Tuesday, June 18, 2024

July 2016 Legal Briefs

  • Bureau to implement GLBA privacy notice relief
  • Everyone’s tweaking their CMPs
  • Using enforcement actions
  • "Loans” to counties, schools, and municipalities

Bureau to implement GLBA privacy notice relief

By John S. Burnett

FAST Act provision gets CFPB action

Right before the July 4th holiday, the Consumer Financial Protection Bureau released a proposed rule to implement the amendments to the Gramm-Leach-Bliley Act that were included in the Fixing America’s Surface Transportation Act (FAST Act) of 2015. Those amendments provide financial institutions that meet certain conditions an exemption to the requirement under the GLBA to deliver an annual privacy notice. A financial institution can use the annual notice exception if it limits its sharing of customer information so that the customer does not have a right to opt out and has not changed its privacy notice from the one previously delivered to its customer.

In the preamble to the proposed rule to amend Regulation P, the Bureau notes that section 1016.6(a)(7) of the regulation requires that annual privacy notices incorporate opt-out disclosures provided under Fair Credit Reporting Act (FCRA) section 603(d)(2)(A)(iii) – the opt-out from affiliate sharing. Further, the annual privacy notices may include opt-out disclosures under FCRA section 624 – the notice that an opt-out from affiliate sharing may be renewed. These opt-out notices and opportunities do not have to be provided annually; they can generally be provided in an initial GLBA privacy notice. Therefore, the Bureau has clarified that the offering of these FCRA notices and opt-out opportunities would not disqualify an institution from qualifying under the revised rule for the exemption from the annual notice requirement.  That is good news!

The proposal also includes deadlines for institutions resuming annual privacy notices if their practices change and the institutions cease to qualify for the exemption.

The Bureau also proposes to make a corrective amendment to the definition of “You” in section 1016.3(s)(1).

The proposed exemption from the annual privacy notice requirement will be included as a new section 1016.5(e). Because institutions that presently qualify for the “alternative annual notice” method currently in section 1016.9(c)(2) will qualify for the new exemption, the Bureau plans to eliminate the alternative annual notice option as part of the proposed rule.

As of this writing, the proposal has not yet been published in the Federal Register. When it is published, there will be a 30-day comment period. Since the FAST Act amendments to the GLBA were effective in 2015 with enactment, it’s reasonable to assume the Bureau intends a fast turn-around for the final rule. The CFPB says it expects to include an effective date of 30 days after publication of the final rule.

You can find the language of the proposed amendments on the pages for sections 1016.3, 1016.5 and 1016.9 of Regulation P on BankersOnline’s site at
https://www.bankersonline.com/regulations/12-1016-000, with reminders that the proposal has not yet been finalized.


Everyone’s tweaking their CMPs

By John S. Burnett

Those of you who have been reading BankersOnline’s Daily Compliance Briefing saw a number of announcements in the last two months concerning inflation adjustments to civil money penalties (CMPs). Although we have seen such announcements before, there hasn’t been such a volume of CMP increase announcements ever before.

In fact, seven agencies issued final or interim final rules making adjustments to CMPs within their jurisdictions between May 24 and July 1, 2016, with potential impact on banks:

1.       DoL (Department of Labor)

2.       FCA (Farm Credit Administration)

3.       FDIC (Federal Deposit Insurance Corporation)

4.       FHFA (Federal Housing Finance Administration

5.       FinCEN (Financial Crimes Enforcement Network)

6.       HUD (Department of Housing and Urban Development)

7.       OCC (Office of the Comptroller of the Currency)

The Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015, signed into law on November2, 2015, required Executive Branch agencies to (1) adjust the level of CMPs under their jurisdiction with an initial “catch up” adjustment through an interim final rulemaking; and (2) make subsequent annual adjustments for inflation, based on changes between the Consumer Price Index for Urban Consumers (CPI-U) for the month of October in the year prior to the most recent adjustment and the CPI-U for the year prior to the adjustment. For example, if a CMP was last adjusted in 1988 (as was the $10,000 penalty for recordkeeping violations for funds transfers under the Bank Secrecy Act), the CPI-U for October 1987 is compared to the CPI-U for October 2015 to determine an inflation factor of 1.97869 (which almost doubles that penalty to $19,787) in a “catch up” adjustment effective August 1, 2016, with annual adjustments to be made hereafter.

