Saturday, May 25, 2024

March 2020 OBA Legal Briefs

  • Corona virus and banking
    • Management’s actions
      • Update
      • Education
      • Resonsibilities
      • Travel
      • Security
      • IT
      • Vendors
  • Military lending update
  • Perfecting a security interest on a trailer
  • Tax season information in Legal Briefs

Coronavirus and banking

By Andy Zavoina

Let’s first set the stage for our discussion on the coronavirus. The coronavirus is a large family of viruses that range from the common cold to much more severe illnesses. COVID-19 is the strain we are discussing. It recently started in China and has quickly made its way around the globe. While a very fluid story, it has infected more than 87,000 people worldwide and killed almost 3,000 of them. Half the people think these stories are an overreaction and the rest believe not enough is being done. Everyone is talking about it and it’s getting more real daily as people in the U.S. are now dying from the COVID-19. As I started to write this Legal Brief article on a Friday there were infected persons in the U.S. but deaths were occurring in other countries, not here. Then, on Sunday it was announced that the first person died of it in Washington state. Later that day a second died there as well. By Monday afternoon the count was six. And by Tuesday, the count had risen to nine.

Those reading this do not remember the Spanish flu, which in 1918-1919 infected 500 million people (about one in three worldwide) and killed 50 million. The world was quite different then. But is that a good thing? Medicine has advanced and we are used to having vaccines when we need them, but we do not have one now and people are much more mobile and spreading this highly infectious virus. One interview I saw had a doctor saying that this was the flu and while it has the possibility of causing death, we had not seen a high percentage of that yet and it was difficult to treat as a result. China reports a mortality rate of just 3 percent from COVID-19. The Spanish flu was the 1918 pandemic virus with a 10 percent mortality rate.

Let’s look at some business issues, since we know people take business, and the revenue it yields, very seriously. The Mobile World Congress is a large tech convention dealing with the mobile industry and it would draw 100,000 people to Barcelona, Spain. It was canceled. The Olympics in Tokyo could actually be canceled if the outbreak is not contained, a member of the International Olympic Committee said. The S&P dropped 13 percent in the last week of February representing trillions of dollars in losses and likely your retirement plan is smaller as a result. The COVID-19 is not a pandemic – yet – but it is an opportunity for banks to revisit the pandemic policies collecting dust.

My point is, the COVID-19 outbreak has already impacted you and your bank, it will continue to do so in other ways, and the only way this global economy, this mobile society, and the branch on Main Street will contain it is by being smarter. What does this mean for our banks?

Remember 2007? The FFIEC released guidance for pandemic planning. The 10-page guidance document may be integrated with the bank’s business continuity plan or exist as a separate document as it does differ and includes different requirements. When was the current policy last updated? When was it last tested? What have we learned in the last dozen years, and what adjustments could be made to your policy? The guidance cited five specific items a plan should include:

1. A preventive program to reduce the likelihood an institution’s operation will be significantly affected by a pandemic event;
2. A documented strategy that provides for scaling pandemic efforts commensurate with the particular stages of a pandemic outbreak;
3. A comprehensive framework of facilities, systems, or procedures to continue critical operations if large numbers of staff members are unavailable for prolonged periods;
4. A testing program to ensure the institution’s pandemic planning practices and capabilities are effective and will allow critical operations to continue; and
5. An oversight program to ensure ongoing review and updates to the pandemic plan.

Thankfully we are not in a pandemic stage, but that does not lessen some people’s fear or the precautions they may demand. “People” in this case includes the bank’s customers, and the bank’s staff.

Management’s Actions

The bank’s policy on addressing a pandemic crisis needs to be reviewed, and updated if necessary because branches have changed, departments have moved, and more customers can bank online. What requirements in the policy have changed as a result of this progress?

Management needs to ensure that employees are educated on COVID-19 and know the difference between facts and myths, and are mindful of their surroundings. Bankers often educate staff at a meeting in the lobby or training room. So, first things first, employees who are not feeling well should not be “troupers” who come to work. They should stay home, and they certainly should NOT attend a group meeting. The bank may opt to video the meeting and make it available to staff who are absent. Announce the meeting -“We will hold a meeting at 8am in the training room this Thursday to discuss what is being done to address the safety needs for all staff and customers based on the health issues that are of concern to us all. If you believe you have the flu, a fever, dry cough, trouble breathing, and possibly pneumonia you should consult your doctor and not attend this meeting or come to work if you may be contagious.”

