that must be continually available. It must be in a prominent and conspicuous place in every branch or office so employees will see it. The online EPPA poster specifically says in red, capitalized text, “THE LAW REQUIRES EMPLOYERS TO DISPLAY THIS POSTER WHERE EMPLOYEES AND JOB APPLICANTS CAN READILY SEE IT.” https://www.dol.gov/sites/dolgov/files/WHD/legacy/files/eppac.pdf Note we have another instance of applicability to job applicants. While the DOL has these notices in English and Spanish, the latter is optional. The current required poster was revised in July/August 2016 and has a “REV 07/16” date in the lower right corner.

In the cases of the FLSA, FMLA and EPPA, if you have staff in a branch or office, those persons are not intended to rely on these electronic versions for notice. Do not remove the paper versions that should be posted already.

Section 14(c) of the Fair Labor Standards Act

The requirements of this section are described above. Of note, this is the only notice discussed here requiring that each worker (in this case with a disability) and, as applicable, the parent or guardian of the worker, be informed orally and in writing by the bank of the terms of the employment. These terms will be according to the DOL certificate allowing the subminimum wage. In addition, employers must display the Wage and Hour Division poster, Notice to Workers with Disabilities Paid at Special Minimum Wages described and available here –https://www.dol.gov/agencies/whd/posters/section-14c.

Generally, Section 14(c) notices are posted in a conspicuous place where it will be seen by the disabled workers and their parents or guardians, as well as other workers. If the bank feels the notice would be inappropriate to post, the regulations allow you to comply by providing the poster directly to all employees subject to its terms. Therefore, the bank can meet the Section 14(c) requirements by emailing or direct mailing the poster to the Section 14(c) workers, or their parents or guardians. For compliance here it may be necessary to have more than just the employees contacted and to inform others concerning where to find the disclosures required.

Action Steps: Some action steps the bank should take depend first on determining if electronic notices are needed based on where employees are working and how often they may have access to all required disclosures. Remember that electronic versions may be a substitute in some cases but can always supplement those in the branches.

  • Based on applicable laws and regulations, which may apply? The DOL has a tool to assist all employers on this at https://webapps.dol.gov/elaws/posters.htm.
  • To meet the needs of continuously available notices, the three conditions above must be met if they are to be made only in electronic form. Otherwise, paper type notices are required in the branches.
  • For individual or one-time notices, consider how the bank normally communicates with employees. How are conference calls set up, or work assignments and pay stubs delivered and are those same channels appropriate for these notices?
  • If a website or intranet is used, factor in how often the employee uses it and if it is commonly used for other notices and information the employee regularly accesses.
  • If the bank is posting many items in the same area, ensure the employee will be able to readily determine which applies to them.
  • Consider employing some positive acknowledgment of the required notices by the applicable employees. If the notices are available via links or in an online PDF manual, requiring a click-through affirmation helps the bank provide a virtual paper trail demonstrating compliance. Much the same way the bank uses non-bypassable disclosures to meet consumer compliance requirements where one item must be acknowledged to go to the next step, the same process may be used here.

The guidance provided in FAB 2020-7 will apply to these federal requirements controlled by the DOL. Much the same as HUD could not provide a legal interpretation of RESPA applicable to your bank, the FAB does not provide guidance on other federal or state laws not enforced by the DOL.

Foreclosures and evictions after a pandemic

By Andy Zavoina

The Consumer Financial Protection Bureau (CFPB) has proposed a ban on foreclosures until 2022. There are an estimated three million homeowners past due on mortgage payments of government backed loans. Evictions are in a similar holding pattern where rent is owed and there are COVID-19 hardships. Those who are owed mortgage and rental payments seem to have had their financial wellbeing put aside with few ways to take action and remedy the situation.

The inability to conduct evictions started when the Centers for Disease Control and Prevention (CDC) used its authority and issued orders limiting evictions. In short, anyone with the rights to evict a tenant is prohibited from doing so. The tenant must meet certain conditions.

  1. The tenant must declare they have used their best efforts to obtain any available government rental or housing assistance.
  2. In 2020 they did not earn more than $99,000 or $198,000 if taxes were filed jointly and they do not expect to earn more than that in 2021, or they did not have to file taxes or they received Economic Impact Payments – stimulus checks.
  3.  They cannot pay the rent due to a loss of income due to a loss of work or extraordinary medical bills.
  4. The tenant has made their best efforts to make even partial payments.
  5. Eviction would likely make them homeless or force them to live in close quarters in a shared living environment. These seem to be low bars to qualify as a covered person. But the last qualification is a key to the medical justification and would likely apply to foreclosures as well.

Many people have sought to challenge the CDC order, but a recent study led by researchers at the University of Pennsylvania, Johns Hopkins University, and the University of Illinois at Urbana-Champaign found that local and federal eviction moratoria are in fact a “warranted and important component of COVID-19 control.” There was a recent article in phillymag.com that focused on this study, how it was being used and the article, while Philadelphia-centric, could be applicable to other cases, and in fact is being used in courts to justify the actions.

The City of Philadelphia was sued by the Homeowners Association of Philadelphia. Researchers determined that preventing the moves due to evictions (and presumably foreclosures) helped limit or delay the necessary lockdown measures many cities had to take and in fact, “likely prevented thousands of excess COVID-19 infections for every million metropolitan residents.” Researchers said, “defense lawyers ended up contacting us to provide evidence in support of the city’s efforts to stop the spread of infection.” And “When the CDC announced they were halting residential evictions nationwide from the beginning of September through December 31st (which was recently extended through the end of June), we got flooded with requests for an evidence-based model that would help show that such policies are warranted when it comes to epidemic control.”

Using real time infectious patterns, historic and predictive population movements the study determined that the displaced household could increase the risk to themselves as well as whomever they moved in with, be it at a residence or homeless shelter. “We also spent a lot of time assessing the transmission risk evictions might have on those who are not directly impacted by evictions and found that spillover impact was significant (a.k.a. increased infection rates). That helped demonstrate that eviction moratoria were in the interest of public health, not simply for a specific group, as they help reduce risk of infection for all residents.” As they modeled a study around Philadelphia demographics, eviction rates and anonymous mobile phone data, the study found, “that the greater the eviction rate, the greater number of cases that would likely result, highlighting that allowing evictions to resume would have substantially increased the number of cases among different socioeconomic populations in Philadelphia, including those experiencing a low number of evictions, by the end of 2020.”

The article also noted, “Much remains uncertain about what will happen to countless renters across the country when the federal eviction moratorium is lifted. Though, the federal government has committed significant resources to localities to develop rent relief programs aimed at keeping people housed. What we do know is that renters have amassed significant debt, as they have extended all other forms of savings and credit to remain housed. A survey of rent relief applicants in Philadelphia by the Housing Initiative at Penn found that almost 63 percent of survey respondents in Philadelphia delayed the payment of other bills to pay rent, and over 25 percent went without medicine or medical care in order to remain housed.”

Many people initially perceive these tenants and homeowners on forbearance plans as potentially abusing the system and taking advantage of the rules, and that is likely happening in some cases. But many are suffering genuinely difficult times financially.
Homeowners on forbearance and deferral programs should fare better than renters as they emerge from pandemic protections, whenever that may be. The homeowners should be able to resume payments without being excessively delinquent on payments seemingly impossible to catch up on. Much of the successes will depend on the forbearance programs and formal agreements the lenders and servicers have with the borrowers.

The CARES Act provided a 180-day forbearance period with an allowance for an additional period of 180 days upon request. The CARES Act also provides for interest during this period as it stated that interest would not accrue “beyond the amounts scheduled or calculated as if the borrower made all contractual payments on time and in full under the terms of the mortgage contract ….” The intent here seemed to be to control interest penalty or default rates by maintaining no higher rate than the contractual rate paid while the account was current. But some experts in the industry believe there is uncertainty as to how interest is calculated for an account that is paid off, reinstated or in a loss mitigation program.

The contention comes into play because there are two common ways interest is calculated when for example, an account that has not paid is paid off. One is very simple; the unpaid principal balance is multiplied by the daily rate of interest and that is applied for each day since interest was owed and unpaid. The second method is more common when mortgage loans are coming out of a modification program. Interest in this case is applied based on the amortizing balance as though the payments were made as scheduled.

During good times management may have considered the occasional loan where interest would be “eaten” based on a projected amortization example a cost of doing business, a preferred method to receive a return of the money before a return on the money, and not worth the time to dispute. Obviously, the income difference between these two methods could be significant, especially when multiplied by a large volume of accounts that have been on forbearance and deferral programs. Using the amortized payment method amplifies the lost income opportunity of the principal that was in fact outstanding and effectively not interest bearing.

An argument for the CARES Act says that the outstanding principal balance method is not justifiable because it is not, “as if the borrower made all contractual payments on time and in full.” But many servicers (and banks servicing their own accounts) use the actual principal balance method to calculate past due interest at payoff. The servicers and banks that use this method to calculate a payoff and do not change this method for borrowers in a CARES Act forbearance status may be in error. They run the risk of charging interest amounts greater than what the CARES Act allows and that may bring with it litigation and penalty if the methodology used cannot be justified.

Renters on the other hand may have a more difficult time as past due rents are, well, past due rents. Banks may want to help any landlord borrowers they have, ensuring they are aware of any rental assistance programs that are becoming available on a state and federal level. These programs may be a win-win as otherwise either the tenant goes, or some payment plans will be required potentially delaying cash flows many more months into the future.

The ongoing stimulus payments for eligible families may provide some relief beginning with the scheduled July payments. The same law providing the last round of $1,400 EIP stimulus payments is set to provide working families up to $3,300 per child. Half of that will come in the form of cash at $250 to $300 per month, per child, and the IRS said these will start in July 2021. The remainder will be a tax credit claimed when the next federal return is filed in 2022 for 2021. The latter is not a cash flow that will assist in rental payments, but the cash payments could.

Lastly, as it pertains to those renters, on April 19, 2021, the CFPB clarified in an interim final rule that debt collectors must provide written notice to tenants of their rights under the eviction moratorium, and this prohibits debt collectors from misrepresenting tenants’ eligibility for protection from eviction. Violators of this rule face prosecution at both the federal and state levels for violations of the Fair Debt Collections Practices Act (FDCPA). Further, an attorney representing a client in such an eviction is deemed a debt collector. Expect more i’s to be dotted and t’s to be crossed when it comes to evictions, and costs will increase. We know the CFPB will be taking aim at any violators it finds and if the target is clear in its sights, the CFPB will likely make an example of them to send a message.

April 2021 OBA Legal Briefs

  • Third round of stimulus payments (EIP3)
  • Reg B has expanded: What you need to do
  • UDAAP U-turn
  • More reasons to watch the Bureau

Third round of stimulus payments (EIP3)

By Pauli D. Loeffler

Basics. To receive the third stimulus payment (“IEP3”) the payee(s) must be U.S. citizens or U.S. resident aliens. The payee must have a social security number issued by the Social Security Administration. This means that a person who has an Individual Taxpayer Identification Number (“ITIN”), 9-digit number, beginning with the number “9” issued by the IRS isn’t eligible. If the payee died before January 1, 2021, s/he is not eligible for the third stimulus (EIP) payment.

Deceased payee. If the payee died before January 1, 2021, return the direct deposit. If it is a paper check do not cash or deposit the paper check. Like the first and second stimulus payments, it is the customer’s responsibility (not the bank’s) to return any funds attributable to a deceased joint payee or dependent.
Taxes, child support, garnishment, and offset. The third stimulus payment will not be reduced for federal taxes owed nor will state tax and child support intercepts apply. On the other hand, direct deposits do not have the two XXs identifying them as subject to the Garnishment of Federal Benefits rule, which means the bank does not include them in determining the protected amount under the rule. Direct deposits of EIP3 payments are subject to garnishment and child support levies. If the account is open and overdrawn, the bank may use offset to collect the overdrawn amount.

Closed accounts. If the account is closed, the bank cannot reopen it to accept the direct deposit. Return the ACH entry using R02 (account closed). The customer will receive a paper check sent to the address used on the 2019 or 2020 tax return. We get a lot of questions regarding re-opening a charged off account that receives a direct deposit. I know how tempting this is, but the short and definitive answer is an adamant “No!”

What if the account was administratively closed because it hit a zero balance? This is problematical if the customer does not have another account (deposit account or loan) since the bank needs to perform CIP and the existing customer exception is not available. Often the customer is not aware that the account will automatically close if the balance is zero and had no intention to close the account. The best way to avoid the problem is to set the automatic closure to occur a few days after the balance reaches zero when the customer has not indicated his/her intention to close the account. A more time-consuming measure is to check for zero balance accounts daily and contact the customer to find out if s/he intended to close the account, and if not, override its automatic closure.

Reg B has expanded: What you need to do

By Andy Zavoina

Background

OK, so you heard the Consumer Financial Protection Bureau announced an interpretive rule on Regulation B. Anti-discrimination efforts are front and center for the CFPB and, it appears, for the new administration now supporting it. In a nutshell the interpretation says the prohibition against sex discrimination under the Equal Credit Opportunity Act and its implementing Reg B includes protection against any discrimination based on sexual orientation or gender identity. This includes discrimination based on actual or perceived nonconformity with sex-based or gender-based stereotypes and discrimination based on an applicant’s “associations.” We will explore what this all means in a moment.

This may seem, at first blush, like much ado about nothing because discrimination in your bank is a non-issue. There is none. But that is not necessarily the case here. Not that you have any lending discrimination happening, but that there are things to be done because of this interpretation. This ruling is not intended to be a guidance document that would qualify as advice and not be binding. It is an interpretation of the law that says, “this is how we read the regulatory requirements and you must conform with them.” You should recognize that you now have a task list resulting from this interpretive rule and it is already in effect. More on the task list further in this article.

This is not a “new” interpretation and it is not coming from nowhere. It has roots in both prior interpretations and in legal cases that have gone as far as the Supreme Court (SCOTUS). In 2016 the CFPB responded to an inquiry from SAGE, the Services & Advocacy for GLBT Elders. SAGE says it “stands proudly with the LGBT pioneers across the country who’ve been fighting for decades for their right to live with dignity and respect.” SAGE queried the CFPB about sex discrimination resulting from sexual orientation and gender identity.

The CFPB opined and concluded that ‘‘the current state of the law supports arguments that the prohibition of sex discrimination in ECOA and Regulation B affords broad protection against credit discrimination on the bases of gender identity and sexual orientation, including but not limited to discrimination based on actual or perceived nonconformity with sex based or gender-based stereotypes as well as discrimination based on one’s associations.” The CFPB said further that it was monitoring legal developments and that ECOA and Reg B would reflect the precedents and interpretations of sexual discrimination laws. This position, which the CFPB took five years ago, is the same as it is taking now.

Fast forward to June 2020 and a case before the Supreme Court, Bostock v. Clayton County, Georgia, which involved sex discrimination under Title VII of the Civil Rights Act of 1964. Specifically, this was the case of an employer who allegedly fired a long-time employee simply for being homosexual or transgender. SCOTUS relied on three key findings to reach its decision: (1) Sexual orientation discrimination and gender identity discrimination necessarily involve consideration of sex; (2) Title VII’s language requires sex to be a “but for” cause of the injury but need not be the only cause; and (3) Title VII’s language covers discrimination against individuals, and not merely against groups. SCOTUS basically connected the dots as it stated in its opinion, “An employer who fires an individual for being homosexual or transgender fires that person for traits or actions it would not have questioned in members of a different sex. Sex plays a necessary and undisguisable role in the decision, exactly what Title VII forbids.“ These three points, emphasized by the opinion, easily translate from this employment case to credit situations under ECOA and Reg B. In the Federal Register announcing this interpretation the CFPB said, “It is well established that ECOA and Title VII are generally interpreted consistently.”

The CFPB said it would monitor legal actions and react accordingly. The language from SCOTUS is very much in alignment with the interpretation the CFPB offered in 2016 and it certainly fuels this new CFPB interpretation which essentially expands Reg B protections. The reality is, ECOA and Reg B have not expanded, but the CFPB is making clear that sexual orientation and identification are included as prohibited bases under sex discrimination. No one questions a woman dressing as a woman. But if a man does so, it may be viewed in a derogatory manner because he is not a woman – and that stereotyping is based on his sex.

Details

The CFPB’s interpretive rule intended to clarify that ECOA and Reg B prohibitions against discrimination on the basis of sex include discrimination based on sexual orientation and/or gender identity. The rule was considered effective on the date of publication in the Federal Register, March 16, 2021.

ECOA prohibits discrimination based on sex. It does not require that it be a primary issue in any complaint or action to be an issue, it can be a contributing factor in any case. Sex discrimination is often thought of as an “all males” compared to “all females” problem such as having a higher denial rate for female applicants who are similarly qualified to approved male applicants. But sex discrimination also applies at an individual level. Additionally, discrimination may be based not only on the characteristics of an applicant but also on the characteristics of a person with whom an applicant associates.

