Thursday, May 23, 2024

August 2013 Legal Briefs

  • Changing your early withdrawal penalties
  • Armored-car answer from FinCEN (But…)
  • Changes to rural and underserved counties list
  • Anatomy of an E-SIGN violation
  • What bankers wish customers knew – Part two

Changing Your Early Withdrawal Penalties

By Mary Beth Guard

29 years ago, when we bought our first house, interest rates were at historic highs. We got a 3 year ARM loan and the initial interest rate was a whopping 11.75%. I could scarcely sleep at night, worrying about what would happen when the rate was adjusted, so I found a fixed rate loan we could live with before the adjustment date.

On the flip side, the interest banks were paying on savings accounts and CDs was high enough to make depositors smile.

My, how things have changed. Mortgage rates have dipped into the 3-4% range over the last couple of years, and if there were technical terms to describe the interest rates being paid on deposits, those technical terms would probably be something like “zip” and “squat.”

Now, another shift is virtually certain to happen as interest rates begin to rise again. As they do, it is an appropriate time to consider the fact that customers may seek to cash in CDs early as they chase better rates. If your early withdrawal penalties are low, the consequences of withdrawing the funds prior to maturity will not deter anyone seeking a larger return on their money and you may see significant sums leaving your bank before the date you anticipated.

So, what can you do? On existing certificates of deposit, nothing. You have a contract and you must honor it. Whatever your early withdrawal penalties are for those existing CDs is what you have to live with.

That is not the case, however, with any new CDs. Plus, you can alter the future terms for CDs that are automatically renewable.

Start by examining what your current penalties are. Regulation D mandates certain minimum early withdrawal penalties. By contract, however, you have the power to specify more hefty ones.

Under Regulation D, the minimum early withdrawal penalties are a core part of the definition of time deposit. Time deposit means:

A deposit that the depositor does not have a right to and is not permitted to make withdrawals from within six days after the date of deposit unless the deposit is subject to an early withdrawal penalty of at least seven days’ simple interest on amounts withdrawn within the first six days after deposit.

The fact is that the regulation states only the minimum. It does not establish maximum penalties. You can always do more than the reg requires, but you cannot do less. The Truth in Savings reg, Regulation DD (12 CFR 1030) also comes into play. It does not dictate what you can or cannot charge for a penalty; it simply requires that any applicable penalty and the method of its calculation be disclosed. While Reg DD applies only to consumer deposits, as part of the contract with any customer – commercial or consumer, you will want to spell out precisely what your early withdrawal penalties are. The significance of it being addressed directly in Reg DD is that for CDs offered to consumers, you must include detailed information about the penalty and its method of calculation in your account disclosures up front, and you must also mention in your advertisements that early withdrawal penalties may apply. Plus, there are subsequent disclosure requirements on CDs that also require the early withdrawal penalty to be described.

The disclosure of any penalty should be clear and conspicuous. You may want to impose some sort of flat fee for any early withdrawal, regardless of amount and regardless of the term of the CD. You may want to instead (or also!) impose a penalty that is equal to x% (up to 100%) of the interest that would have been earned if the CD was held for the full term. One approach I saw recently was to charge a flat fee, plus the greater of a penalty equal to x% of interest that would have been earned if the CD was held for the full term OR x% of the amount withdrawn. The one that I looked at used a different percentage for three tiers of CDs – those 6 months or less, those 6 months to a year, and those with terms longer than a year. Beyond those few examples, we cannot comment, due to anti-trust laws.

Remember that the customer must be provided the account disclosures before the customer relationship is formed – not after the customer is bound by the contract.

On your automatically renewable CDs, you must also provide subsequent disclosures. They must be mailed or delivered at least 30 calendar days before maturity of the existing account. Alternatively, the disclosures may be mailed or delivered at least 20 calendar days before the end of the grace period on the existing account, provided a grace period of at least five calendar days is allowed.

In terms of what must be sent to your customers who have automatically renewable CDs, it depends upon the length of the term. For CDs with maturities longer than 1 month, but no more than a year, you must either provide a copy of the full account disclosures under Section 1030.4(b) or you can simply disclose to the consumer certain limited information, but if you send the limited information, it must describe any difference between the terms of the new account and the terms required to be disclosed for the existing account.