Even recently-changed CMP levels will be affected. For example, penalties under the Flood Disaster Protection Act, recently capped at $2,000 (with an inflation provision), will increase to a maximum of $2,056 per violation, according to the interim final rules issued by the OCC and the FDIC.  Violations of the appraisal independence requirements under the Truth in Lending Act will increase from $10,000 a day for first offenses and $20,000 daily for subsequent infractions to $10,875 and $21,749, respectively.

For the new CMP maximum amounts or ranges that will be effective August 1, see these regulatory sections:


·         29 CFR Part 578 (Minimum Wage and Overtime Violations – Civil Money Penalties) section 578.3

·         29 CFR Part 825 (The Family and Medical Leave Act of 1993) section 825.300

·         29 CFR Part 2575 (Adjustment of Civil Penalties under ERISA Title I) section 2575.2


·         12 CFR Part 622 (Rules of Practice and Procedure) section 662.61


·         12 CFR Part 308 (Rules of Practice and Procedure) sections 308.116 and 308.132

·         12 CFR Part 327 (Assessments) section 327.3(c) – Cross reference to 308.132(d)(9)


·         12 CFR Part 1209 (Rules of Practice and Procedure) section 1209.80

·         12 CFR Part 1250 (Flood Insurance), section 1250.3


·         31 CFR Part 1010 (General Provisions) section 1010.821


·         28 CFR Part 28 (Implementation of the Program Fraud Civil Remedies Act of 1986) section 28.10

·         28 CFR Part 30 (Civil Money Penalties: Certain Prohibited Conduct) sections 30.25, 30.35, 30.36, 30.40, 30.45, 30.50, 30.60, and 30.65

·         28 CFR Part 180 (Consolidated HUD Hearing Procedures for Civil Rights Matters) section 180.671


·         12 CFR Part 19 (Rule of Practice and Procedure) section 19.240 (national banks)

·         12 CFR Part 109(Rules of Practice and Procedure in Adjudicatory Proceedings) section 109.103 (federal savings associations)



Using enforcement actions

By Andy Zavoina

How do you approach the task of keeping your bank in compliance?

When you review your compliance library, you should have all the consumer regulations and in many cases, the laws themselves, on your bookshelves, in your virtual library, or both. It’s easy to find the regulations online. And you should especially have the statutes when they have no implementing regulations, such as with the Electronic Signatures in Global and National Commerce Act (E-SIGN), and the Servicemembers Civil Relief Act (SCRA).  The names can get tricky; compliance can be trickier – especially if you don’t have the requirements themselves to refer to which you must follow. BankersOnline is one source for the regulations and the laws and they are kept current. Ensure you always have the latest version. Additionally, you need guidance documents from your state associations, like these OBA Legal Briefs, the formal guidance documents and FAQ documents published by regulatory agencies including the FFIEC as well as the supervisory letters and bulletins they issue. Watch for other items like the “HMDA Getting It Right” booklet that all HMDA reporting banks need, and the “40 Years of Experience with the Fair Credit Reporting Act,” which is a comprehensive compilation of FTC interpretations of the FCRA that was published when responsibility for the FCRA was passed from the FTC to the Consumer Financial Protection Bureau (CFPB). And please don’t forget enforcement actions issued by the regulatory agencies.

You need these types of resource materials so that you can plan to meet all the technical compliance requirements they each have. There are mandates contained in the regulations and laws that can be very specific. That is why I refer to these as the technical requirements.  Some require that you must have a policy and procedures or they may have certain disclosure timing requirements must be met or a rate must be disclosed two decimal place, no more and no less.

But what about the real world compliance requirements? How do these rules, some of which are very clear in black and white, apply in our industry where there are many shades of gray?

We can derive incredibly useful guidance from enforcement actions.   Enforcement actions help you understand what NOT to do. Sometimes rules don’t really change, but an interpretation of a rule seems to be earth-shattering. Reg B’s restrictions/requirements regarding joint intent were not a new part of the rule, but suddenly after noting abuses the regulators made it very clear what the rule was intended for and how it should be applied. Compliance officers all over the country were re-training lenders on confirming and documenting  intent of joint applicants and what the application vs. a financial statement meant.