The CFPB “owns” Reg B and is therefore the only entity empowered to provide binding interpretations. It clarifies in this rule that under Reg B: (1) sexual orientation discrimination and gender identity discrimination necessarily involve consideration of sex; (2) an applicant’s sex must be a ‘‘but for’’ cause of the injury, but need not be the only cause; and (3) discrimination against individuals, and not merely against groups, is covered. The Bureau also clarifies that ECOA’s and Reg B’s prohibition against sex discrimination encompasses discrimination motivated by perceived nonconformity with sex based or gender-based stereotypes, as well as discrimination based on an applicant’s associations.

Fact One: Sexual orientation discrimination and gender identity discrimination do involve consideration of sex, which would violate Reg B on a prohibited basis. If a male applicant is denied a loan in whole or in part because that male applicant is attracted to other males, that is discriminatory based on sex, because a female who is attracted to males would be approved. The male attracted to other males is “failing to fulfill traditional sex stereotypes.”

If a loan workout specialist declines the forbearance application on a home loan of a transgender borrower who was identified as male at birth but who now identifies as female, but a similarly qualified applicant who was identified as female at birth and continues to identify as female was approved, the specialist will be seen to have discriminated against the transgender borrower because the bank accepted the female applicant who was identified as female at birth and continues to do so. In these examples, the individual applicant’s sex plays an unmistakable and impermissible role in the credit decision and thus this conduct constitutes discrimination on the basis of sex in violation of ECOA and Regulation B.

The interpretation from the CFPB above is consistent with the SCOTUS conclusion in Bostock that “it is impossible to discriminate against a person for being homosexual or transgender without discriminating against that individual based on sex.” (Sometimes this is easier to grasp if in your mind you consider “gender” or “gender identification” in place of “sex.” This may also assist students when they are being trained.)

Fact Two: Basing any decision on a loan under consideration or already funded in whole or in part on the sex of a person (or gender identification) is discriminatory and it does not matter if sex was a primary or secondary factor, it simply may not be any factor in a decision.

As a practical example, when the bank rejects an applicant on the basis of that person’s being gay or transgender, there could be two contributing factors in the decision and while both the person’s sex and something else, a collateral issue, contributed to the decision, the fact that just one factor was based on a prohibited basis attaches the liability of discrimination to the decision if collateral in this example alone would not have been enough. Having been on the loan desk for many years I have been in the discussion where it is stated, “I don’t like this, but this alone is not reason to deny it, and I don’t like that, but that alone is not reason enough to deny it, but if you consider this and that, deny the loan.” If either “this” or “that” are reflective of a prohibited basis, it may deemed discriminatory.

Fact Three: The rules against sex discrimination apply to individuals and not just situations which apply to all men, or all women.

A case in point is a lender who denies a loan request from any woman he feels is not feminine enough. Perhaps he objects to her short hair, “manly” gestures or that she is dressed in a man’s suit. The lender applies this treatment universally however, in that he also denies any man he feels is too feminine. Perhaps the man wears makeup, uses feminine gestures, or has long fingernails. The lender is treating each group equally and may justify the actions saying it is equal treatment. But in fact, each group was discriminated against in violation of ECOA and Reg B based on sex and the lender’s perception or stereotype of what is acceptable. Going back to Lending 101, many of us were taught the five Cs of credit – character, capacity, capital, collateral, and conditions. Do not confuse the lender’s stereotyping with character. Character is addressing the credit rating and a person’s desire and determination to pay their bills in a timely manner. In this example the lender is not mitigating a bias by applying misguided logic against both men and women, he is compounding the problem by doubling it. As noted by the CFPB, “It is no defense for a creditor to argue that it is equally happy to reject male and female applicants who are gay or transgender because each instance of discriminating against an individual applicant because of that individual’s sex is an independent violation of ECOA and Regulation B.”

In this example, the point is that applying a bias equally may be equal treatment, but that does not make it non-discriminatory.

Fact Four: The last example provided in the interpretive rule addresses discrimination based on sex, when the discriminatory acts are based on gender specific stereotypes like what I used immediately above. Generally speaking, these are stereotypes related to gender identity and/or sexual orientation, as well as discrimination based on an applicant’s associations.

Specifically, an example could include a transgender applicant wanting a small business loan for a nursery. Jane, the small business lender received an email from John Smith on this topic which started with “happy spring to you,” and she replied with an invitation to visit her office and discuss the loan request. When John appeared for the meeting he was not dressed as a man and he was interested in setting up a daycare and nursery in town. Jane sent John home to change without discussing the loan. Her actions were based on John’s dress and told him that this was inappropriate attire — it was not suitable for the bank or for such a loan request. The CFPB views this as discriminatory stereotyping and supports that opinion with various court cases including EEOC v. Boh Bros. Constr. Co. as well as others cited in the Federal Register document finalizing this rule.

In the Boh Bros. case the company settled with the EEOC for $125,000 resulting from the actions of a superintendent against a worker on a bridge construction project. The 2009 case included verbal abuse, taunting gestures of a sexual nature, and the superintendent exposing himself. He admitted he harassed Woods, the plaintiff, because he thought Woods was feminine and did not conform to his gender stereotypes of “rough iron workers.” There was also a jury trial in which Boh Bros was found to have permitted a hostile work environment and sexual harassment, which is illegal sex discrimination under Title VII. Again, the CFPB relies on the similarities between Title VII and ECOA. It is also worth noting Woods was awarded $451,000 by the jury for back pay and compensatory and punitive damages. The district court reduced this to $301,000 because of statutory limits. One point here is that you can easily substitute the lender–bank relationship for the superintendent–company relationship.

Actions based on stereotyping a person must be discouraged when the stereotyping is based on a prohibited basis, the same as actions based on the associates or associations of that person. Discrimination based on sex, including sexual orientation and/or gender identity, of the persons with whom the individual associates is prohibited. The rule tells us, a “creditor engages in such associational discrimination if it, for example, requires a person applying for credit who is married to a person of the same sex to provide different documentation of the marriage than a person applying for credit who is married to a person of the opposite sex.”

Task List

The interpretive rule was published on March 16, 2021, and was “effective” that day. Because it was not a change to Reg B there was no comment period required or offered. The CFPB has simply said this is how the rule needs to be viewed, and we can expect that it will be enforced based on this.

Does your bank regurgitate Reg B in any policies or procedures? It may be time to review any that may and determine if edits are necessary to demonstrate not just a willingness to comply, but an affirmation to do so. Consider reviews of policies, procedures and actual practices, underwriting guidance, credit scoring and compliance monitoring systems.

Will training documents, presentations, videos, or computer-based training require edits to include the points made by the interpretive rule? Remember that Reg B and the ECOA apply to all phases of your loans, consumer, commercial and real estate, whether they are in the advertising or application stage, payment period or past due and in a workout status. Being preemptive is more desirable than being reactive after an exam criticism or a complaint. Having loan staff aware of the rule immediately is best. The four Facts and Examples above may be excellent training points. Likewise, it is recommended that Compliance use any opportunity to mention the rule and the bank’s reactions to senior management and the board to ensure they are aware of what has been clarified and how the bank has ensured implementation.

The CFPB referenced President Biden’s Executive Order 13988, “Preventing and Combatting Discrimination on the Basis of Gender Identity or Sexual Orientation.” President Biden’s order mandates all federal agencies must fully enforce Title VII and other laws that prohibit discrimination based on gender identity or sexual orientation. Federal agencies must take all lawful steps to make sure that federal anti-discrimination statutes that cover sex discrimination also prohibit discrimination based on sexual orientation and gender identity.

UDAAP U-turn

By Andy Zavoina
On March 11, 2021 the CFPB announced it was rescinding its “Statement of Policy Regarding Prohibition on Abusive Acts or Practices,” originally published January 24, 2020. Many in banking, regulation and even Congress repeated the same question, “what is abusive, how does it differ from or supplement the rest of UDAAP and how is it enforced?” The 2020 policy statement clarified this, as you will see below. This 2021 rescission was effective March 19, 2021.

CFPB Acting Director Dave Uejio shared in a blog post that he planned to reverse policies of the Trump Administration “that weakened enforcement and supervision,” some of which included rescinding public statements proclaiming a relaxed approach to enforcement. The UDAAP policy statement was one of the first to be reversed.
We are back to what the Dodd-Frank Act considers as abusive:

  • Materially interferes with someone’s ability to understand a product or service;
  • Takes unreasonable advantage of someone’s lack of understanding;
  • Takes unreasonable advantage of someone who cannot protect themselves; and
  • Takes unreasonable advantage of someone who reasonably relies on a company to act in their interests.

The 2020 policy statement outlined three principles which were to guide the CFPB in supervisory and enforcement actions pertaining to abusive acts or practices:

1) The CFPB would focus on citing conduct as abusive in supervision and challenging conduct as abusive in enforcement if it concluded that the harm to consumers outweighed the benefits.

2) The CFPB would generally avoid challenging conduct as abusive where an alleged violation relied on all or nearly all the same facts as those deemed unfair or deceptive. This helped prevent piling on violations for the same thing. Where an act or practice was deemed abusive, the CFPB intended to be very clear and show the legal analysis of the claim and what separated these actions from others.

3) Generally, the CFPB would not seek monetary remedies for abusive acts or practices if the bank had made a good faith effort to comply with the law and a reasonable interpretation of it.

If your bank revised any UDAAP policies or procedures based on this guidance, be aware that Acting Director Uejio has rescinded it and adjustments to the materials noted and training the bank conducts may need adjustments as well. Adjustments may be guided based on the reasoning by the CFPB. The rescission was done for several reasons as noted in the Federal Register on March 19, 2021.

The CFPB said it reviewed what had happened since the 2020 policy went into effect and concluded that the principles in the statement “do not actually deliver clarity to regulated entities” and in actuality may, “afford the CFPB considerable discretion in its application and uncertainty to market participants.” Not citing a violation as abusive because it may overlap with an unfair or deceptive conduct or based on other principles in the statement “has the effect of slowing the CFPB’s ability to clarify its statutory abusiveness authority by articulating abusiveness claims as well as through the ensuing issuance of judicial and administrative decisions.”

By only citing conduct as abusive in exams or in enforcement actions, if the CFPB concludes that the harm to consumers from the conduct outweighed the benefits, the CFPB would be applying the abusiveness standard “differently from the normal considerations that guide the CFPB’s general use of its enforcement and supervisory discretion.”

If the CFPB fails to apply the full scope of the statutory standard according to the statement, it “has a negative effect on the CFPB’s ability to achieve its statutory objective of protecting consumers from abusive practices.” The policy of not seeking civil money penalties for abusive acts or practices “is contrary to the CFPB’s current priority of achieving general deterrence through penalties and other monetary remedies and of compensating victims for harm caused by violations of the Federal consumer financial laws through the CFPB’s Civil Penalty Fund.” Similarly, not citing conduct as abusive when that conduct is also unfair or deceptive “is contrary to the CFPB’s current priority of maximizing the CFPB’s ability to assert alternative legal causes of action in a judicial or administrative hearing.” The CFPB plans to continue its practice of considering the factors that it typically does in using its prosecutorial discretion.

The policy standard was not required and “stated an intent to refrain from applying the abusiveness standard even when permitted by law.” If Congress intended to limit the CFPB’s authority to fully apply the abusiveness standard, it could have prescribed a narrower prohibition but did not. The Dodd-Frank language “provides sufficient notice for due process purposes.”

Many saw the “friendlier” CFPB as a regulatory agency that was not always confrontational and considered the industry while protecting consumers. However, the phrase above, “…the CFPB’s current priority of achieving general deterrence through penalties and other monetary remedies and of compensating victims…” brings us back to the CFPB’s early years and regulation by enforcement. That said, there may have been more written about the confusion surrounding “abusive” behavior than it being used in enforcement actions. It simply has not been cited much at all.

Considering the changes to Reg B and to UDAAP, compounded by the increased enforcement activity we expect to see from the CFPB, banks may consider a full review of policies, procedures and training materials involving Reg B/ECOA, UDAP/UDAAP and the bank’s general compliance management program for needed updates. After the tremendously disruptive year-plus that banks have had to work under pandemic conditions, it would be easy to see how some tasks went undone. The new administration is moving fast in our industry, the CFPB is leading the way to install changes and the prudential regulatory agencies will follow suit to some degree.

More reasons to watch the Bureau

By Andy Zavoina

Acting CFPB Director Uejio has advised Bureau personnel that there are new priorities for the Bureau’s Supervision, Enforcement, and Fair Lending Division (SEFL), specifically involving COVID-19 relief to consumers and racial equity. He believes that strong oversight can have a meaningful impact on pandemic recovery. One of his directives to CFPB staff is to “always determine the full scope of issues found in its exams, systemically remediate all of those who are harmed, and change policies, procedures, and practices to address the root causes of harms.” Uejio indicated this change includes active Prioritized Assessments. Another directive was for “SEFL to expedite enforcement investigations relating to COVID-19” in order to send a “message that violations of law during this time of need will not be tolerated.”

Any bank taking specific actions, or not taking actions, on credit reporting, overdrafts, PPP loans, loan extensions or forbearance programs, and loan servicing may want to review their actions and be prepared to support the position taken with customers. As to racial equity, Uejio indicated that he plans to expand scheduled exams and add new ones to “have a healthy docket intended to address racial equity” and that fair lending enforcement will serve as “a top priority” at the CFPB. The CFPB will look for opportunities “to identify and root out unlawful conduct that disproportionately impacts communities of color and other vulnerable populations.”

Related to future acts, the CFPB will resume supervising lenders for compliance with the Military Lending Act (MLA). In 2018, then Acting Director Mick Mulvaney had the CFPB stop its supervisory MLA activities because he believed that by virtue of the law itself, the CFPB did not have explicit statutory authority for this. Director Kathy Kraninger, who followed Mulvaney, held this same position, even providing Congress with text for a bill which would rectify this. That request was never acted on with many Democrats maintaining it was not necessary to enforce the law. Acting Director Uejio has already started to reverse “policies of the last administration that weakened enforcement and supervision.” He has taken action not only on the MLA, but on Unfair, Deceptive, or Abusive Acts or Practices (UDAAP). He has already had the CFPB “rescind [seven] public statements conveying a relaxed approach to enforcement of the laws in our care.” https://www.consumerfinance.gov/about-us/newsroom/2020-hmda-data-on-mortgage-lending-now-available/
It’s clear from these early actions that banks can expect a more consumer-centric, proactive CFPB. It is a safe assumption that Uejio is not operating in a vacuum and is in contact with the nominated director, Rohit Chopra. Chopra told a Senate panel during confirmation hearings that he plans to prioritize the enforcement of fair lending laws and scrutinize the large technology companies wanting to break into the financial services industry. He currently is a commissioner at the Federal Trade Commission, where he has campaigned for stricter consumer privacy rules and enforcement penalties. He helped establish the CFPB and worked under Senator Elizabeth Warren while doing so. He was an ombudsman for student loans when Richard Cordray was the first CFPB Director.

March 2021 OBA Legal Briefs

  • Happy Anniversary! It’s 2020.1! (COVID-19 workplace and vaccination policies)
    • Inquiring about disability and medical exams
    • Confidentiality
    • New hires
    • Reasonable accommodations
    • Discrimination in the workplace
    • Vaccinations

Happy Anniversary! It’s 2020.1!

(COVID-19 workplace and vaccination policies)

By Andy Zavoina

It was just about a year ago that we all became even more intimately familiar with what the term “pandemic” really meant to our personal and professional lives. From getting a mask, to getting several and remembering to have and wear them, to opening branches to appointments only, to working from home – our lives changed on many levels. Few of us thought this year would be 2020.1 even though, when we flipped that calendar to January 1, we knew life in the abnormal would not revert to what we considered normal. The worst of it is that we are not out of the woods yet. Much depends on “the herd” getting vaccinated so that those with COVID-19 infections will be less impacted and most of us can avoid any COVID-19 related illness altogether.

The problem is that we are racing the clock. As people take time to get vaccinated, the virus mutates and may become less affected by the medications and this could lead the way to a new surge of infections. We must get ahead now. But people have choices, and some do not want vaccinations. Some people believe working at home is sufficient protection and they are content to do so, at least until there are enough people inoculated out there who remain healthy and without adverse effects from the vaccination itself. It appears many staff are productive working from home and content to be there for awhile. Still, there is a need to have staffing at the branches and especially so as those in “the herd” who are our customers want to do business face to face. Considering the long game and the fact that we did not think we would still be dealing with these issues after a year, it’s time to plan accordingly.

Increasingly it sounds like the pandemic environment of today will last until the year end, at least to some large degree. So, bank management should mitigate risks to the bank and staff and decide what will be done, recognizing that this is less of a temporary situation than we thought. Experience it now and use the lessons learned for preparedness and making the best of what we do have. This article will address the ongoing question of employee requirements in the continuing pandemic environment.

