Tuesday, November 5, 2024

December 2019 OBA Legal Briefs

  • These OREOs are no treat!
  • Privacy: It’s for bank info, too
  • Managing returns of duplicate payments

These OREOs are no treat!

By Andy Zavoina

The Office of the Comptroller of the Currency (OCC) issued an enforcement order against Citibank, N.A. in October 2019 and imposed a $30 million civil money penalty because it violated the holding period allowed for the Other Real Estate Owned (OREO) — the real property on which it had foreclosed, but not disposed of.

Each regulatory agency has its set of rules for this. 12 U.S.C. § 29 and 12 C.F.R. § 34.82 provide that a national bank cannot hold OREO for a period longer than five years. I have seen exceptions to this in the past based on the bank’s efforts to maintain the property and actively offer it for sale and on the real estate market the property is in. Files must be well documented and organized explaining what the bank has done, what it is doing and what the projections are for the property. That was not the case at Citibank, according to the OCC’s order.

In this case the bank had more than 200 instances in which the allowed holding period was exceeded between April 2017 and August 2019. The OCC Consent Order (AA-EC-2019-67) indicates that the bank had reviewed its processes and its portfolio of OREO as early as 2015 and identified these violations. However, the bank failed to implement a cure process. The OCC noted that the bank had deficient controls over and monitoring of the OREO portfolio and “lacked adequate policies, procedures, and processes to effectively identify and monitor the holding period for OREO assets.”  After the early identification in 2015, the bank indicated it was committed to correcting the deficiencies and it requested extensions to the holding periods. But these requests were not timely and in fact resulted in additional violations.

In April 2017 the OCC formerly told the bank its OREO internal controls were still decentralized, ineffective and inadequate.  Since then the bank continued to request holding period extensions. The bank made continued promises but failed to meet its goals.

As a result, the bank was ordered to pay a civil money penalty of $30,000,000.

As is often the case with “issues” in general, whether they be compliance, or safety and soundness oriented, examiners identified problems or confirmed a self-identification of them and agreed to a committed solution. But when a bank fails to meet the accepted cure and time benchmarks, the problem is only exacerbated. Without senior management’s involvement and communication with the board, the necessary resources may not be made available or other complications may arise. In those instances, continued communications (think updates) with the bank’s regulatory agency are vital. What has changed, and what can be done to get the cure process back on track must be discussed. In the case of the CMP above, this communications effort appears to have failed and repeated warnings were not adequately addressed.

Let’s revisit some basics of OREO management and suggest that each bank should ensure any OREO it has is being correctly managed and there are alarms set to go off so that the proactively handles its portfolio and has no need to reactively request an extension when it is then too late to do so.

As the bank assumes ownership of the property one of the first steps it should follow is to take physical control of the property. Just as the bank demands insurance on collateral it loans on, it should similarly have coverage for its own property to adequately insure itself for all the risks it needs to mitigate. It needs to assess the current situation, including whether there are tenants in the property, whether the former owner is one of those tenants, and whether evictions will be required (if they are even allowed) or will this be an income producing property, or both? The condition of the property must be evaluated and there may be needed improvements required. If the bank is stepping into the prior owner’s shoes, it needs to understand if there are required leasehold improvements or developer’s obligations it must adhere to. Are there any environmental hazards that must be addressed such as underground fuel tanks, or any other safety issues that pose a greater liability to the bank and were not addressed by the prior owner? Will the bank manage this property or outsource this to a property management company? A current appraisal and market analysis indicating the expected holding period is a must.  A management company can not only collect rents and advertise space available, but also prioritize any list of needed improvements and have them done. Outsourcing is not always necessary but may be especially helpful on commercial properties. There is no single set of rules as the bank’s condition and familiarity with the property and the market it is in will help dictate what needs to be done. This is a key reason all banks should have guidance established in advance in the form of a policy and procedure on the handling of OREO.

Understanding the property and the bank’s obligations will be vital to the management and sale of the property as well as its value. If the property has rental spaces, having those profitably filled will make selling it as an ongoing concern easier. If clearing out tenants, renovating and using the property for a different purpose makes more sense, planning must be done in advance.

