Thursday, December 7, 2023

August 2018 OBA Legal Briefs

  • FinCEN exemptive relief ending
  • UDAAP – The long-term risk
  • Speaking of UDAAP: TCF overdrafts update
  • Voicemail, phone call, and email etiquette
  • Loans to candidate campaigns

FinCEN exemptive relief ending

By John S. Burnett

On May 16, FinCEN issued a ruling (FIN-2018-R002) providing a “90-day limited exemptive relief” from the obligations of the Beneficial Ownership Requirements for Legal Entity Customers. The relief postponed application of the beneficial ownership requirements only with respect to “certain financial products and services that automatically rollover [sic] or renew,” namely, certificates of deposit [CDs or time deposits] or loan accounts.

The 90-day postponement was back-dated to start May 11 (the “applicability date” of the rule for covered financial institutions and expires August 9, 2018. Although FinCEN said in the ruling that during the period of exemptive relief, it would determine whether and to what extend additional exemptive relief may be appropriate for the automatic rollovers or renewals of these accounts established before May 11 but expected to roll over or renew after that date, we have heard nothing from FinCEN as of August 2, one week before the expiration date.

Affected accounts

Despite hopes that FinCEN had intended to provide the exemptive relief for loan renewals and automatic rollovers of CD accounts, FinCEN made it clear to several bankers who questioned the wording of the ruling that its wording was intentional: “automatically” was intended to apply to both CD rollovers and loan renewals. Most bank loans to legal entities don’t renew automatically (there may be exceptions for some open-end lines), so the exemptive relief applied essentially to auto-rolling CDs.

What banks should be doing now

With only a day or two before the scheduled end of exemptive relief, banks should not be betting on FinCEN to extend the August 9 deadline. If it happens, fine, but the only responsible way to proceed in the absence of any word from FinCEN is to assume that compliance with the beneficial ownership requirements will be required beginning Friday, August 10. Certificates of beneficial ownership should be obtained for each new account (including rollovers of CDs and renewal of loans) for legal entity customers covered by the requirements. When the new account, rollover or renewal is of an automatic rollover CD or of a loan, the financial institution should include a statement in the certification of beneficial ownership that the legal entity agrees to notify the financial institution of any change in the information in the certification. To the extent that the financial institution has no knowledge of facts that would reasonably call into question the continued reliability of the ownership information, the financial institution can consider that agreement to notify the institution the equivalent of the certification or confirmation from the customer for future rollovers or renewals of the CD or loan.

More about that statement

Financial institutions are reporting that some vendors have included the “agreement to notify” statement as part of the boilerplate language of the certification of beneficial ownership signed for all legal entity customers for all types of accounts. You should be aware, however, that you cannot rely on such a statement for renewals or rollovers of any accounts other than loans and auto-rolling CDs. And even for those accounts, the “agreement to notify” only applies to the certification it’s included in; you can’t use an “agreement to notify” given in connection with an auto-rolling CD to cover the requirement for a certification of beneficial ownership when the legal entity customer opens another account (e.g., a new payroll checking account or a safe deposit box lease).

Keep alert for developments

FinCEN can and is likely to (eventually) change some or all the advice in this article. Be alert for notices from the OBA Compliance Team or others that announce any movement from FinCEN on its exemptive relief or any other aspect of the Beneficial Ownership Requirements for Legal Entity Customers rule.

UDAAP – The long-term risk

By Andy Zavoina

Those who have worked in compliance for some time may remember a rule that examiners would not cite you for a violation found today, which existed at the last exam, when it was not found. There was some controversy, which may be what led to that rule changing, because the rule was “last exam” and not “last compliance exam,” so even an Information Technology exam reset the penalty clock for a Reg Z violation.

Those days are gone as penalties can easily be levied against a bank for many reasons and when the violation is found, not necessarily when it happened. The pendulum has definitely swung to the other side and Unfair, Deceptive, or Abusive Acts or Practices (UDAAP, from the Bureau and UDAP, without “Abusive” from the Federal Trade Commission) is an arrow the examiners have in their quivers that can be used under many conditions. This article reviews some samples of UDA(A)P-centered enforcement actions. But before we look at those cases, it’s helpful to understand what acts or practices might be considered unfair, deceptive or abusive.