One of the first questions we received about the pandemic a year ago is one we can still anticipate today. In this case there were several nested questions. If an employee takes vacation days and travels, especially to an area where the COVID-19 infection rate is higher, and then returns home, can they come back to work right away? Should they quarantine before returning to work? Does the bank have to pay them for that quarantine period? Does the bank have to allow them to work from home? What if this was a lower performing employee to start with and the entire situation is not sitting well with coworkers who must take up the slack? To make the issue current you may add does it matter if they were vaccinated, not vaccinated, or opted not to get one when it was offered? And finally, can the bank require employees to be vaccinated?

I addressed several of these issues in the May 2020 Legal Briefs. I will highlight a few of the more salient points here but encourage you to review that May issue for more information.

The Equal Employment Opportunity Commission (EEOC) oversees anti-discrimination issues in the workplace, including accommodations for the disabled, which includes those suffering from a disease. The Americans with Disabilities Act (ADA) regulates what the bank can ask about a disability and medical exams for all employees and job applicants, whether they have a disability or not. The ADA prohibits the bank from excluding individuals with disabilities from the workplace for health or safety reasons unless they pose a “direct threat,” which means a significant risk of substantial harm even with reasonable accommodations. Those accommodations include social distancing, splash shields, sanitizing stations, etc.

The EEOC uses four factors to identify whether an employee poses a direct threat: (1) the duration of the risk; (2) the nature and severity of the potential harm; (3) the likelihood that potential harm will occur; and (4) the imminence of the potential harm. Guidance from the Centers for Disease Control and Prevention (CDC) says this pandemic does qualify as a direct threat and it allows the bank to make medical inquiries to protect staff and imposes other restrictions we have come to live with daily. The bank is free to ask if someone is experiencing influenza-like symptoms, such as a fever, cough, loss of taste, etc. These are COVID-19 symptoms. The replies about a person’s illness must remain confidential, however. During a pandemic, the bank can take a person’s temperature which would normally not be allowed as it is considered a medical exam. And the bank may send someone home because they exhibit flu-like symptoms. This is done to preserve a safe workplace for those at work. A doctor’s note may even be required for a person to return to work.

As we have progressed in dealing with the pandemic, some of our procedures and plans have been refined. Here are some thoughts:

Inquiring about disability and medical exams

1. There is no set of “required” screening questions. The bank is restricted on what is asked to protect all employees as these must relate to the direct threat at hand. That is, flu-like symptoms, loss of taste and smell, etc. Questions being asked by public health authorities are the best guidance on what to ask which are pandemic related. These may expand or contract as various symptoms change and are better understood.

2. The bank may actually administer COVID-19 tests if it is considered job related and consistent with a business necessity (remember, these terms may be subjective). It may be done if that person is a direct threat, under the CDC guidance. The tests administered must be considered accurate and reliable. The bank should rely on CDC and Federal Drug Administration (FDA) guidance as well as its own record of false positives, or false negatives.

3. As people have experienced COVID-19 and recovered, there is much discussion about their immunity due to antibodies in their system and their ability to return to work. The CDC guidance indicates this should not be considered in whether a person should be allowed to return to work. As a result of this guidance, the bank may not rely on it; that would then violate the ADA as an antibody test would be a medical exam. If the CDC felt this was credible, it could be allowed, but that is not the case here, as opposed to taking a person’s temperature.

4. Guidance updated in September 2020 says that the bank may ask all employees who will be physically entering the bank’s facilities if they have COVID-19 or symptoms associated with COVID-19 and ask if they have been tested for COVID-19. In my experience this is usually followed by “in the last 14 days” as that is the commonly accepted incubation period for symptoms to show. It never means that a person could not have been infected any time after having a test with negative results. Additionally, keep in mind the “direct threat” perspective for allowability of these and other screening questions, and for those employees who are working from home and are not physically interacting with coworkers or customers, the bank would generally not be allowed to ask these questions.

5. When the bank screens staff, it is not necessarily an all or nothing affair. But the bank cannot target just one employee for screening unless it has a reasonable belief based on objective evidence that this person might have the disease.

6. Asking questions the right way is as important in screening staff as it is on the loan desk for fair lending. As an example, the bank cannot ask if the employee has any family members if they are positive for COVID-19 or have symptoms as this would violate the Genetic Information Nondiscrimination Act (GINA). Realistically it also is more limiting and a question that could be asked would be “have you have had contact with anyone who has tested positive or has COVID-19 symptoms?” Again, this is often followed by “within the last 14 days” for the same reason noted above. If the employee does not have symptoms and has not contact, they are hopefully healthy.

7. What can the bank do if an employee wants to come back to work in the bank branch, but refuses to answer screening questions or have their temperature taken? In this case the bank may follow the ADA to protect the others at work and refuse access. Realistically, asking why they object is the best action. If the employee does not want this done in public or feels their replies would be conveyed to others without a need to know, reasonable accommodations or explanations may be made.

8. Nothing from the EEOC or ADA prohibits the bank from asking staff who work on-site daily or occasionally, questions about their symptoms as part of workplace screening for COVID-19 if that employee says they feel ill.

9. The bank may always ask an employee who called out sick why they were absent from work. That is not considered a disability-related question or something prohibited under the ADA.

10. The bank can ask questions about where a person traveled. This is not an ADA disability-related inquiry. If the CDC or state or local public health officials recommend that people who visit specified locations remain at home for a certain period of time, an employer may ask whether employees are returning from these locations, even if the travel was personal. There has been no official guidance on this as to paying staff. Some employers, even outside of banking, have not counted the days off from work as unauthorized absences, but whether an employee is paid for that time or not is up to the employer. We do recommend being consistent.

Confidentiality

11. As to the confidentiality of medical information, what should the bank do with this information gathered from staff and retained? Similar to many banks separating financial statements of insiders from loan files, medical information should also be separated from an employee’s regular personnel file. It should only be accessible by those with a need to know. In fact, the ADA requires that all medical information about a particular employee be stored separately from the employee’s personnel file.

12. If an employee is positive for COVID-19, the bank may release that information to a public health agency. This may be necessary for infectious contact tracing as an example, and the agency will have confidentiality standards of its own to follow to protect the employee. For the same reason, if the bank used a temporary staffing agency to provide employees, that staffing agency can notify the bank if a person who was assigned to the bank was later diagnosed as positive. The bank and a public health agency may need this information to do contact tracing.

13. In the case of a supervisor learning that an employee is symptomatic, confidentiality of this medical information and the protection of others are of equal weight. The bank then has an obligation to all parties. The medical information on the employee is separated and restricted to a need-to-know basis.

A bank representative may interview that symptomatic employee and determine who they may have come in contact with. Then, the other employees may be told something to the effect of, “you may have had contact with an employee who has showed signs of being positive for COVID-19 and you should be tested and may need to quarantine or telecommute…” Respecting the confidentiality of all staff precludes the symptomatic employee from being named. Others may be able to deduce who that was, but that is no reason for the bank to violate the ADA and name them. Those with a need to know, who actually need to know, should be reminded that the information is not to be shared unless required to do so. Determining internally who all the managers and supervisors will be with a need to know are, should be done in advance and all staff should be trained to understand the process and the need for confidentiality.

Continuing with the notification example, if all employees are aware that the bank has done basic contact tracing, they will better understand that being told, “someone in this department has tested positive and you may have had contact with them last Monday through Wednesday,” so they will understand the when, where and how of the situation and the “who” is not specifically required, only that the bank has already determined that it may have happened.

If that positive employee begins working from home, coworkers may be told that one or more employees, by name, are now working from home. But the specific reason (i.e., they tested positive) need not be disclosed. Again, this protects confidentiality.

Advance training can make this more acceptable to everyone involved.

14. As just discussed, a supervisor is not violating any ADA rules by reporting the illness of an employee while respecting confidentiality of that employee. Similarly, no coworker violates any prohibitions by making the initial report to their supervisor.

I have heard more than once of an employee talking with a coworker and commenting that they must have an allergy as they’ve lost the sense of taste and smell, as an example. The coworker may comment that those are COVID-19 symptoms and that person answer questions about that at the beginning of every shift, followed by “why are you here?” But people have begun to tune out the common screening questions and provide the automatic “yes” and “no” responses automatically and without thinking.

15. One last note pertaining to confidentiality of medical information. The ADA requires this medical information to be stored separately from their personnel file. If an authorized person has this information, the ADA rules apply whether they are in their office, at a remote location or even working from home. Information on forms, written on notepads or stored on a laptop or mobile phone must still be protected from snooping eyes.

New hires

16. Here are some additional points of interest to Human Resources as many banks are hiring again and business is increasing:

    • Job applicants may be required to submit to COVID-19 screening as conditions for employment, so long as this is applicable to all who apply for that job.
    • A medical exam – i.e. taking one’s temperature, may be a requirement for employment the same as for returning to work. It should be noted that a fever is not conclusive proof of having COVID-19.
    • If a new hire has symptoms of COVID-19, their start date may be delayed as a result. This is done to avoid introducing the virus into the workplace.
    • A job offer could also be rescinded if the employee cannot enter the workplace in a safe manner for them, or other persons, when they have COVID-19.
    • If that employee has underlying conditions, such as being over 65 years old, pregnant, heart condition, etc., those persons could not be denied employment because of those conditions and the fact that they may be at a higher risk. All the exceptions to normal policies here are due to the pandemic, not the underlying condition.

Reasonable accommodations

17. If the bank has an at-risk employee who is more susceptible to COVID-19, such as being over 65 years old, pregnant, heart condition, etc., and that person must work in a branch, the bank should provide reasonable accommodations unless that would cause an undue hardship on the bank. The bank is not responsible under the ADA to predict that an employee requires a reasonable accommodation, but rather the employee must request this. Undue hardship includes significant difficulty or expense in meeting the employee’s needs. The pandemic may have lessened the available workforce or materials necessary to construct reasonable accommodations, so what may have been feasible pre-pandemic may not be now. Also, what was affordable in the past may not be now based both on current income and expenses.

These are ADA rules the bank addresses every day, but the pandemic conditions may increase the necessary accommodations. The bank should do what it can to reduce exposure for at-risk staff such as implementing social distancing, adding splash shields, adding sanitizer stations, etc. If the only area where this work can be done does not allow for protections without some expensive buildout then the bank may be able to claim an undue hardship. Even then the bank is encouraged to work with an employee with each exercising some flexibility in accommodations, temporary job transfers, work schedule modifications, etc.

If an employee who is at-risk is already working from home, but the bank is beginning to plan on moving all staff back into branches, reasonable accommodations should be considered at this time. Prior planning will make preparation and a transition easier. This includes further modifying the employee’s workspace even if it had been modified prior to the pandemic because of the employee’s hardship.

18. An employee who is not themselves disabled is not entitled to reasonable accommodations because of potentially exposing a family member. The ADA does not require that the bank accommodate an employee without a disability based on the disability-related needs of a family member or other person with whom s/he is associated. For example, an employee without a disability is not entitled under the ADA to work from home as an accommodation to protect a family member with a disability from potential COVID-19 exposure. The bank could provide an accommodation or be flexible, but it is not required to do so.

19. Let’s now address the employee who had reasonable accommodations made for them in the branch, but who is now working from home at the bank’s request. If the employee makes an additional request of the bank to accommodate the home workspace, the bank should discuss these needs with them. What additional accommodations are necessary, and why? If the changes are necessary for prolonged work at home conditions, this may be something the bank wants to do. The employee should have as functional a workspace at home, where the bank has asked them to work, as they have in the branch. Flexibility on the part of the bank and the employee may be necessary however, as what is reasonably done in a branch may not be possible at the employee’s home.

20. As the bank begins transitioning staff from work at home status back into the branches, might this create an opportunity for some staff to request a continuation of the home-work status as their reasonable accommodation? It could trigger more requests, but the bank is not obligated to consider working from home as a permanent solution to staff who were allowed to work from home due to the pandemic. Any time an employee requests a reasonable accommodation, the bank is entitled to understand the disability-related limitation that necessitates the request. If there is no disability-related limitation that requires working from home, then the bank does not have to provide this as the accommodation. If there is a disability-related limitation but the bank can effectively address the need with another form of reasonable accommodation at the branch, then the bank can choose that alternative.

21. If the bank opted to have an employee work from home because of the pandemic and limited one or more essential duties to make this happen, if that employee wants to continue to work from home, the bank is not obligated to allow this just because it did so initially. Because the bank allowed the employee to work in a safer environment to protect them does not mean the bank has permanently adjusted their job description or duties. The bank is under no ADA obligation to refrain from restoring that employee’s essential duties.

Discrimination in the workplace

22. Now may be a time to remind management, supervisors and all other staff that federal Equal Employment Opportunity laws prohibit harassment or other discriminatory acts against coworkers based on race, national origin, color, sex, religion, age (40 or over per the Age Discrimination in Employment Act which is separate from the CDC guidance that those 65 and over are at high-risk for severe COVID-19 complications), disability, or genetic information, and if any of these support a person’s decision not to be vaccinated, the effects test could lead to claims of discrimination against the bank and that person. It may be particularly helpful for the bank to remind all staff of their roles in watching for, stopping, and reporting any harassment or other discrimination. The bank may also make clear that it will immediately review any allegations of harassment or discrimination and take appropriate action.

Vaccinations

Now we will explore vaccinations for a moment. Some people are all for them and believe each person will be safer around others who have been vaccinated. The other side includes many who do not trust the various chemicals that are used in the different vaccinations being offered and/or believe the process was too rushed and that the vaccinations themselves may not be safe. Some want to wait and see more of the long-term effect while others, including medical workers, simply do not want the shots. Bank management has to weigh the desires of each group, but one does not necessarily feel safe around the other. Can the bank require staff to be vaccinated? Can the bank provide an incentive to get vaccinated?

As we go to press Johnson & Johnson has been approved as the third provider for COVID-19 vaccinations and has begun shipping its product. More and more people will have vaccinations readily accessible and the bank must make some decisions on its policy.

In December 2020, the EEOC published an FAQ guidance document, “What You Should Know About COVID-19 and the ADA, the Rehabilitation Act, and Other EEO Laws,” as its recommendation that employers, in our case banks, encourage staff to get the inoculations for COVID-19. And the following month it issued proposed regulations allowing the banks (and other employers) to offer de minimis incentives as part of a wellness program that incentivizes staff to get the vaccinations. However, this proposal was withdrawn on February 17. Now there is little guidance as to payments of incentives as these may conflict with the ADA and GINA and any regulation must be carefully crafted for compliance.

The regulation was not withdrawn because it was poorly crafted, but rather as President Biden took office, a White House Memorandum required all executive departments and agencies to immediately withdraw any proposed rules that had not yet been published in the Federal Register. This one had not. But the EEOC had been asked by many including the US Chamber of Commerce to better explain what de minimis was in this case. Prior to this it was interpreted to be a small consideration like a gift card or T-shirt. A court case more appropriate to this topic of vaccinations used guidance that 30 percent to the treatment cost was an allowable amount. But there was no clarification issued and the proposal has been withdrawn. Some employers are or were offering time off from work for anyone getting vaccinated or cash payments of up to several hundred dollars based on some news reports.

Absent EEOC guidance however, any bank offering an incentive must consider the ADA’s requirement that the disabled enjoy the same benefits and privileges of employment as the abled employees. So, under the ADA and in response to any person whose religious beliefs preclude them from being vaccinated, they are entitled to the same incentives even though they will not be vaccinated. They may be required to complete some other requirement such as a safety class on dealing with people in a pandemic environment. This could be suitable and not conflict with ADA requirements or religious beliefs.

The EEOC December guidance document actually allows banks to require staff to be vaccinated, but as usual, there are some exceptions carved out as noted already which may involve health concerns and religious values. There are many hurdles to requiring a vaccination and more still to fire an employee if they have ADA protections.

For ADA purposes, receiving a vaccination is not considered a medical exam. If it were, this could be deemed intrusive and in violation of the ADA. But the screening questions that must be answered prior to being inoculated are considered a medical exam subject to the ADA standards for disability related inquiries. This means the bank would need to demonstrate that the screening questions are “job-related and consistent with business necessity.” To meet this standard, the bank would need to have a reasonable belief based on objective evidence, that an employee who does not answer the questions and then does not receive a vaccination will pose a direct threat to the health or safety of themselves or others.

There are two circumstances under which disability related screening inquiries may be asked without being job related and a business necessity. 1) If the bank offers staff a vaccination on a voluntary basis, the ADA requires that the employee decides to answer pre-screening questions making it voluntary. If the employee chooses not to answer the questions, the employer will not provide the vaccine and the bank may not retaliate against the employee for refusing to answer. 2) If an employee receives a bank-required vaccination from a third party that does not have a contract with the employer, such as a pharmacy, the ADA “job-related and consistent with business necessity” restrictions on disability related inquiries would not apply.

If the bank adopts a policy that vaccinations for COVID-19 are required, it would be because it has a requirement that an employee shall not pose a direct threat to the health or safety of individuals in the workplace. As noted earlier, there are four factors in determining whether a direct threat exists:

1- the duration of the risk;
2- the nature and severity of the potential harm;
3- the likelihood that the potential harm will occur; and
4- the imminence of the potential harm.