For CDs with maturities longer than one year, you must provide full account disclosures (which would contain your new early withdrawal penalty information), along with certain other required information, such as the date the existing account matures, the interest rate and APY that will be paid, or if they’re not yet known, when and how they can find them out.

More on this topic in the next issue!

Armored-Car Answer from FinCEN (But ….)

By John S. Burnett

When FinCEN issued its notorious “Armored Car Ruling” in 2009, bankers across the country protested they were getting virtually no cooperation from Armored Car Service (ACS) employees in providing personal information required to complete the “conducted by” portion of CTR filings. The ruling resulted in a three-way stand-off. FinCEN said that the ruling didn’t add any burden that was not already imposed by CTR filing requirements, and they were technically correct. ACS employees, on the other hand, argued that having hundreds or more CTR filings in their names in the FinCEN database would invite unwarranted and unreasonable law enforcement and/or IRS scrutiny affecting their personal and financial lives. Financial institutions complained that ACS employees were refusing to provide the personal information needed to complete CTRs, making proper completion of the filings impossible. Each of the three positions had merit, and FinCEN quietly suggested that regulators should look the other way when it came to incomplete CTRs when reportable transactions were being made by ACS employees acting as agents of banks’ depositors.

In the meantime, CTRs were being filed without problems on reportable transactions involving ACS pickups and deliveries when the ACS was acting as agent of a financial institution, since no information on ACS employees is required for reporting such transactions, and a simple check-off “excuse box” made reporting of depositor employee information unnecessary, too.

As to the problem of ACS employees not being willing to provide personal information for transactions when the ACS acts as a depositor’s agent, FinCEN held out as long as a year ago the possibility of an updated ruling to address the issues involved.

On July 12, 2013, FinCEN delivered its updated ruling. FIN-2013-R001, Treatment of Armored Car Service Transactions Conducted on Behalf of Financial Institution Customers or Third Parties for Currency Transaction Report Purposes, provided what FinCEN described as “exceptive relief,” providing an exception to its current and past policy, for reportable transactions in which “ACS employees conduct transactions that debit or credit the account of a financial institution’s customer pursuant to instructions received from the customer or from a third party.”

Under the new ruling, which supersedes the 2009 Armored Car Ruling (FIN-2009-R002)—


1. Financial institutions are required to implement adequate procedures to determine whether an ACS is acting pursuant to instructions from the financial institution, from the financial institution’s customer, or from a third party.

2. If the delivery to or pick-up from the financial institution (corresponding to a deposit to or withdrawal from a financial institution’s customer’s account) was performed by an ACS acting pursuant to instructions from the reporting financial institution, the customer would have to be identified in Section I of the CTR, but only box 24 of Section II (“Armored Car (FI Contract”) would need to be checked to satisfy the CTR requirements regarding the ACS. [This is not a change from earlier instructions.]

3. If the delivery to or pick-up from the financial institution was performed by an ACS pursuant to instructions received from the financial institution’s customer or from a third party, the financial institution must complete the CTR as follows:

a. The deliveries to and pick-ups from the financial institution conducted by the ACS pursuant to instructions from the financial institution’s customer or from a third party on any one business day will be aggregated with any other currency transactions performed on behalf of the same customer on the same business day.

b. If the financial institution has knowledge that the aggregate of all currency deposits or withdrawals by or on behalf of a customer on any one business day exceeds $10,000, the financial institution will file a CTR identifying the customer and all persons conducting transactions (including the ACS and, if applicable, third parties on whose instructions the ACS conducted transactions) about whom the financial institution has obtained identifying information.

c. In the case of an ACS that, acting pursuant to instructions from a person other than the reporting financial institution itself, makes a delivery to or pick-up from a customer’s account in excess of $10,000 on any one business day, the financial institution will satisfy the requirement to identify the party conducting the transaction by filling in the ACS’s corporate information (corporate name, address, EIN, etc.). The name of the employee of the ACS will not be required.

4. If the financial institution has knowledge that the same ACS makes several deliveries or pick-ups below $10,000 to or from the account of the same customer on any one business day (regardless of the person pursuant to whose instructions the ACS transactions were conducted), for a total exceeding $10,000, the transactions will be aggregated for purposes of filing a CTR with respect to the customer.

5. The financial institution’s reporting obligation regarding transactions conducted by an ACS pursuant to instructions from the financial institution’s customer or from a third party is satisfied by filing CTRs aggregated by customer only.