The meeting will not include refreshments unless steps are taken which prevent cross contamination. Consider the ill person who refills their cup by resting a carafe against the lip of their cup. The bank should reconsider the free coffee, cookies and donuts available in the bank unless these are individually served. We want the meeting itself to be a safe place and this applies to the customer lobby as well.
Management should reassure staff that it is monitoring the situation and is managing it to ensure the protection of everyone. Outline what the bank wants, hygiene from staff, travel restrictions, time away from the bank, telecommuting possibilities, providing resource links and sharing IT and security concerns. These are expanded in this article. Management also needs to ensure supervisors are trained to respond in a uniform manner to staff concerns.

Your policy should be scalable, and the bank can implement stage one at this time. Stage one may include ensuring that the bank has hand sanitizer stations throughout the bank and especially in teller areas where customers are greeted, in close proximity to staff and others and cash is handled routinely going from person to person. These need to be in place and working by the meeting.

Quick thoughts:

1. According to the CDC, a person who coughs has a six-foot bubble in front of them that could be affected by a cough. Just as we urge staff to stay home when they are ill, customers should do the same. Use remote deposit capture, internet banking and the drive-thru lanes when possible.
2. Hand sanitizer should contain at least 60 percent alcohol and should be available in many areas of the bank to anyone. Additional cleaning and sanitizing supplies should be available and janitorial staff may be asked to pay more attention or to use sanitizing cleansers where they were not used before.
3. Staff should regularly wash their hands with soap and water for at least 20 seconds.

Those are some basic points, but reminders are positive reinforcements because the bank does care about its staff. I’m sure you can add many items to this list.

There is no evidence COVID-19 can be transmitted from soft surfaces like currency, but it could survive on frequently-touched hard surfaces, such as a doorknob, for a few hours. Consider rubber gloves for staff as coin is a hard surface. Again, show staff the bank cares.
The above may sound very simple and it is. It is common sense and it is something that should be practiced daily, not just during flu season or as a reaction to an epidemic.

Management should be able to announce any confirmed case of COVID-19 to peers so they can take appropriate actions. But confidentiality of information is also required to comply with the Americans with Disabilities Act (ADA). Under ADA rules the bank would be advised to avoid health inquiries or requiring certain staff to have medical exams absent sufficient cause such as a direct threat to the health of others. An infected employee may be ADA protected. The bank’s Family Medical Leave Act (FMLA) policy can also come into play as someone diagnosed with COVID-19 will likely qualify as having a serious health condition. Human Resources is definitely part of the management team in the action planning stage. Accommodations beyond normal paid time off routines may be required. Similarly, any travel restrictions and requirements to work offsite should be discussed with counsel, applied uniformly, and not be targeted toward any employee based on any protected basis.

Does bank staff travel on official business to countries that are highly impacted by COVID-19 such as Italy, Japan, Iran or South Korea? Likely this is not the case, so no restrictions are necessary in the policy there. But what about vacations? Are any staff members planning on going to the Olympics in Tokyo? Are any visiting family in South Korea such as those in the military? Can the bank restrict what an employee does on vacation? What about when the employee returns to work the day after getting back in the country from one of these places?

Various employment laws will influence what the travel policy says on this (also see “Responsibilities” above) and highly impacted areas may have all travelers quarantined for the 14-day COVID-19 incubation period so what the bank opts for may be secondary. In any case, any employee traveling from or through a designated area should be forbidden from returning to work if they are put on an incubation period quarantine until that period expires and the employee is cleared by medical staff. But remember the traveler mentioned above in San Antonio. Ensure all staff understands the possible repercussions of such travel and what it may mean to coworkers. If every day of vacation is used on vacation, if the employee is placed in quarantine is that an excused absence, even if they know a quarantine may be coming? If the employee is in a higher-risk area, but not one that is designated by the authorities as requiring a quarantine, should the employee be allowed back to work? Some alternatives may include allowing the employee to telecommute. Perhaps the bank has a laptop that may be checked out and used for work from home securely or the employee will use additional vacation, sick or personal days while ensuring they are not a carrier. If they are out of time off, can other staff donate their accumulated days to this person? By educating all employees everyone will have a better understanding of the issues. What the bank doesn’t want is one employee to come back to work and five others to call out as a personal precaution.