A direct threat could be that an unvaccinated employee would expose others in the bank. The bank would have to determine that the employee who cannot be vaccinated due to disability and poses the threat cannot be provided reasonable accommodations that would eliminate or reduce this risk. Even with this, other laws and rights may protect the employee from being dismissed. Reassignment of responsibilities may be in order.

To summarize: being flexible, working with staff to find reasonable accommodations for the benefit of all, and encouraging vaccinations while addressing the needs of those dissenting may be the recommended actions, but each bank must decide, and both legal counsel and the bank’s human resources department should be involved in forming any policy.

 

February 2021 OBA Legal Briefs

  • Closing accounts for the undesirable customer
  • Military lending rules have teeth

Closing accounts for the undesirable customer

By Andy Zavoina

Some language in this article may be considered offensive by some readers but is taken from the court documents and has not been “softened” to accurately portray the treatment some bank staff endured. The severity of the language may help explain why the bank was adamant in its actions.

We’ve all had a customer like this at one time or another. Those who berate and belittle bank staff and believe that not only are they, the customer, always right, but that they may look down on those serving their financial needs. This article explores the implications of closing an account of just such a customer. In this case it is easy to assume the customer was looking for a quick settlement from the bank to extinguish the case, but that did not happen. This legal case extended over four years and the lawsuit included not only the bank, but personally included three employees who were involved.

In my banks, management’s philosophy included the question, “is this customer profitable?” A bigger part of management’s philosophy, however, was that there was no cause for bank staff to take physical or verbal abuse from customers. I believe most banks have this basic tenet. Could a customer have a bad day – sure. And that was excusable because we are all human, but if there was a track record of abuse toward staff, we would close the account. Some customers are high maintenance and low profitability and the bank does not have an obligation to serve everyone, especially when it demoralizes staff and costs the bank money to do so. Account closure is what was done in the case of this Texas customer and the customer challenged the bank in court.

Let’s look at the specifics of a case in Texas, Denson v. JPMorgan Chase Bank. Here you will find a customer who believed they were right and could verbally abuse bank staff. In this case there was a deposit error which lasted literally only a few minutes. But the customer believed, or at least accused the teller of trying to steal from her. The customer then went on to sue the bank and, in my opinion, load the list of charges with everything imaginable, making baseless claims, failing to provide factual and pertinent evidence, and believing that providing the court with pounds and pounds of paper documents which were not supportive of their claim, made their claims accurate. Instead, they wasted the court’s time, the bank’s time and their own. The case needlessly cost everyone involved.

Customers do have a right to justice and the right to seek that justice. This case had what most of us will view as the right result, but what was the cost of getting there?

Timeline

On January 13, 2017, Sandra Denson went to her bank, JPMorgan Chase, and deposited $730 with Mary Green, the teller. The cash was deposited using a cash counting machine. Unfortunately, this machine malfunctioned and held a $50 bill which temporarily reduced the amount to be deposited to $680. Denson knew this was incorrect and called Green “stupid,” cursed at her and called her a “dumb b***h” who needed her “ass whipped.” Denson said that Green required training to do her job and that Green was “going to keep that $50 for lunch.”

The $50 was discovered in the cash-counter moments later and was immediately added to the deposit. Rasheal Farris was Mary Green’s supervisor and she had another teller complete Denson’s deposit transaction. This would hopefully diffuse the tension between Denson and Green. But there had been previous incidents involving Denson during which she verbally abused bank staff. Having records of such incidents may seem petty, but it can support future actions. Bank staff would be wise to file some form of an incident report with the bank’s Security Officer to preserve memories of what occurred. This is a “who, what, when, where and why” record.

Based on the culmination of these incidents the decision to close all of Denson’s accounts was made. The bank opted to end this relationship by closing a joint savings account Sandra Denson had with her husband, Robert, and a joint checking account she had with her sister. The bank’s deposit agreement provided that, “Either you or we may close your account (other than a CD), at any time for any reason or no reason without prior notice.”

Al Ramirez is an employee of Global Security & Investigations Group, used by the bank. The bank and Ramirez prepared notices to Denson advising her of the account closure. They included a cashier’s check for the balances and a no-trespass letter for Denson so that she would not return to the bank. These were then sent using UPS Next Day Air.

Before the UPS package was delivered on January 14, 2017, Denson and her husband discovered online that their accounts were at a zero balance. They returned to the bank to inquire. Green told them that they were restricted from entering the bank and explained that the accounts were closed and an explanation and cashier’s checks for the balances was being delivered to them.

On February 17, 2017 Denson sued JPMorgan Chase, Mary Green the teller, Rasheal Farris her supervisor and Al Ramirez for wrongful dishonor of a check; conversion or, alternatively, money had and received; payment on forged signature and unauthorized withdrawal of  funds; breach of contract, breach of fiduciary duty, and breach of good faith and fair dealing; civil conspiracy/aiding and abetting; intentional infliction of emotional distress; common law fraud; negligence; and gross negligence. On February 5, 2018, Denson filed a “supplemental” petition, asserting claims under the United States and Texas Constitutions and alleging violations of the Fourth Amendment, the Fourteenth Amendment, and the right to privacy, and 42 U.S.C. § 1983.

Because Denson’s claims were in part under federal law, JPMorgan Chase moved to have the claims heard in federal court. The trial court awarded summary judgment for the bank, and Denson appealed. The CaseText document on the Court of Appeals for the First District of Texas recounts the various legal requirements each party had to make as it dissected the charges. As an example, as it relates to the claim of Intentional Infliction of Emotional Distress, it is noted, “To recover damages for intentional infliction of emotional distress, a plaintiff must establish that: (1) the defendant acted intentionally or recklessly; (2) the defendant’s conduct was extreme and outrageous; (3) the defendant’s actions caused the plaintiff emotional distress; and (4) the resulting emotional distress was severe. Extreme and outrageous conduct is conduct “so outrageous in character, and so extreme in degree, as to go beyond all possible bounds of decency, and to be regarded as atrocious, and utterly intolerable in a civilized community.” “[H]einous acts . . . except in circumstances bordering on serious criminal acts . . . will rarely have merit as intentional infliction claims.” And it goes on to indicate, “JPMorgan argued that Denson’s intentional infliction of emotional distress claim failed because Denson offered no evidence of the elements of extreme and outrageous conduct or severe emotional distress. It asserted that JPMorgan acted pursuant to its legal rights under the DAA (Deposit Account Agreement) when it closed Denson’s accounts and excluded her and her husband from the bank branch, and that such conduct cannot be extreme and outrageous. The bank further argued that, even if its conduct was actionable, no claim for intentional infliction of emotional distress was available to Denson because she could assert other contract and tort theories.”

Intentional infliction of emotional distress

On appeal this argument shifted the burden to Denson to produce the evidence for each challenged element of her claim. In her summary judgment response Denson did not reference the issues JPMorgan Chase challenged and provided no evidence to substantiate her claims. No evidence was introduced but Denson attached numerous documents including:

  1. the transcript from the federal court hearing;
  2. changes to her deposition;
  3. changes to Robert Denson’s deposition;
  4. plaintiffs’ original petition and several exhibits including:

a. pages from the Texas Secretary of State’s website related to JPMorgan Chase’s registered agent for service of process;

b. the January 13 letters from JPMorgan Chase to her confirming the closing of the accounts she owned including jointly owned accounts and notifying her of the no-trespass condition

c. a January 27 letter from her counsel to JPMorgan Chase advising that she has retained counsel and requesting that JPMorgan Chase preserve certain evidence;

d. a copy of a check written by Denson to the tax-assessor collector, dated January 12, 2017, in the amount of $526.79; and

e. a portion of Dorsaneo’s Texas Litigation guide. To her “reply in opposition,” Denson attached several of the same exhibits enumerated above as well as a portion of an email chain between counsel discussing the scheduling of depositions.

Denson attached almost 300 pages of documents to her summary judgment response while still failing to provide any specific evidence to support her case on this claim.

The law required Denson to specifically identify the supporting evidence in order to have it considered. The fact that nearly 300 pages of a response were provided was not sufficient to defeat a summary judgment. The court then noted that “concluding non-movant failed to carry burden to produce evidence raising genuine issues of material fact on challenged elements of claims against defendants for tortious interference, fraud, and conspiracy where response to defendants’ no-evidence summary judgment motion did not direct trial court to any evidence on challenged elements of her claims.” Legally the court must grant JPMorgan Chase’s motion unless Denson produced evidence that raised genuine issue supporting the claims made. This was not done.

Denson contended in her appeal that “Rasheal Farris and Mary Green acted intentionally or recklessly to cause severe emotional distress on Appellants by intentionally closing Appellant’s bank accounts which then totaled more than $53,000 in collected good funds without notice and without reason. When Sandra and Robert Denson inquired about their accounts, Mary Green did not tell them on purpose, to cause the emotional distress.” Denson stated that “she had ‘flashbacks’ since the incidents and that Green and Farris “jointly tarnished and ruined Sandra Denson’s reputation by making the above false accusations that Appellant Sandra Denson used foul language.”

Similar to the issue discussed above, the court received no evidence to support these allegations and again noted that case law does not require the court to sift through the documentation provided to determine what evidence may be there. The court documents stated, “We conclude that Denson did not carry her burden to produce evidence raising a genuine issue of material fact on the challenged elements of her intentional infliction of emotional distress claim against JPMorgan. Accordingly, we hold that the trial court did not err in granting summary judgment in favor of JPMorgan on this claim.” This statement was in fact similar to the conclusion noted on the other issues Denson appealed as well. I will not go item by item with the exception of the “fiduciary duty” a bank has to its customers and the claims of fraud because of the severity of the claims.

Breach of fiduciary duty

Let’s first review the facts of the case and then some of the media response.

In court, proving a breach of fiduciary duty required Denson to meet three criteria. First, establish that a fiduciary relationship existed between the Denson and the bank. Second, the bank must have breached its fiduciary duty, and lastly the breach must have resulted in injury to Denson or benefit to the bank.

JPMorgan Chase argued that this relationship required no fiduciary duties and there were no damages that resulted from the transaction or closure of the account. The bank believed this was a “creditor/debtor” relationship and the actions taken by the bank were allowed for in the deposit account agreement. This argument then shifted the responsibility of providing evidence to Denson. As noted above, again there was no evidence provided to these arguments and the word “fiduciary” did not even appear in either of Denson’s summary judgment response or reply. One challenged item was responded to as Denson stated that “the Bank owed Sandra Denson and Robert Denson a fiduciary duty.” This was a statement and no evidence was provided to substantiate it. There being no real rebuttal and no evidence to support the claim, the court favored the bank.

Investopedia defines a fiduciary as an, “…organization that acts on behalf of another person or persons, putting their clients’ interest ahead of their own, with a duty to preserve good faith and trust. Being a fiduciary thus requires being bound both legally and ethically to act in the other’s best interests.” Bankers are often included as an example of a fiduciary, but in this case the bank was never acting on behalf of Denson as to managing her money or investments, hence the bank’s “creditor/debtor” perspective.

The Editor of gsiexchange.com published a similar article as many other legal websites did, but gsiexchange.com noted, “In a landmark decision that ruled in favor of JP Morgan Chase, courts decided in Denson v. JPMorgan Chase Bank, N.A., that THE BANK DID NOT OWE ANY “FIDUCIARY” DUTIES to the plaintiff, one of the bank’s depositors…But clearly, the article is spinning the narrative in a way that does Denson and other depositors a significant injustice. Given that wealth is a relative concept, what if we scaled her deposit amount to $750,000? And what if $50,000 went missing due to human error? Any depositor might have taken Denson’s route, calling that teller the B-word. But aside from that, the real issue here is that the court ruled in favor of JPM because the bank is NOT a fiduciary. If JP Morgan Chase bank is not a fiduciary, then why are Americans depositing millions of dollars into the bank (and other similar banks) when–as non-fiduciary institutions-they are not held legally responsible for acting in the best interest of their depositors? This is a blatant injustice.” I must add that this website is for a business which deals in precious metals and the editorial comments closed with a solicitation to withdraw all funds from banks, for each person to be their own fiduciary and to invest those funds in precious metals. But if social media were to pick up these comments, I suspect the closing solicitation would be omitted.

If this were your bank, management and counsel would need to decide if any information for your employees, banking customers and market area was needed. In a pure deposit relationship. it can be argued that the bank was not managing the funds and the FDIC insurance protected the deposits. The bank offered no financial or investment advice, unlike the editorial comments themselves. But there may still be those who want to change the facts in such a way that would require other changes to the case. It is unlikely that $50,000 would become jammed in a cash counter and if a complete deposit was not counted for some reason, but that error was found and corrected in a matter of moments, was any fiduciary duty breached?

Fraud

In the claim of fraud, there are six elements to be proved:

  1. Was a material misrepresentation was made?
  2. Was the representation false?
  3. When the representation was made, did the bank either know it was false or make the statement without knowledge of the truth?
  4. Did the bank intend that the representation to be acted upon?
  5. Did the customer act in reliance on the representation?
  6. Did the customer suffer any injury?

The bank argued that Denson provided no evidence of any fraudulent misrepresentation, there was no reliance on statements made about the deposit accounts and there were no damages incurred. The only possible misstatement was that the deposit was $50 short but that was rectified within minutes and before Denson ever left the bank on that day of the deposit.

Denson claimed fraud against the teller and supervisor, Green and Farris, claiming that they made fraudulent accusations that Denson used foul language and threatening behavior. Denson failed to argue that at the trial court and therefore could not appeal it after that. As a result the appeals court found for the bank and its employees on this issue.

In this case the claim was invalidated because it was not initially argued but a bank would be wise in such cases to gather evidence and hold it for some period until it knows no claims were made or could still be made. This is why having statements and video and any other evidence collected immediately after an event is a sound procedure. I was taught that the palest of inks is better than a person’s memories, and this would hold especially true four years later.

Breach of contract

Denson’s claims of a breach of contract were also nullified as she claimed the bank had a duty to provide a copy of her deposit account agreement before the accounts were closed. No evidence on her part was made to support the claims, but again a bank would rely on its procedure to always provide such documents when an account is opened.

Can the bank close any account?

The OCC maintains a consumer information website, HelpWithMyBank.gov and addresses the question by simply saying “yes.” It does expand on that to say that generally accounts may be closed for any reason and without notice. It urges customers to review the agreements they have with their banks and to contact the OCC if they feel their account was wrongfully closed. So while there is support for a bank to end a relationship, it is still open to dispute.

Your deposit agreement likely has a clause similar to this:
“We reserve the right to close your Account at any time for any reason. We are not responsible for any items, checks or EFTs returned after your Account has been closed. YOU SHALL INDEMNIFY AND HOLD US HARMLESS FROM ALL CLAIMS, DEMANDS, LAWSUITS, LOSSES, COSTS, EXPENSES AND ATTORNEYS’ FEES WE SUFFER OR INCUR IN CONNECTION WITH OR RELATED TO CLOSING YOUR ACCOUNT.”

While necessary and in cases like the Denson account, very helpful, this may not be enough to satisfy a jury box filled with bank customers. The bank needs a good reason to close a customer’s account and there may be steps and timelines which must be followed.

Consider the Federal Government Participation in the Automated Clearing House rules, 31 CFR 210, which applies to all entries and entry data originated or received by a federal agency through the Automated Clearing House (ACH) network, with a few exceptions. The key statement in the applicability of the rule are “applies to all entries and entry data originated or received by an agency” (the emphasis is mine) and “agency” is a defined term which includes any department, agency, or instrumentality of the United States Government, or a corporation owned or controlled by the Government of the United States, excluding the Federal Reserve Bank.  You may have customers receiving direct deposits of government benefits making your bank subject to this because of the agency sending you the deposits.

What this means to you is that 30 days’ notice (or longer if the account agreement provides a longer period) could be required except in the case of fraud.  Refer to § 210.4(c)(3):

(c) Termination and revocation of authorizations.  An authorization shall remain valid until it is terminated or revoked by:

(3) The closing of the recipient’s account at the RDFI by the recipient or by the RDFI. With respect to a recipient of benefit payments, if an RDFI closes an account to which benefit payments currently are being sent, it shall provide 30 calendar days written notice to the recipient prior to closing the account, except in cases of fraud; or…

So the bank may not be able to close applicable accounts unless there is fraud, without first providing a 30-day advance notice to your customer. That was not the situation in the Denson case, but before closing an account, the bank must be aware of this rule and have a procedure to follow when applicable.

Bank staff must also be aware of all the agreements and all the disclosures that are provided to customers. How else can requirements and agreements like closing an account be enforced? Customers have the right to choose where they bank and a bank has the right to choose who it will do business with.