While the bank may be anxious to sell the property immediately, could there be any advantages to holding the property for a period of time? This could be an issue if there is an expected development of nearby property that could increase the value of this OREO now owned by the bank. That could represent a gain on sale and income for the bank.

In addition, once the bank has the property, it needs to determine if the bank itself will hold title or transfer ownership to a holding company or separate entity created for this purpose. There may be benefits financially and for accounting purposes that need to be explored. This is the bank’s decision.

For example, assume that the bank has ownership of a single-family residence and wants to sell the property because it is vacant. How recent is the appraisal, has the area changed since the last appraisal, and should it obtain a new one now or update the existing appraisal so it has a firm idea of what it will sell for? A Realtor may conduct a market analysis to assist in this valuation. A property inspection is also advised. The bank wants to ensure it has clear title, understands the value of the property and as the owner, determine when it is best to offer it for sale. Again, prioritize any repairs or improvements that facilitate the sales goal and the asking price of the property. Evaluate the sale “as-is” and with improvements, balancing the costs and time to hold the property. Document all these efforts and the Realtor’s opinion of the market trends in this area.

Remember that 12 C.F.R. § 34.82 requires a national bank to dispose of OREO “at the earliest time that prudent judgment dictates but not later than the end of the holding period (or an extension thereof) permitted by 12 U.S.C. 29.” Other agencies will have similar rules. The paper or virtual OREO checklist the bank uses should start with the date the property is acquired. That is the key date for the five-year holding period.

According to the OCC’s OREO handbook, the property’s value should be “recorded at the fair value of the property, less the estimated cost to sell and this amount becomes the new cost basis of the property. The amount by which the recorded amount of the loan exceeds the new cost basis is a loss and must be charged to the allowance for loan and lease losses (ALLL). The recorded amount of the loan is the loan balance adjusted for any unamortized premium or discount and unamortized loan fees or costs, less any amount previously charged off, plus recorded accrued interest.” While rare, there could be a gain when the OREO is booked. Before recording a gain, verify the values.

Your regulatory agency’s OREO exam guide may indicate when a new independent appraisal or evaluation is required. The guidance may also indicate how often a new valuation is needed, as updates may be required depending on the circumstances.  The OREO must be carried at the lower of cost or fair value, less the estimated cost to sell. Any changes in the valuation or sale costs should be well documented.

Remember that, as the property owner, income and expenses for the OREO are included in the Call Report as income and expenses. These do not get added to or subtracted from the amount the OREO is booked for. It is easy to see a bank apply rental income against the booked value and hedge its bet as to the sales amount or to reduce pressure to force a sale. But that would be inappropriate even if it were later seen as a gain on sale.

When the end of the five-year holding period approaches, the bank may request one or more extensions. In total they can be five years, which would be a total of 10 years for the bank to have liquidated the property. The bank must be able to demonstrate that it has made a good-faith effort to dispose of the property within the initial five-year period or that disposal of the property within that initial period would be detrimental to the bank. Discussion with the bank’s regulatory agency well in advance of the expiration of the current holding period would be advised and the agency can provide an idea of the time required for an extension approval.

When it comes to OREO, whether the bank has no properties currently, or many, each bank should ensure it is prepared. There are many nuances as to valuations, what an asset’s value is booked as, the handling of income and expenses, how a gain or loss will be accounted for, as well as the management of the property. One goal – sell the property – should always be on the forefront. And as is common in the loan area, document, document, document. The bank must have processes in place, and those processes must be periodically verified to ensure they follow regulatory requirements and are working. If your bank acquires another bank, how was the OREO handled by the acquired bank and have the OREO files been reviewed? We have already established 30 million times that examiners are serious about this.

Privacy: It’s for bank info, too

By Andy Zavoina

You may have heard the phrase “loose lips sink ships,” which was widely used during World War II. It meant that even saying something that seemed harmless in the wrong area and overheard by others could lead to a catastrophe, especially when combined with other bits of information. In some cases, the ship that gets sunk could be a bank employee. All employees need to be reminded that privacy of information gained in the day-to-day work environment extends beyond a customer’s non-public, private information.