6. If, in spite of implementing adequate procedures, the financial institution is unable to determine on whose instruction a specific ACS reportable transaction was conducted within the period allowed for the filing of the corresponding CTR, the financial institution may satisfy its CTR requirements by identifying the financial institution’s customer and the ACS that conducted the transaction. The financial institution’s obligation to identify the ACS shall be satisfied by filling in the ACS’s corporate information (corporate name, address, EIN, etc.). The identifying information of the ACS employee is not required.



Note that instructions 4 and 5 in the Ruling make it clear that when cash deposits and withdrawals conducted by an ACS under instructions from the depositor or a third party are not to be aggregated per conductor (whether the conductor is the individual ACS employee or the ACS). That’s a significant departure from the routine CTR paradigm, which would anticipate aggregation based on the individual making the deposits on behalf of the customer.

FinCEN included with its new Ruling a 37-page Appendix with several scenarios to illustrate the proper application of the Rule, along with completed CTR entries for each scenario. I strongly recommend working through the Appendix as you digest the rule.

Oh, what about the “But…” at the top of this article? That’s the requirement in instruction 3c in my list above. It requires that information on an entity (the ACS) be included in a Part I entry that has box 2b (“Person conducting transaction for another”) checked. Even now, weeks after release of the Ruling, the FinCEN CTR data entry “form” for discrete filings that we can access disables the “Check if entity” box when 2b is selected. We can hope that FinCEN will update the CTR to correct that problem. Banks that do batch filing of CTRs using systems or other tools provided by third parties may have similar problems reporting the corporate information correctly, too. FinCEN has given the industry a little time – only until September 30, 2013 – to get these problems resolved. So if you have a problem with your vendor’s system, it’s time to bring pressure on the vendor to get it fixed.

It’s like the old Whack-a-Mole game. You beat down one problem and another one pops up.

Link to FIN-2013-R001:

Changes to Rural and Underserved Counties List

By Andy Zavoina

Several of the rules from the Consumer Financial Protection Bureau (CFPB) include variations in those rules when loans are in “rural” or “underserved” counties. Whether a lender’s loans are made in rural or underserved counties can affect whether or how a lender has to comply with the Escrow rules which became effective June 1 of this year, and the Ability to Repay and Qualified Mortgage (ATR QM) rules which take effect in January 2014. (Note, these ATR QM rules were changed as recently as June when the CFPB expanded this exemption, allowing certain small creditors to make balloon-payment qualified mortgages from January 10, 2014 to January 10, 2016, even if they do not operate predominantly in rural or underserved areas.

You can see that for many lenders this list will be important. The CFPB will publish the listing of rural or underserved areas. That list is a new item compliance professionals need to add to the list of items to review annually. How likely is the list to change? “Rural” counties are defined annually by using the USDA Economic Research Service’s urban influence codes, and “underserved” counties are also defined annually by reference to data collected under the Home Mortgage Disclosure Act (HMDA). There are a number of factors that go into these designations and the 2014 list published in July has one change for Oklahoma. There were no additions, but there was one deletion – Cotton County will not be designated as rural or underserved in 2014. Lenders making loans in this area will need to plan accordingly and the board and senior management may need to be advised if this could affect the bank’s strategic plan.


CFPB 2014 List of Rural and Underserved Counties blog post

Escrow Requirements under the Truth in Lending Act rule

Ability to Repay and Qualified Mortgage Standards Under the Truth in Lending Act (Regulation Z)

Ability-to-Repay and Qualified Mortgage Standards Under the Truth in Lending Act Federal Register 06/12/2013

Anatomy of an E-SIGN Violation

By Andy Zavoina

$250,000 penalty. Do I have your attention yet? The FDIC releases a list of enforcement actions each month. One of those actions published in July was an enforcement action against First Electronic Bank of Sandy, Utah. This article was inspired by a BankersOnline thread discussing the enforcement action. Other than the 27-page enforcement order, we haven’t seen much in the press. Still, the Order should be a big deal for two reasons. E-SIGN, the Electronic Signatures in Global and National Commerce Act, was signed into law in 2000. It isn’t new, but we’ve seen very few court cases that actually involved a bank and this is the first enforcement action we have found. Plus it is for a quarter of a million dollars! E-SIGN was a contributing factor, not the only one. But we hope this will open some eyes and cause a few questions to be asked.