In Denson v. JPMorgan Chase Bank, the bank and three of its staff members went through four years of litigation to remove one customer who was rude, abusive and threatening to staff. The cost of litigation is not cheap and no bank or person subject to a lawsuit wants the lowest-cost attorney representing them. Well written and enforceable agreements are necessary both to protect the bank and its customers and to eliminated ambiguity. They may not eliminate litigation such as the Denson case, but without them, that case could have taken even longer to be resolved.

Military lending rules have teeth

By Andy Zavoina

Let’s talk for a moment about 2,175,000 reasons to follow the letter of the Military Lending Act (MLA). In dollars, those are the reasons Omni Financial is paying for not following the rules.

On December 28, 2020, the CFPB entered into a Consent Order (File No. 2020-BCFP-0028) with Omni Financial of Nevada, Inc., also doing business as Omni Financial and Omni Military Loans. Loans were being made to active duty servicemembers or their dependents who are protected by the MLA. Omni makes tens of thousands of loans annually ranging from $500 to $10,000 for terms of six months to three years.

One issue the CFPB had with Omni was a requirement for some borrowers to repay by allotment. Section 232.8 of the Department of Defense’s regulation, “Limitations on Terms of Consumer Credit Extended to Service Members and Dependents and specifically section (g) prohibits this.

Title 10 U.S.C. 987 makes it unlawful for any creditor to extend consumer credit to a covered borrower with respect to which:

(g) The creditor requires as a condition for the extension of consumer credit that the covered borrower establish an allotment to repay the obligation. For the purposes of this paragraph only, the term “creditor” shall not include a “military welfare society,” as defined in 10 U.S.C. 1033(b)(2), or a “service relief society,” as defined in 37 U.S.C. 1007(h)(4).

Keywords here are “requires as a condition” and you simply cannot do that. Procedures should be written such that the borrower may offer to pay by allotment, but they should know that it is not a requirement to receive a loan.

If you are wondering why allotments are preferred by lenders, “back in the day,” servicemembers had direct deposit and could set up allotments for specific payments. This eased the burden on the borrower who could be deployed or otherwise not available to handle routine personal financial matters because of their military duties. It seemed like a win-win because the borrower would always have their debt paid and nobody had to worry about calls and letters for debt collection. Additionally, a good credit rating is good for a military security clearance. A poor credit rating is definitely a problem. The servicemember receives a known amount of monthly pay and benefits. The allotments would be paid and the remainder was direct deposited to their bank.

Some servicemembers realized that if they were to receive an Article 15 (judicial punishment) which included pay forfeiture that fine would be deducted after allotments were taken out. As a result, many servicemembers would start an allotment to their spouse as an example for all but $100. That way the household always had money and forfeiture of pay was never more than $100. The allotment could easily be deposited at the bank if desired. So allotments were a better way of being paid monthly.

Eventually the government realized a lot of work goes into making allotments and correcting allotment problems that sometimes arise. They found that some lenders, especially those with high interest rates would require allotments and even charge fees to be paid that way. As a result certain allotments are prohibited, such as to purchase or finance vehicles or appliances; and others are not limited, such as for mortgage or rental payments on real property, dependents support and for a variety of other items.

Omni lenders would tell their borrowers, 90 percent of whom were covered borrowers under the MLA, they had to pay by allotment to be approved and 99 percent of active-duty borrowers did set up allotments for their Omni loans.

Not all of Omni’s borrowers were military. What is a civilian equivalent of an allotment? It would be when a lender requires an borrower to authorize electronic funds transfers (EFTs) for payments in advance. Yes, Reg E, which civilian banks are very familiar with, also comes into play in the Omni case. Omni required every borrower to provide information on their bank account routing and account numbers. Each contract included the authorization for Omni to initiate an EFT which would automatically be initiated the first business day after any missed payment.

Reg E prohibits a lender from conditioning a loan on repayment by an EFT. § 1005.10(e)(1) – No financial institution or other person may condition an extension of credit to a consumer on the consumer’s repayment by preauthorized electronic fund transfers, except for credit extended under an overdraft credit plan or extended to maintain a specified minimum balance in the consumer’s account.  

The result of Omni’s violations of the Defense Department regulation and of Regulation E is more than a fine. Omni must stop conditioning loan approvals on military allotments and EFTs. They must write to each borrower with an outstanding loan and clearly and prominently inform them of the Consent Order, offer different repayment options, list all the methods available to repay the loans, and provide the options the borrower may select. They are also prohibited from drafting funds from a borrowers account without a new, written authorization from the borrower. Similarly, allotments will not be accepted from a military borrower without a prescribed written authorization with a notice that it may be stopped at any time.

There were more training and compliance requirements in addition to the civil money penalty of $2,175,000.

On a related note, David Uejio, the acting director of the CFPB, has made it clear in a statement he shared with everyone at the Bureau and posted on the Bureau’s website on January 28, that the Bureau will be “reversing policies of the last administration that weakened enforcement and supervision. As of today, it is the official policy of the CFPB to supervise lenders [subject to Bureau supervision] with regard to the Military Lending Act.”

January 2021 OBA Legal Briefs

  • Second round of stimulus payments
  • Accepting OK Real ID receipts
  • Special purpose credit programs
  • BSA revisions

Second round of stimulus payments

By Pauli D. Loeffler

With the first round of stimulus payments, customers who died prior to receipt were not eligible to receive them. This was made clear by on the IRS’s Economic Impact Payment Information Center website (https://www.irs.gov/coronavirus/economic-impact-payment-information-center) in responding to “Does someone who died qualify for payment?”:

A5. No, a payment made to someone who died before receiving the payment should be returned to the IRS by following the instructions in Topic I: Returning the Economic Impact Payment.

Joint filers with a deceased spouse: For payments made to joint filers with a deceased spouse who died before receiving the payment, [the surviving spouse should] return the decedent’s portion of the payment.

Topic I covered returning payments:

A1. You [the person returning the check] should return the payment as described below.

If the payment was a paper check:

    1. Write “Void” in the endorsement section on the back of the check.
    2. Mail the voided Treasury check immediately to the appropriate IRS location listed below.
    3. Don’t staple, bend, or paper clip the check.
    4. Include a brief explanation stating the reason for returning the check.

If the payment was a paper check and you have cashed it, or if the payment was a direct deposit:

    1. Submit a personal check, money order, etc., immediately to the appropriate IRS location listed below.
    2. Write on the check/money order made payable to “U.S. Treasury” and write 2020EIP, and the taxpayer identification number (social security number, or individual taxpayer identification number) of the recipient of the check.
    3. Include a brief explanation of the reason for returning the EIP.

Liability for repayment falls on the surviving spouse rather than the bank. if the deceased customer is the sole payee, neither paper checks nor direct deposits should be accepted.

To be eligible for the second stimulus payment, a deceased person must have died on or after January 1, 2020. The bank may presume the person is alive unless it has notice the death occurred in 2019, then the procedure stated above should be followed for deceased joint payee or deceased sole payee.

Unlike the first round of payments, second round payments will be issued even if taxes or child support is owed. Further, the U.S. Treasury deposits will be encoded of “XX” in the first two positions of the Company Entry Description field to designate them as exempt from garnishment. Note that if the account is closed, the payment should be returned

The FAQs for the second payments are found at this link: https://www.irs.gov/coronavirus/second-eip-faqs.

Accepting OK Real ID receipts

By Pauli D. Loeffler

When opening an account for someone who is not a current customer or cashing an on-us check, the bank needs to have a reasonable basis to believe the person is who he says he is. Most banks rely on an unexpired driver’s license, passport, etc. If the new customer is waiting for an Oklahoma driver’s license or identification card that is a Real ID and provides the receipt from the tag agent, it is up to the bank and its policy as to what is acceptable for CIP for deposit accounts, loans, and for cashing on-us checks.

The receipt for the Real ID is temporary and effective for 30 days from issuance. The “temporary” nature has spurred concerns about accepting it.  The receipt has a facsimile of the Real ID that will be mailed including photo, name, license or ID number, date of birth, address, signature, etc. which will be on the permanent card. Until the 30 days have expired, it is a government issued photo ID and there is nothing to prevent a bank from accepting it.

We do not recommend opening the account in reliance on the temporary ID and requiring the person to come back and present the new ID when it is received. This would require the bank to calendar a call if the customer doesn’t return (similar to opening a joint account when one of the owners isn’t present and fails to sign within a short period of time, which is a recurring nightmare for banks).

With the pandemic, many people are reluctant to venture out a second time. And requiring the customer to provide the final, laminated ID is no more necessary than the bank requiring a new license or ID card when the current card expires, another practice that isn’t required.

Special purpose credit programs

By Andy Zavoina

Background

The Consumer Financial Protection Bureau (CFPB) announced in March 2020 that it would initiate a new program under which Advisory Opinions would be issued. On November 30, 2020, the final policy for the program was issued. The Advisory Opinions are to be considered interpretive rules under the Administrative Procedure Act. They are binding and as important as the regulation and will be published in the Federal Register and on the CFPB’s website. Advisory Opinions are intended to react to the need for clarity when there is a regulatory or statutory question on a specific topic. There are five factors used to determine if an Advisory Opinion will be issued. In brief these are:

  1. Has the issue been cited during exams, meaning clarity is needed as banks are misinterpreting the rules currently?
  2. Is the issue of significant importance or will the guidance be a significant benefit to those who must comply with the rules?
  3. Will the interpretation of the issue align with the CFPB’s statutory objectives?
  4. How will this guidance affect other regulatory agencies?
  5. What will the impact be on the CFPB’s resources?

Advisory Opinions will generally not be issued if there is an ongoing investigation, enforcement action, or planned rulemaking. Think of it as a statement of “no comment” during an active investigation.

Anyone or any entity can request an Advisory Opinion. The CFPB believes when it issues one, the matters addressed will be of interest to many.  The CFPB noted that issuance of this latest Advisory Opinion resulted from comments received in response to the CFPB’s recent Request for Information on ECOA and Reg B.

Special purpose credit programs

On December 21, 2020 the CFPB issued its third Advisory Opinion (the first two were issued on November 30, 2020, and addressed private education loans and earned wage access). It addresses Reg B and the authorization for banks to offer special credit programs under Reg B. Since many banks may have an interest in such programs for Community Reinvestment Act reasons or simply for meeting a credit need for the market area and better serving a market segment, we will review special purpose lending programs here to facilitate any planning your bank may need to do. A special purpose credit program will require forethought, direction and planning, as without these elements, it may be seen as carelessly trying to sidestep regulatory requirements and could involve illegal discrimination.

The CFPB and other regulatory agencies do not provide approval for your programs, but rest assured they will review them. Because the bank will request otherwise prohibited information to qualify an applicant for a program, without proper preparation for the program, there would almost certainly be violations cited for the collection and use of the prohibited information.

As of January 4, 2021, the Advisory Opinion on special purpose credit programs has not been published in the Federal Register. It will become effective on publication. Any bank wanting to initiate such a program should become familiar with the Advisory and review the Federal Register for a publication and effective date.

The Advisory repeats many of Reg B’s requirements reminding us of why it exists. But it goes beyond that in the attempt to clarify program requirements so that a bank may confidently employ a special program with less fear of being cited for it. No one wants to hear “no good deed goes unpunished” when examiners review a special program that is fiscally advantageous to a borrower and reduces potential bank income. The CFPB guidance offers direction on how the bank may determine the class of persons the program is designed to benefit, and how to request and consider otherwise “prohibited” information regarding the common characteristics used to determine eligibility for the program. It also helps the bank better understand the type of research and data required to demonstrate the social need for the program it wants to offer.

The Advisory indicates it is applicable to a “for-profit organization” which your bank will qualify as. When your bank wants to do something, which is otherwise forbidden under Reg B, it must have a purpose of meeting some social need and then follow prescribed rules. A bank must have a written plan under which the special purpose credit program will be administered. Additionally, the bank must document why this program is needed. This will likely be purpose driven. The bank should clarify in its plan what type of research was used to define this need and why the data is appropriate to justify the program’s use of the data and what class of persons will benefit from it.

When the Equal Credit Opportunity Acy was enacted in 1974 it initially prohibited discrimination in credit transactions on the basis of sex or marital status. Two years after that the ECOA was amended to include the other factors we know today—age, race, color, religion, national origin, receipt of public assistance benefits, and exercise of rights under the Federal Consumer Credit Protection Act.

Consideration of these prohibited bases is not considered discriminatory when the bank is extending credit pursuant to “any special purpose credit program offered by a profit-making organization to meet special social needs which meets standards prescribed in regulations…” Ordinarily you may be aware of one or more of these prohibited bases but they are not to factor into any credit decision. In the case of a special purpose credit program one or more of these otherwise prohibited characteristics may be considered and essentially must be considered to qualify the applicant for the program, such as a loan to the elderly or to member of a minority group at a special rate or other advantageous terms.

Congress felt that loan programs “specifically designed to prefer members of economically disadvantaged classes” could serve “to increase access to the credit market by persons previously foreclosed from it.” Therefore, by allowing a prohibited basis such as race, national origin, or sex to be considered, there was a greater good being served because these persons had been traditionally excluded.

In June 2020, the Federal Reserve Bank of New York wrote about income inequality in a research document titled, “Credit, Income and Inequality” where it showed the disparities in both the availability of credit, and differences in the terms and conditions under which credit was available to applicants of limited wealth. For example, a home is often the largest purchase a consumer makes. The equity built through payments and appreciation is often the largest share of the household’s net worth. But Home Mortgage Disclosure Act (HMDA) data shows that in 2019, Black, Hispanic White, and Asian borrowers had notably higher mortgage loan denial rates than non-Hispanic White borrowers. The Advisory explains that, “For example, the denial rates for conventional home-purchase loans were 16.0 percent for Black borrowers, 10.8 percent for Hispanic White borrowers, and 8.6 percent for Asian borrowers; in contrast, denial rates for such loans were 6.1 percent for non-Hispanic White borrowers. Black and Hispanic White borrowers were also more likely to have higher-priced conventional and nonconventional loans in 2019.” The inability to buy a home restricts their household net worth making them a credit-constrained group of individuals.

“Disparities in Wealth by Race and Ethnicity in the 2019 Survey of Consumer Finances” was published in September 2020 by the Board of Governors of the Federal Reserve System. This indicates that the typical White family has $188,200 in median family wealth, which is eight times the wealth of the typical Black family ($24,100), and five times the wealth of the typical Hispanic family ($36,100).

Disparities based on racial and ethnicity go beyond mortgages, it was reported. HMDA data supports this on mortgage loans, but the data is less obvious on non-mortgage loans because banks are not allowed to keep or consider such data. But the same September 2020 report provides that there are, “disparities in both mortgage and non-mortgage credit denials among White, Black, and Hispanic credit applicants. Specifically, White credit applicants reported being denied for credit— including, but not limited to, mortgage credit—at a rate of 17.3 percent; Black credit applicants reported being denied for credit at a rate of 41.3 percent; and Hispanic credit applicants reported being denied for credit at a rate of 34.6 percent.

In the small business lending context, a report by the Board showed that “[o]n average, Black- and Hispanic-owned firm applicants received approval for smaller shares of the financing they sought compared to White-owned small businesses that applied for financing. This same report noted that larger shares of Black-, Hispanic-, and Asian-owned firm applicants did not receive any of the financing they applied for—38%, 33%, and 24%, respectively—compared to 20% of White-owned business applicants.” (This was referenced in the “Report on Minority-Owned Firms, December 2019, by the Federal Reserve.)

This is the type of data research the bank should consider using to support a special purpose credit program that eases underwriting requirements for minority applicants. By expanding the access to credit, underserved communities and classes of individual will be empowered to grow their net worth and borrowing power for the future.

The Advisory explains that it applies only to certain aspects of a special purpose credit program. It does not apply to federal or state authorized credit assistance programs under 501(c) of the Internal Revenue Code.

The fact that a bank would offer a special program to a specific minority, but deny someone of that minority, will not in itself be considered discriminatory. The written plan the bank creates should define several aspects of its program. Be familiar with Regulation B section 1002.8 – Special purpose credit programs, and particularly 1002.8(a)(3)(i). As the bank creates the written plan there are four items of information which need to be included:

  1. The class of persons that the program is designed to benefit. Set the standards for credit approval and keep in mind, the intention is to grant credit to a class of borrowers who would not ordinarily qualify for this credit under your existing underwriting criteria, or who would receive it with less favorable terms.One element that the bank may include is that all the approved borrowers share one or more common characteristics, such as being a minority, over a certain age, etc. Examples in the Advisory notice indicate a, “written plan might identify a class of persons as minority residents of low-to-moderate income census tracts, residents of majority-Black census tracts, operators of small farms in rural counties, minority- or woman-owned small business owners consumers with limited English proficiency, or residents living on tribal lands.”So long as the program is not discriminatory and is not intended to evade Reg B requirements, this information may be requested and considered in the approval process. Note in the given example that “residents of a majority-Black census tract” may qualify. The Advisory allows that the protected class subject to the program could be defined with or without reference to a characteristic that is otherwise a prohibited basis under Reg B.