There were two separate OCC enforcement actions that were taken in September and October 2019 and made public in November. The first involved Amie Dorman (AA-EC-2019-50). She was working for Morgan Stanley Private Bank, N.A. out of Salt Lake City, Utah, and Morgan Stanley Bank, N.A. out of Purchase, New York.

Dorman was Executive Director of the Global Regulatory Relations Group at Morgan Stanley from approximately September 2014 to August 2017. In that capacity she was provided non-public OCC information concerning the banks and was involved in the banks’ responses to regulatory concerns and supervisory findings. This meant she genuinely participated in the affairs of the bank and is subject to rules concerning what she knew. When she left Morgan Stanley in 2017 Dorman, “retained confidential Morgan Stanley documents, of which at least 18 contained non-public OCC information regarding one or both Banks” as noted in the enforcement action.

She was later employed by another bank where some of those confidential documents were not only stored, unsecured, but also used. Quoting from the OCC order, “Respondent utilized documents containing non-public OCC information and kept the documents unsecured in her office, thereby disclosing them.” Does this mean that by having the documents in her office they were considered “disclosed” or that she used some of this information and that was in fact the disclosure? The answer may be academic as there should be no reason for an employee to leave one bank with confidential information and documents from that bank’s regulator, specific to that bank.

This was considered a violation of 12 CFR § 4.36(d), which protects information that the OCC need not even reveal under a Freedom of Information Act request, or information that has not yet been published. This type of information generally includes information on the supervision, licensing, regulation, or examination of a bank, an investigation or enforcement action, bank information and information about a third party.

I can’t speculate on what information was shared, or retained and stored, or how it drew the attention of the OCC. But I can visualize a person’s new bank trying to capitalize on a new hire’s experience or that new hire offering information as a demonstration of what an asset they can be. Perhaps remembering concepts in general should be enough without documentation to back it up. Dorman was ordered to pay a civil money penalty of $7,500.

That seems like an isolated case. But remember there were two separate but similar orders here. The October Consent Order (AA-EC-2019-49) involves Roseann McSorley, a former Managing Director and Chief Administrative Officer of Oversight and Controls at JPMorgan Chase Bank, N.A. Columbus, Ohio.

In this case the OCC was initiating a CMP under 12 CFR § 4.32(b) based on its findings that McSorley disclosed some confidential OCC information involving JPMorgan Chase, which she left in 2016, while employed at a new bank. Documents containing non-public OCC information on her old bank were made available to one or more employees during meetings or discussions, and she shared them via text message. To complicate matters, McSorley was questioned twice by bank investigators about having JPMorgan Chase documents and she denied having any. The bank tried to retrieve its documents. McSorley initially did not respond, but eventually did return them. As in the prior case a CMP was assessed, this time for $35,000.

Bank employees, especially officers, often have confidential information about their bank or can access it. When leaving one bank for another, they may assume there is no loyalty to the former employer and that the experience and knowledge they gained is their “property.” These two cases contradict that thought process and remind us that confidential information about a bank is confidential! It is not to be shared. Documents, whether on paper or electronic, are not the property of an employee, former or otherwise, and are not to be taken from the bank.

Perhaps these are good training examples for an employee meeting, reminding all staff of the restrictions on them and the need to respect the privacy of the bank as well as that of customers. And don’t forget senior management when providing that training. The two individuals to whom the OCC issued these enforcement actions appeared to have significant roles at their respective former banks.

Consider also that your bank’s Ethics Policy should address the importance of maintaining the confidentiality of non-public regulator information and other bank information in general.

Managing returns of duplicate payments

By John S. Burnett

When a bank’s customer writes a check, it’s the customer’s intention that the payment ordered by the check be completed once – and only once – to the payee and for the amount identified on the check. But in today’s multichannel payment environment, in which a check can be presented in its original form, as an ACH check conversion item, or as a remote-deposit or mobile-deposit captured image, the potential for multiple presentments of the payment order have increased, much to the frustration of both the check issuers and the depositary and paying banks involved.