The UDAP terms (under section 5 of the Federal Trade Commission Act) unfair and deceptive have largely been defined in enforcement actions and court cases. Most past enforcement actions involving banks have centered around marketing and advertising of products and services but in the last eight years or so, we’ve seen increased use of this enforcement arrow by both the FTC and federal financial institution regulators. Also, section 1031 of the Dodd-Frank Act gave the Bureau and state attorneys general enforcement authority for unfair, deceptive or abusive acts or practices of persons or entities under their regulatory purview.

An unfair act or practice is one that:

a) causes or is likely to cause substantial injury to consumers;

Substantial injury usually involves monetary harm. Monetary harm includes, for example, costs or fees paid by consumers as a result of an unfair practice. An act or practice that causes a small amount of harm to a large number of people may be deemed to cause substantial injury.

b) the injury is not reasonably avoidable by consumers; and

An act or practice is not considered unfair if consumers may reasonably avoid injury. Consumers cannot reasonably avoid injury if the act or practice interferes with their ability to effectively make decisions or to take action to avoid injury. If material information about a product, such as pricing, is modified after, or withheld until after, the consumer has committed to purchasing the product, the consumer cannot reasonably avoid the injury. Moreover, consumers cannot avoid injury if they are coerced into purchasing unwanted products or services or if a transaction occurs without their knowledge or consent.

A key question is whether an act or practice hinders a consumer’s decision-making. Not having access to important information could prevent consumers from comparing available alternatives, choosing those that are most desirable to them, and avoiding those that are inadequate or unsatisfactory. And, if almost all market participants engage in a practice, a consumer’s incentive to search for better terms is reduced, and the practice may not be reasonably avoidable.

c) The injury is not outweighed by countervailing benefits to consumers or to competition.

To be unfair, the act or practice must be injurious in its net effects — that is, the injury must not be outweighed by any offsetting consumer or competitive benefits that also are produced by the act or practice. Offsetting consumer or competitive benefits of an act or practice may include lower prices to the consumer or a wider availability of products and services resulting from competition.

A representation, omission, act or practice is deceptive when-

  1. The representation, omission, act, or practice misleads or is likely to mislead the consumer;
  2. The consumer’s interpretation of the representation, omission, act, or practice is reasonable under the circumstances; and
  3. The misleading representation, omission, act, or practice is material. This applies when it misleads or is likely to mislead the consumer.

Written disclosures may be insufficient to correct a misleading statement or representation, particularly where the consumer is directed away from qualifying limitations in the text or is counseled that reading the disclosures is unnecessary. Likewise, oral or fine print disclosures or contract disclosures may be insufficient to cure a misleading headline or a prominent written representation. Similarly, a deceptive act or practice may not be cured by subsequent truthful disclosures.

Acts or practices that may be deceptive include: making misleading cost or price claims; offering to provide a product or service that is not in fact available; using bait-and-switch techniques; omitting material limitations or conditions from an offer; or failing to provide the promised services.

An abusive act or practice:

a) Materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service or

b) Takes unreasonable advantage of:

  • A lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service;
  • The inability of the consumer to protect its interests in selecting or using a consumer financial product or service; or
  • The reasonable reliance by the consumer on a covered person to act in the interests of the consumer.

Combined, this definition of abusive indicates terms, disclosures and advertisements for products need to be clear and easily understood without reliance on micro-font footnotes or other disclosures that may be “legalese” or have “hidden” terms. It also tells us that the more complex a product or service is, the more it may need to be explained and this will also depend on the market it is provided for. Lastly, it says the bank must act in the best interest of the consumer. It will not be enough to say, “we made the full disclosure, so we are covered for liability.”

Marklebank

In September 2011 the Marklebank in Markle, Indiana, received a civil money penalty of $82,500 from the FDIC. Marklebank established and followed procedures for the resolution of EFT errors that were contrary to the bank’s disclosures concerning error resolution for these products and in violation of Reg E. The bank appears to have used model disclosures and to have had approved policies and procedures that conformed to the requirements of Reg E, but in practice they did something different.

From The Journal Gazette – “Mike Marhenke, president and CEO of Independent Alliance Banks Inc. [a two-bank holding company that owns Grabill Bank and MarkleBank], said the issue revolved around whether bankers could require customers to file a police report before giving temporary credit for unauthorized withdrawals from their accounts.

Staff at both banks under his watch required police reports because they simply missed that provision in the detailed regulations banks are required to follow, Marhenke said.