2.  The procedures and standards for extending credit pursuant to the program. This element of the written plan is intended to define the standards and terms of the credit program. It must lean in favor of the protected class such that those who would not have qualified under normal underwriting guidelines will now qualify or those who would have qualified under less than favorable terms will now qualify for the better terms of the program.

To reach this objective the bank may consider offering a new credit product or service, could modify the terms and conditions of an existing product or service, or may modify policies and procedures of a loss mitigation program. As an example, if the bank offers a small business loan product and current underwriting requires three years of experience in the industry, this could be relaxed to one year under a modified program when research data indicates this will make more credit available and that the three-year requirement was a difficult hurdle for applicants.

The written plan should describe how this variance will increase credit availability and there should be research from the bank and/or third parties to substantiate this. In this example, the business must be woman-owned. This is a protected class of persons so the explanations must include what will be required to qualify, and what information obtained would otherwise have been prohibited under Reg B. A heightened awareness of what is collected and why is called for.

3.  Either the time period during which the program will last or when the program will be evaluated to determine if there is a continuing need for it (or both). If the bank opts to reevaluate a program, the parameters triggering reevaluation should be described, such as based on a trigger date or circumstance such as a set amount of total funds loaned. The bank could create a combined approach as well such as whichever occurs first. If after reevaluation the program is extended, the written plan should detail this and include the expectations for the future of the program. Will there be a new target date set, amount of funds loaned or a combination?

4.  A description of the analysis conducted by the bank to determine the need for the program. The program is to be established and administered to benefit the class of people who would otherwise have been denied or approved with less favorable credit terms. This is determined by what the CFPB refers to as “broad analysis.” The Official Interpretations to Reg B provide that a written plan “must contain information that supports the need for the particular program.” (8(a)-5) The bank’s written plan must describe or incorporate the analysis that supports the need for the program.

The need for the program is based on this “broad analysis” which may be the bank’s own research, or information from outside sources including governmental reports and studies. In addition to HMDA analysis, the bank may find useful data in CRA evaluations and data, Small Business Credit Surveys done by the Federal Reserve or the Small Business Administration.

Section 1002.8(a)(3)(ii) requires that the research and data used support the conclusion that this class of protected applicants either would not receive credit, or would have received it under less favorable terms. Then show the connection between that information and the bank’s customary underwriting requirements. As an example, underwriting guidelines for a mortgage product may require a certain amount of cash for a down payment. With a demonstration of how a protected class of applicants does not have this, but could service the debt they want to undertake, a downpayment assistance program may be called for.

Any program the bank considers may use necessary information to an applicant’s benefit, but still may not discriminate on a prohibited basis. The CFPB notes, “[i]f participants in a special purpose credit program . . . are required to possess one or more common characteristics (for example, race, national origin, or sex) and if the program otherwise satisfies the requirements of [Regulation B], a creditor may request and consider information regarding the common characteristic(s) in determining the applicant’s eligibility for the program.” If no special purpose credit program has yet been established, however, a creditor may use statistical methods to estimate demographic characteristics but it cannot request demographic information that it is otherwise prohibited from collecting, even to determine whether there is a need for such a program. Moreover, while a for-profit organization may rely on a broad swath of research and data to determine the need for a special purpose credit program—including the organization’s own lending data—it may not violate Regulation B’s prohibitions on the collection of demographic information exclusively to conduct this preliminary analysis before establishing a special purpose credit program.”

Only after the bank has determined a program is advantageous and has developed what it believes is a valid and justified credit program can it begin to request and use the otherwise prohibited information under Reg B. The bank may not request this prohibited information to justify implementing a program. The bank may use statistical methods to estimate demographic characteristics, however.

In summation, if your bank sees an unmet need, and this is directly related to a protected class under Reg B, the bank is free to develop a program, based on research and statistical data, to assist this class who would otherwise either be denied credit or receive credit under less favorable terms. There can be a number of reasons the bank would want to entertain such a program. Even though the bank would need to relax some qualifications to grant a loan, that does not mean any loan has to be made which is not safe or sound or profitable for the bank. If you want to find that median which eases underwriting and serves a positive purpose for the bank, consider a special purpose credit program.

 

BSA Revisions

By Andy Zavoina

Have you heard there were revisions to the Bank Secrecy Act? Have you been looking for a Bill on BSA? Well, it would have been easy to miss because Congress rarely does one thing at a time. When one of our elected officials has a bill they want approved, sometimes the easiest thing to do is to append it to another bill that has a very good chance of passing. Then it can sail through perhaps under the radar, but in plain view. In this case the 1,480-page version of the newest bill to fund defense, the “William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021” (which the president vetoed, but Congress enacted with an override of the veto) includes significant changes to the BSA. If you want to read it, look for H.R. 6395, and you will find Division F pertinent (Sections 6001 to 6511). That’s only 86 pages, so let’s talk about the highlights if you are not sure you want to dive in just yet.

Perhaps the biggest potential benefit comes from the changes to the Beneficial Ownership Rule. Congress realizes that many, if not most states do not require information about the beneficial owners of entities formed under those states’ laws. There can be many layers as to ownership interests in a company and there has to be a better way than FinCEN’s Beneficial Ownership Rule to bring the U.S. into compliance with international anti-money laundering laws.

Under the current rule, banks are required to act as information-gathering middlemen between their customers and law enforcement agencies. Federal agencies and law enforcement wanted this information to get to “who” was really the owner benefitting from these transactions and banks were not given much of a say. But the new law will require certain U.S. companies (corporations, limited liability companies, and similar entities) and companies doing business in the U.S. to report information regarding their beneficial ownership directly to FinCEN. A newly formed company will now have to report its information to FinCEN when it is formed. Companies that have a change in beneficial ownership will be required to provide FinCEN with updated information within one year.

There are exceptions in the law. The new law excludes select companies from the reporting requirements. Those which meet the following criteria are excluded:

  • It has more than 20 full-time employees,
  • It reports more than $5 million in annual revenue to the IRS, and
  • It has an operating presence at a physical office within the U.S.

General exclusions also will apply to public companies, and to:

  • banking organizations (banks, credit unions, bank holding companies, savings and loan holding companies),
  • FinCEN-registered money transmitters,
  • SEC-registered broker-dealers,
  • SEC-registered investment companies and investment advisers, and insurance companies.
  • Additional exceptions apply such as for pooled investment vehicles and more.

A “beneficial owner” is any person who, directly or indirectly owns 25% of the equity interest or exercises substantial control over the entity. This then begs an answer to what constitutes “substantial control” and that is unclear and not defined in the new law. It is also unclear whether the term will be interpreted similarly to FinCEN’s current Beneficial Ownership Rule, which says control exists where there is a “a single individual with significant responsibility to control, manage, or direct a legal entity customer.”

Those companies required to report to FinCEN need to include the names, dates of birth, addresses, and unique identifying numbers (such as a driver’s license or passport number) of their beneficial owners.

FinCEN will now maintain a non-public database of the beneficial ownership information it collects. An individual or entity that provides beneficial ownership information to FinCEN may request the issuance of a FinCEN identifier which may be supplied to the reporting company for its use in reports to FinCEN. The new law requires several provisions relating to authorized disclosure by FinCEN of beneficial ownership information. For example, FinCEN may, with the consent of a reporting company, disclose beneficial ownership information to a bank to assist it in compliance with customer due diligence requirements. Once the database is in place and operative, FinCEN may relax some parts of the onerous Beneficial Ownership Rule’s impact on banks.

CTR and SAR improvements

In an effort to streamline and improve the SAR and CTR processes, Treasury must take into consideration the burdens to reporters compared to the benefits from these reports. The law requires FinCEN in consultation with other regulatory agencies to establish streamlined, automated, processes which permit the filing of noncomplex SARs by banks. Treasury must conduct a formal review of SAR and CTR requirements and current reporting thresholds, including a review of possible exemptions to reduce reports that may be of little or no value to law enforcement. This requires FinCEN to publish not less than semiannually, information on threats and threat patterns to assist in the preparation, use, and value of SARs and other reports.

The new law also includes information on stricter penalties for BSA violations, more sharing requirements and the inclusion of virtual currency and more.

it also creates a whistleblower reward program with incentives and protections for the reporting of potential BSA violations when reporting to the government. It is generally similar to the Securities and Exchange Commission’s whistleblower program. Rewards will be offered to whistleblowers who voluntarily provide original information to their employer, Treasury, or the Department of Justice (DOJ) on possible BSA violations, provided that tip leads to successful enforcement action and the monetary penalties exceed $1 million. Whistleblowers can report violations anonymously and qualify for rewards if represented by counsel.

 

 

December 2020 OBA Legal Briefs

  • Systemic overdraft problems
  • Resolving escrow shortages and deficiencies
  • An update on the Payday Lending Rule

Systemic overdraft problems

By Andy Zavoina

Let’s talk “politically correct” and separate that from what is legally correct. The former term is used loosely to mean generally accepted by the vocal public, which in this case includes those tired of what they may view as exorbitant bank fees.

Let’s examine a recent case about bank fees. The fees in question are nonsufficient funds fees on checks and it is possible your bank is following the same practice that just led to a $16 million settlement. The case, Ruby Lambert v. Navy Federal Credit Union, became a class action suit. It could likely just as well have been against any bank, possibly even yours, although this case was in the United States District Court, Eastern District of Virginia. It involves a dispute over multiple fees charged for the payment of items for which there were nonsufficient funds in the account, because of the re-presentment of a check.

You should be familiar with your disclosures. If you are not, get one out and see if you have language like this addressing NSFs and fees:

XYZ Bank may return debits to the checking account (e.g., checks or ACH payments) if the amount of the debit exceeds funds available in the checking account. A fee may be assessed in the amount shown on XYZ Bank’s current Schedule of Fees and Charges for each returned debit item.

Automated processes present an item and compare it to the balance available. If the item will not pay, an NSF fee is typically charged to the account and that item can be returned to the payee. The payee then has options. They may choose to call the bank to determine if, at that later date, there are sufficient funds and, if so, the item can be represented for payment. Other payees may automatically re-run the item or in some cases they contact the issuer for payment.

“Banking veterans” remember when checks were more popular and generally a paper item would be run through the clearing system up to two times. The item could then be stamped with a disclaimer similar to “Do Not Re-Deposit” after the second presentment or even have holes punched in the MICR code at the bottom of the check. The intent was to avoid further re-presentments when there was little hope of the item paying. This saved the bank time handling the item and avoided accruing yet another NSF fee that could prove difficult to collect. These items could still be sent as collection items. At the end of the day, one item could accrue two NSF fees, one for each presentment. But that is not an absolute rule.

The OCC’s website meant to answer questions from consumers includes the following Q&A:

Question – How many times will a bank allow an insufficient funds (NSF) check to be redeposited/resubmitted?

Answer – Generally, a bank may attempt to deposit the check two or three times when there are insufficient funds in your account. However, there are no laws that determine how many times a check may be resubmitted, and there is no guarantee that the check will be resubmitted at all.
Overdraft or insufficient funds fees can be assessed each time the check is submitted. Review your bank’s deposit account agreement for its policies regarding overdrafts and the presentment of checks.

(Last Reviewed: October 2020)

With this background, let’s examine the Lambert case. Lambert initiated her suit against NFCU after a preauthorized charge for insurance she had set up was presented in ACH form and refused. NFCU charged a $29 NSF fee as the item was presented, processed, and returned. Two days later the payee submitted another ACH debit request for that same payment, which was still owed. NFCU followed the same procedure and again returned the item due to nonsufficient funds and charged Lambert another NSF fee.

Lambert’s suit claims that the second charge for an NSF fee violates the contractual language in her agreement with NFCU. Any subsequent charge, a second, third, etc. was not authorized as each is a resubmission of the first and only that one charge was authorized. In the sample language above it states NFCU “may” return items and may assess “a fee.” As Lambert views these transactions, all subsequent attempts to charge her account involved the same debit.

She filed two claims based on this belief. First, she believes there was a breach of contract and the covenant of good faith and fair dealing. Secondly, it was a violation of North Carolina’s Unfair and Deceptive Trade Practices Act.

NFCU claims that it enjoys a federal preemption under the Federal Credit Union Act and the Truth in Savings Act as state law claims may be preempted by Congress “either expressly through the statute or regulation’s language or impliedly through its aim and structure.” National banks will also enjoy some preemptions and state banks may enjoy some benefits of parts of these laws under parity rules. Check with bank counsel if you have any questions, but these facts influence this case, which could impact how your bank contracts for fees. At the very least Your compliance and legal departments should feel confident in the terms used in contracts between your bank and your customers.

Analysis of the Lambert claims indicates “12 CFR parts 707 and 740, as well as other federal law, and its contractual obligations, determine the types of fees or charges and other matters affecting the opening, maintaining and closing of a share, share draft or share certificate account. State laws regulating such activities are not applicable to federal credit unions.” In particular § 701.35 “expressly provides that [federal credit unions] are authorized to determine, free from state regulation, the types of disclosures, fees or charges” for their account offerings. And TISA implementing regulations require federal credit unions to provide disclosures regarding “[t]he amount of any fee that may be imposed in connection with the account . . . and the conditions under which the fee may be imposed.”

Some laws, such as those involving breach of contract and misrepresentations of terms, are not federally preempted. Lambert claimed this was at the root of her case because the NFCU “may” charge “a fee” based on the terms in the agreement. This meant there was discretion and the fee imposed was singular (and remember she maintains the subsequent presentments for payments are all related to and part of the initial presentment).

As to the breach of contract, the court dismissed this “because the contract unambiguously gives Navy Federal the contractual right to impose fees in the way that it did.” and “Contracts must be construed as a whole without placing undue emphasis on isolated terms…” While Lambert maintained that two ACH debit requests made by the same merchant, in the same amount, for the same purpose, are the same “debit item,” she disagreed with interpreting the terms to mean that a fee may be charged for each item and that subsequent resubmissions were “new” items. The Court agreed with NFCU based on the facts that the terms were unambiguous and that NFCU was following the terms.

In the Court’s decision, it stated, “Plaintiff’s interpretation is unreasonable in light of the contract as a whole. When Plaintiff was charged the initial nonsufficient funds fee, it was because her insurer’s request for payment (the “debit item”) was returned. The contract specifies that “Navy Federal may return debits to the checking account (e.g., an ACH payment) if the amount of the debit exceeds funds available in the checking account” and assess “[a] fee” for the “returned debit item.” Further, it stated, “Plaintiff’s interpretation is unreasonable in light of the contract as a whole. When Plaintiff was charged the initial nonsufficient funds fee, it was because her insurer’s request for payment (the “debit item”) was returned. The contract specifies that “Navy Federal may return debits to the checking account (e.g., an ACH payment) if the amount of the debit exceeds funds available in the checking account” and assess “[a] fee” for the “returned debit item.”

There was a dispute of how to interpret the agreement. The Court found, “the sentence in dispute must be read in conjunction with the sentence immediately before it. The first sentence states: “Navy Federal may return debits to the checking account (e.g., an ACH payment) if the amount of the debit exceeds funds available in the checking account.” The next sentence warns: “A fee may be assessed in the amount shown on Navy Federal’s current Schedule of Fees and Charges for each returned debit item.” Taken together, these sentences clearly provide that Navy Federal may return a debit item, such as an ACH debit, if there is not enough money in the account (the first sentence), and, if there is a return, Navy Federal may charge the member a fee for that returned debit transaction (the second sentence).

Lambert argued that “returned debit item” meant something different than “returned debit” in the agreement. The court found “that the use of “item” does not render the sentence ambiguous. As noted above, other provisions of the contract demonstrate that an “item” includes various types of transactions that would either add or subtract money from the account. The contract merely uses “debit” as an adjective to modify “item,” just as “returned” is used as an adjective to modify “debit item.” Thus, “debit item” clearly refers to a transaction that attempts to withdraw money from the account, such as an ACH debit request, and the inclusion of “item” in “returned debit item” does not render the contract ambiguous.”

The second claim as to good faith and fair dealings was then addressed in the Court’s decision. This claim was dismissed for the same reasons as the breach of contract.
The Court ruled, “In this case, Navy Federal’s right to charge a fee depended on the existence of an objective fact: whether a debit item had been returned for nonsufficient funds. Thus, although the contract stated that Navy Federal “may” rather than “will” assess a fee for each returned debit item, Navy Federal had the contractual right to assess the challenged fee and, unlike in the cases cited by Plaintiff, had not exercised any contractual discretion in bad faith to cause that right to accrue.” On August 14, 2019 the Court dismissed the case with prejudice.

So, it sounds like this case had a good ending for the credit union and perhaps reassured other financial institutions that similar practices they follow are “legally validated.” But the Lambert case wasn’t over, yet.

Lambert appealed her case to the United States Court of Appeals for the Fourth Circuit. There was also an unsuccessful attempt at mediation under a Fourth Circuit program. Fast forward to October 2020, and we read that NFCU and Lambert have agreed preliminarily to settle the dispute. A final approval is expected in March 2021. The CU will reimburse an estimated 700,000 current and former members who were charged similar fees for nonsufficient fund presentments. This comes at a cost of $16 million, which includes $5.2 million in attorney fees, a $5,000 “service award” for Lambert, and millions in NSF fee reimbursements – and for a case which was originally dismissed with prejudice.