“No hats, no hoodies” has been an issue for many years and many banks have signage to this effect at branch entrances. What is the bank to do if a customer comes in wearing a surgical mask? A bank robber in Georgia has done just that and robbed six banks. Perhaps additional signage is warranted at the doors:

“For the safety of staff and customers this bank requires customers to remove hats and hoods when in the bank. Protective surgical masks are included. If you feel the need to wear such protection, we ask that you use our drive-up or online facility.”

Why is this justified? Currently the Surgeon General and the CDC have agreed that face masks are not recommended for the general public in the U.S. The risk of catching the virus in the U.S, is low since there is little evidence of community transmission at this time. Many masks are not made for this type of use and if they are not properly fitted are ineffective. A man with a beard as an example can have a difficult time getting the proper fit and the mask is virtually useless as protection from a virus. Different masks offer different levels of protection as well. The better masks are not in sufficient supply to meet the demands of the general public. If the public as a whole purchased those masks, health care workers who are at a greater risk may not find them available. In some cases, a mask is recommended, such as for some cancer patients with low immune systems or someone who is ill with a cough or sneezing. This begs the question, is the lobby the best place to meet their banking needs? For these reasons, neither customers nor staff should need a mask inside the bank. Customers in the drive-up could easily and safely remove a mask while in a vehicle for identification purposes. Simultaneously the bank may find this an opportune time to advertise the features of online banking.

We will leave VPN and laptop configurations for the telecommuting staff to the IT department, but the IT-related risks extend beyond that. Let’s assume you have that skittish employee who can already feel the fever and cough coming on. They get an email from the CDC or World Health Organization (WHO) advising them they reside in a ZIP code where a person known to have contracted COVID-19 was recently travelling. The email goes on that while there is minimal risk that this person actually had contact with them, they should nonetheless take some basic precautions. They’re asked to click on the link for a list, or to download the attached PDF, and now IT really is scrambling.

Cybercriminals love using a disaster to fuel their efforts as fear drives people to do what they ordinarily would not. Now personal and even bank information, customer information, may be at risk. Sophos, a U.K. based internet security company, was warning readers in mid-February that emails from WHO were already circulating and were stealing individuals’ email credentials. The sender’s address may give it away, if the reader looks closely enough. While is a correct address, and, where some of these emails were coming from, are not. Kaspersky, another cybersecurity company, warned of phishing emails supposedly from the CDC which contained a link to a “CDC web page” because the CDC, “established a management system to coordinate a domestic and international public health response.” That sounds official and the link looked legitimate. A person could see what COVID-19 issues were near them. But this was a phishing attack designed to capture logon credentials of those following the link. There have been others, and certainly there will be more. Staff needs to be ever vigilant and skeptical. Typing the link themselves is more helpful, or just going to the website directly will yield most of what a person needs to know.

Normal precautions apply when reviewing email. Look closely at the sender’s real email address and the real link that is offered. Look for common spelling and grammatical errors, though the criminals are getting better about this. Never enter logon credentials on a site that may be suspicious, is unfamiliar and was unexpected. If any information was revealed and that is used elsewhere, go change it. And always use different passwords at different sites.

The bank has key vendors it is critically dependent on. Has the bank asked what they are doing to protect themselves? Some vendors are already emailing clients telling them the basic plans they have. Many of these are tech related and telecommuting is an option for many. The bank should be aware of what is being done by others.

On March 3, 2020, the FHA even emailed a list of links (FHA Info #20-16) to act as resources for lenders. “While the risk of infections for Americans remains low, we are encouraging FHA-approved lenders and other stakeholders in FHA transactions to make the information below available to your employees…” Hopefully more vendors will demonstrate a willingness to be proactive and share both resources and pandemic planning initiatives.

Military Lending Update

By Andy Zavoina

Just when we thought financing GAP insurance for servicemembers was going nowhere, the Department of Defense (DoD) surprised us again. Is this a game changer? I can only answer that by asking if the bank is a risk taker.

The DoD has not amended the Military Lending Act (MLA) but it has issued a new interpretive rule. This evades rulemaking requirements and is intended to amend existing guidance only. The DoD actually removed one piece of guidance and added another.