“The last compliance exam, we were doing the same thing, and (inspectors) didn’t say a thing,” Marhenke said.”

Under Reg E there is a very short list of specific requirements a consumer needs to satisfy to file a claim. Filing a police report is not one of them. A bank cannot add to requirements specified in the law. And just because a violation wasn’t caught in a prior exam, doesn’t mean it will not be caught on any exam after that. When the bank states it will follow Reg E, and it then requires more than is allowed, the examiners classify that as a UDAP problem.

It could have been filed as a Reg E penalty. While there are criminal penalties under Reg E (15 USC 1693 Sect. 917), I’ve never heard of that being imposed on anyone. Civil penalties (15 USC 1693, Sect. 916) include actual damages, individual actions of $100 to $1,000 and class action penalties of $500,000 or 1% of the banks net worth plus court and attorney fees. A penalty from a regulatory agency for Reg E would be under 15 USC 1693 sections 910, 915, 916, 917. Under UDAP (FTC Act Sec. 5) the penalty can be $41,484 per violation (adjusted for inflation annually). As arrows in a quiver go, a UDAP arrow can do more damage than a Reg E arrow and with an $82,500 fine under UDAP, this bank learned a lesson.

While there should not be an acceptable penalty amount to justify a noncompliant product or service, some people will include the cost of a violation as a factor. Suffice it to say that if what is being done could qualify as unfair, deceptive, or abusive, the penalty for UDAP or UDAAP must also be considered, as that may be the arrow shot at the bank.

Community Trust Bank

UDAP/UDAAP has no real statute of limitations. The Bureau asserts that, while a three-year statute of limitations applies when it brings cases in federal court, no period of limitations applies in its own administrative tribunal. Community Trust Bank, Inc. of Pikesville, Kentucky was hit with a UDAP penalty on July 25, 2018. Key points in this Federal Reserve enforcement action are that the bank will pay at least $4.75 million in penalties and restitution. The penalty arises from add-on products of a minimal cost, but reaches back to 1994. That was 24 years ago (some reading this article were not yet born).

What Community Trust Bank was doing was offering deposit account add-on products to consumers. These products were bundled which included benefits such as payment card protection, lost key protection, and medical emergency data cards and the costs ranged between $2 and $10 per month. In its marketing accountholders were lead to believe  that the full bundle of benefits would be effective when they enrollment. In fact, the accountholders had to take certain steps after they enrolled to receive some of the benefits. The bank did not adequately disclose this two-step enrollment process to the accountholders and the accountholders would billed regardless of benefit activation. Approximately 4,270 accounts were involved. Compare these actions to the definitions above and it is easy to see consumers were not informed and were misled. While the fees paid were not large, they were paid by a large group and over a very long period.

 

Speaking of UDAAP: TCF overdrafts update

By John S. Burnett

TCF National Bank, Wayzata, SD, is a $23 billion-asset bank with 335 branches in Arizona, Colorado, Illinois, Michigan, Minnesota, South Dakota and Wisconsin. In January 2017, the CFPB sued the bank for tricking consumers into costly overdraft services. The Bureau alleged that TCF designed its application process to obscure the fees and make overdraft service seem mandatory for new customers to open an account. The CFPB also believes that TCF adopted a loose definition of consent for existing customers to opt them into the service, and pushed back on any customer who questioned the process. The lawsuit sought redress for consumers, an injunction to prevent future violations, and a civil money penalty.

The Bureau’s complaint alleged that TCF violated the Electronic Fund Transfer Act and Regulation E and the Consumer Protection Act (part of the Dodd-Frank Act), claiming that TCF was engaged in unfair, deceptive or abusive acts or practices (UDAAP).

In 2009, TCF’s management is alleged to have estimated that about $182 million in annual income was “at risk” because of the Regulation E opt-in rule. In its complaint, the Bureau said the bank’s CEO had named his boat “Overdraft.”

In September 2017, a U.S. district judge narrowed the scope of the case, dismissing counts regarding disclosures around electronic fund transfers (stating that neither the EFT Act nor Regulation E mentions deceptive practices relating to the Regulation E opt-in procedures). The judge also limited the Bureau’s ability to “reach back” to earlier that July 21, 2011 (the creation date of the Bureau) for TCF actions that might constitute UDAAP.