This sounds like a business decision made to help end this two-year-old case and potentially stop future cases from being brought. Because NFCU is a $131 billion financial institution it probably doesn’t consider the settlement exorbitant. There was no admission of guilt or liability. And NFCU will amend its deposit agreement with either the following or similar language:

Navy Federal may return debits (e.g., checks or ACH payments) submitted for payment against the checking account if the amount of the debit exceeds the funds available in the checking account. Each time we return a debit for insufficient funds, we will assess an NSF fee in the amount shown on Navy Federal’s current Schedule of Fees and Charges for each returned debit item. The entity that submitted the debit may submit another debit to Navy Federal even if we have already returned the prior debit for insufficient funds in the checking account. If the resubmitted debit again exceeds the funds available in the checking account, Navy Federal will again return the debit and assess an additional NSF fee. Thus, you may be charged multiple NSF fees in connection with a single debit that has been returned for insufficient funds multiple times.

A question each bank needs to ask itself is, will our disclosures and agreements insulate us from such a claim? Is your current disclosure more like what was cited early in this article, or the one just above? This may be a question for counsel and or your forms vendors. Once a case like this becomes well known there is always a chance others will seek a similar outcome, even though initially the agreement was not found at fault. You will never be insulated 100 percent, but it may be worth a review, especially as many banks may be getting ready to make annual adjustments to fee schedules and agreement terms with the new year approaching.

Resolving escrow shortages and deficiencies

By Andy Zavoina

Often when we have a compliance issue to address, we must first look at the definitions. And that is what we will do here, in just a moment. The issue to address is what seems to be a practice at some mortgage servicing banks to offer “options” to borrowers who are short escrow funds to cover those shortfalls. With 2021 around the corner, many banks will be generating escrow statements, and they may reflect escrow shortfalls.

Now, let’s consider two definitions from RESPA pertaining to Section 1024.17’s escrow rules:

A deficiency is the amount of a negative balance in an escrow account. If a servicer advances funds for a borrower, then the servicer must perform an escrow account analysis before seeking repayment of the deficiency.

A shortage is an amount by which a current escrow account balance falls short of the target balance at the time of escrow analysis.

It is important to understand the differences between the two. A deficiency is an actual negative balance for that escrow account. It is money that is not there, and the bank has effectively made a zero-interest loan to a mortgage borrower for this amount. A shortage is a projection of a running balance like a checkbook ledger. There is a beginning or current balance and cash flows in and out of the account. When the outflows are projected to be greater for that year’s period than the current balance plus the in-flows, we have a shortage.

RESPA defines specifically how to cure a deficiency and a shortage. In both cases the borrower is responsible to pay the difference to the bank so that the bank will have sufficient funds available to pay all escrowed items such as taxes and insurance when those bills come due. If allowed in the agreement with the borrower, there may also be a one-sixth (two month) cushion also allowed to be maintained to handle unexpected increases.

But they are not identical cures, and the amount of the shortfall impacts the cure.

In the case of a deficiency that is confirmed by escrow analysis, if the deficiency is less than one month’s escrow account payment, there are three options:

1. Allow the deficiency to go on – basically ignore it
2. Require the borrower to repay the deficiency within 30 days, or
3. Require the borrower to repay the deficiency in two or more equal payments.

If there is a shortage, the three options are slightly different:

1. Allow the shortage to go on – basically ignore it
2. Require the borrower to repay the shortage within 30 days, or
3. Require the borrower to repay the shortage in 12 or more equal payments.

Now, let’s up the ante and increase the amount of that shortfall. If it is a deficiency that is greater than or equal to one month’s escrow payment, the servicer may

1. allow the deficiency to exist and do nothing to change it or
2. require the borrower to repay the deficiency in two or more equal monthly payments.

If an escrow account analysis discloses a shortage that is greater than or equal to one month’s escrow account payment, then the servicer again has two possible courses of action:

1. allow a shortage to exist and do nothing to change it; or
2. require the borrower to repay the shortage in equal monthly payments over at least a 12-month period.

Note that when we increased the shortfall, the “option” of requiring the borrower to repay that amount within a 30-day period went away. In its Supervisory Highlights, Issue 22, Summer 2020, the CFPB noted that Reg X violations were seen in the treatment of escrow shortages and deficiencies. Examiners found borrowers with either shortages or deficiencies equal to or greater than one month’s escrow payment who were offered a lump sum repayment option. The permitted options for this larger amount are to do nothing or spread the repayment over time. RESPA is a consumer protection regulation and favors the consumer by requiring the bank to amortize the shortfall to a more manageable amount. The cures stated in RESPA are very specific.

The Bureau’s enforcement actions put many banks and others in the mortgage industry on notice that offering this friendly “option” of a lump sum payment for shortfalls of one month’s escrow payment or more is not an option at all. It doesn’t matter if the other allowed means of curing the shortfall are considered or not. Banks are not allowed to impose “options” otherwise.

After the Supervisory Highlights were published, some in the mortgage industry questioned the CFPB’s interpretation of this rule. The bank can predetermine that the first option of ignoring the shortfall is not an option it will accept and that option, which cures nothing, may be ignored and not offered. But if the other two options are offered, plus addition choices, they reasoned, it is still the consumer making the choice of amortizing the payments, or of paying a lump sum. In some cases, the borrower may have just received a tax refund (these start coming to borrowers who file early about the same time as year-end escrow statements are going out). Rather than have an increase in their monthly mortgage payment for escrow, some may want the option of making a lump sum payment while they have that cash, thereby keeping the monthly payment similar to the prior year’s payment. It may be offered as an option, not as a strong suggestion or quasi-requirement. Some feel this lessens confusion for the borrower as well.

The problem with that reasoning is that the interpretation that the CFPB has issued through enforcement actions and in the Supervisory Highlights says, the “enumerated repayment options” in Reg X “are exclusive.” Thus, according to the CFPB, banks that include both a lump sum repayment option and the required repayment period of 12 (or more) months were deemed to have violated Reg X because the first option, lump sum repayment, is not specifically permissible under the regulation. As a result, “the servicers violated regulatory requirements by sending disclosures that provided borrowers with repayment options that they cannot require under Regulation X.” So, while banks see offering options as a good thing, the CFPB says it is not allowed.

The CFPB’s stance makes some sense based on as literal reading of Reg X. The Reg says the bank has two options, and neither allows for a lump sum repayment method. The rule exists so that a bank projecting or seeing a large shortfall in the escrow account cannot require a lump sum payment of a large amount which the borrower had no way of anticipating or preparing for. If this were required of a borrower, it could cause delinquencies of the mortgage or other debts of the borrower. So, an amortization of 12 months (shortages) or 2 months (deficiencies) or more must be the only cure of the shortfall on the table.

But RESPA and Reg X place requirements on the banks, not on the borrowers, or at least not on what a borrower can do. Many will ask, why limit the available options so long as what is required by the regulation is offered, and there is no pressure as to which cure is selected by the borrower. The CFPB is limiting the consumer’s options by not allowing a bank to offer the lump sum.

I have read that informally the CFPB has since indicated that borrowers should be allowed to repay escrow shortages in a lump sum if that’s what they want. I have not found this reduced to writing yet, as the Supervisory Highlights have been. Bankers are urged to recognize the risk in this area and act accordingly.

Still, the CFPB has the power of enforcement and has stated the “enumerated repayment options” are the “exclusive” options for repayment of these larger shortfalls. It certainly indicates that banks may not offer a lump sum payment option and perhaps that borrowers who may prefer having that option, will not. Again, this may not make sense to management, but if your bank is one that sees options as positive things, you may want to re-think that position. The CFPB’s guidance can be interpreted to suggest that a bank may not be permitted to accept a lump sum escrow shortage repayment if a borrower were to offer it. That may not be the CFPB’s intent, but it may be the result.

The CFPB’s current position may actually cause some harm to a borrower by reducing the cure options available to them. For the immediate future banks are urged to review the escrow statements that are being prepared and should review the shortage and deficiency remedies which are stated above and in accordance with 1024.17(f)(3)-(4). Any written or oral discussions with a borrower about a lump sum payment to cure a shortage or deficiency greater than one month’s escrow payment should be clear that it is not an option the bank is suggesting in any way or requiring. If a borrower chooses to remit such a payment, the escrow will not show a surplus based on analysis and the amount would not have to be refunded. I see little or no harm under UDAAP, either, because if the borrower chooses to make a lump sum payment, the monthly (or other periodic payment) going to escrow would balance out over the year. This means only the lost income generated by that lump sum could be considered a borrower cost and would likely be viewed as very little harm, if any.

Recognizing the risk, I recommend that a bank not broach the topic of a lump sum payment of larger shortfalls with a borrower, whether in its written notice or in conversation. And if a borrower cures a larger deficiency or shortage with an unsolicited lump-sum payment, the bank should clearly note the borrower did so despite that option not being offered by the bank.

An update on the Payday Lending Rule

By John S. Burnett

The CFPB’s Payday. Vehicle Title, and Certain High-Cost Installment Loans Rule (usually shortened to “Payday Lending Rule”) initially became effective on January 16, 2018, but it has a general compliance date of August 18, 2019. So why isn’t anyone worried about complying with the rule?

The main reason is that in 2018 the U.S. District Court for the Western District of Texas issued, in the matter of Community Financial Services Association v. CFPB, (No. 1:18-cv-00295), a stay of the compliance date, and that stay continues in place as this article is being written.

The plaintiffs in that case allege that the CFPB was unconstitutionally structured with a single director who could not be removed by the president except for cause. Therefore, the plaintiffs argue, the regulation is invalid or void.

The court stayed not only the compliance date of the regulation, but also the case itself, awaiting action by the Supreme Court on the issue of the constitutionality of the Bureau’s structure.

When SCOTUS finally ruled that the CFPB’s structure was not constitutional, but saved the agency itself by ordering that the wording in the Dodd-Frank Act relating to the dismissal of the CFPB director be changed from “for cause” to “at will,” the Texas court asked the parties to the suit for motions on next steps. In the meantime, CFPB Director had issued a ratification of the prior actions issuing and finalizing the Payday Lending Rule.

The plaintiffs moved that the CFPB be required to go back to “square one” and start a new proposed rulemaking, complete with a comment period and a final rule, as required by the Administrative Procedures Act. To support their motion, the plaintiffs argued that the Rule was invalid when it was issued because the Bureau didn’t have the authority to issue it, and that Director Kraninger’s ratification was ineffective because ratification requires two actors—one that does something without authority to do so, and another that had the authority and now approves the initial action. Since there is only one actor (the Bureau) involved, claims the plaintiff, there can be no ratification.

The Bureau has filed a brief arguing that the plaintiffs’ “definition” of ratification has no precedent and asking for summary judgment dismissing the suit and lifting the court’s stay on the effective date of the rule.

Which leaves us waiting for the court to schedule hearings and ultimately issue a ruling. The court could lift the stay pending its ruling, but that doesn’t appear likely since it could mean the Bureau would have to amend the compliance date only to have the court find for the plaintiff (and order that the rule be rescinded or that the Bureau start over with a new proposal).

In the meantime, the National Association for Latino Community Asset Builders has filed a complaint in the U.S. District Court for the District of Columbia, arguing that the Bureau’s removal of the borrower underwriting (ability-to-repay) standards violated the Administrative Procedure Act. The suit said the Bureau “used an arbitrarily truncated analysis” and didn’t collect data to justify removing the underwriting provisions from the 2017 regulations. The complaint also alleges the CFPB didn’t get sufficient input from consumer groups and other interested parties when crafting the new rules.

My assessment — The status of the Payday Lending Rule is very much in limbo but could be affected by the transition to the Biden administration. For the moment, at least, the outcome of the Texas court case needs to be decided before we can know what’s to become of the rule. If the court finds for the Bureau, we will have to see what the Bureau does to amend the compliance date.

November 2020 OBA Legal Briefs

  • FAQs on RESPA Section 8
  • The year is nearly over – Loose ends

FAQs on RESPA Section 8

By Andy Zavoina

When we hear “Section 8” and “RESPA” in the same sentence, violations and civil money penalties often come straight to mind. It promotes negative connotations much like hearing your dentist say, “root canal” or your accountant, “IRS” and “audit” together.

In this case. though, “Section 8” and “RESPA” are good together. The Consumer Financial Protection Bureau (CFPB) published a new Compliance Aid on October 7, 2020, that is meant to answer questions on the topic of Marketing Service Agreements (MSAs). While some of this information has not changed, some has, and the changes may be substantive for many.

In any case, when we see information expressed in a new way, it is a great reminder of the rules we must follow. I always have a bit of apprehension, as well, that the agency is subtly reminding us of these rules for a reason. And since it has been a few years since we heard of big Section 8 enforcement actions and there are many new compliance officers, lenders, marketing and business development persons filling these roles, we should review these FAQs and consider what we are doing in our banks and how the FAQs can help us form future procedures to avoid creating problems and taking unnecessary risks. This is especially so as many mortgage lenders are trying to get outside of the box in this troubled economy.

The CFPB said it was providing clearer rules for RESPA Marketing Service Agreements, which are covered under Section 8. In particular, the CFPB rescinded its 2015 guidance issued under the CFPB’s first director, Richard Cordray.

The new FAQs address how RESPA’s Section 8 applies to MSAs. The good news is that your bank need not change anything, because the clarity provided doesn’t make the rules more restrictive. Rather, they are either not changed significantly or are eased, and your bank may be able to do more than in the past. If your bank is looking to expand its mortgage portfolio via marketing agreements, you should continue reading.
In 2010, RESPA’s “ownership” was transferred by the Dodd-Frank Act to the CFPB under its first Director, Richard Cordray. Under Cordray’s administration many enforcement actions were brought under Section 8 and the anti-kickback rules for violations of paying and receiving referral fees, directly or indirectly, and some of those actions involved MSAs.

This was a period often referred to as one of “regulation by enforcement,” as that was how many banks learned what was not acceptable. On October 8, 2015 (5 years prior to the rescission date of October 7, 2020), the CFPB issued Compliance Bulletin 2015-05, “RESPA Compliance and Marketing Services Agreements.” While this Bulletin clearly stated, “determining whether an MSA violates RESPA requires a review of the facts and circumstances surrounding the creation of each agreement and its implementation,” it also said, “MSAs are usually framed as payments for advertising or promotional services, but in some cases the payments are actually disguised compensation for referrals.” In fact, many or most MSAs were characterized as facilitating the payment of illegal referral fees. Up to this point of increased enforcement activity, the industry practice accepted under HUDs “ownership” of RESPA was that if a one party such as a mortgage lender paid a reasonable market value for non-referral services that were actually provided, including marketing services, that payment would not be considered an illegal referral payment under Section 8.

Bulletin 2015-05 went on to state, “…while some guidance may be found in the Bureau’s previous public actions, the outcome of one matter is not necessarily dispositive to the outcome of another. Nevertheless, any agreement that entails exchanging a thing of value for referrals of settlement service business involving a federally related mortgage loan likely violates RESPA, whether or not an MSA or some related arrangement is part of the transaction.” The document cited whistleblowers drawing attention to MSAs that were simply a way to disguise kickback and referral fees. The CFPB cited one example of a title insurance company that used MSAs “as a quid pro quo for the referral of business.” The fees that were paid under this MSA were directly based on the number of referrals received and the income generated from the title policies issued and not the general MSA agreement itself. When MSAs were in place, the payments of fees were increased more often than not.

MSAs also led to steering borrowers to certain service providers. One enforcement action (and keep in mind these are pre-TRID rules) concluded that the borrower’s ability to shop for a service was hampered because a settlement service provider buried the disclosure that the borrower could shop for certain services in a description of the services that its affiliate provided. In another enforcement action, a settlement service provider failed to disclose an affiliate relationship with an appraisal management company and did not inform the borrower that they could shop for services before steering them to the affiliate. The CFPB stated “the steering incentives that are inherent in many MSAs are clear enough to create tangible legal and regulatory risks for the monitoring and administration of such agreements.” These agreements could lead to an increased borrowing cost for the consumers and therefore violated the spirit and intent of RESPA and Section 8. Because the agreements were results-oriented, the CFPB saw them as illegal payments.

The enforcement actions and Bulletin 2015-05 did not provide clear, actionable items that could be used to construct reasonable procedures that would all but ensure compliance with the Section 8 rules as they were plainly read by lenders, but interpreted by the CFPB. There seemed to be great deal of subjectivity, so the industry’s response was a knee-jerk reaction to all but cease the practice of using MSAs. MSAs had been considered low-risk agreements that were beneficial to mortgage loan production, but not after Bulletin 2015-05. The risks now were greater than the benefits.