So what can we really learn from enforcement actions? Sometimes enforcement orders or consent agreements are written in a way that can be very vague and not specific, while some others are fascinating to read and filled with useful details. In both cases there are lessons to be learned. Let’s look at a few examples:

The FDIC released May 2016 enforcement actions in late June. FDIC-15-0059k was a $40,000 civil money penalty against TSB Bank, in Lomira, Wisconsin. “After taking into account the CONSENT AGREEMENT, the appropriateness of the penalty with respect to the financial resources and good faith of Respondent, the gravity of the violations by Respondent, the history of previous violations by Respondent, and such other matters as justice may require, the FDIC accepts the CONSENT AGREEMENT and issues the following;…” This is where the $40K is mentioned as well as the citation for the violation, 31 C.F.R. § 1010.306(a)(1). This citation states the 15-day period for the required filing of Currency Transaction Reports (CTR).

One would assume from the mention of the consent agreement and good faith by the bank that these were favorable items on the bank’s behalf. But it was still a $40,000 fine for the late filing of CTRs.  It is unfortunate that the regulatory agencies rarely provide specific information as to the violations. Other banks could learn from them. In this case at least other banks, especially those under the FDIC’s authority, know this is being looked at. What we do not know is if the failure to timely file CTRs was an isolated circumstance, a procedural issue affecting many accounts, the result of one poorly trained employee filling in for the regular CTR filer during vacation,  a depositor thought to be exempt who was not, or if the CTRs were one day late, five or several months.

Other than knowing late-filed CTRs are on the examiner’s radar, what can we learn from it even without the particulars mentioned above? We know that you should have a tracking system in place. How many times do you get close to the 15-day mark yourself and what can be done to shorten the time from transaction to CTR filing? Do all staffers understand the importance of the filing period allowed? If your bank has seen problems with this requirement, now is absolutely the time to ensure that whatever was broke, is now fixed. Review your software used for BSA/AML compliance and ensure data is feeding correctly into the program and that the output is being correctly interpreted and used. And certainly ensure that your bank’s CTRs are being filed timely from all branches.

The second FDIC civil money penalty was FDIC-140278e, FDIC-150012k. This order included a fine of $100,000. Read that amount again, One-Hundred Thousand Dollars and it was assessed against “Jeffery H. Bell, individually, and as an institution-affiliated party of Transportation Alliance Bank, Inc. (TAB), Ogden, Utah” with our emphasis on “individually.”

Bankers must remember that when they act on behalf of the bank, there can be individual liability with those actions as well. In this case, Jeffrey H. Bell will also be banned from banking.  It was noted that his actions were considered unsafe or unsound and that his breach of fiduciary duty contributed to a loss by the bank. The order stated, “Such violations, practices, and/or breaches of fiduciary duty involve personal dishonesty on the part of Respondent and demonstrate Respondent’s willful and/or continuing disregard for the safety or soundness of the Bank.

The FDIC further determined that such violations, practices, and/or breaches of fiduciary duty demonstrate Respondent’s unfitness to serve as a director, officer, person participating in the conduct of the affairs, or as an institution-affiliated party of the Bank, any other insured depository institution, or any other agency or organization enumerated in section 8(e)(7)(A) of the Act, 12 U.S.C. § 1818(e)(7)(A).” This order was dated May 2, 2016.

There was also a similar order issued September 22, 2015 against Bell and TAB that resulted in a fine. TAB had two other actions, one each in June 2015 and January 2016. Each of these resulted in fines and other individuals were banned as well. The September action provides the most information and it is safe to say that all four of these actions are related. In addition to the May 2016 action there were three other recent actions against TAB and named individuals:

  • June 24, 2015, Carolyn Passey and TAB.  Passey was banned from banking and assessed a $75,000 fine
  • Sep 22, 2015, Jeffrey Bell and TAB.  Bell was to be banned from banking and assessed a $180,000 fine. This order was titled:


  • January 6, 2016, Rebecca A. Vigil and TAB.  Vigil was banned from banking and assessed a $7K fine with the notation in her order that “The FDIC further determined, after taking into account the financial resources and good faith of Respondent, the gravity of the violations, practices, and/or breaches by Respondent, and the history of previous violations, practices and/or breaches by Respondent, that a civil money penalty was appropriate…”

The September action outlines how Bell had worked for TAB and then went to Stearns Bank, N.A. where he was an executive vice president. His two largest clients were student loan companies named NextStudent and Cology. By 2008, these companies were both operating at a loss and insolvent. Rather than recognizing the losses to Stearns from the loans to these two companies, Bell decided to keep funding their monthly operating expenses in the hope that they could develop new lines of business and return to profitability. Without management’s approval, Bell had fictitious accounts receivables invoices prepared by Stearns employees and he had other employees manipulate the internal control systems to hide the problems as he continued to make $22 million in loans through 2010 that could not be repaid.