First, a little of what we know about First Electronic Bank. It is FDIC-regulated and the listed corporate website is to It appears this bank is integral to Fry’s electronic store financing plans and is 99.89 percent owned by Fry’s. It has only the one location and was established in 2000. It has $16 million in assets and was last examined for CRA in 2007, when it received a Satisfactory rating. While a small bank, it was evaluated predominantly on its level of qualified community development investments and services.

The enforcement order indicates the bank engaged in:

a) unsafe or unsound banking practices;

b) deceptive and unfair acts and practices in or affecting commerce, in violation of section 5 of the Federal Trade Commission Act by failing to adequately inform consumers of promotion plan requirements concerning deferred interest charges assessed on open-end credit accounts; and

c) other violations of law, including the Fair Credit Reporting Act, the Equal Credit Opportunity, the Truth in Lending Act, and the Electronic Signatures in Global and National Commerce Act.

These violations appear to have been discussed initially in an August 2011 Compliance Report of Examination. The Consent Agreement was from May 2013, so the charges and penalty have been in the works for nearly two years. This means you can’t always assume no news is good news.

The consent order contains many requirements the bank must now follow. Some of the key mandates include:

a. Enhance e-bill disclosures and the account summary provided with e-bill alerts to include clear and conspicuous information concerning the promotion plan expiration date

b. Refrain from making statements that imply that the FDIC agrees with or supports the bank’s practices.

c. The Board of Directors shall immediately fulfill its fiduciary responsibility to participate fully in the oversight of the Bank’s Compliance Management System

d. Ensure through the implementation of policies, procedures, monitoring, and training, compliance with all applicable consumer protection laws and implementing rules and regulations, regulatory guidance and statements of policy (“Consumer Protection Laws”).

e. The bank has to have a compliance officer, qualified for the job, who will report to the board and provide monthly compliance updates to them. A compliance committee will also be established. Together these two will create a new compliance program.

f. The need for auditing and vendor management was also noted. This includes the training of Fry’s personnel.

g. Additional requirements were imposed, including requirements of management and information technology but those are outside the scope of this compliance article. The enforcement action also has details on the restitution order.

From what we know of the bank, the laws violated and the corrective actions, we can make logical conclusions about what basically was wrong. Certainly we do not have all the details so while there are blanks to fill in, there are also lessons we can learn.

We can assume the oversight of the board and senior management was not at the level the examiners desired. The bank had been growing and this may have contributed to the problems. The compliance function was also not operating at a level the business demanded. The requirement to hire a qualified compliance officer, create a committee, establish a program of compliance and audit, with independent reporting directly to the board indicates the fundamentals were not in place.

Due to the lack of compliance fundamentals, laws were violated. Using what many compliance professionals see as E-SIGN weaknesses and the fact that electronic and paper disclosures had issues, this could relate to a poor process of demonstrable consent and inadequate disclosures.

The demonstrable consent disclosures that some banks have are deemed weak by our peers who have seen them in use. Still, examiners who may not have a lot of training haven’t seen those shortcomings as issues needing attention, and the bank sees this as a stamp of approval. We all know things change from exam to exam. Could E-SIGN be the next hot button? It could. If the demonstrable consent process was weak, that wouldn’t necessarily affect contract issues. Those fall under state requirements and almost all states have a conforming version of UETA, the Uniform Electronic Transactions Act, or a substitute and these don’t require demonstrable consent initially like E-SIGN does. But when this process is weak and federally required disclosures are made electronically, the bits and bytes of E-SIGN are not a substitute for what is required in writing.

That brings us to another question that should be haunting the First Electronic Bank. After paying a $250,000 penalty, might a good class action attorney start advertising to Fry’s customers that the payments they’ve been making based on e-bills should be questioned, potentially invalidated, or at least questioned in the courts, triggering years of litigation and costs? Would a settlement be in order? And for the rest of us, will the FDIC and the other regulatory agencies now question your E-SIGN procedures more closely? The first E-SIGN associated penalty is on the books. Let’s hope this doesn’t open flood gates.

What should you do? If you use E-SIGN to make any electronic disclosures, ensure your procedures are correct and are being followed. This isn’t lip service any more. Ensure they are tested and audited. Ensure your board is aware of this penalty and what you are doing to ensure your bank isn’t next.