The CFPB posted a Blog entry on October 7, 2020, in which it now agrees with the industry that Bulletin 2015-5, “does not provide the regulatory clarity needed on how to comply with RESPA and Regulation X and therefore is rescinding it.” It went on to be clear that this action does not mean all MSAs would be deemed compliant with Section 8 rules. Any evaluation would be based on specific facts and circumstances including how the agreement is structured and implemented. As noted already, this could be a subtle hint, as the CFPB reminds us that it remains committed to vigorous enforcement of RESPA and Section 8.

The CFPB did not change this opinion out of the goodness of its heart. I believe there were events leading up to this including industry groups and litigation. Remember PHH Corporation v. Consumer Financial Protection Bureau – that case was well known at the time as it challenged the CFPB’s structure as being unconstitutional. But at the heart of the case was RESPAs Section 8. In January 2018 the U.S. Court of Appeals for the D.C. Circuit upheld the CFPB’s structure as constitutional but it also reaffirmed that PHH’s captive mortgage reinsurance program did not violate RESPA Section 8 if the mortgage insurers at issue paid reasonable market value, and no more, for captive reinsurance which was consistent with previous HUD guidance on the issue. Then Acting Director of the CFPB, Mick Mulvaney, had the case dismissed.

In September 2018, the CFPB issued its first No-Action Letter Template in connection with a RESPA Section 8 issue. HUD requested the no-action letter on behalf of HUD-approved counseling agencies and lenders with funding agreements. This facilitated mortgage lenders paying housing counseling agencies based on whether a borrower made contact with or closed a loan with the lender. The CFPB said its no-action letter “will not make supervisory findings or bring a supervisory or enforcement action against the mortgage lender under” RESPA and RESPA’s Section 8. This action demonstrated what many lenders would consider more of a pro-business response to the issues of kickbacks and referral fees and that there may be a circumstance under which they are acceptable, with controls and limitations in place.

Even though Bulletin 2015-05 was rescinded, a mortgage lender’s life is still not a bed of roses. We are still left with the FAQs, but these also have not provided a list of actionable items that lead lenders down a path of guaranteed compliance. At its heart, “RESPA Section 8(a) and Reg X (RESPA), 12 CFR § 1024.14(b), prohibit giving or accepting a fee, kickback, or thing of value pursuant to an agreement or understanding (oral or otherwise), for referrals of business incident to or part of a settlement service involving a federally related mortgage loan.” This is from one of the first questions in the FAQs.

These FAQs supply information so that the reader will understand the spirit and intent of the pertinent sections of RESPA, but it is technical. If you have a mortgage lender, marketing or business development personnel involved in promoting mortgages, or anyone discussing MSAs as a way to promote growth in the mortgage loan portfolio, this is a good read for them. It provides information on kickbacks and referral fees, what is prohibited and what is not, and includes three questions on gifts and promotional activities and four questions on MSAs.

The first section of the FAQs (“General”) has six questions and provides general information about the major provisions, about Section 8 and 8(a) through 8(c). One huge takeaway in Q2 is where it prohibits the giving and accepting of kickbacks. People in the mortgage industry need to be aware that BOTH parties are in violation of the law and each may be punished under the law. Q4, which refers to subsection 8(c), provides details on bona fide fees and expenses that may be paid. Qs 5 and 6 define who the Section 8 prohibitions apply to and the fact that a gift may be given, but it may not be in exchange for the referral of business.

Differentiating the purpose of a gift or a bona fide item with no strings attached from one that “maybe could possibly” have connotations that it was for past referrals or the hopes for future ones can be very difficult, and often the gift just looks improper. A risk-averse attitude simply prohibits all gifts or those of more than minimal value. This may cross reference the bank’s Ethics Policy and prohibit gifts greater than (for example) $50 per annum unless the persons are related. So, a parent working in the bank could provide their child who is a Realtor with a large gift which is common for that relationship, if it’s separate from any business dealings. The parent could not provide a gift of $100 for each mortgage loan referral. RESPA refers to no de minimis amount but to allow friendly gift exchanges many banks have a limit under which it is allowed because it is small enough to not be considered as payment.

Section two (“Section 8(a)”) has only one topic, which details prohibited activities. Discussed first is the definition of a fee, kickback, or thing of value. It is very inclusive —“monies, things, discounts, salaries, commissions, fees, duplicate payments of a charge, stock, dividends, distributions of partnership profits, franchise royalties, credits representing monies that may be paid at a future date, the opportunity to participate in a money-making program, retained or increased earnings, increased equity in a parent or subsidiary entity, special bank deposits or accounts, special or unusual banking terms, services of all types at special or free rates, sales or rentals at special prices or rates, lease or rental payments based in whole or in part on the amount of business referred, trips and payment of another person’s expenses, or reduction in credit against an existing obligation. ‘Payment’ is used synonymously with the giving or receiving of a ‘thing of value’.” Any reader should be able to interpret this as all-encompassing if there is an expectation for future referrals or if it in any way is related to an amount of business transacted.

A distinction that lenders need to keep in mind is that these rules pertain to RESPA applicable loans, typically mortgages. They do not apply to car loans. And the RESPA rules relate to transactions with third parties. A bank can provide a discount or payment to a borrower for their own loan, but the bank could not pay that person for referring other business when there are no services provided other than the referral.

Section three (“Gifts and Promotional Activity”) has three questions. The first asks if gifts and promotions are allowed and quite (in)conclusively starts with, “It depends.” This section does provide several relevant, real-world examples of what are permissible “normal promotional and educational activities,” such as a settlement agent broadly advertising and hosting a prize drawing for previous customers and all local loan originators. The FAQs and RESPA are always clear that any exchange for referrals as part of an agreement or understanding would violate RESPA Section 8(a). Q2 expands on this with a discussion to help us understand what would not be conditioned on business referrals and what activities do not involve defraying expenses. And Q3 expands on what are considered “normal promotional and educational activities.”

The fourth and final section’s four questions directly address MSAs. In contrast to the relevant gift and promotional sections examples, this one has no examples of permissible MSA structures. MSA Q4 does provide examples of MSAs that are prohibited, and it is like the 2015-05 Bulletin. Q2 tries to explain the difference between referrals, which are prohibited, and marketing services, which can be permissible based on the facts and circumstances. It tries to use real world examples but would have been more useful if it included examples of social media rather than including just “newspaper, a trade publication, or a website.” An expanded discussion would have more clearly drawn a line between referrals and marketing services when consideration is placed on the use of artificial intelligence, targeted marketing, linking and the information provided and under what circumstances or fact patterns.
To be clear, this is a good step by the CFPB, but it could have been much more. In any case, the door is partially open and the use of MSAs can resume, bearing in mind the spirit and intent of such agreements. As noted above, the CFPB will continue enforcing RESPA and other regulations. It is reported that the FDIC has ramped up enforcement actions on MSAs but is recognizing that some MSAs can be permissible with reasonable fees paid in relation to a fair market value for the cost of marketing services performed.

Resources: RESPA FAQs: https://www.consumerfinance.gov/policy-compliance/guidance/mortgage-resources/real-estate-settlement-procedures-act/real-estate-settlement-procedures-act-faqs/

CFPB Blog on rescinded Bulletin 2015-05: https://www.consumerfinance.gov/about-us/blog/cfpb-provides-clearer-rules-road-respa-marketing-service-agreements/

The year is nearly over – Loose ends

By Andy Zavoina

2020 has really been a different year and many are ready to see it go. As we get through the ice storms, power outages and video calls working on budgets, I will remind you there are loose ends that need to be tied up as time stops for no compliance program.

Reg E § 1005.8 – If your consumer customer has an account to or from which an electronic fund transfer can be made, an error resolution disclosure is required. There is a short version that you may have included with each periodic statement. If you’ve used this, you are done with this one. But if you send the longer version that is sent annually, it is time to review it for accuracy and send it out. Electronic disclosures under E-SIGN are allowed here. This may also be a good time to review §1005.7(c) and determine if any electronic fund transfer services were added, and if they were disclosed as required. Think Person-to-Person transfers like Zelle, Venmo or Square.

Reg P § 1016.5 – There are exceptions allowing banks which meet certain conditions to forgo sending annual privacy notices to customers. The exception is generally based on two questions, does your bank share nonpublic personal information in any way that requires an opt-in under Reg P, and have you changed your policies and practices for sharing nonpublic personal information from the policies and procedures you routinely provide to new customers? Not every institution will qualify for the exception, however. John Burnett wrote about the privacy notice conundrum in the July 2017 Legal Briefs. That article has more details on this.

When your customer’s account was initially opened, you had to accurately describe your privacy policies and practices in a clear and conspicuous manner. If you don’t qualify for the exception described above, you must repeat that disclosure annually as well. Ensure that your practices have not changed and that the form you are sending accurately describes your practices.

For Reg P and the Privacy rules, annually means at least once in any period of 12 consecutive months during which that relationship exists. You may define the 12-consecutive-month period, but you must apply it to the customer on a consistent basis, so this is not necessarily a December or January issue, but it could be. And each customer does not have their own “annual date.” If a consumer opens a new account with you in February, you provide the initial privacy notice then. That is year one. You can provide the annual privacy notice for year two at any time, up until December 31 of the second year.

It is important to note that unlike most other regulatory requirements, Reg P doesn’t require E-SIGN compliance for your web-based disclosures. You can use e-disclosures on your bank web site when the customer uses the web site to access financial products and services electronically and agrees to receive notices at the web site, and you post your current privacy notice continuously in a clear and conspicuous manner on the web site. So, the demonstrable consent requirements and others in E-SIGN’s 15 USC Sect. 7001(c) do not apply, but there must still be acceptance to receive them on the web. Alternatively, if the customer has requested that you refrain from sending any information regarding the customer relationship and your current privacy notice remains available to the customer upon request this method is acceptable.

BSA Annual Certifications – Your bank is permitted to rely on another financial institution to perform some or all the elements of your CIP under certain conditions. The other financial institution must certify annually to your bank that it has implemented its AML program. Also, banks must report all blockings to OFAC within ten days of the event and annually by September 30, concerning those assets blocked.

IRAs, IRS Notice 2002-27 – If a minimum distribution is required from an IRA for a calendar year and the IRA owner is alive at the beginning of the year, the trustee that held the IRA on the prior year-end must provide a statement to the IRA owner by January 31 of the calendar year regarding the required minimum distribution.

  • Notice 2020-6 – provides guidance to banks on reporting required minimum distributions for 2020 based on the amendment of § 401(a)(9) of the Internal
    Revenue Code. The CARES Act altered many reporting requirements throughout 2020 and your bank should be familiar with those many changed for this year and beyond.

Reg Z Thresholds and Updates – These changes are effective January 1, 2021. You should ensure they are available to staff or correctly hard coded in your systems:

  •  The CARD Act penalty fees safe harbor amount in section 1026.52(b)(1)(ii)(A) will remain at $29.
  • The CARD Act penalty fees safe harbor amount in section 1026.52(b)(1)(ii)(B) will remain at $40.
  • The HOEPA total loan amount threshold that determines whether a transaction is a high cost mortgage is changed to $22,052.
  • The HOEPA total points and fees dollar trigger amount is changed to $1,103.
  • Effective January 1, 2021, a covered transaction is not a qualified mortgage if, pursuant to § 1026.43(e)(3), the transaction’s total points and fees exceed 3 percent of the total loan amount for a loan amount greater than or equal to $110,260; $3,308 for a loan amount greater than or equal to $66,156 but less than $110,260; 5 percent of the total loan amount for loans greater than or equal to $22,052 but less than $66,156; $1,103 for a loan amount greater than or equal to $13,783 but less than $22,052; or 8 percent of the total loan amount for loans less than $13,783.

Annual Escrow Statements § 1024.17 – For each escrow account you have, you must provide the borrower(s) an annual escrow account statement. This statement must be done within 30 days of the completion of the escrow account computation year. This need not be based on a calendar year. You must also provide them with the previous year’s projection or the initial escrow account statement, so they can review any differences. If your analysis indicates there is a surplus, then within 30 days from the date of the analysis you must refund it to the borrower if the amount is greater than or equal to $50. If the surplus is less than that amount, the refund can be paid to the borrower, or credited against the next year’s escrow payments.

Fair Credit Reporting Act – Affiliate Marketing Opt-Out § 1022.27(c) – Affiliate marketing rules in Reg V place disclosure restrictions and opt out requirements on you. Each opt-out renewal must be effective for a period of at least five years. If this procedure is one your bank is using, are there any expiration dates for the opt-outs and have these consumers been given an opportunity to renew their opt-out?

Fair Credit Reporting Act – FACTA Red Flags Report – Section VI (b) (§ 334.90) of the Guidelines (contained in Appendix J) require a report at least annually on your Red Flags Program. This can be reported to either the Board, an appropriate committee of the Board, or a designated employee at the senior management level.

Regulation O, Annual Resolution §§ 215.4, 215.8 – In order to comply with the lending restrictions and requirements of 215.4, you must be able to identify the “insiders.” Insider means an executive officer, director, or principal shareholder, and includes any related interest of such a person. Your insiders are defined in Reg O by title unless the Board has passed a resolution excluding certain persons. You are encouraged to check your list of who is an insider, verify that against your existing loans, and ensure there is a notification method to keep this list updated throughout the year.

Reg BB (CRA), Content and availability of Public File § 228.43 – Your Public Files must be updated and current as of April 1 of each year. Many banks update continuously, but it’s good to check.

HMDA and CRA Notices and Recordkeeping – HMDA and CRA data are gathered separately by applicable banks but both Regs C and BB respectively have reporting requirements for the Loan Application Registers (LAR). Each must be submitted by March 1, for the prior calendar year. National banks are currently required to update LAR data quarterly. The new HMDA rules will require all HMDA reporters to do so and the CRA Public File will be changing with HMDA as will signage. Regardless, if you are a reporter of either LAR you should start verifying the data integrity now to avoid stressing the process at the end of February. And start getting that new HMDA sign ready to post as well. Section 1003.5(e) has language in the Commentary that should go up January 1.

Training – An actual requirement for training to be conducted annually is rare, but annual training has become the industry standard and may even be stated in your policies. There are six areas that require training (this doesn’t mean you don’t need other training, just that these regulations have stated requirements).

  • BSA (12 CFR §21.21(c)(4) and §208.63(c)(4) Provide training for appropriate personnel.
  • Bank Protection Act (12 CFR §21.3(a)(3) and §208.61(c)(1)(iii)) Provide initial & periodic training
  • Reg CC (12 CFR §229.19(f) Provide each employee who performs duties subject to the requirements of this subpart with a statement of the procedures applicable to that employee)
  • Customer Information Security found at III(C)(2) (Pursuant to the Interagency Guidelines for Safeguarding Customer Information), training is required. Many banks allow for turnover and train as needed, imposing their own requirements on frequency.)
  • FCRA Red Flag (12 CFR 222.90(e)(3)) Train staff, as necessary, to effectively implement the Program;)
  • Overdraft protection programs your bank offers. Employees must be able to explain the programs’ features, costs, and terms, and to explain other available overdraft products offered by your institution and how to qualify for them. This is one of the “best practices” listed in the Joint Guidance on Overdraft Protection Programs issued by the OCC, Fed, FDIC and NCUA in February 2005 (70 FR 9127, 2/24/2005), and reinforced by the FDIC in its FIL 81-2010 in November 2010.

Security, Annual Report to the Board of Directors § 208.61 – The Bank Protection Act requires that your bank’s Security Officer report at least annually to the board of directors on the effectiveness of the security program. The substance of the report must be reflected in the minutes of the meeting. The regulations don’t specify if the report must be in writing, who must deliver it, or what information should be in the report. It is recommended that your report span three years and include last year’s historical data, this year’s current data and projections for the next year.

Information Security Program part of GLBA – Your bank must report to the board or an appropriate committee at least annually. The report should describe the overall status of the information security program and the bank’s compliance with regulatory guidelines. The reports should discuss material matters related to the program, addressing issues such as: risk assessment; risk management and control decisions; service provider arrangements; results of testing; security breaches or violations and management’s responses; and recommendations for changes in the information security program.

Annual MLO Registration § 1007.102 – Mortgage Loan Originators must go to the online Registry and renew their registration. This is done between November 1 and December 31. If this hasn’t been completed, don’t push it to the back burner and lose track during the holidays and year-end rush to complete tasks. This is also a good time to plan with management and Human Resources those MLO bonus plans. Reg Z Section 1026.36(d)(1)(iv)(B)(1) allows a 10 percent aggregate compensation limitation on total compensation which includes year-end bonuses.

MISC – Some miscellaneous items you may address internally in policies and procedures include preparation for IRS year-end reporting, vendor due diligence requirements including insurance issues and renewals, documenting ORE appraisals and sales attempts, risk management reviews, records retention requirements and destruction of expired records, and a designation by the Board of the next year’s holidays. Has there been a review of those not yet extending vacation or “away time” to the five consecutive business days per the Oklahoma Administrative Code 85:10-5-3 “Minimum control elements for bank internal control program”?