In July 2018, the Bureau announced the filing of a proposed settlement with TCF over the allegations that the bank’s actions were unfair, deceptive or abusive.  The bank has agreed to pay $25 million in restitution to affected customers, and a $5 million civil money penalty ($3 million of it satisfied by payment of a $3 million penalty imposed by the OCC under the settlement).

Voicemail, phone call, and email etiquette

By Pauli D. Loeffler

We on the OBA Compliance Team get hundreds of voicemails, phone calls, and emails every month, and this article is really a rant about things that drive us crazy, and why.

Voicemail.  When we are on a call from another banker, grabbing lunch or a cup of coffee, or answering the call of nature, your call will go to voicemail.  While there are quite a few of you whose voices I recognize immediately (I have been doing this for more than 14 years, and you call regularly or have reached “frequent flyer” status), more than 90% of you don’t fall into that category. Recently, one of the OBA Compliance Team spent 15 minutes tracking down “Kerri” at a member bank who left a voicemail, and the name sounded like Terri on the voicemail. The banker left no last name, no department, no branch, no extension number. We know you want your question addressed as quickly as possible, and you can help us do that: 1) leave your full name and the name of your bank, 2) Your phone number and extension (if you have one), the branch or department name, and 3) your question. Please speak slowly and clearly. A message is worthless if we can’t understand it.

The description of your question is important. We realize that you may not have time to go into all the details when leaving a voicemail (you will have 3 to 5 minutes for your message when you reach voicemail). Frankly, I generally only make it through a couple of minutes of a long message, since I generally get to hear it a second time when I call back. To save both you and us time, if you give us the topic, such as account without POD or deceased POD, CTR, perfection of security interest, right of rescission, HMDA, flood, etc., we know what area of compliance or law we will need to address. If you give us the salient details, such as whether the POD died before the owner, when a check was deposited and/or returned, whether the drawer’s signature or the indorsement was forged, whether the check was a counterfeit or not, etc., we are better prepared to answer your question when we return your call.

Phone calls. My main complaint in this area is when the banker has not pulled together all the information needed to address the question before making the call (or leaving the voicemail). For instance, some banks have designated a point person to answer questions, and if s/he doesn’t know the answer, s/he is the one to make the call. Often the information has been provided by another employee at a branch who has the document or has met with the customer, and the point person does not have the document or the information needed for us to answer the question when s/he calls. For instance, the customer has presented a power of attorney naming two individuals as attorneys-in-fact, and the question is: “Do they both have to act together?” The point person does not have the POA, and I need to know whether there is an “and” or an “or” between the names, or perhaps the POA is naming one to be the successor if the first declines, dies, becomes incompetent, etc. We now get to spend several minutes while the point person contacts the branch to get the POA while other calls are rolling to voicemail, or a call back will be needed after the POA comes through. The point here is: please have all information including documents available before making the call or get the branch employee with direct knowledge on the line with us to save time.

Certain introductory phrases give me pause, such as: “I have a quick question.” This causes me to take a deep breath, cross my fingers, and hope that 1) it is a quick question meaning uncomplicated facts and/or circumstances, and 2) I have a quick answer. Another one is: “I’m sure you’ll know the answer off the top of your head.” There is about a decent chance I will, but sometimes the question will require research. “We have a situation…” is a common opening statement. Sometimes the “situation” is easily fixed, other times it is a SNAFU or FUBAR. The ultimate “situation” is SNAFUBAR (no one should have to deal with more than one of those in a lifetime). [Note: I realize that later in this article I rant about the use of acronyms. I needed to keep the article to a PG rating, so I leave it you to ask someone or use the internet to look these up. The third term I personally coined.]

A recurring challenge is the caller (or emailer) who has to be cross-examined like an adverse witness to get information needed for a correct response. Let’s say the customer is deceased, the bank knows it, and a check has been presented for payment. The banker wants to know whether to pay the check. This is one everyone on the OBA Compliance Team knows the answer to off the top of his or her head, however, the banker does not provide the facts we need. We then have to ask a series of questions. 1) What date was the check written? 2) What was the customer’s date of death?  3) On what date was the check presented for payment? 4) Did a joint owner or POD request a stop payment?

UCC Sec. 4-405 answers the question: the bank may, but is not required to, pay or certify a check written on or before the date of death, presented within 10 days of date of death, unless ordered to stop payment by a person claiming an interest in the account.