Enforcement action link:

What Bankers Wish Customers Knew – Part Two

By Mary Beth Guard and the OBA/BankersOnline Compliance Team

(Continued from last month)

Note: We urge you to have everyone at the bank read through part 1 and 2. Encourage employees who are surprised by (or concerned about) any of the statements to ask further questions. This is good fodder for discussion. Bank employees are people, too, and many of the misconceptions held by members of the general public may also misinform an employee.

It isn’t the bank’s fault that you are so gullible. I’m sorry if that sounds harsh, but you need to take steps to protect yourself. Think through financial transactions. Stay abreast of scams. There are a lot of them to be wary of.

Yes, I know. Maybe the last time you got a mortgage loan you didn’t have to have verifiable income to meet the payment requirements. Things have changed.

We are setting up an escrow account for your taxes and insurance because federal law and rules require us to do so for this type of loan. The mortgage escrow rules are there to protect you and to ensure you meet your tax and insurance obligations, not because we like complicating matters.

Trust me, it isn’t a good thing that we are going to be force-placing insurance on the collateral for your loan. We don’t get group discounts! This will cost you more in the long run. Pick up the phone and dial your own insurance agent.

No, we do not have to open an account for you. We get to choose who to do business with. When you write bad checks and don’t make them good at another bank, it catches up with you.

Yes, the joint owner does have the right to close the account and take all the money. If that scares you, perhaps you’ve established a joint account with the wrong person.

We understand that you’re the only one who has made deposits into this account, but when you chose to make your deadbeat son a joint owner, his creditors get the benefit of that decision.

Yes, we understand that your wife got the property in the divorce, but you are both obligated on the mortgage loan and until and unless she refinances the debt or it is paid off. If she misses a payment, expect to hear from us.

Ok, so you didn’t know about these taxes and you don’t owe them, we still have to process the levy. (Same theory for garnishments).

Yes, we will turn your kids in if they forged your signature on your check and you expect us to reimburse you for it.

Why would you write a postdated check in the first place? You didn’t give us a notice of postdating of the item in advance, so we had the right to pay the check before the date on the check. No, we will not be refunding overdraft charges.

You may be one of the heirs of John Doe, but you cannot just cash his $100,000 CD.

For a kid to be an account owner, the kid needs to sign the deposit account agreement. Setting up a joint account between you and your 3 year old really isn’t working for us.

Your community bankers didn’t cause the avalanche of regulations you are having to deal with. We don’t like them either.

I bank here too. I am a customer just like you.

We won’t cash checks payable to a business. Those must be deposited into the account of the business. If the business doesn’t have an account here and it is trying to cash a check drawn on an account of one of our customers, at most we will certify the check.

Banks are certainly highly regulated, but they aren’t public utilities and they don’t have to give away their services or products.

There is no "deposit" in "safe deposit." Only funds actually “deposited” into an account have FDIC insurance coverage. If you want insurance for the contents of your box, get it from your homeowner’s insurance agent.

The rules that we all follow generally start with a law requiring us to do something. We don’t make this up to create paperwork. You can tell me all day long that “the other bank down the street” allowed your corporation to have a NOW account or didn’t require you to show any ID to take out a loan, but I know better.

There is still no such thing as a free lunch and if you really want to deposit this check, we recommend waiting before you spend it so you KNOW the check was good. You were not expecting this windfall, and you didn’t win a lottery or sell your car for twice its value. We weren’t the gullible one who took this check and we are not going to take the loss on it. If you spend the money and the check’s ultimately not good, you have to come up with money to cover what you spent/withdrew.

We know that your responsibilities as trustee of your Mom and Dad’s trust can be a burden, but they put their trust in you to manage their assets. They didn’t include language allowing you to give someone else a power of attorney to assume your responsibilities. So we have to say, “No.”

Yes, it used to be a joint account. When the joint accountholder died, it became an individual account and you can’t indorse on behalf of the dead guy and you can’t put a jointly payable check into the account.

We know when you opened the UTMA for little Janie you didn’t think she would get tattoos, but she’s 18 now and asking for the money (and that much ink costs a lot!)

We know that the account was set up as payable to you on your father’s death, but he closed the account and opened a new one that was joint with his new wife. The money is hers now. If you have a problem with that, take it up with her.