In February 2010, TAB rehired Bell as President. Stearns became aware of the problems with the loans to these two companies but did not report the fraud to any enforcement agencies. Rather, Stearns charged off $10 million and Bell handled the due diligence requirements, manipulating documentation as needed, and arranged for TAB to buy the remaining portfolio from Stearns!  Based on Bell’s misrepresentations and omissions, TAB’s Board authorized the purchase of the Stearns Portfolio on May 1, 2010, for approximately $57 million, which was the face value of the portfolio (after deducting the $10 million charge-off taken by Stearns). $12 million was booked as performing loans against the accounts receivables. When these notes began to mature after 90 days, Bell had TAB employees create fictitious receivables reports and began consolidating some of these debts into other notes to allow more receivables financing. Lending limits were violated as Bell, under his authority as President, did these consolidations without board approval. By the time the scheme was finally reported to other members of senior management by an employee in April 2012, Bell had allowed the balances owed to TAB by NextStudent and Cology to increase to approximately $27 million. TAB eventually charged off more than $27 million in debt from the two companies.

Loan Watch Lists failed to include the bad loans and a third party accounting firm was provided with bogus receivables reports from the companies, at the direction of TAB employees. The bank suffered severe losses.  Months later, Bell was banned and an additional fine was imposed on him.

There are many takeaways from this case. The enforcement action did provide “meat” and this action should be used as a learning tool that compliance and internal audit can each benefit from. There are reasons independence is called for and that compliance and internal audit should have direct lines of communication to the board and/or the Asset Liability Committee. There should be a designated meeting agenda item when internal management leaves the ALCO meeting and compliance and internal audit can speak freely with external board members about any issues such as those documented here, being covered up. Senior management should welcome such an opportunity so as to be beyond any appearance of impropriety.

These are the two most recent FDIC enforcement actions which included civil money penalties. You are encouraged to read these actions and share them with senior management and the board. Could issues like the ones outlined here occur at your bank? Are there corrections your bank could make to avoid these issues and avoid bigger problems? Or is your bank not having any of these issues, but recognizes that they do exist and this is why your bank has the controls, double checks and independence that it does?

Many other enforcement actions provide guidance on what examiners want to see and what examiners regard as best practices. For example, look at actions against banks where servicemembers were impermissibly required to annually update their status with the bank to retain a six percent rate or where a bank opted to add SCRA status identifiers based on a SCRA database check rather than waiting for orders.  See actions where UDAP penalties were imposed because of a lack of supervision and review of a third party vendor, or where the terms of a product were deceptively “hidden” in the fine print .  Note enforcement orders that mandate independence between the Compliance Officer and other departments was required. These are just a few areas banks can glean ideas from. 

Reviewing enforcement actions typically does not require a lot of time, but can equip you with key information that will allow you to detect and correct problems, avoid problems or reinforce what a good job is being done in your bank and that with the authority and assets needed, you will continue to insulate the board and senior management from criticisms such as this. These reinforcements, or list of needed actions, help develop your next budget. Please review enforcement actions, add them to your resource library.


“Loans” to counties, schools, and municipalities

By Pauli D. Loeffler

You will note that the word “loans” in the title is in quotation marks. There is a very good reason for this. Banks literally cannot legally make loans to counties, school districts and municipalities because of  Article 10, Section 26 of the Oklahoma Constitution:  http://www.oscn.net/applications/oscn/DeliverDocument.asp?CiteID=85071

This section of the Oklahoma Constitution prohibits school districts, counties, towns, cities and municipalities prohibits from incurring indebtedness that cannot be repaid during the fiscal year. This requires banks to use leases which cannot extend past the end of the fiscal year whenever schools want to buy busses, a modular building or build a school, and cities, towns and municipalities want to buy police cars, fire engines or build a community center.

These leases are subject to the provisions of Title 62 O.S. Sec. 430.1 which govern not only the length of lease but other terms such as maximum interest rate, provisions for purchase , as well as the right to terminate the lease by the lessee:

C. It is the purpose of this section to authorize such governing boards to enter into lease and lease-purchase contracts but not to incur any obligation upon the part of their respective municipal or governmental subdivisions in excess of the income and revenue thereof provided for such purposes for the fiscal year in which the lease contract is effectively operative.