Emails. We on the OBA Compliance Team can be a picky lot, but there are some complaints that are justified. First, please do not use all caps! This indicates you are shouting (even if you aren’t), and it reminds us of telegrams. More importantly, the use of all caps makes for difficulty in reading.

Another problem we encounter is the use of certain fonts, such as script fonts, which are lovely to look at but very hard to read. Certain fonts such as Arial, Times New Roman, and Calibri are much easier to read than Garamond, Cambria, or Comic Sans (the Nickelback of fonts).  And yes, you can choose to have “stationery,” but it can make your email more difficult to read. Some are worse than others, but patterns, dark colors, and left side bleeds or patterns are the worst, at least in my personal opinion.  I am all for personalization, but if you choose Evergreen, Industrial, Deep Blue, Marble Desk, Currency (which sounds perfect for a banker) or the like, please restrict them to your personal emails rather than for business use.

Speaking of personalization, some bankers seem to be going incognito or hiding in the witness protection program. We need to know who you are and who you represent. We get some emails that do not contain a bank or business name, an address, or a phone number and extension for the bank or sender (see voice mail, above), just the name of the banker (sometimes just a first name!) Sure, we can Google the email address, but this should never be necessary. Your signature block should give us the information, especially a phone number, since sometimes a question is easier to answer that way, particularly if we need more information than you’ve included in the email.

As bankers, we are used to acronyms and abbreviations such as DTI, FIRREA, TISA, ETIL, LTV etc. However, we often get emails using acronyms or abbreviations that leave us scratching our heads, and we have no clue what they mean. If a Google search doesn’t enlighten us, we are forced to ask the banker to give us the definition before we can provide a response. Other times we can figure it out by the context in which it is used. For instance, the abbreviation “EX-WD” apparently meant “expressly withdrawn” in the context of a loan application.

Banks are creative in assigning names to deposit accounts. For instance, a bank will name an account Super NOW Account. I know what a NOW account is per Reg D, but it turns out the attributes of the account are really those of an MMDA. This isn’t a problem, but the name doesn’t give me the information I need.

Subject lines serve a useful purpose. I personally hate it when the subject line is “Question” without more. I have an overwhelming desire to change it when I respond to “Answer.” “HELP!” as the subject line is just as bad.  A blank subject line is also annoying.  I had a coworker who refused to put anything in the subject line, and you never knew if the email was about a significant problem or just a reminder to turn the light off in the bathroom if you are the last to leave the building. Helpful hint: Emails without a subject are often victims of spam filters in some email systems.

Sometimes the subject line used is ambiguous. For instance, “CRA” in a subject line can mean either “Community Reinvestment Act” or “Credit Reporting Agency.” Each member of our team has certain areas of expertise; Andy Zavoina is fluent in Community Reinvestment Act-speak while with minor exceptions, I will have to spend time doing research.

Something that bothers all of us on the team is when a banker replies to a prior email, changes topics, but does not change the subject line. For instance, the subject line is HMDA, the question has been answered, and instead of sending a new email with the appropriate topic in the subject line, the banker hits “reply” rather than starting a new email, leaves the subject line “as is,” but the new question is about right of rescission.  Preferably, you should start from scratch and with a new email rather than just change the subject line.

I hope my little rant has proven to be both entertaining and helpful.

Loans to candidate campaigns

By Pauli D. Loeffler

  1. Are there any regulations relating to loaning money to candidates for campaigning? We have not had this occur before and we want to make sure we aren’t missing anything.
  2. Sec. 808 of the Oklahoma Banking Code provides:
  3. Prohibition against political expenditures. It is unlawful for any bank to make a contribution or expenditure in connection with any election to any political office, or in connection with any primary election or political convention or caucus held to select candidates for any political office, or for any candidate, political committee, or for any other person to accept or receive any contribution prohibited by this section (Section 808A)…

While contributions are prohibited, loans are not. From the State Office Candidate Guide 2017-2018, starting on page 26, similar provisions apply to county and municipal candidates).

Permissible Loans

Candidates may receive loans from three sources:

  1. A commercial financial institution
  2. A non-commercial financial institution
  3. The candidate

Loans by Commercial Financial Institutions

A candidate committee may receive a loan from a commercial financial institution. A loan from this entity is not considered a contribution if (1) the entity normally engages in the business of making loans, (2) the loan is made in the regular course of business, and (3) the loan is made on the same terms as are ordinarily made available to the public. Rule 2.65.