In July 2015, the DoD amended the MLA. It greatly expanded the loans that were subject to the Act. It also carved out some exceptions. The MLA requires certain disclosures, both orally and written, when loans meeting the definition of “consumer credit” are made. Disclosure requirements include:

1. A statement describing the Military Annual Percentage Rate (MAPR).
2. A duplicate requirement for Reg Z required disclosures.
3. A description of the payment obligation, already required by Reg Z.

Sections 232.3(f)(2)(ii) & (iii) exclude from the definition of “consumer credit” loans used to purchase a vehicle or personal property when the item purchased is the loan’s collateral and there are no additional monies loaned. So, making a loan to buy a car or a washer and dryer, when the loan is secured by the items purchased, and the loan proceeds are not used for any other purpose, is not considered “consumer credit.” They would be exempt from the disclosure requirements.

Section 232.4(b) imposes the 36 percent MAPR limit on “consumer credit.” The MAPR is more of an “all-in” interest calculation in that Reg Z excludes many items which the MAPR includes. This makes it easier to reach this 36 percent ceiling. So making a loan that is exempt can be advantageous to the lender.

The question is, where is the line drawn when defining the purchase price of a car or a washer and dryer. Using a car as an example, many lenders offer and finance Guaranteed Auto Protection (GAP) insurance to protect any low- or negative-equity position the borrower has in a car. The MLA allows negative equity in a trade-in situation as part of the purchase, but the DoD issued guidance in December 2017 denoting that GAP insurance would be considered additional monies beyond the purchase price of a car. This causes a loss of the exemption, so disclosure rules and the MAPR requirements must be met.

The industry immediately appealed the guidance and now, more than two years later, the DoD has removed its opinion. Does this mean that a lender can again look at the “front sheet” description of the vehicle and use the bottom-line calculation stating the purchase price of a car and assume that is the MLA’s version? Not really.

With this adjustment in the guidance, the DoD is reverting to the original 2016 Q&A #2 to “allow the Department to conduct additional analysis on this matter”. I’m not sure if that means the DoD is actively studying this or if it may review it in the future.

I believe that the path the DoD is on is to allow these charges to be included and for the loan to remain exempt. But the final word is not in yet, any more than when the Q&A was published that effectively prohibited inclusion of the fees in 2017. We thought we understood the rules and the guidance reversed what many believed was part of the purchase price. The same could happen again as the DoD now says it “takes no position on any of the arguments or assertions advanced as a basis for withdrawing the amended Q&A #2”. I’m not sure what that means but I am risk-averse. I would not want to build a portfolio where GAP is financed only to have the administration in Washington change and the CFPB to say that it’s some type of UDAAP issue or a judge to say that these MLA loans are in violation and may be voided per the MLA penalties section. Banks wanting to accept the risk will finance GAP and may or may not see long term profits from it. Ultimately it is management’s risk decision to make.

The original, now reinstated Q&A #2 does not directly address the issue of financing GAP insurance or other credit products. Instead, it states that “[a]ny credit transaction that provides purchase money secured financing of personal property along with additional ‘cash-out’ financing is not eligible for the exception under §232.3(f)(2)(iii) and must comply with the provisions set forth in the MLA regulation.” As a bank weighs the risk decision it must be able to justify what is consider cash-out, as that constitutes additional monies loaned beyond the purchase price. A case may be made either way.

An additional change to the Q&A guidance is the inclusion of Question #21 regarding the use of Individual Taxpayer Identification Numbers (ITINs). The DoD clarified that for the purposes of the MLA safe harbor provision, “an ITIN is a ‘Social Security number.’” ITINs have been added to the DMDC database lenders and credit bureau’s use for covered borrower verification purposes. Therefore, it is now clear that verifying the covered borrower status of dependents of servicemembers can rely on an ITIN instead of a Social Security number.

Perfecting a security interest on a trailer

By Pauli D. Loeffler

There seems to be some confusion on how to perfect the bank’s security interest in trailers under Oklahoma law. Does the bank perfect by lien entry or by filing a UCC-1? The use of the word “trailer” without further definition is part of the problem; however, the manner of perfection really depends upon whether registration of title is required under Oklahoma law (Title 47, statutes below), or is merely permitted under our statutes. If registration is required, then perfection is by lien entry, and filing a UCC does nothing. If registration is merely permitted or optional, as is the case for horse trailers, farm trailers, boat trailers, etc., perfection is by UCC filing, and lien entry does nothing, See IN RE: JENNIFER LYNN JACKSON, Debtor. SUSAN MANCHESTER, Trustee, Plaintiff, v. ARVEST BANK, Defendant. CERTIFIED QUESTION OF LAW. 287 P.3d 986 (2012)