The reason for the increase in multiple presentments is found in the fact that whenever a check is converted into an ACH entry or truncated when deposited as an image, the check itself isn’t given to the banking system in order to collect the funds represented by the check. Instead, checks that are converted to ACH entries (e.g., ARC or BOC check conversion entries) or deposited as images using merchant remote deposit capture (RDC) equipment or deposited as mobile deposits remain with the person (merchant or individual) making the deposit. The security for the original checks can range from strict to lax, depending on the merchant and controls on that security required by the originating depository financial institution (ODFI) for ACH conversions or truncating bank in the case of RDC deposits. In the case of mobile deposits, especially mobile deposits by consumers, the security is virtually non-existent. Whether through dishonesty or mistake, these checks have the potential for being used more than once. And mobile deposits have the biggest potential for “double dipping” as a percentage of total mobile deposits processed.

Terms: For the remainder of this discussion, I will use “ACH” to mean any check conversion entry to ACH format, “check” to mean a check deposited in paper form at a depositary bank,  “image” to mean a check that’s been captured and deposited as an image, and “truncating bank” as the depositary bank that accepts that image.

Returns by the midnight deadline

Much has been done by the Federal Reserve, clearinghouse associations, third-party processors, and in-house systems to detect duplicate presentments of different forms of the same original item whether they occur on the same processing day or on different days.  If yours is the paying bank, and you or your third-party processor identifies a duplicate payment in time to return it by your midnight deadline (if it’s a payment of a “check” or of an “image”) or in time to meet the return deadline for the returned “ACH” to be available to the ODFI by the start of business on the second banking day following the Settlement Date for an ACH, you are in the best position. It’s a standard, no-hassle process for check or ACH returns.

If it’s a “check” or an “image” you are returning, you handle it as you handle any other check return but use the ‘Y’ return reason code to indicate it’s a duplicate presentment. The other presentment (the one you aren’t returning) can be an ACH conversion entry for the same check, an “electronic check” or a “check.” If both the first and second presentment occur on the same day, pick one to be paid and return the other.

If you need to return an ACH that’s a duplicate presentment, use the R39 return code (improper source document/source document presented for payment) if an ARC, BOC or POP ACH entry and the source document to which it refers have both been presented for payment and posted to the Receiver’s account. You don’t need a Written Statement of Unauthorized Debit (WSUD) to make this return.  How can such a duplicate payment occur? A merchant could mistakenly (or fraudulently) run a check or checks through his MICR-capture equipment to initiate the ACH entry or entries and deposit the original checks, too.

After the midnight deadline

Even with all the system enhancements at many levels to detect duplicate presentments, there are some that make it to the paying bank undetected.  There is a “grace period” allowed for identifying and returning them, but it can vary depending on the type of payment. These returns aren’t as straightforward as those completed before the midnight deadline.

Clearly, once you’ve paid one presentation of the check item, your customer should not be charged for a subsequent presentation, regardless of the form it takes (“ACH,” “check” or “image”).

The UCC and checks or images that are duplicate payments

Under UCC section 4-406, your customer “must exercise reasonable promptness” in examining account statements and/or items to identify any payment that was not authorized because of an alteration or because a purported signature by or on behalf of the customer was not authorized. That would include a duplicate payment of an authorized item (the first payment was authorized; the second wasn’t).  If the customer identifies a second payment of the same item that hasn’t been reversed and the item returned, UCC section 4-406(c) provides that the customer must “promptly notify” the bank. Your account agreement may include language defining “reasonable promptness” and “promptly notify.”  If the customer fails to notify the bank of a duplicate payment within one year after the statement or items are made available to the customer showing that payment, the customer loses the right to make the claim. Whether the bank is responsible to the customer is a matter of law and contract, not related to whether the bank can return the item in question.

Note that ARC, BOC and POP entries are EFT items  under Regulation E when a consumer account is involved, and your consumer customer has rights under Regulation E’s §§1005.6 and 1005.11 that you must comply with if the consumer claims that one of those EFTs was not authorized. The rules under Regulation E aren’t set out in this article but must be followed whether or not your bank is able to return one or more unauthorized ACH items that are EFTs.