D. Any agreement to lease and purchase real or personal property, where title is to be acquired by the municipal or governmental subdivision, shall state the purchase price of the real or personal property so leased and in no event shall the lease be extended so as to cause payment of more than the stated purchase price of the real or personal property plus interest not to exceed ten percent (10%) simple interest on the unpaid balance due as of each payment date. When the purchase price plus interest has been paid, the property shall belong to the lessee and the lessor shall deliver a bill of sale to the property to the lessee. Any lease-purchase agreement may include an option to purchase, transfer and acquire title during the term of the lease upon payment of the balance of the agreed purchase price, and each agreement shall include a provision to transfer title to the lessee at the end of the completed lease term for nominal or no additional consideration.

E. The payment for the lease or rental of real or personal property shall be made only from annual and supplemental appropriations specifically designated for such purpose, and no appropriation for the purpose of paying rentals on real or personal property shall be transferred or diverted to any other purpose, except as may be authorized by the terms of the agreement or by law.

F. When any real or personal property has been leased or rented during any fiscal year under any contract which permits continuance of such rental for the remainder of the fiscal year, the renting or leasing thereof shall be continued for the remainder of the fiscal year unless the governing body renting or leasing the same, by proper resolution entered in the minutes of the governing body, shall certify that the continuance of such rental is unnecessary and contrary to the public interest. However, to affect a contract termination of lease or lease-purchase equipment, written notice shall be sent by certified mail to the vendor thirty (30) days prior to the termination of the contract. Such notice shall be accompanied by payment of all sums then owed up to the date of the termination of the contract and shall certify that the canceled equipment is not being replaced by equipment performing similar functions. All equipment covered by such contract termination shall be returned to the vendor at the expense of the governmental agency terminating such contract. Such equipment shall be returned in good condition to a location designated by the vendor and the equipment, when returned, shall be free of all liens and encumbrances. Satisfaction of all of the requirements of this section shall release the governmental agency terminating such contract from any further obligation to make any further payments to the vendor.

The bank must retain title to the property (a lessor always does) until the lease comes to an end and the lessee pays the “buy-out” price (whatever the lease provides) in order to obtain a transfer of title to the lessee at the end of the lease. 

For example, the city wants to purchase new police cars. Your particular lease may provide that the city owns the vehicle at the end of the lease, if all payments are made, with nothing more, or that the city has to pay some “depreciated value” at that time to take the property, or has to pay some nominal amount such as $1. The specific provision for “buy-out” does not really matter—no matter what your documents say, the county doesn’t own anything and doesn’t take title before the end of the lease.

Your lease will refer to the bank as “vendor” (seller) which means the bank, “sells” the asset to the city at the end of the lease, in exchange for the series of payments that have been made, plus receipt of a “buy-out” price at the end, if any.  The bank already owns the vehicle when the lease is originated.  The car dealer is out of it.  You are like a “re-seller” to the city at the end of the lease.  You hold the title. You are the only one capable of selling/transferring the title to the city at the end of the lease. 

The bank should be carrying the vehicles or equipment on its balance sheet as an asset, and each year the value of the vehicles will decrease, so you should also be taking annual depreciation on these vehicles—just as any lessor would do on inventory that is held for lease to others, because the value of the leased assets depreciates over time.

The bank will have to maintain tags on the vehicles. The excise tax (payable at the tag agency) that otherwise might apply upon acquisition of a vehicle does not apply to the bank if the vehicle will be identified to a lease with the county, city, school district, etc.

The following excerpt from Title 68, Oklahoma Statutes, Section 2105, creates an exemption from tax if the correct procedure is followed:

An original or a transfer certificate of title shall be issued without the payment of the excise tax levied by Section 2101 et seq. of this title for:

3. Any vehicle registered by the State of Oklahoma, by any of the political subdivisions thereof, or by a fire department organized pursuant to Section 592 of Title 18 of the Oklahoma Statutes to be used for the purposes of the fire department, or a vehicle which is the subject of a lease or lease-purchase agreement executed between the person seeking an original or transfer certificate of title for the vehicle and a municipality, county, school district, or fire protection district. The person seeking an original or transfer certificate of title shall provide adequate proof that the vehicle is subject to a lease or lease-purchase agreement with a municipality, county, school district, or fire protection district at the time the excise tax levied would otherwise be payable. The Oklahoma Tax Commission shall have the authority to determine what constitutes adequate proof as required by this section…

The bank will need to work this out with the local tag agent, who may have to consult with the OTC if he is not specifically familiar with the above provisions.