¶18 The modified certified question presented by the United States Bankruptcy Court for the Western District of Oklahoma is answered with specific explanations relevant to the case at bar. Title may be properly issued by the Oklahoma Tax Commission to non-required trailers for the convenience of showing ownership. The use of title beyond this single purpose for non-required vehicles would be contrary to the general scheme and purposes of the Uniform Commercial Code as adopted in Oklahoma. The proper method for perfecting a security interest in collateral that is not required to be titled (but may be titled at the discretion of the owner) still is, and has been by the filing of a UCC-1 financing statement. [Emphasia added.]

The specific statutes to review to clarify which method to use are:


B. The owner of every vehicle in this state shall possess a certificate of title as proof of ownership of such vehicle, except those vehicles registered pursuant to Section 1120 of this title and trailers registered pursuant to Section 1133 of this title, previously titled by anyone in another state and engaged in interstate commerce, and except as provided in subsection M of this section. Except for owners that possess an agricultural exemption permit pursuant to Section 1358.1 of Title 68 of the Oklahoma Statutes, the owner of an all-terrain vehicle or a motorcycle used exclusively off roads or highways in this state which is purchased or the ownership of which is transferred on or after July 1, 2005, and the owner of a utility vehicle used exclusively off roads and highways in this state which is purchased or the ownership of which is transferred on or after July 1, 2008, shall possess a certificate of title as proof of ownership. Any person possessing an agricultural exemption permit and owning an all-terrain vehicle or a motorcycle used exclusively off roads or highways in this state which is purchased or the ownership of which is transferred on or after July 1, 2008, shall possess a certificate of title as proof of ownership. Upon receipt of proper application information by such owner, the Oklahoma Tax Commission shall issue an original or transfer certificate of title. Until July 1, 2008, any security interest in an all-terrain vehicle that attached and was perfected before July 1, 2005, and that has not otherwise terminated shall remain perfected, and shall take priority over any subsequently perfected security interest in the same all-terrain vehicle, notwithstanding that a certificate of title may have been issued with respect to the same all-terrain vehicle on or after July 1, 2005, and that a lien may have been recorded on said certificate of title. There shall be eight types of certificates of title:

Sec. 1102

As used in the Oklahoma Vehicle License and Registration Act:

6. “Commercial trailer” means any trailer, as defined in Section 1-180 of this title, or semitrailer, as defined in Section 1-162 of this title, when such trailer or semitrailer is used primarily for business or commercial purposes…

25. “Park model recreational vehicle” means a vehicle that is:

a. designed and marketed as temporary living quarters for camping, recreational, seasonal or travel use,

b. not permanently affixed to real property for use as a permanent dwelling,

c. built on a single chassis mounted on wheels with a gross trailer area not exceeding four hundred (400) square feet in the setup mode, and

d. certified by the manufacturer as complying with standard A119.5 of the American National Standards Institute, Inc.;

29. “Recreational vehicle” means every vehicle which is built on or permanently attached to a self-propelled motor chassis or chassis cab which becomes an integral part of the completed vehicle and is capable of being operated on the highways. In order to qualify as a recreational vehicle pursuant to this paragraph such vehicle shall be permanently constructed and equipped for human habitation, having its own sleeping and kitchen facilities, including permanently affixed cooking facilities, water tanks and holding tank with permanent toilet facilities. Recreational vehicle shall not include manufactured homes or any vehicle with portable sleeping, toilet and kitchen facilities which are designed to be removed from such vehicle. Recreational vehicle shall include park model recreational vehicles as defined in this section…

Tax season information in Legal Briefs

By Pauli D. Loeffler

The new online index to Legal Briefs articles makes it much easier to find every article discussing taxes written since January 2005 by using “find in page” (ctrl+f) and entering “tax” in the search box that pops up. However, there are some 43 instances of the word, so to save you some time, here are the ones that are most relevant:

May 2012: Tis the Season – For Tax Refund Fraud
January 2014: Handle tax refunds properly
February 2016: Tis the (tax refund) season (direct deposit)
March 2016: Tis the (tax refund) season – Part II (deceased payees, Oklahoma tax refund cards)
February 2018: Tax Refund Checks