Extended ACH return period

If the customer makes a prompt claim, the bank can return an ARC, BOC or POP “ACH” payment within the ACH “extended return period” if the customer provides a WSUD. The extended return period requires that the returned entry be available to the ODFI at the start of the banking day following the 60th calendar day following the Settlement Date of the entry being returned. In these cases, use the R37 (source document presented for payment) return entry when returning an ARC, BOC or POP entry.

If the entry involved is an RCK entry, it is not subject to Regulation E, but is subject to the UCC provision described earlier, and if the customer provides a WSUD, you can use the R53 return code (Item and RCK entry presented for payment) within the ACH extended return period. This entry would be subject to the UCC provision described earlier.

Returning checks and images that are duplicate payments

Federal Reserve Check Services offers an extended adjustment procedure for duplicate payments that are either “checks” or “images.” Other check clearinghouses may have similar procedures, but this discussion outlines the adjustment process offered by the Fed. Refer to the Check Adjustments Quick Reference Guide (https://www.frbservices.org/resources/financial-services/check/reference-guide/index.html) for details of the process, which varies depending on the level of Check Services a bank uses.

A Paid Item (“PAID”) adjustment request can be initiated to request a credit entry for an item that is being refused either because it is the original check (or the legal equivalent, i.e. a substitute check, electronically created item or image received in as cash or return letter or a photocopy and the other item has already paid (the same day or earlier).  If you make the claim within 6 calendar months of the cash letter date of the item, you should receive a same-day credit entry to your bank’s reserve account. The depositary bank will be charged for the item.

If you make your claim after 6 months but within the one calendar year, the Fed will provide information you can use to deal directly with the offsetting institution.

This method cannot be used more than one calendar year after the cash letter date of the item.

If your bank clears checks and receives cash letters from a clearinghouse, investigate whether the clearinghouse provides adjustment services similar to those offered by FRB Check Services.

Finally, we’ll discuss what your bank can do if it has received back an item unpaid, and a remote deposit capture or mobile deposit of a check is involved.

Reg CC’s indemnity provision for “image” returns

Section 229.34(f) of Regulation CC creates an indemnity provision involving “images” of checks captured under RDC and mobile deposit agreements. A depositary bank that—

  • is a “truncating bank” because it accepts deposit of an electronic image or other information related to an original check [a remote-deposit-captured or mobile-deposited check],
  • does not receive the original check,
  • receives settlement or other consideration for an electronic check or substitute check related to the original check, and
  • does not receive a return of the check unpaid

indemnifies a depositary bank that accepts the original check for deposit for losses incurred by that depositary bank if the loss is due to the check having already been paid.

But, the depositary bank may not make an indemnity claim under this provision if the original check it accepted for deposit bore a restrictive indorsement inconsistent with the means of deposit, i.e., it was indorsed using words like “Mobile deposit only” when the check is being deposited at a teller station or drive-up window.

If your bank receives a return of a deposited check due to duplicate payment (and you took the original check for deposit), and you determine that the check was mobile deposited before you took the check for deposit, and cannot recover all of the check amount from your customer, you should contact the paying bank to ask for information on the bank that accepted the mobile deposit. Assuming the check wasn’t already indorsed “for mobile deposit,” or with words to that effect, at the time you took it for deposit, you can make a direct indemnity claim upon the bank that took the mobile deposit of the check, up to the amount of your loss, plus interest and expenses.

See Regulation CC, section 229.34(f) for the indemnity provision and section 229.34(i) for indemnification amounts.

The indemnification provision is imposed on RDC and mobile-deposit accepting banks and in favor of depositary banks taking an original check because RDC and mobile deposits increase the risk in the payment system for losses due to duplicate presentments and payments.

Note that a mobile-deposit accepting bank that has received a mobile-deposited item back unpaid is not subject to the indemnity provision. For example, if the same check is mobile deposited (in order) at Bank A and Bank B and then deposited in paper form at Bank C, and Banks A and C both receive their items back unpaid, Bank B would indemnify Bank C for a loss. Bank A doesn’t provide an indemnity because its item was returned unpaid for duplicate payment. Bank B doesn’t receive an indemnification because it didn’t take the original paper check for deposit.